RubyGems - newrelic_security - Versions diffs - 0.1.0 - Mend

newrelic_security 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler75.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# encoding: binary
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      class Handler75 < Base
+        # @see NewRelic::Security::WebSocket::Frame::Base#supported_frames
+        def supported_frames
+          %i[text close]
+        end
+        # @see NewRelic::Security::WebSocket::Frame::Handler::Base#encode_frame
+        def encode_frame
+          case @frame.type
+          when :close then "\xff\x00"
+          when :text then
+            ary = ["\x00", @frame.data, "\xff"]
+            ary.map { |s| s.encode('UTF-8', 'UTF-8', invalid: :replace) }
+            ary.join
+          else raise NewRelic::Security::WebSocket::Error::Frame::UnknownFrameType
+          end
+        end
+        # @see NewRelic::Security::WebSocket::Frame::Handler::Base#decode_frame
+        def decode_frame
+          return if @frame.data.size.zero?
+          pointer = 0
+          frame_type = @frame.data.getbyte(pointer)
+          pointer += 1
+          if (frame_type & 0x80) == 0x80
+            # If the high-order bit of the /frame type/ byte is set
+            length = 0
+            loop do
+              return unless @frame.data.getbyte(pointer)
+              b = @frame.data.getbyte(pointer)
+              pointer += 1
+              b_v = b & 0x7F
+              length = length * 128 + b_v
+              break unless (b & 0x80) == 0x80
+            end
+            raise NewRelic::Security::WebSocket::Error::Frame::TooLong if length > ::NewRelic::Security::WebSocket.max_frame_size
+            unless @frame.data.getbyte(pointer + length - 1).nil?
+              # Straight from spec - I'm sure this isn't crazy...
+              # 6. Read /length/ bytes.
+              # 7. Discard the read bytes.
+              @frame.instance_variable_set '@data', @frame.data[(pointer + length)..-1]
+              # If the /frame type/ is 0xFF and the /length/ was 0, then close
+              if length.zero?
+                @frame.class.new(version: @frame.version, type: :close, decoded: true)
+              end
+            end
+          else
+            # If the high-order bit of the /frame type/ byte is _not_ set
+            raise NewRelic::Security::WebSocket::Error::Frame::Invalid if @frame.data.getbyte(0) != 0x00
+            # Addition to the spec to protect against malicious requests
+            raise NewRelic::Security::WebSocket::Error::Frame::TooLong if @frame.data.size > ::NewRelic::Security::WebSocket.max_frame_size
+            msg = @frame.data.slice!(/\A\x00[^\xff]*\xff/)
+            if msg
+              msg.gsub!(/\A\x00|\xff\z/, '')
+              msg.force_encoding('UTF-8')
+              @frame.class.new(version: @frame.version, type: :text, data: msg, decoded: true)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      autoload :Base,      "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/base"
+      autoload :Handler03, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler03"
+      autoload :Handler04, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler04"
+      autoload :Handler05, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler05"
+      autoload :Handler07, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler07"
+      autoload :Handler75, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler75"
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming/client.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Incoming
+      class Client < Incoming
+        def incoming_masking?
+          false
+        end
+        def outgoing_masking?
+          @handler.masking?
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming/server.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Incoming
+      class Server < Incoming
+        def incoming_masking?
+          @handler.masking?
+        end
+        def outgoing_masking?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    # Construct or parse incoming WebSocket Frame.
+    # @note You should NEVER use this class directly - use Client or Server subclasses instead, as they contain additional frame options(i.e. Client-side masking in draft 04)
+    #
+    # @example
+    #   frame = NewRelic::Security::WebSocket::Frame::Incoming::Server.new(version: @handshake.version)
+    #   frame << "\x81\x05\x48\x65\x6c\x6c\x6f\x81\x06\x77\x6f\x72\x6c\x64\x21"
+    #   frame.next # "Hello"
+    #   frame.next # "world!""
