dap 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dap/filter/http.rb +16 -1
- data/lib/dap/version.rb +1 -1
- data/spec/dap/filter/http_filter_spec.rb +31 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e61f8a06c9943ff97add1aea2ba408fa821d5a79
|
|
4
|
+
data.tar.gz: 307b216fcf7d20ffed3e744bbe30256acfe97296
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1a17a8311b1d22742203dc4013c95141366f94db7304297cbaf68b29c61e6d5403271075846f3d10392df9a37cd4b947e5d1bb8726a01bc8a3d5286b79cc19a1
|
|
7
|
+
data.tar.gz: f2bc20c97078b307bf2a469beb1f2652d5a640f1d9e542ec3a1dd040f9bc4049f54379b691b4d16ab510b43721547580dd27b7f3e1c8cb09a40a087e2c6b35f0
|
data/lib/dap/filter/http.rb
CHANGED
|
@@ -156,6 +156,7 @@ class FilterDecodeHTTPReply
|
|
|
156
156
|
transfer_encoding = save["http_raw_headers"]["transfer-encoding"]
|
|
157
157
|
if transfer_encoding && transfer_encoding.include?("chunked")
|
|
158
158
|
offset = 0
|
|
159
|
+
chunk_num = 1
|
|
159
160
|
body = ''
|
|
160
161
|
while (true)
|
|
161
162
|
# read the chunk size from where we currently are. The chunk size will
|
|
@@ -165,11 +166,16 @@ class FilterDecodeHTTPReply
|
|
|
165
166
|
chunk_size = chunk_size_str.to_i(16)
|
|
166
167
|
# advance past this chunk marker and its trailing \r\n
|
|
167
168
|
offset += chunk_size_str.size + 2
|
|
169
|
+
if offset + chunk_size > raw_body.size
|
|
170
|
+
$stderr.puts "Skipping impossibly large #{chunk_size}-byte ##{chunk_num} chunk, at offset #{offset}/#{raw_body.size}"
|
|
171
|
+
break
|
|
172
|
+
end
|
|
168
173
|
# read this chunk, starting from just past the chunk marker and
|
|
169
174
|
# stopping at the supposed end of the chunk
|
|
170
175
|
body << raw_body.slice(offset, chunk_size)
|
|
171
176
|
# advance the offset to past the end of the chunk and its trailing \r\n
|
|
172
177
|
offset += chunk_size + 2
|
|
178
|
+
chunk_num += 1
|
|
173
179
|
else
|
|
174
180
|
break
|
|
175
181
|
end
|
|
@@ -177,7 +183,16 @@ class FilterDecodeHTTPReply
|
|
|
177
183
|
|
|
178
184
|
# chunked-encoding allows headers to occur after the chunks, so parse those
|
|
179
185
|
if offset < raw_body.size
|
|
180
|
-
|
|
186
|
+
trailing_headers = parse_headers(raw_body.slice(offset, raw_body.size).split(/\r?\n/))
|
|
187
|
+
save.merge!(trailing_headers) { |header, old, new|
|
|
188
|
+
if old.kind_of?(String)
|
|
189
|
+
[old, new].join(',')
|
|
190
|
+
elsif old.kind_of?(Hash)
|
|
191
|
+
old.merge(new) { |nheader, nold, nnew|
|
|
192
|
+
nold + nnew
|
|
193
|
+
}
|
|
194
|
+
end
|
|
195
|
+
}
|
|
181
196
|
end
|
|
182
197
|
end
|
|
183
198
|
|
data/lib/dap/version.rb
CHANGED
|
@@ -72,7 +72,7 @@ describe Dap::Filter::FilterDecodeHTTPReply do
|
|
|
72
72
|
end
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
context 'decoding chunked
|
|
75
|
+
context 'decoding valid chunked responses' do
|
|
76
76
|
let(:body) { "5\r\nabcde\r\n0F\r\nfghijklmnopqrst\r\n06\r\nuvwxyz\r\n0\r\n" }
|
|
77
77
|
let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nTransfer-encoding: chunked\r\n\r\n#{body}\r\nSecret: magic\r\n") }
|
|
78
78
|
|
|
@@ -80,11 +80,41 @@ describe Dap::Filter::FilterDecodeHTTPReply do
|
|
|
80
80
|
expect(decode['http_body']).to eq(('a'..'z').to_a.join)
|
|
81
81
|
end
|
|
82
82
|
|
|
83
|
+
it 'finds normal headers' do
|
|
84
|
+
expect(decode['http_raw_headers']['transfer-encoding']).to eq(%w(chunked))
|
|
85
|
+
end
|
|
86
|
+
|
|
83
87
|
it 'finds trailing headers' do
|
|
84
88
|
expect(decode['http_raw_headers']['secret']).to eq(%w(magic))
|
|
85
89
|
end
|
|
86
90
|
end
|
|
87
91
|
|
|
92
|
+
context 'decoding bogus chunked responses' do
|
|
93
|
+
let(:body) { "5\r\nabcde\r\nFF\r\nfghijklmnopqrst\r\n06\r\n" }
|
|
94
|
+
let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nTransfer-encoding: chunked\r\n\r\n#{body}") }
|
|
95
|
+
|
|
96
|
+
it 'reads the partial body' do
|
|
97
|
+
expect(decode['http_body']).to eq(('a'..'e').to_a.join)
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
it 'finds normal headers' do
|
|
101
|
+
expect(decode['http_raw_headers']['transfer-encoding']).to eq(%w(chunked))
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
context 'decoding truncated, chunked responses' do
|
|
106
|
+
let(:body) { "5\r\nabcde\r\n0F\r\nfghijklmnopqrst\r\n06\r\n" }
|
|
107
|
+
let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nTransfer-encoding: chunked\r\n\r\n#{body}") }
|
|
108
|
+
|
|
109
|
+
it 'reads the partial body' do
|
|
110
|
+
expect(decode['http_body']).to eq(('a'..'t').to_a.join)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
it 'finds normal headers' do
|
|
114
|
+
expect(decode['http_raw_headers']['transfer-encoding']).to eq(%w(chunked))
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
|
|
88
118
|
context 'decoding responses that are missing the "reason phrase", an RFC anomaly' do
|
|
89
119
|
let(:decode) { filter.decode("HTTP/1.1 301\r\nDate: Tue, 28 Mar 2017 20:46:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 177\r\nConnection: close\r\nLocation: http://www.example.com/\r\n\r\nstuff") }
|
|
90
120
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7 Research
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-03-
|
|
11
|
+
date: 2017-03-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|