dap 0.0.20 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dap/filter/http.rb +42 -26
  3. data/lib/dap/version.rb +1 -1
  4. data/spec/dap/filter/http_filter_spec.rb +14 -3
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 47ecf168f8bc6242364441c3181c9fce903662d5
4
- data.tar.gz: 1e566ba434fe69f3a9c6aaa099013f9be8f526fd
3
+ metadata.gz: ce658733f9634e96a6258dcfc0caf74f91d2c6fa
4
+ data.tar.gz: 93acca40858a6d0ad1f4a5869240dc0a85d9601c
5
5
  SHA512:
6
- metadata.gz: e893cacfbcc0bc02d6a1e1190c5843a8aeb372ed63a28929952f0afb56d2d600f1a24c8c5fc019f479590107e6618c2898b64603c20a77b617876a6bdfe05607
7
- data.tar.gz: '0508097ed78aaa9454d459ba8e0365b1a99ab9968c3e2b478150a74b868c74760bdb7c9ca34af406c566e544c50b3e791180643e105b7f37ff9089f83e798e13'
6
+ metadata.gz: 995dc3db11fa7d501cc7bcb89520e161235a0c872a5b100ab2f80195486fb1989d594b00efaa88cdf7d354efc9e5bc87280bff287263a61a0138aadcc0b070c9
7
+ data.tar.gz: c2426cc2d20170400f8aeee33d21b3f7ee41a0afd473323bfbaaf712cf96332da8f5e2957683958fddb6ec740c5ed94ed4125b731b2703c71214c357f934d1a4
data/lib/dap/filter/http.rb CHANGED
@@ -149,41 +149,51 @@ class FilterDecodeHTTPReply
149
149
 
150
150
  while lines.length > 0
151
151
  hline = lines.shift
152
- case hline
153
- when /^ETag:\s*(.*)/i
154
- save["http_etag"] = $1
152
+ if /^(?<header_name>[^:]+):\s*(?<header_value>.*)$/ =~ hline
153
+ header_value.strip!
154
+ header_name.downcase!
155
155
 
156
- when /^Set-Cookie:\s*(.*)/i
157
- bits = $1.gsub(/\;?\s*path=.*/i, '').gsub(/\;?\s*expires=.*/i, '').gsub(/\;\s*HttpOnly.*/, '')
158
- save["http_cookie"] = bits.strip
156
+ if valid_header_name?(header_name)
157
+ save["http_raw_headers"] ||= {}
158
+ save["http_raw_headers"][header_name] ||= []
159
+ save["http_raw_headers"][header_name] << header_value
159
160
 
160
- when /^Server:\s*(.*)/i
161
- save["http_server"] = $1.strip
161
+ # XXX: warning, all of these mishandle duplicate headers
162
+ case header_name
163
+ when 'etag'
164
+ save["http_etag"] = header_value
162
165
 
163
- when /^X-Powered-By:\s*(.*)/i
164
- save["http_powered"] = $1.strip
166
+ when 'set-cookie'
167
+ bits = header_value.gsub(/\;?\s*path=.*/i, '').gsub(/\;?\s*expires=.*/i, '').gsub(/\;\s*HttpOnly.*/, '')
168
+ save["http_cookie"] = bits
165
169
 
166
- when /^Date:\s*(.*)/i
167
- d = DateTime.parse($1.strip) rescue nil
168
- save["http_date"] = d.to_time.strftime("%Y%m%dT%H:%M:%S") if d
170
+ when 'server'
171
+ save["http_server"] = header_value
169
172
 
170
- when /^Last-modified:\s*(.*)/i
171
- d = DateTime.parse($1.strip) rescue nil
172
- save["http_modified"] = d.to_time.strftime("%Y%m%dT%H:%M:%S") if d
173
+ when 'x-powered-by'
174
+ save["http_powered"] = header_value
173
175
 
174
- when /^Location:\s*(.*)/i
175
- save["http_location"] = $1.strip
176
+ when 'date'
177
+ d = DateTime.parse(header_value) rescue nil
178
+ save["http_date"] = d.to_time.utc.strftime("%Y%m%dT%H:%M:%S%z") if d
176
179
 
