em-websocket 0.1.2 → 0.1.3

data/VERSION

@@ -1 +1 @@
-0.1.2
+0.1.3

data/examples/srv.rb

@@ -0,0 +1,19 @@
+require 'lib/em-websocket'
+require 'sinatra/base'
+require 'thin'
+
+EM.run do
+  class App < Sinatra::Base
+    get '/' do
+
+    end
+  end
+
+  EM::WebSocket.start(:host => '0.0.0.0', :port => 3001) do
+    # Websocket code here
+  end
+
+  # You could also use Rainbows! instead of Thin.
+  # Any EM based Rack handler should do.
+  # Thin.start App, '0.0.0.0', 3000
+end

data/lib/em-websocket/connection.rb

@@ -10,6 +10,7 @@ module EventMachine
       # define WebSocket callbacks
       def onopen(&blk);     @onopen = blk;    end
       def onclose(&blk);    @onclose = blk;   end
+      def onerror(&blk);    @onerror = blk;   end
       def onmessage(&blk);  @onmessage = blk; end
 
       def initialize(options)
@@ -68,13 +69,14 @@ module EventMachine
             return true
           rescue => e
             debug [:error, e]
-            process_bad_request
+            process_bad_request(e)
             return false
           end
         end
       end
 
-      def process_bad_request
+      def process_bad_request(reason)
+        @onerror.call(reason) if @onerror
         send_data "HTTP/1.1 400 Bad request\r\n\r\n"
         close_connection_after_writing
       end
@@ -139,10 +141,11 @@ module EventMachine
             # If the high-order bit of the /frame type/ byte is _not_ set
             msg = @data.slice!(/^\x00([^\xff]*)\xff/)
             if msg
-              msg.gsub!(/^\x00|\xff$/, '')
+              msg.gsub!(/\A\x00|\xff\z/, '')
               if @state == :closing
                 debug [:ignored_message, msg]
               else
+                msg.force_encoding('UTF-8') if msg.respond_to?(:force_encoding)
                 @onmessage.call(msg) if @onmessage
               end
             else
@@ -163,7 +166,9 @@ module EventMachine
       # a leading length indicator
       def send(data)
         debug [:send, data]
-        send_data("\x00#{data}\xff")
+        ary = ["\x00", data, "\xff"]
+        ary.collect{ |s| s.force_encoding('UTF-8') if s.respond_to?(:force_encoding) }
+        send_data(ary.join)
       end
     end
   end

data/lib/em-websocket/handler76.rb

@@ -49,7 +49,10 @@ module EventMachine
       end
 
       def count_spaces(string)
-        string.scan(/ /).size
+        spaces = string.scan(/ /).size
+        # As per 5.2.5, abort the connection if spaces are zero.
+        raise HandshakeError, "Websocket Key1 or Key2 does not contain spaces - this is a symptom of a cross-protocol attack" if spaces == 0
+        return spaces
       end
 
       def validate_protocol!(protocol)

data/spec/integration/integration_spec.rb

@@ -99,4 +99,30 @@ describe "WebSocket server draft76" do
       end
     end
   end
+
+  it "should accept null bytes within the frame after a line return" do
+    EM.run do
+      EM.add_timer(0.1) do
+        EventMachine::WebSocket.start(:host => "0.0.0.0", :port => 12345) { |ws|
+          ws.onmessage { |msg|
+            msg.should == "\n\000" 
+          }
+        }
+  
+        # Create a fake client which sends draft 76 handshake
+        connection = EM.connect('0.0.0.0', 12345, FakeWebSocketClient)
+        connection.send_data(format_request(@request))
+  
+        # Send closing frame after handshake complete
+        connection.onopen = lambda {
+          connection.send_data("\000\n\000\377")
+          connection.send_data(EM::WebSocket::Handler76::TERMINATE_STRING)
+        }
+  
+        connection.onclose = lambda {
+          EM.stop
+        }
+      end
+    end
+  end
 end

data/spec/unit/handler_spec.rb

@@ -114,4 +114,14 @@ describe "EventMachine::WebSocket::Handler" do
       handler(@request).handshake
     }.should raise_error(EM::WebSocket::HandshakeError)
   end
+
+  %w[Sec-WebSocket-Key1 Sec-WebSocket-Key2].each do |header|
+    it "should raise error if #{header} has zero spaces" do
+      @request[:headers][header] = 'nospaces'
+
+      lambda {
+        handler(@request).handshake
+      }.should raise_error(EM::WebSocket::HandshakeError, 'Websocket Key1 or Key2 does not contain spaces - this is a symptom of a cross-protocol attack')
+    end
+  end
 end

data/spec/websocket_spec.rb

@@ -18,7 +18,6 @@ describe EventMachine::WebSocket do
 
       EventMachine::WebSocket.start(:host => "0.0.0.0", :port => 12345) do |ws|
         ws.onopen {
-          puts "WebSocket connection open"
           ws.send MSG
         }
       end
@@ -91,6 +90,26 @@ describe EventMachine::WebSocket do
     end
   end
 
+  it "should call onerror callback with raised exception and close connection on bad handshake" do
+    EM.run do
+      EventMachine.add_timer(0.1) do
+        http = EventMachine::HttpRequest.new('http://127.0.0.1:12345/').get :timeout => 0
+        http.errback { http.response_header.status.should == 0 }
+        http.callback { failed }
+      end
+
+      EventMachine::WebSocket.start(:host => "0.0.0.0", :port => 12345) do |ws|
+        ws.onopen { failed }
+        ws.onclose { EventMachine.stop }
+        ws.onerror {|e|
+          e.should be_an_instance_of EventMachine::WebSocket::HandshakeError
+          e.message.should match('Connection and Upgrade headers required')
+          EventMachine.stop
+        }
+      end
+    end
+  end
+
   it "should populate ws.request with appropriate headers" do
     EM.run do
       EventMachine.add_timer(0.1) do

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 1
-  - 2
-  version: 0.1.2
+  - 3
+  version: 0.1.3
 platform: ruby
 authors: 
 - Ilya Grigorik
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-06-16 00:00:00 -04:00
+date: 2010-07-18 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -129,3 +129,4 @@ test_files:
 - spec/websocket_spec.rb
 - examples/echo.rb
 - examples/multicast.rb
+- examples/srv.rb