RubyGems - newrelic_security - Versions diffs - 0.1.0 - Mend

newrelic_security 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/error.rb ADDED Viewed

@@ -0,0 +1,129 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  class Error < RuntimeError
+    class Frame < NewRelic::Security::WebSocket::Error
+      class ControlFramePayloadTooLong < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :control_frame_payload_too_long
+        end
+      end
+      class DataFrameInsteadContinuation < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :data_frame_instead_continuation
+        end
+      end
+      class FragmentedControlFrame < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :fragmented_control_frame
+        end
+      end
+      class Invalid < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :invalid_frame
+        end
+      end
+      class InvalidPayloadEncoding < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :invalid_payload_encoding
+        end
+      end
+      class MaskTooShort < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :mask_is_too_short
+        end
+      end
+      class ReservedBitUsed < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :reserved_bit_used
+        end
+      end
+      class TooLong < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :frame_too_long
+        end
+      end
+      class UnexpectedContinuationFrame < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :unexpected_continuation_frame
+        end
+      end
+      class UnknownFrameType < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :unknown_frame_type
+        end
+      end
+      class UnknownOpcode < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :unknown_opcode
+        end
+      end
+      class UnknownCloseCode < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :unknown_close_code
+        end
+      end
+      class UnknownVersion < NewRelic::Security::WebSocket::Error::Frame
+        def message
+          :unknown_protocol_version
+        end
+      end
+    end
+    class Handshake < NewRelic::Security::WebSocket::Error
+      class GetRequestRequired < NewRelic::Security::WebSocket::Error::Handshake
+        def message
+          :get_request_required
+        end
+      end
+      class InvalidAuthentication < NewRelic::Security::WebSocket::Error::Handshake
+        def message
+          :invalid_handshake_authentication
+        end
+      end
+      class InvalidHeader < NewRelic::Security::WebSocket::Error::Handshake
+        def message
+          :invalid_header
+        end
+      end
+      class UnsupportedProtocol < NewRelic::Security::WebSocket::Error::Handshake
+        def message
+          :unsupported_protocol
+        end
+      end
+      class InvalidStatusCode < NewRelic::Security::WebSocket::Error::Handshake
+        def message
+          :invalid_status_code
+        end
+      end
+      class NoHostProvided < NewRelic::Security::WebSocket::Error::Handshake
+        def message
+          :no_host_provided
+        end
+      end
+      class UnknownVersion < NewRelic::Security::WebSocket::Error::Handshake
+        def message
+          :unknown_protocol_version
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/exception_handler.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module ExceptionHandler
+    attr_accessor :error
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+    module ClassMethods
+      # Rescue from NewRelic::Security::WebSocket::Error errors.
+      #
+      # @param [String] method_name Name of method that should be wrapped and rescued
+      # @param [Hash] options Options for rescue
+      #
+      # @option options [Any] :return Value that should be returned instead of raised error
+      def rescue_method(method_name, options = {})
+        define_method "#{method_name}_with_rescue" do |*args|
+          begin
+            send("#{method_name}_without_rescue", *args)
+          rescue NewRelic::Security::WebSocket::Error => e
+            self.error = e.message.to_sym
+            NewRelic::Security::WebSocket.should_raise ? raise : options[:return]
+          end
+        end
+        alias_method "#{method_name}_without_rescue", method_name
+        alias_method method_name, "#{method_name}_with_rescue"
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/base.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    # @abstract Subclass and override to implement custom frames
+    class Base
+      include ExceptionHandler
+      include NiceInspect
+      attr_reader :type, :version, :error
+      attr_accessor :data, :code
+      # Initialize frame
+      # @param args [Hash] Arguments for frame
+      # @option args [String]  :data default data for frame
+      # @option args [String]  :type Type of frame - available types are "text", "binary", "ping", "pong" and "close"(support depends on draft version)
+      # @option args [Integer] :code Code for close frame. Supported by drafts > 05.
+      # @option args [Integer] :version Version of draft. Currently supported version are 75, 76 and 00-13.
+      def initialize(args = {})
+        @type = args[:type].to_sym if args[:type]
+        @code = args[:code]
+        @data = Data.new(args[:data].to_s)
+        @version = args[:version] || DEFAULT_VERSION
+        @handler = nil
+        include_version
+      end
+      rescue_method :initialize
+      # Check if some errors occured
+      # @return [Boolean] True if error is set
+      def error?
+        !@error.nil?
+      end
+      # Is selected type supported for selected handler?
+      def support_type?
