| Home | Trees | Indices | Help |
|
|---|
|
|
Each __schema__ attribute is turned into an instance of this class, and is eventually given to the unserializer (the 'Unslicer') to enforce as the tokens are arriving off the wire.
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
taster = the Taster is a dict that specifies which basic token types are accepted. |
|||
strictTaster = FalseIf strictTaster is True, taste violations are raised as BananaErrors (indicating a protocol error) rather than a mere Violation. |
|||
opentypes = Noneopentypes is a list of currently acceptable OPEN token types. |
|||
name = NoneUsed to describe the Constraint in a Violation error message |
|||
COUNTERBYTES = 64
|
|||
__implemented__ = <implementedBy foolscap.constraint.Constraint>
|
|||
__provides__ = <zope.interface.declarations.ClassProvides obje
|
|||
|
|||
Check the token type. Raise an exception if it is not accepted right now, or if the body-length limit is exceeded. |
Check the OPEN type (the tuple of Index Tokens). Raise an exception if it is not accepted. |
Validate an existing object. Usually objects are validated as their tokens come off the wire, but pre-existing objects may be added to containers if a REFERENCE token arrives which points to them. The older objects were were validated as they arrived (by a different schema), but now they must be re-validated by the new schema. A more naive form of validation would just accept the entire object tree into memory and then run checkObject() on the result. This validation is too late: it is vulnerable to both DoS and made-you-run-code attacks. If inbound=True, this object is arriving over the wire. If inbound=False, this is being called to validate an existing object before it is sent over the wire. This is done as a courtesy to the remote end, and to improve debuggability. Most constraints can use the same checker for both inbound and outbound objects. |
I help a caller determine how much memory could be consumed by the input stream while my constraint is in effect. My constraint will be enforced against the bytes that arrive over the wire. Eventually I will either accept the incoming bytes and my Unslicer will provide an object to its parent (including any subobjects), or I will raise a Violation exception which will kick my Unslicer into 'discard' mode. I define maxSizeAccept as the maximum number of bytes that will be received before the stream is accepted as valid. maxSizeReject is the maximum that will be received before a Violation is raised. The max of the two provides an upper bound on single objects. For container objects, the upper bound is probably (n-1)*accept + reject, because there can only be one outstanding about-to-be-rejected object at any time. I return (maxSizeAccept, maxSizeReject). I raise an UnboundedSchema exception if there is no bound. |
I return the greatest number Slicer objects that might exist on the SlicerStack (or Unslicers on the UnslicerStack) while processing an object which conforms to this constraint. This is effectively the maximum depth of the object tree. I raise UnboundedSchema if there is no bound. |
|
|||
tasterthe Taster is a dict that specifies which basic token types are accepted. The keys are typebytes like INT and STRING, while the values are size limits: the body portion of the token must not be longer than LIMIT bytes.
|
opentypesopentypes is a list of currently acceptable OPEN token types. None indicates that all types are accepted. An empty list indicates that no OPEN tokens are accepted.
|
__provides__
|
| Home | Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1 on Tue Oct 14 18:27:47 2008 | http://epydoc.sourceforge.net |