RubyGems - em-websocket - Versions diffs - 0.2.0 → 0.2.1 - Mend

em-websocket 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

data/.gitignore +1 -1
data/CHANGELOG.rdoc +16 -0
data/Rakefile +2 -0
data/examples/echo.rb +1 -0
data/lib/em-websocket.rb +8 -0
data/lib/em-websocket/connection.rb +0 -1
data/lib/em-websocket/framing03.rb +9 -7
data/lib/em-websocket/framing76.rb +26 -7
data/lib/em-websocket/handler.rb +1 -1
data/lib/em-websocket/handshake76.rb +17 -7
data/lib/em-websocket/version.rb +1 -1
data/spec/integration/draft03_spec.rb +2 -2
data/spec/integration/draft76_spec.rb +21 -1
data/spec/unit/framing_spec.rb +2 -2
data/spec/unit/handler_spec.rb +9 -1
data/spec/websocket_spec.rb +4 -2
metadata +11 -4

data/.gitignore CHANGED

@@ -1,3 +1,3 @@
 *.gemspec
 pkg
+Gemfile.lock

data/CHANGELOG.rdoc CHANGED

@@ -1,5 +1,21 @@
 = Changelog
+== 0.2.1 / 2011-03-01
+- bugfixes:
+  - Performance improvements to draft 76 framing
+  - Limit frame lengths for draft 76
+  - Better error handling for draft 76 handshake
+  - Ruby 1.9 support
+== 0.2.0 / 2010-11-23
+- new features:
+  - Support for WebSocket draft 03
+- bugfixes:
+  - Handle case when handshake split into two receive_data calls
+  - Stricter regexp matching of frames
 == 0.1.4 / 2010-08-23
 - new features:

data/Rakefile CHANGED

@@ -7,3 +7,5 @@ RSpec::Core::RakeTask.new do |t|
   t.rspec_opts = ["-c", "-f progress", "-r ./spec/helper.rb"]
   t.pattern = 'spec/**/*_spec.rb'
 end
+task :default => :spec

data/examples/echo.rb CHANGED

@@ -4,4 +4,5 @@ EventMachine::WebSocket.start(:host => "0.0.0.0", :port => 8080, :debug => true)
   ws.onopen    { ws.send "Hello Client!"}
   ws.onmessage { |msg| ws.send "Pong: #{msg}" }
   ws.onclose   { puts "WebSocket closed" }
+  ws.onerror   { |e| puts "Error: #{e.message}" }
 end

data/lib/em-websocket.rb CHANGED

@@ -10,3 +10,11 @@ require "eventmachine"
 ].each do |file|
   require "em-websocket/#{file}"
 end
+unless ''.respond_to?(:getbyte)
+  class String
+    def getbyte(i)
+      self[i]
+    end
+  end
+end

data/lib/em-websocket/connection.rb CHANGED

@@ -26,7 +26,6 @@ module EventMachine
         @debug = options[:debug] || false
         @secure = options[:secure] || false
         @tls_options = options[:tls_options] || {}
-        @request = {}
         @data = ''
         debug [:initialize]

data/lib/em-websocket/framing03.rb CHANGED

@@ -1,3 +1,5 @@
+# encoding: BINARY
 module EventMachine
   module WebSocket
     module Framing03
@@ -7,25 +9,25 @@ module EventMachine
         @application_data_buffer = '' # Used for MORE frames
       end
-      def process_data
+      def process_data(newdata)
         error = false
         while !error && @data.size > 1
           pointer = 0
-          more = (@data[pointer] & 0b10000000) == 0b10000000
+          more = (@data.getbyte(pointer) & 0b10000000) == 0b10000000
           # Ignoring rsv1-3 for now
-          opcode = @data[0] & 0b00001111
+          opcode = @data.getbyte(0) & 0b00001111
           pointer += 1
           # Ignoring rsv4
-          length = @data[pointer] & 0b01111111
+          length = @data.getbyte(pointer) & 0b01111111
           pointer += 1
           payload_length = case length
           when 127 # Length defined by 8 bytes
             # Check buffer size
-            if @data[pointer+8-1] == nil
+            if @data.getbyte(pointer+8-1) == nil
               debug [:buffer_incomplete, @data.inspect]
               error = true
               next
@@ -38,7 +40,7 @@ module EventMachine
             l
           when 126 # Length defined by 2 bytes
             # Check buffer size
-            if @data[pointer+2-1] == nil
+            if @data.getbyte(pointer+2-1) == nil
               debug [:buffer_incomplete, @data.inspect]
               error = true
               next
@@ -52,7 +54,7 @@ module EventMachine
           end
           # Check buffer size
-          if @data[pointer+payload_length-1] == nil
+          if @data.getbyte(pointer+payload_length-1) == nil
             debug [:buffer_incomplete, @data.inspect]
             error = true
             next