+    class Incoming < Base
+      autoload :Client, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/incoming/client"
+      autoload :Server, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/incoming/server"
+      def initialize(args = {})
+        @decoded = args[:decoded] || false
+        super
+      end
+      # If data is still encoded after receiving then this is false. After calling "next" you will receive
+      # another instance of incoming frame, but with data decoded - this function will return true and
+      # to_s will return frame content instead of raw data.
+      # @return [Boolean] If frame already decoded?
+      def decoded?
+        @decoded
+      end
+      # Add provided string as raw incoming frame.
+      # @param data [String] Raw frame
+      def <<(data)
+        @data << data
+      end
+      # Return next complete frame.
+      # This function will merge together splitted frames and return as combined content.
+      # Check #error if nil received to check for eventual parsing errors
+      # @return [NewRelic::Security::WebSocket::Frame::Incoming] Single incoming frame or nil if no complete frame is available.
+      def next
+        @handler.decode_frame unless decoded?
+      end
+      rescue_method :next
+      # If decoded then this will return frame content. Otherwise it will return raw frame.
+      # @return [String] Data of frame
+      def to_s
+        @data
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing/client.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Outgoing
+      class Client < Outgoing
+        def incoming_masking?
+          false
+        end
+        def outgoing_masking?
+          @handler.masking?
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing/server.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Outgoing
+      class Server < Outgoing
+        def incoming_masking?
+          @handler.masking?
+        end
+        def outgoing_masking?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    # Construct or parse outgoing WebSocket Frame.
+    # @note You should NEVER use this class directly - use Client or Server subclasses instead, as they contain additional frame options(i.e. Client-side masking in draft 04)
+    #
+    # @example
+    #   frame = NewRelic::Security::WebSocket::Frame::Outgoing::Server.new(version: @handshake.version, data: "Hello", type: :text)
+    #   frame.to_s # "\x81\x05\x48\x65\x6c\x6c\x6f"
+    class Outgoing < Base
+      autoload :Client, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/outgoing/client"
+      autoload :Server, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/outgoing/server"
+      # Is selected type supported by current draft version?
+      # @return [Boolean] true if frame type is supported
+      def supported?
+        support_type?
+      end
+      # Should current frame be sent? Exclude empty frames etc.
+      # @return [Boolean] true if frame should be sent
+      def require_sending?
+        !error?
+      end
+      # Return raw frame formatted for sending.
+      def to_s
+        raise NewRelic::Security::WebSocket::Error::Frame::UnknownFrameType unless supported?
+        @handler.encode_frame
+      end
+      rescue_method :to_s
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    autoload :Base,     "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/base"
+    autoload :Data,     "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/data"
+    autoload :Handler,  "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler"
+    autoload :Incoming, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/incoming"
+    autoload :Outgoing, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/outgoing"
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/base.rb ADDED Viewed

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Handshake
+    # @abstract Subclass and override to implement custom handshakes
+    class Base
+      include ExceptionHandler
+      include NiceInspect
+      attr_reader :host, :path, :query,
+                  :state, :version, :secure,
+                  :headers, :protocols
+      # Initialize new WebSocket Handshake and set it's state to :new
+      def initialize(args = {})
+        args.each do |k, v|
+          value = begin
+            v.dup
+          rescue TypeError
+            v
+          end
+          instance_variable_set("@#{k}", value)
+        end
+        @state = :new
+        @handler = nil
+        @data = String.new('')
+        @headers ||= {}
+        @protocols ||= []
+      end
+      # @abstract Add data to handshake
+      def <<(data)
+        @data << data
+      end
+      # Return textual representation of handshake request or response
+      # @return [String] text of response
+      def to_s
+        @handler ? @handler.to_s : ''
+      end
+      rescue_method :to_s, return: ''
+      # Is parsing of data finished?
