dap 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dap/filter/http.rb +16 -1
- data/lib/dap/version.rb +1 -1
- data/spec/dap/filter/http_filter_spec.rb +31 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e61f8a06c9943ff97add1aea2ba408fa821d5a79
|
|
4
|
+
data.tar.gz: 307b216fcf7d20ffed3e744bbe30256acfe97296
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1a17a8311b1d22742203dc4013c95141366f94db7304297cbaf68b29c61e6d5403271075846f3d10392df9a37cd4b947e5d1bb8726a01bc8a3d5286b79cc19a1
|
|
7
|
+
data.tar.gz: f2bc20c97078b307bf2a469beb1f2652d5a640f1d9e542ec3a1dd040f9bc4049f54379b691b4d16ab510b43721547580dd27b7f3e1c8cb09a40a087e2c6b35f0
|
data/lib/dap/filter/http.rb
CHANGED
|
@@ -156,6 +156,7 @@ class FilterDecodeHTTPReply
|
|
|
156
156
|
transfer_encoding = save["http_raw_headers"]["transfer-encoding"]
|
|
157
157
|
if transfer_encoding && transfer_encoding.include?("chunked")
|
|
158
158
|
offset = 0
|
|
159
|
+
chunk_num = 1
|
|
159
160
|
body = ''
|
|
160
161
|
while (true)
|
|
161
162
|
# read the chunk size from where we currently are. The chunk size will
|
|
@@ -165,11 +166,16 @@ class FilterDecodeHTTPReply
|
|
|
165
166
|
chunk_size = chunk_size_str.to_i(16)
|
|
166
167
|
# advance past this chunk marker and its trailing \r\n
|
|
167
168
|
offset += chunk_size_str.size + 2
|
|
169
|
+
if offset + chunk_size > raw_body.size
|
|
170
|
+
$stderr.puts "Skipping impossibly large #{chunk_size}-byte ##{chunk_num} chunk, at offset #{offset}/#{raw_body.size}"
|
|
171
|
+
break
|
|
172
|
+
end
|
|
168
173
|
# read this chunk, starting from just past the chunk marker and
|
|
169
174
|
# stopping at the supposed end of the chunk
|
|
170
175
|
body << raw_body.slice(offset, chunk_size)
|
|
171
176
|
# advance the offset to past the end of the chunk and its trailing \r\n
|
|
172
177
|
offset += chunk_size + 2
|
|
178
|
+
chunk_num += 1
|
|
173
179
|
else
|
|
174
180
|
break
|
|
175
181
|
end
|
|
@@ -177,7 +183,16 @@ class FilterDecodeHTTPReply
|
|
|
177
183
|
|
|
178
184
|
# chunked-encoding allows headers to occur after the chunks, so parse those
|
|
179
185
|
if offset < raw_body.size
|
|
180
|
-
|
|
186
|
+
trailing_headers = parse_headers(raw_body.slice(offset, raw_body.size).split(/\r?\n/))
|
|
187
|
+
save.merge!(trailing_headers) { |header, old, new|
|
|
188
|
+
if old.kind_of?(String)
|
|
189
|
+
[old, new].join(',')
|
|
190
|
+
elsif old.kind_of?(Hash)
|
|
191
|
+
old.merge(new) { |nheader, nold, nnew|
|
|
192
|
+
nold + nnew
|
|
193
|
+
}
|
|
194
|
+
end
|
|
195
|
+
}
|
|
181
196
|
end
|
|
182
197
|
end
|
|
183
198
|
|
data/lib/dap/version.rb
CHANGED
|
@@ -72,7 +72,7 @@ describe Dap::Filter::FilterDecodeHTTPReply do
|
|
|
72
72
|
end
|
|
73
73
|
end
|
|
74
74
|
|
|
75
|
-
context 'decoding chunked
|
|
75
|
+
context 'decoding valid chunked responses' do
|
|
76
76
|
let(:body) { "5\r\nabcde\r\n0F\r\nfghijklmnopqrst\r\n06\r\nuvwxyz\r\n0\r\n" }
|
|
77
77
|
let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nTransfer-encoding: chunked\r\n\r\n#{body}\r\nSecret: magic\r\n") }
|
|
78
78
|
|
|
@@ -80,11 +80,41 @@ describe Dap::Filter::FilterDecodeHTTPReply do
|
|
|
80
80
|
expect(decode['http_body']).to eq(('a'..'z').to_a.join)
|
|
81
81
|
end
|
|
82
82
|
|
|
83
|
+
it 'finds normal headers' do
|
|
84
|
+
expect(decode['http_raw_headers']['transfer-encoding']).to eq(%w(chunked))
|
|
85
|
+
end
|
|
86
|
+
|
|
83
87
|
it 'finds trailing headers' do
|
|
84
88
|
expect(decode['http_raw_headers']['secret']).to eq(%w(magic))
|
|
85
89
|
end
|
|
86
90
|
end
|
|
87
91
|
|
|
92
|
+
context 'decoding bogus chunked responses' do
|
|
93
|
+
let(:body) { "5\r\nabcde\r\nFF\r\nfghijklmnopqrst\r\n06\r\n" }
|
|
94
|
+
let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nTransfer-encoding: chunked\r\n\r\n#{body}") }
|
|
95
|
+
|
|
96
|
+
it 'reads the partial body' do
|
|
97
|
+
expect(decode['http_body']).to eq(('a'..'e').to_a.join)
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
it 'finds normal headers' do
|
|
101
|
+
expect(decode['http_raw_headers']['transfer-encoding']).to eq(%w(chunked))
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
context 'decoding truncated, chunked responses' do
|
|
106
|
+
let(:body) { "5\r\nabcde\r\n0F\r\nfghijklmnopqrst\r\n06\r\n" }
|
|
107
|
+
let(:decode) { filter.decode("HTTP/1.0 200 OK\r\nTransfer-encoding: chunked\r\n\r\n#{body}") }
|
|
108
|
+
|
|
109
|
+
it 'reads the partial body' do
|
|
110
|
+
expect(decode['http_body']).to eq(('a'..'t').to_a.join)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
it 'finds normal headers' do
|
|
114
|
+
expect(decode['http_raw_headers']['transfer-encoding']).to eq(%w(chunked))
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
|
|
88
118
|
context 'decoding responses that are missing the "reason phrase", an RFC anomaly' do
|
|
89
119
|
let(:decode) { filter.decode("HTTP/1.1 301\r\nDate: Tue, 28 Mar 2017 20:46:52 GMT\r\nContent-Type: text/html\r\nContent-Length: 177\r\nConnection: close\r\nLocation: http://www.example.com/\r\n\r\nstuff") }
|
|
90
120
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7 Research
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-03-
|
|
11
|
+
date: 2017-03-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|