data/lib/em-websocket/framing76.rb CHANGED

@@ -1,3 +1,5 @@
+# encoding: BINARY
 module EventMachine
   module WebSocket
     module Framing76
@@ -10,17 +12,19 @@ module EventMachine
         @data = ''
       end
-      def process_data
+      def process_data(newdata)
         debug [:message, @data]
         # This algorithm comes straight from the spec
-        # http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76#section-4.2
+        # http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76#section-5.3
         error = false
         while !error
+          return if @data.size == 0
           pointer = 0
-          frame_type = @data[pointer].to_i
+          frame_type = @data.getbyte(pointer)
           pointer += 1
           if (frame_type & 0x80) == 0x80
@@ -28,8 +32,8 @@ module EventMachine
             length = 0
             loop do
-              return false if !@data[pointer]
-              b = @data[pointer].to_i
+              return false if !@data.getbyte(pointer)
+              b = @data.getbyte(pointer)
               pointer += 1
               b_v = b & 0x7F
               length = length * 128 + b_v
@@ -42,7 +46,7 @@ module EventMachine
               return false
             end
-            if @data[pointer+length-1] == nil
+            if @data.getbyte(pointer+length-1) == nil
               debug [:buffer_incomplete, @data.inspect]
               # Incomplete data - leave @data to accumulate
               error = true
@@ -63,7 +67,22 @@ module EventMachine
             end
           else
             # If the high-order bit of the /frame type/ byte is _not_ set
-            msg = @data.slice!(/\A\x00([^\xff]*)\xff/)
+            if @data.getbyte(0) != 0x00
+              # Close the connection since this buffer can never match
+              @connection.close_with_error(DataError.new("Invalid frame received"))
+            end
+            # Addition to the spec to protect against malicious requests
+            if @data.size > MAXIMUM_FRAME_LENGTH
+              @connection.close_with_error(DataError.new("Frame length too long (#{@data.size} bytes)"))
+              return false
+            end
+            # Optimization to avoid calling slice! unnecessarily
+            error = true and next unless newdata =~ /\xff/
+            msg = @data.slice!(/\A\x00[^\xff]*\xff/)
             if msg
               msg.gsub!(/\A\x00|\xff\z/, '')
               if @state == :closing

data/lib/em-websocket/handler.rb CHANGED

@@ -25,7 +25,7 @@ module EventMachine
       def receive_data(data)
         @data << data
-        process_data
+        process_data(data)
       end
       def close_websocket

data/lib/em-websocket/handshake76.rb CHANGED

@@ -35,21 +35,31 @@ module EventMachine
       def solve_challenge(first, second, third)
         # Refer to 5.2 4-9 of the draft 76
-        sum = [(extract_nums(first) / count_spaces(first))].pack("N*") +
-          [(extract_nums(second) / count_spaces(second))].pack("N*") +
+        sum = [numbers_over_spaces(first)].pack("N*") +
+          [numbers_over_spaces(second)].pack("N*") +
           third
         Digest::MD5.digest(sum)
       end
-      def extract_nums(string)
-        string.scan(/[0-9]/).join.to_i
-      end
+      def numbers_over_spaces(string)
+        numbers = string.scan(/[0-9]/).join.to_i
-      def count_spaces(string)
         spaces = string.scan(/ /).size
         # As per 5.2.5, abort the connection if spaces are zero.
         raise HandshakeError, "Websocket Key1 or Key2 does not contain spaces - this is a symptom of a cross-protocol attack" if spaces == 0
-        return spaces
+        # As per 5.2.6, abort if numbers is not an integral multiple of spaces
+        if numbers % spaces != 0
+          raise HandshakeError, "Invalid Key #{string.inspect}"
+        end
+        quotient = numbers / spaces
+        if quotient > 2**32-1
+          raise HandshakeError, "Challenge computation out of range for key #{string.inspect}"
+        end
+        return quotient
       end
       def validate_protocol!(protocol)

data/lib/em-websocket/version.rb CHANGED

@@ -1,5 +1,5 @@
 module EventMachine
   module Websocket
-    VERSION = "0.2.0"
+    VERSION = "0.2.1"
   end
 end

data/spec/integration/draft03_spec.rb CHANGED

@@ -1,4 +1,4 @@
-require 'spec/helper'
+require 'helper'
 describe "draft03" do
   before :each do
@@ -195,7 +195,7 @@ describe "draft03" do
       end
     end
-    it "should not allow data fraome to be sent after close frame sent" do
+    it "should not allow data frame to be sent after close frame sent" do
       EM.run {
         EM::WebSocket.start(:host => "0.0.0.0", :port => 12345) { |ws|
           ws.onopen {

data/spec/integration/draft76_spec.rb CHANGED

@@ -1,4 +1,4 @@
-require 'spec/helper'
+require 'helper'
 describe "WebSocket server draft76" do
   before :each do
@@ -150,6 +150,26 @@ describe "WebSocket server draft76" do
     end
   end
+  it "should handle impossible frames by calling onerror callback" do
+    EM.run do
+      EventMachine::WebSocket.start(:host => "0.0.0.0", :port => 12345) { |server|
+        server.onerror { |error|
+          error.should be_an_instance_of EM::WebSocket::DataError
+          error.message.should == "Invalid frame received"
+          EM.stop
+        }
+      }
+      # Create a fake client which sends draft 76 handshake
+      client = EM.connect('0.0.0.0', 12345, FakeWebSocketClient)
+      client.send_data(format_request(@request))
+      client.onopen = lambda {
+        client.send_data("foobar") # Does not start with \x00 or \xff
+      }
+    end
+  end
   it "should handle invalid http requests by raising HandshakeError passed to onerror callback" do
     EM.run {
       EventMachine::WebSocket.start(:host => "0.0.0.0", :port => 12345) { |server|

data/spec/unit/framing_spec.rb CHANGED

@@ -1,4 +1,4 @@
-require 'spec/helper'
+require 'helper'
 describe EM::WebSocket::Framing03 do
   class FramingContainer
@@ -6,7 +6,7 @@ describe EM::WebSocket::Framing03 do
     def <<(data)
       @data << data
-      process_data
+      process_data(data)
     end
     def debug(*args); end

data/spec/unit/handler_spec.rb CHANGED

@@ -1,4 +1,4 @@
-require 'spec/helper'
+require 'helper'
 describe "EventMachine::WebSocket::Handler" do
   before :each do
@@ -125,6 +125,14 @@ describe "EventMachine::WebSocket::Handler" do
     end
   end
+  it "should raise error if spaces do not divide numbers in Sec-WebSocket-Key* " do
+    @request[:headers]['Sec-WebSocket-Key2'] = '12998 5 Y3 1.P00'
+    lambda {
+      handler(@request).handshake
+    }.should raise_error(EM::WebSocket::HandshakeError, 'Invalid Key "12998 5 Y3 1.P00"')
+  end
   it "should leave request with incomplete header" do
     data = format_request(@request)
     # Sends only half of the request

data/spec/websocket_spec.rb CHANGED

@@ -1,4 +1,4 @@
-require 'spec/helper'
+require 'helper'
 describe EventMachine::WebSocket do
@@ -153,7 +153,9 @@ describe EventMachine::WebSocket do
       EventMachine::WebSocket.start(:host => "0.0.0.0", :port => 12345) do |ws|
         ws.onopen {
-          ws.request["Path"].should == "/?baz=qux&foo=bar"
+          path, query = ws.request["Path"].split('?')
+          path.should == '/'
+          Hash[*query.split(/&|=/)].should == {"foo"=>"bar", "baz"=>"qux"}
           ws.request["Query"]["foo"].should == "bar"
           ws.request["Query"]["baz"].should == "qux"
         }

metadata CHANGED

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 2
-  - 0
-  version: 0.2.0
+  - 1
+  version: 0.2.1
 platform: ruby
 authors:
 - Ilya Grigorik
@@ -14,13 +14,14 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-11-23 00:00:00 +00:00
+date: 2011-03-01 00:00:00 +00:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
@@ -35,6 +36,7 @@ dependencies:
   name: addressable
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
@@ -49,6 +51,7 @@ dependencies:
   name: em-http-request
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -63,6 +66,7 @@ dependencies:
   name: rspec
   prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -77,6 +81,7 @@ dependencies:
   name: rake
   prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
@@ -138,6 +143,7 @@ rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
@@ -145,6 +151,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
@@ -154,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project: em-websocket
-rubygems_version: 1.3.6
+rubygems_version: 1.3.7
 signing_key:
 specification_version: 3
 summary: EventMachine based WebSocket server