+      # @return [Boolena] True if request was completely parsed or error occured. False otherwise
+      def finished?
+        @state == :finished || @state == :error
+      end
+      # Is parsed data valid?
+      # @return [Boolean] False if some errors occured. Reason for error could be found in error method
+      def valid?
+        finished? && @error.nil? && @handler && @handler.valid?
+      end
+      rescue_method :valid?, return: false
+      # @abstract Should send data after parsing is finished?
+      def should_respond?
+        raise NotImplementedError
+      end
+      # Data left from parsing. Sometimes data that doesn't belong to handshake are added - use this method to retrieve them.
+      # @return [String] String if some data are available. Nil otherwise
+      def leftovers
+        (@leftovers.to_s.split("\n", reserved_leftover_lines + 1)[reserved_leftover_lines] || '').strip
+      end
+      # Return default port for protocol (80 for ws, 443 for wss)
+      def default_port
+        secure ? 443 : 80
+      end
+      # Check if provided port is a default one
+      def default_port?
+        port == default_port
+      end
+      def port
+        @port || default_port
+      end
+      # URI of request.
+      # @return [String] Full URI with protocol
+      # @example
+      #   @handshake.uri #=> "ws://example.com/path?query=true"
+      def uri
+        uri =  String.new(secure ? 'wss://' : 'ws://')
+        uri << host
+        uri << ":#{port}" unless default_port?
+        uri << path
+        uri << "?#{query}" if query
+        uri
+      end
+      private
+      # Number of lines after header that should be handled as belonging to handshake. Any data after those lines will be handled as leftovers.
+      # @return [Integer] Number of lines
+      def reserved_leftover_lines
+        0
+      end
+      # Changes state to error and sets error message
+      # @param [String] message Error message to set
+      def error=(message)
+        @state = :error
+        super
+      end
+      HEADER = /^([^:]+):\s*(.+)$/
+      # Parse data imported to handshake and sets state to finished if necessary.
+      # @return [Boolean] True if finished parsing. False if not all data received yet.
+      def parse_data
+        header, @leftovers = @data.split("\r\n\r\n", 2)
+        return false unless @leftovers # The whole header has not been received yet.
+        lines = header.split("\r\n")
+        first_line = lines.shift
+        parse_first_line(first_line)
+        lines.each do |line|
+          h = HEADER.match(line)
+          next unless h # Skip any invalid headers
+          key = h[1].strip.downcase
+          val = h[2].strip
+          # If the header is already set and refers to the websocket protocol, append the new value
+          if @headers.key?(key) && key =~ /^(sec-)?websocket-protocol$/
+            @headers[key] << ", #{val}"
+          else
+            @headers[key] = val
+          end
+        end
+        @state = :finished
+        true
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/client.rb ADDED Viewed

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+require 'uri'
+module NewRelic::Security::WebSocket
+  module Handshake
+    # Construct or parse a client WebSocket handshake.
+    #
+    # @example
+    #   @handshake = NewRelic::Security::WebSocket::Handshake::Client.new(url: 'ws://example.com')
+    #
+    #   # Create request
+    #   @handshake.to_s # GET /demo HTTP/1.1
+    #                   # Upgrade: websocket
+    #                   # Connection: Upgrade
+    #                   # Host: example.com
+    #                   # Origin: http://example.com
+    #                   # Sec-WebSocket-Version: 13
+    #                   # Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
+    #
+    #   # Parse server response
+    #   @handshake << <<EOF
+    #   HTTP/1.1 101 Switching Protocols\r
+    #   Upgrade: websocket\r
+    #   Connection: Upgrade\r
+    #   Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=\r
+    #   \r
+    #   EOF
+    #
+    #   # All data received?
+    #   @handshake.finished?
+    #
+    #   # No parsing errors?
+    #   @handshake.valid?