+        @handler.supported_frames.include?(@type)
+      end
+      # Implement in submodules
+      def supported_frames
+        raise NotImplementedError
+      end
+      private
+      # Include set of methods for selected protocol version
+      # @return [Boolean] false if protocol number is unknown, otherwise true
+      def include_version
+        @handler = case @version
+                   when 75..76 then Handler::Handler75.new(self)
+                   when 0..2 then Handler::Handler75.new(self)
+                   when 3 then Handler::Handler03.new(self)
+                   when 4 then Handler::Handler04.new(self)
+                   when 5..6 then Handler::Handler05.new(self)
+                   when 7..13 then Handler::Handler07.new(self)
+                   else raise NewRelic::Security::WebSocket::Error::Frame::UnknownVersion
+                   end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/data.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Data < String
+      def initialize(*args)
+        super(*convert_args(args))
+        @masking_key = nil
+      end
+      def <<(*args)
+        super(*convert_args(args))
+      end
+      # Convert all arguments to ASCII-8BIT for easier traversing
+      def convert_args(args)
+        args.collect { |arg| arg.dup.force_encoding('ASCII-8BIT') }
+      end
+      # Extract mask from 4 first bytes according to spec
+      def set_mask
+        raise NewRelic::Security::WebSocket::Error::Frame::MaskTooShort if bytesize < 4
+        @masking_key = self[0..3].bytes.to_a
+      end
+      # Remove mask flag - it will still be present in payload
+      def unset_mask
+        @masking_key = nil
+      end
+      # Extract `count` bytes starting from `start_index` and unmask it if needed.
+      def getbytes(start_index, count)
+        data = self[start_index, count]
+        data = mask(data.bytes.to_a, @masking_key).pack('C*') if @masking_key
+        data
+      end
+      # Mask whole payload using mask key
+      def mask(payload, mask)
+        return mask_native(payload, mask) if respond_to?(:mask_native)
+        result = []
+        payload.each_with_index do |byte, i|
+          result[i] = byte ^ mask[i % 4]
+        end
+        result
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/base.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      class Base
+        def initialize(frame)
+          @frame = frame
+        end
+        # Convert data to raw frame ready to send to client
+        # @return [String] Encoded frame
+        def encode_frame
+          raise NotImplementedError
+        end
+        # Convert raw data to decoded frame
+        # @return [NewRelic::Security::WebSocket::Frame::Incoming] Frame if found, nil otherwise
+        def decode_frame
+          raise NotImplementedError
+        end
+        private
+        # Check if frame is one of control frames
+        # @param [Symbol] frame_type Frame type
+        # @return [Boolean] True if given frame type is control frame
+        def control_frame?(frame_type)
+          !%i[text binary continuation].include?(frame_type)
+        end
+        # Check if frame is one of data frames
+        # @param [Symbol] frame_type Frame type
+        # @return [Boolean] True if given frame type is data frame
+        def data_frame?(frame_type)
+          %i[text binary].include?(frame_type)
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler03.rb ADDED Viewed

@@ -0,0 +1,224 @@
+# encoding: binary
+# frozen_string_literal: true
+require 'securerandom'
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      class Handler03 < Base
+        # Hash of frame names and it's opcodes
+        FRAME_TYPES = {
+          continuation: 0,
+          close: 1,
+          ping: 2,
+          pong: 3,
+          text: 4,
+          binary: 5
+        }.freeze
+        # Hash of frame opcodes and it's names
+        FRAME_TYPES_INVERSE = FRAME_TYPES.invert.freeze
+        def initialize(frame)
+          super
+          @application_data_buffer = nil
+        end
+        # @see NewRelic::Security::WebSocket::Frame::Base#supported_frames
+        def supported_frames
+          %i[text binary close ping pong]
+        end
+        # @see NewRelic::Security::WebSocket::Frame::Handler::Base#encode_frame
+        def encode_frame
+          frame = if @frame.outgoing_masking?
+                    masking_key = SecureRandom.random_bytes(4)
+                    tmp_data = Data.new(masking_key + @frame.data)
+                    tmp_data.set_mask
+                    masking_key + tmp_data.getbytes(4, tmp_data.size)
+                  else
+                    @frame.data
+                  end
+          encode_header + frame
+        end
+        # @see NewRelic::Security::WebSocket::Frame::Handler::Base#decode_frame
+        def decode_frame
+          while @frame.data.size > 1
+            valid_header, more, frame_type, mask, payload_length = decode_header
+            return unless valid_header
+            application_data = decode_payload(payload_length, mask)
+            if more
+              decode_continuation_frame(application_data, frame_type)
+            elsif frame_type == :continuation
+              return decode_finish_continuation_frame(application_data)
+            else
+              raise(NewRelic::Security::WebSocket::Error::Frame::InvalidPayloadEncoding) if frame_type == :text && !application_data.valid_encoding?
+              return @frame.class.new(version: @frame.version, type: frame_type, data: application_data, decoded: true)
+            end
+          end
+          nil
+        end
+        # Allow turning on or off masking
+        def masking?
+          false
+        end
+        private
+        # This allows flipping the more bit to fin for draft 04
+        def fin
+          false
+        end
+        # Convert frame type name to opcode
+        # @param [Symbol] frame_type Frame type name
+        # @return [Integer] opcode or nil
+        # @raise [NewRelic::Security::WebSocket::Error] if frame opcode is not known
+        def type_to_opcode(frame_type)
+          FRAME_TYPES[frame_type] || raise(NewRelic::Security::WebSocket::Error::Frame::UnknownFrameType)
+        end
+        # Convert frame opcode to type name
+        # @param [Integer] opcode Opcode
+        # @return [Symbol] Frame type name or nil
+        # @raise [NewRelic::Security::WebSocket::Error] if frame type name is not known
+        def opcode_to_type(opcode)
+          FRAME_TYPES_INVERSE[opcode] || raise(NewRelic::Security::WebSocket::Error::Frame::UnknownOpcode)
+        end
+        def encode_header
+          mask = @frame.outgoing_masking? ? 0b10000000 : 0b00000000
+          output = String.new('')
+          output << (type_to_opcode(@frame.type) | (fin ? 0b10000000 : 0b00000000)) # since more, rsv1-3 are 0 and 0x80 for Draft 4
+          output << encode_payload_length(@frame.data.size, mask)
+          output
+        end
+        def encode_payload_length(length, mask)
+          output = String.new('')
+          if length <= 125
+            output << (length | mask) # since rsv4 is 0
+          elsif length < 65_536 # write 2 byte length
+            output << (126 | mask)
+            output << [length].pack('n')
+          else # write 8 byte length
+            output << (127 | mask)
+            output << [length >> 32, length & 0xFFFFFFFF].pack('NN')
+          end
+          output
+        end
+        def decode_header
+          more, frame_type = decode_first_byte
+          header_length, payload_length, mask = decode_second_byte(frame_type)
+          return unless header_length
+          # Compute the expected frame length
+          frame_length = header_length + payload_length
+          frame_length += 4 if mask
+          raise(NewRelic::Security::WebSocket::Error::Frame::TooLong) if frame_length > NewRelic::Security::WebSocket.max_frame_size
+          # Check buffer size
+          return unless buffer_exists?(frame_length) # Buffer incomplete
+          # Remove frame header
+          @frame.data.slice!(0...header_length)
+          [true, more, frame_type, mask, payload_length]
+        end
+        def buffer_exists?(buffer_number)
+          !@frame.data.getbyte(buffer_number - 1).nil?
+        end
+        def decode_first_byte
+          first_byte = @frame.data.getbyte(0)
+          raise(NewRelic::Security::WebSocket::Error::Frame::ReservedBitUsed) if first_byte & 0b01110000 != 0b00000000
+          more = ((first_byte & 0b10000000) == 0b10000000) ^ fin
+          frame_type = opcode_to_type first_byte & 0b00001111
+          raise(NewRelic::Security::WebSocket::Error::Frame::FragmentedControlFrame) if more && control_frame?(frame_type)
+          raise(NewRelic::Security::WebSocket::Error::Frame::DataFrameInsteadContinuation) if data_frame?(frame_type) && !@application_data_buffer.nil?
+          [more, frame_type]
+        end
+        def decode_second_byte(frame_type)
+          second_byte = @frame.data.getbyte(1)
+          mask = @frame.incoming_masking? && (second_byte & 0b10000000) == 0b10000000
+          length = second_byte & 0b01111111
+          raise(NewRelic::Security::WebSocket::Error::Frame::ControlFramePayloadTooLong) if length > 125 && control_frame?(frame_type)
+          header_length, payload_length = decode_payload_length(length)
+          [header_length, payload_length, mask]
+        end
+        def decode_payload_length(length)
+          case length
+          when 127 # Length defined by 8 bytes
+            # Check buffer size
+            return unless buffer_exists?(10) # Buffer incomplete
+            # Only using the last 4 bytes for now, till I work out how to
+            # unpack 8 bytes. I'm sure 4GB frames will do for now :)
+            [10, @frame.data.getbytes(6, 4).unpack('N').first]
+          when 126 # Length defined by 2 bytes
+            # Check buffer size
+            return unless buffer_exists?(4) # Buffer incomplete
+            [4, @frame.data.getbytes(2, 2).unpack('n').first]
+          else
+            [2, length]
+          end
+        end
+        def decode_payload(payload_length, mask)
+          pointer = 0
+          # Read application data (unmasked if required)
+          @frame.data.set_mask if mask
+          pointer += 4 if mask
+          payload = @frame.data.getbytes(pointer, payload_length)
+          payload.force_encoding('UTF-8')
+          pointer += payload_length
+          @frame.data.unset_mask if mask
+          # Throw away data up to pointer
+          @frame.data.slice!(0...pointer)
+          payload
+        end
+        def decode_continuation_frame(application_data, frame_type)
+          @application_data_buffer ||= String.new('')
+          @application_data_buffer << application_data
+          @frame_type ||= frame_type
+        end
+        def decode_finish_continuation_frame(application_data)
+          raise(NewRelic::Security::WebSocket::Error::Frame::UnexpectedContinuationFrame) unless @frame_type
+          @application_data_buffer << application_data
+          # Test valid UTF-8 encoding
+          raise(NewRelic::Security::WebSocket::Error::Frame::InvalidPayloadEncoding) if @frame_type == :text && !@application_data_buffer.valid_encoding?
+          message = @frame.class.new(version: @frame.version, type: @frame_type, data: @application_data_buffer, decoded: true)
+          @application_data_buffer = nil
+          @frame_type = nil
+          message
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler04.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# encoding: binary
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      class Handler04 < Handler03
+        private
+        # The only difference between draft 03 framing and draft 04 framing is
+        # that the MORE bit has been changed to a FIN bit
+        def fin
+          true
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler05.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# encoding: binary
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      class Handler05 < Handler04
+        # Since handler 5 masking should be enabled by default
+        def masking?
+          true
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler07.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# encoding: binary
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      class Handler07 < Handler05
+        # Hash of frame names and it's opcodes
+        FRAME_TYPES = {
+          continuation: 0,
+          text: 1,
+          binary: 2,
+          close: 8,
+          ping: 9,
+          pong: 10
+        }.freeze
+        # Hash of frame opcodes and it's names
+        FRAME_TYPES_INVERSE = FRAME_TYPES.invert.freeze
+        def encode_frame
+          if @frame.type == :close
+            code = @frame.code || 1000
+            raise NewRelic::Security::WebSocket::Error::Frame::UnknownCloseCode unless valid_code?(code)
+            @frame.data = Data.new([code].pack('n') + @frame.data.to_s)
+            @frame.code = nil
+          end
+          super
+        end
+        def decode_frame
+          result = super
+          if close_code?(result)
+            code = result.data.slice!(0..1)
+            result.code = code.unpack('n').first
+            raise NewRelic::Security::WebSocket::Error::Frame::UnknownCloseCode unless valid_code?(result.code)
+            raise NewRelic::Security::WebSocket::Error::Frame::InvalidPayloadEncoding unless valid_encoding?(result.data)
+          end
+          result
+        end
+        private
+        def valid_code?(code)
+          [1000, 1001, 1002, 1003, 1007, 1008, 1009, 1010, 1011].include?(code) || (3000..4999).cover?(code)
+        end
+        def valid_encoding?(data)
+          return true if data.nil?
+          data.encode('UTF-8')
+          true
+        rescue StandardError
+          false
+        end
+        def close_code?(frame)
+          frame && frame.type == :close && !frame.data.empty?
+        end
+        # Convert frame type name to opcode
+        # @param [Symbol] frame_type Frame type name
+        # @return [Integer] opcode or nil
+        # @raise [NewRelic::Security::WebSocket::Error] if frame opcode is not known
+        def type_to_opcode(frame_type)
+          FRAME_TYPES[frame_type] || raise(NewRelic::Security::WebSocket::Error::Frame::UnknownFrameType)
+        end
+        # Convert frame opcode to type name
+        # @param [Integer] opcode Opcode
+        # @return [Symbol] Frame type name or nil
+        # @raise [NewRelic::Security::WebSocket::Error] if frame type name is not known
+        def opcode_to_type(opcode)
+          FRAME_TYPES_INVERSE[opcode] || raise(NewRelic::Security::WebSocket::Error::Frame::UnknownOpcode)
+        end
+      end
+    end
+  end
+end