dap 0.0.20 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dap/filter/http.rb +42 -26
  3. data/lib/dap/version.rb +1 -1
  4. data/spec/dap/filter/http_filter_spec.rb +14 -3
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 47ecf168f8bc6242364441c3181c9fce903662d5
4
- data.tar.gz: 1e566ba434fe69f3a9c6aaa099013f9be8f526fd
3
+ metadata.gz: ce658733f9634e96a6258dcfc0caf74f91d2c6fa
4
+ data.tar.gz: 93acca40858a6d0ad1f4a5869240dc0a85d9601c
5
5
  SHA512:
6
- metadata.gz: e893cacfbcc0bc02d6a1e1190c5843a8aeb372ed63a28929952f0afb56d2d600f1a24c8c5fc019f479590107e6618c2898b64603c20a77b617876a6bdfe05607
7
- data.tar.gz: '0508097ed78aaa9454d459ba8e0365b1a99ab9968c3e2b478150a74b868c74760bdb7c9ca34af406c566e544c50b3e791180643e105b7f37ff9089f83e798e13'
6
+ metadata.gz: 995dc3db11fa7d501cc7bcb89520e161235a0c872a5b100ab2f80195486fb1989d594b00efaa88cdf7d354efc9e5bc87280bff287263a61a0138aadcc0b070c9
7
+ data.tar.gz: c2426cc2d20170400f8aeee33d21b3f7ee41a0afd473323bfbaaf712cf96332da8f5e2957683958fddb6ec740c5ed94ed4125b731b2703c71214c357f934d1a4
data/lib/dap/filter/http.rb CHANGED
@@ -149,41 +149,51 @@ class FilterDecodeHTTPReply
149
149
 
150
150
  while lines.length > 0
151
151
  hline = lines.shift
152
- case hline
153
- when /^ETag:\s*(.*)/i
154
- save["http_etag"] = $1
152
+ if /^(?<header_name>[^:]+):\s*(?<header_value>.*)$/ =~ hline
153
+ header_value.strip!
154
+ header_name.downcase!
155
155
 
156
- when /^Set-Cookie:\s*(.*)/i
157
- bits = $1.gsub(/\;?\s*path=.*/i, '').gsub(/\;?\s*expires=.*/i, '').gsub(/\;\s*HttpOnly.*/, '')
158
- save["http_cookie"] = bits.strip
156
+ if valid_header_name?(header_name)
157
+ save["http_raw_headers"] ||= {}
158
+ save["http_raw_headers"][header_name] ||= []
159
+ save["http_raw_headers"][header_name] << header_value
159
160
 
160
- when /^Server:\s*(.*)/i
161
- save["http_server"] = $1.strip
161
+ # XXX: warning, all of these mishandle duplicate headers
162
+ case header_name
163
+ when 'etag'
164
+ save["http_etag"] = header_value
162
165
 
163
- when /^X-Powered-By:\s*(.*)/i
164
- save["http_powered"] = $1.strip
166
+ when 'set-cookie'
167
+ bits = header_value.gsub(/\;?\s*path=.*/i, '').gsub(/\;?\s*expires=.*/i, '').gsub(/\;\s*HttpOnly.*/, '')
168
+ save["http_cookie"] = bits
165
169
 
166
- when /^Date:\s*(.*)/i
167
- d = DateTime.parse($1.strip) rescue nil
168
- save["http_date"] = d.to_time.strftime("%Y%m%dT%H:%M:%S") if d
170
+ when 'server'
171
+ save["http_server"] = header_value
169
172
 
170
- when /^Last-modified:\s*(.*)/i
171
- d = DateTime.parse($1.strip) rescue nil
172
- save["http_modified"] = d.to_time.strftime("%Y%m%dT%H:%M:%S") if d
173
+ when 'x-powered-by'
174
+ save["http_powered"] = header_value
173
175
 
174
- when /^Location:\s*(.*)/i
175
- save["http_location"] = $1.strip
176
+ when 'date'
177
+ d = DateTime.parse(header_value) rescue nil
178
+ save["http_date"] = d.to_time.utc.strftime("%Y%m%dT%H:%M:%S%z") if d
176
179
 
177
- when /^WWW-Authenticate:\s*(.*)/i
178
- save["http_auth"] = $1.strip
180
+ when 'last-modified'
181
+ d = DateTime.parse(header_value) rescue nil
182
+ save["http_modified"] = d.to_time.utc.strftime("%Y%m%dT%H:%M:%S%z") if d
179
183
 
