em-websocket 0.3.1 → 0.3.2

data/CHANGELOG.rdoc

@@ -1,5 +1,12 @@
 = Changelog
 
+== 0.3.2 / 2011-10-09
+
+- bugfixes:
+  - Handling of messages with > 2 frames
+  - Encode string passed to onmessage handler as UTF-8 on Ruby 1.9
+  - Add 10MB frame length limit to all draft versions
+
 == 0.3.1 / 2011-07-28
 
 - new features:

data/examples/test.html

@@ -12,7 +12,8 @@
           element.appendChild(p);
         }
 
-        ws = new WebSocket("ws://localhost:8080/");
+        var Socket = "MozWebSocket" in window ? MozWebSocket : WebSocket;
+        var ws = new Socket("ws://localhost:8080/");
         ws.onmessage = function(evt) { debug("Message: " + evt.data); };
         ws.onclose = function() { debug("socket closed"); };
         ws.onopen = function() {

data/lib/em-websocket/connection.rb

@@ -120,6 +120,19 @@ module EventMachine
       end
 
       def send(data)
+        # If we're using Ruby 1.9, be pedantic about encodings
+        if data.respond_to?(:force_encoding)
+          # Also accept ascii only data in other encodings for convenience
+          unless (data.encoding == Encoding.find("UTF-8") && data.valid_encoding?) || data.ascii_only?
+            raise WebSocketError, "Data sent to WebSocket must be valid UTF-8 but was #{data.encoding} (valid: #{data.valid_encoding?})"
+          end
+          # This labels the encoding as binary so that it can be combined with
+          # the BINARY framing
+          data.force_encoding("BINARY")
+        else
+          # TODO: Check that data is valid UTF-8
+        end
+
         if @handler
           @handler.send_text_frame(data)
         else

data/lib/em-websocket/framing03.rb

@@ -4,6 +4,10 @@ module EventMachine
   module WebSocket
     module Framing03
 
+      # Set the max frame lenth to very high value (10MB) until there is a
+      # limit specified in the spec to protect against malicious attacks
+      MAXIMUM_FRAME_LENGTH = 10 * 1024 * 1024
+
       def initialize_framing
         @data = ''
         @application_data_buffer = '' # Used for MORE frames
@@ -53,6 +57,11 @@ module EventMachine
             length
           end
 
+          # Addition to the spec to protect against malicious requests
+          if payload_length > MAXIMUM_FRAME_LENGTH
+            raise DataError, "Frame length too long (#{payload_length} bytes)"
+          end
+
           # Check buffer size
           if @data.getbyte(pointer+payload_length-1) == nil
             debug [:buffer_incomplete, @data]
@@ -75,7 +84,8 @@ module EventMachine
           if more
             debug [:moreframe, frame_type, application_data]
             @application_data_buffer << application_data
-            @frame_type = frame_type
+            # The message type is passed in the first frame
+            @frame_type ||= frame_type
           else
             # Message is complete
             if frame_type == :continuation

data/lib/em-websocket/framing05.rb

@@ -4,6 +4,10 @@ module EventMachine
   module WebSocket
     module Framing05
       
+      # Set the max frame lenth to very high value (10MB) until there is a
+      # limit specified in the spec to protect against malicious attacks
+      MAXIMUM_FRAME_LENGTH = 10 * 1024 * 1024
+      
       def initialize_framing
         @data = MaskedString.new
         @application_data_buffer = '' # Used for MORE frames
@@ -56,6 +60,11 @@ module EventMachine
             length
           end
 
+          # Addition to the spec to protect against malicious requests
+          if payload_length > MAXIMUM_FRAME_LENGTH
+            raise DataError, "Frame length too long (#{payload_length} bytes)"
+          end
+
           # Check buffer size
           if @data.getbyte(pointer+payload_length-1) == nil
             debug [:buffer_incomplete, @data]

data/lib/em-websocket/framing07.rb

@@ -89,7 +89,8 @@ module EventMachine
           if !fin
             debug [:moreframe, frame_type, application_data]
             @application_data_buffer << application_data
-            @frame_type = frame_type
+            # The message type is passed in the first frame
+            @frame_type ||= frame_type
           else
             # Message is complete
             if frame_type == :continuation

data/lib/em-websocket/message_processor_03.rb

@@ -24,7 +24,12 @@ module EventMachine
           send_frame(:pong, application_data)
         when :pong
           # TODO: Do something. Complete a deferrable established by a ping?
-        when :text, :binary
+        when :text
+          if application_data.respond_to?(:force_encoding)
+            application_data.force_encoding("UTF-8")
+          end
+          @connection.trigger_on_message(application_data)
+        when :binary
           @connection.trigger_on_message(application_data)
         end
       end

data/lib/em-websocket/message_processor_06.rb

@@ -37,7 +37,12 @@ module EventMachine
           send_frame(:pong, application_data)
         when :pong
           # TODO: Do something. Complete a deferrable established by a ping?
-        when :text, :binary
+        when :text
+          if application_data.respond_to?(:force_encoding)
+            application_data.force_encoding("UTF-8")
+          end
+          @connection.trigger_on_message(application_data)
+        when :binary
           @connection.trigger_on_message(application_data)
         end
       end

data/lib/em-websocket/version.rb

@@ -1,5 +1,5 @@
 module EventMachine
   module Websocket
-    VERSION = "0.3.1"
+    VERSION = "0.3.2"
   end
 end

data/spec/helper.rb

@@ -5,7 +5,7 @@ require 'em-http'
 
 require 'em-websocket'
 