177
- when /^WWW-Authenticate:\s*(.*)/i
178
- save["http_auth"] = $1.strip
180
+ when 'last-modified'
181
+ d = DateTime.parse(header_value) rescue nil
182
+ save["http_modified"] = d.to_time.utc.strftime("%Y%m%dT%H:%M:%S%z") if d
179
183
 
180
- when /^Content-Length:\s*(.*)/i
181
- clen = $1.strip.to_i
184
+ when 'location'
185
+ save["http_location"] = header_value
182
186
 
183
- when /^([A-Za-z0-9\-]+):\s*(.*)/i
184
- save["http_raw_headers"][$1.downcase.strip] = $2.strip
187
+ when 'www-authenticate'
188
+ save["http_auth"] = header_value
185
189
 
186
- when ""
190
+ when 'content-length'
191
+ save["content-length"] = header_value.to_i
192
+ end
193
+ else
194
+ # not a valid header. XXX, eventually we should log or do something more useful here
195
+ end
196
+ elsif hline == ""
187
197
  break
188
198
  end
189
199
  end
@@ -193,7 +203,9 @@ class FilterDecodeHTTPReply
193
203
  # Some buggy systems exclude the header entirely
194
204
  body ||= head
195
205
 
196
- if save["http_raw_headers"]["content-encoding"] == "gzip"
206
+ content_encoding = save["http_raw_headers"]["content-encoding"]
207
+
208
+ if content_encoding && content_encoding.include?("gzip")
197
209
  begin
198
210
  gunzip = Zlib::GzipReader.new(StringIO.new(body))
199
211
  body = gunzip.read.encode('UTF-8', :invalid=>:replace, :replace=>'?')
@@ -209,6 +221,10 @@ class FilterDecodeHTTPReply
209
221
 
210
222
  save
211
223
  end
224
+
225
+ def valid_header_name?(name)
226
+ return name !~ /[\x00-\x1f()<>@,;:\\\"\/\[\]?={}\s]/
227
+ end
212
228
  end
213
229
 
214
230
  end
data/lib/dap/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dap
2
- VERSION = "0.0.20"
2
+ VERSION = "0.1.0"
3
3
  end
data/spec/dap/filter/http_filter_spec.rb CHANGED
@@ -14,7 +14,8 @@ describe Dap::Filter::FilterDecodeHTTPReply do
14
14
  end
15
15
 
16
16
  context 'decoding uncompressed response' do
17
- let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nHeader1: value1\r\n\r\nstuff") }
17
+ let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nHeader1: value1\r\nHow(}does<htTp=work?:itdoesn't\r\nHeader2: value2\r\nHEADER2: VALUE2\r\n\r\nstuff") }
18
+ let(:decode_date) { filter.decode("HTTP/1.0 200 OK\r\nHeader1: value1\r\nHow(}does<htTp=work?:itdoesn't\r\nDate: Fri, 24 Mar 2017 15:34:04 GMT\r\nHEADER2: VALUE2\r\nLast-Modified: Fri, 24 Mar 2013 15:34:04 GMT\r\n\r\nstuff") }
18
19
 
19
20
  it 'correctly sets status code' do
20
21
  expect(decode['http_code']).to eq(200)
@@ -28,8 +29,18 @@ describe Dap::Filter::FilterDecodeHTTPReply do
28
29
  expect(decode['http_body']).to eq('stuff')
29
30
  end
30
31
 
31
- it 'correct extracts header(s)' do
32
- expect(decode['http_raw_headers']).to eq({'header1' => 'value1'})
32
+ it 'correctly extracts http_raw_headers' do
33
+ expect(decode['http_raw_headers']).to eq({'header1' => ['value1'], 'header2' => ['value2', 'VALUE2']})
34
+ end
35
+
36
+ it 'extracts Date http header' do
37
+ expect(decode_date['http_raw_headers']['date']).to eq(["Fri, 24 Mar 2017 15:34:04 GMT"])
38
+ expect(decode_date['http_date']).to eq("20170324T15:34:04+0000")
39
+ end
40
+
41
+ it 'extracts Last-Modified http header' do
42
+ expect(decode_date['http_raw_headers']['last-modified']).to eq(["Fri, 24 Mar 2013 15:34:04 GMT"])
43
+ expect(decode_date['http_modified']).to eq("20130324T15:34:04+0000")
33
44
  end
34
45
  end
35
46
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.20
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-17 00:00:00.000000000 Z
11
+ date: 2017-03-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec