Hacking

From PyWPS
Jump to: navigation, search

If you have minimal Python programming skills you can hack PyWPS without major problems, so that it fits your needs (whatever they may be)...

Where it all begins: wps.py

PyWPS starts with a simple script wps.py that has the following pseudo-code structure:

Start wps.py

  1. Determine request_method (GET or POST)
  2. if no input:
      raise Exception and exit
  3. try:
      initiate PyWPS class according to request_method
      parse Request
      do Request
      get Response and make proper reply
  4. exception:
      reply Error response


In total, the wps.py script has just 110 lines. Therefore the code is small and relatively simple to change. For example if you have the PyWPS in some other location you can for example append your PYTHONPATH or set environment variables in beginning:

import os,sys
os.environ["R_LIBS"]="/usr/local/Rlibs"
sys.path.append("/dummy/workspace/pywps-3.2-soap/pywps")

For example around line 95, before the wps object creation from Pywps class, we can block any POST request:

if method==pywps.METHOD_POST:
 sys.exit(1)

wps.py has access to all the environment variables passed by apache; a simple python script run as an apache CGI can give you all the systems env.

#!/usr/bin/python
print "Content-type: text/plain\n\n";
import os
for param in os.environ.keys():
 print "%20s %s" % (param,os.environ[param])

Will return an output something like this (small section)

HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_USER_AGENT Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100723 Fedora/3.6.7-1.fc13 Firefox/3.6.7
HTTP_CONNECTION keep-alive
SERVER_NAME localhost
REMOTE_ADDR ::1

For example by having the HTTP HEADERS we could implement a simple form of authentication based on some valid token contained inside the HTTP request.

In point 3 of the algorithm pseudo-code we have the output of the response before being submitted to server as a reply to the HTTP request. In this point is possible to read the response and do-what-ever-we-want. For example we could make a simple XOR encryption. Appending the following code to the start of the script:

from itertools import izip, cycle
def xor_crypt_string(data, key):
 return ''.join(chr(ord(x) ^ ord(y)) for (x,y) in izip(data, cycle(key)))

We can trace in the wps.py code the following line

if response:
 pywps.response.response(response,
 sys.stdout,wps.parser.soapVersion,wps.parser.isSoap,
 wps.request.contentType)

The pywps.response.response will just make a wrapper around the response and send it back to the server. If the response is a string object it should be a problem to encrypted before (?)

if response:
 response=xor_crypt_string(response,key="FOSS4G")
 pywps.response.response(response,
 sys.stdout,wps.parser.soapVersion,wps.parser.isSoap,
 wps.request.contentType)

In the end a developer can tailor all the wps.py script without major problem. The examples in this section could continue and continue!!!!!!!

--Wikiadmin 15:58, 10 January 2011 (UTC)