-Rspec.configure do |c|
+RSpec.configure do |c|
   c.mock_with :rspec
 end
 

data/spec/integration/draft06_spec.rb

@@ -62,6 +62,7 @@ describe "draft06" do
       start_server { |server|
         server.onmessage { |msg|
           msg.should == 'Hello'
+          msg.encoding.should == Encoding.find("UTF-8")
           EM.stop
         }
         server.onerror {

data/spec/integration/shared_examples.rb

@@ -1,3 +1,5 @@
+# encoding: UTF-8
+
 shared_examples_for "a websocket server" do
   it "should call onerror if an application error raised in onopen" do
     EM.run {
@@ -59,4 +61,31 @@ shared_examples_for "a websocket server" do
       }
     }
   end
+
+  # Only run these tests on ruby 1.9
+  if "a".respond_to?(:force_encoding)
+    it "should raise error if you try to send non utf8 text data to ws" do
+      EM.run do
+        start_server { |server|
+          server.onopen {
+            # Create a string which claims to be UTF-8 but which is not
+            s = "ê" # utf-8 string
+            s.encode!("ISO-8859-1")
+            s.force_encoding("UTF-8")
+            s.valid_encoding?.should == false # now invalid utf8
+
+            # Send non utf8 encoded data
+            server.send(s)
+          }
+          server.onerror { |error|
+            error.class.should == EventMachine::WebSocket::WebSocketError
+            error.message.should == "Data sent to WebSocket must be valid UTF-8 but was UTF-8 (valid: false)"
+            EM.stop
+          }
+        }
+
+        start_client { }
+      end
+    end
+  end
 end

data/spec/unit/framing_spec.rb

@@ -96,6 +96,15 @@ describe EM::WebSocket::Framing03 do
     end
   end
 
+  describe "other tests" do
+    it "should accept a fragmented unmasked text message in 3 frames" do
+      @f.should_receive(:message).with(:text, '', 'Hello world')
+      @f << "\x84\x03Hel"
+      @f << "\x80\x02lo"
+      @f << "\x00\x06 world"
+    end
+  end
+
   describe "error cases" do
     it "should raise an exception on continuation frame without preceeding more frame" do
       lambda {
@@ -160,6 +169,15 @@ describe EM::WebSocket::Framing04 do
       @f << "\x85\x7F\x00\x00\x00\x00\x00\x01\x00\x00" + data
     end
   end
+
+  describe "other tests" do
+    it "should accept a fragmented unmasked text message in 3 frames" do
+      @f.should_receive(:message).with(:text, '', 'Hello world')
+      @f << "\x04\x03Hel"
+      @f << "\x00\x02lo"
+      @f << "\x80\x06 world"
+    end
+  end
 end
 
 describe EM::WebSocket::Framing07 do
@@ -228,5 +246,12 @@ describe EM::WebSocket::Framing07 do
         @f << "\x83\x05Hello"
       }.should raise_error(EventMachine::WebSocket::DataError, "Unknown opcode")
     end
+
+    it "should accept a fragmented unmasked text message in 3 frames" do
+      @f.should_receive(:message).with(:text, '', 'Hello world')
+      @f << "\x01\x03Hel"
+      @f << "\x00\x02lo"
+      @f << "\x80\x06 world"
+    end
   end
 end

metadata

@@ -1,83 +1,80 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: em-websocket
-version: !ruby/object:Gem::Version 
+version: !ruby/object:Gem::Version
+  version: 0.3.2
   prerelease: 
-  version: 0.3.1
 platform: ruby
-authors: 
+authors:
 - Ilya Grigorik
+- Martyn Loughran
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-07-28 00:00:00 +01:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2011-10-17 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: eventmachine
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &70120715076200 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 0.12.9
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: addressable
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *70120715076200
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: &70120715061040 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
         version: 2.1.1
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: em-http-request
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: *70120715061040
+- !ruby/object:Gem::Dependency
+  name: em-http-request
+  requirement: &70120715060520 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
+      - !ruby/object:Gem::Version
         version: 0.2.6
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: *70120715060520
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70120715059920 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
+      - !ruby/object:Gem::Version
         version: 2.5.0
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: *70120715059920
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70120715059420 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id005
+  prerelease: false
+  version_requirements: *70120715059420
 description: EventMachine based WebSocket server
-email: 
+email:
 - ilya@igvita.com
+- me@mloughran.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - .gitignore
 - CHANGELOG.rdoc
 - Gemfile
@@ -131,35 +128,31 @@ files:
 - spec/unit/framing_spec.rb
 - spec/unit/handler_spec.rb
 - spec/unit/masking_spec.rb
-has_rdoc: true
 homepage: http://github.com/igrigorik/em-websocket
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: em-websocket
-rubygems_version: 1.6.2
+rubygems_version: 1.8.6
 signing_key: 
 specification_version: 3
 summary: EventMachine based WebSocket server
-test_files: 
+test_files:
 - spec/helper.rb
 - spec/integration/common_spec.rb
 - spec/integration/draft03_spec.rb