180
- when /^Content-Length:\s*(.*)/i
181
- clen = $1.strip.to_i
184
+ when 'location'
185
+ save["http_location"] = header_value
182
186
 
183
- when /^([A-Za-z0-9\-]+):\s*(.*)/i
184
- save["http_raw_headers"][$1.downcase.strip] = $2.strip
187
+ when 'www-authenticate'
188
+ save["http_auth"] = header_value
185
189
 
186
- when ""
190
+ when 'content-length'
191
+ save["content-length"] = header_value.to_i
192
+ end
193
+ else
194
+ # not a valid header. XXX, eventually we should log or do something more useful here
195
+ end
196
+ elsif hline == ""
187
197
  break
188
198
  end
189
199
  end
@@ -193,7 +203,9 @@ class FilterDecodeHTTPReply
193
203
  # Some buggy systems exclude the header entirely
194
204
  body ||= head
195
205
 
196
- if save["http_raw_headers"]["content-encoding"] == "gzip"
206
+ content_encoding = save["http_raw_headers"]["content-encoding"]
207
+
208
+ if content_encoding && content_encoding.include?("gzip")
197
209
  begin
198
210
  gunzip = Zlib::GzipReader.new(StringIO.new(body))
199
211
  body = gunzip.read.encode('UTF-8', :invalid=>:replace, :replace=>'?')
@@ -209,6 +221,10 @@ class FilterDecodeHTTPReply
209
221
 
210
222
  save
211
223
  end
224
+
225
+ def valid_header_name?(name)
226
+ return name !~ /[\x00-\x1f()<>@,;:\\\"\/\[\]?={}\s]/
227
+ end
212
228
  end
213
229
 
214
230
  end
data/lib/dap/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dap
2
- VERSION = "0.0.20"
2
+ VERSION = "0.1.0"
3
3
  end
data/spec/dap/filter/http_filter_spec.rb CHANGED
@@ -14,7 +14,8 @@ describe Dap::Filter::FilterDecodeHTTPReply do
14
14
  end
15
15
 
16
16
  context 'decoding uncompressed response' do
17
- let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nHeader1: value1\r\n\r\nstuff") }
17
+ let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nHeader1: value1\r\nHow(}does<htTp=work?:itdoesn't\r\nHeader2: value2\r\nHEADER2: VALUE2\r\n\r\nstuff") }
18
+ let(:decode_date) { filter.decode("HTTP/1.0 200 OK\r\nHeader1: value1\r\nHow(}does<htTp=work?:itdoesn't\r\nDate: Fri, 24 Mar 2017 15:34:04 GMT\r\nHEADER2: VALUE2\r\nLast-Modified: Fri, 24 Mar 2013 15:34:04 GMT\r\n\r\nstuff") }
18
19
 
19
20
  it 'correctly sets status code' do
20
21
  expect(decode['http_code']).to eq(200)
@@ -28,8 +29,18 @@ describe Dap::Filter::FilterDecodeHTTPReply do
28
29
  expect(decode['http_body']).to eq('stuff')
29
30
  end
30
31
 
31
- it 'correct extracts header(s)' do
32
- expect(decode['http_raw_headers']).to eq({'header1' => 'value1'})
32
+ it 'correctly extracts http_raw_headers' do
33
+ expect(decode['http_raw_headers']).to eq({'header1' => ['value1'], 'header2' => ['value2', 'VALUE2']})
34
+ end
35
+
36
+ it 'extracts Date http header' do
37
+ expect(decode_date['http_raw_headers']['date']).to eq(["Fri, 24 Mar 2017 15:34:04 GMT"])
38
+ expect(decode_date['http_date']).to eq("20170324T15:34:04+0000")
39
+ end
40
+
41
+ it 'extracts Last-Modified http header' do
42
+ expect(decode_date['http_raw_headers']['last-modified']).to eq(["Fri, 24 Mar 2013 15:34:04 GMT"])
43
+ expect(decode_date['http_modified']).to eq("20130324T15:34:04+0000")
33
44
  end
34
45
  end
35
46
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dap
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.20
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7 Research
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-17 00:00:00.000000000 Z
11
+ date: 2017-03-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec