From 4d07f40148c267d83e79243227d3ba0878ac4f9b Mon Sep 17 00:00:00 2001 From: Akhil M S Date: Sat, 2 Jul 2022 12:40:43 +0530 Subject: Make use of ident while showing server error (generated by waitress) this will help users to hide the server details from waitress generated error response with the help of ident value. Some organization don't want to expose there server details to user, since it will help the attackers perform attacks based on the known vulnerability of the server. So instead of showing generated by waitress, we can show a generic text. --- src/waitress/task.py | 3 ++- src/waitress/utilities.py | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/waitress/task.py b/src/waitress/task.py index 574532f..956c0c0 100644 --- a/src/waitress/task.py +++ b/src/waitress/task.py @@ -345,8 +345,9 @@ class ErrorTask(Task): complete = True def execute(self): + ident = self.channel.server.adj.ident e = self.request.error - status, headers, body = e.to_response() + status, headers, body = e.to_response(ident) self.status = status self.response_headers.extend(headers) # We need to explicitly tell the remote client we are closing the diff --git a/src/waitress/utilities.py b/src/waitress/utilities.py index 164752f..b0199d0 100644 --- a/src/waitress/utilities.py +++ b/src/waitress/utilities.py @@ -258,10 +258,10 @@ class Error: def __init__(self, body): self.body = body - def to_response(self): + def to_response(self,ident=None): status = f"{self.code} {self.reason}" body = f"{self.reason}\r\n\r\n{self.body}" - tag = "\r\n\r\n(generated by waitress)" + tag = "\r\n\r\n(generated by "+ident+")" if ident else "\r\n\r\n(generated by server)" body = (body + tag).encode("utf-8") headers = [("Content-Type", "text/plain; charset=utf-8")] -- cgit v1.2.1