+    #
+    class Client < Base
+      attr_reader :origin, :headers
+      # Initialize new WebSocket Client
+      #
+      # @param [Hash] args Arguments for client
+      #
+      # @option args [String]         :host Host of request. Required if no :url param was provided.
+      # @option args [String]         :origin Origin of request. Optional, should be used mostly by browsers. Default: nil
+      # @option args [String]         :path Path of request. Should start with '/'. Default: '/'
+      # @option args [Integer]        :port Port of request. Default: nil
+      # @option args [String]         :query. Query for request. Should be in format "aaa=bbb&ccc=ddd"
+      # @option args [Boolean]        :secure Defines protocol to use. If true then wss://, otherwise ws://. This option will not change default port - it should be handled by programmer.
+      # @option args [String]         :url URL of request. Must by in format like ws://example.com/path?query=true. Every part of this url will be overriden by more specific arguments.
+      # @option args [String]         :uri Alias to :url
+      # @option args [Array<String>]  :protocols An array of supported sub-protocols
+      # @option args [Integer]        :version Version of WebSocket to use. Default: 13 (this is version from RFC)
+      # @option args [Hash]           :headers HTTP headers to use in the handshake
+      #
+      # @example
+      #   Websocket::Handshake::Client.new(url: "ws://example.com/path?query=true")
+      def initialize(args = {})
+        super
+        if @url || @uri
+          uri = URI.parse(@url || @uri)
+          @secure ||= (uri.scheme == 'wss')
+          @host ||= uri.host
+          @port ||= uri.port || default_port
+          @path ||= uri.path
+          @query ||= uri.query
+        end
+        @path = '/' if @path.nil? || @path.empty?
+        @version ||= DEFAULT_VERSION
+        raise NewRelic::Security::WebSocket::Error::Handshake::NoHostProvided unless @host
+        include_version
+      end
+      rescue_method :initialize
+      # Add text of response from Server. This method will parse content immediately and update state and error(if neccessary)
+      #
+      # @param [String] data Data to add
+      #
+      # @example
+      #   @handshake << <<EOF
+      #   HTTP/1.1 101 Switching Protocols
+      #   Upgrade: websocket
+      #   Connection: Upgrade
+      #   Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
+      #
+      #   EOF
+      def <<(data)
+        super
+        parse_data
+      end
+      rescue_method :<<
+      # Should send content to server after finished parsing?
+      # @return [Boolean] false
+      def should_respond?
+        false
+      end
+      private
+      # Include set of methods for selected protocol version
+      # @return [Boolean] false if protocol number is unknown, otherwise true
+      def include_version
+        @handler = case @version
+                   when 75 then Handler::Client75.new(self)
+                   when 76, 0 then Handler::Client76.new(self)
+                   when 1..3  then Handler::Client01.new(self)
+                   when 4..10 then Handler::Client04.new(self)
+                   when 11..17 then Handler::Client11.new(self)
+                   else raise NewRelic::Security::WebSocket::Error::Handshake::UnknownVersion
+                   end
+      end
+      FIRST_LINE = %r{^HTTP\/1\.1 (\d{3})[\w\s]*$}
+      # Parse first line of Server response.
+      # @param [String] line Line to parse
+      # @return [Boolean] True if parsed correctly. False otherwise
+      def parse_first_line(line)
+        line_parts = line.match(FIRST_LINE)
+        raise NewRelic::Security::WebSocket::Error::Handshake::InvalidHeader unless line_parts
+        status = line_parts[1]
+        raise NewRelic::Security::WebSocket::Error::Handshake::InvalidStatusCode unless status == '101'
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/base.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Handshake
+    module Handler
+      # This class and it's descendants are included in client or server handshake in order to extend basic functionality
+      class Base
+        def initialize(handshake)
+          @handshake = handshake
+        end
+        # @see NewRelic::Security::WebSocket::Handshake::Base#to_s
+        def to_s
+          result = [header_line]
+          handshake_keys.each do |key|
+            result << key.join(': ')
+          end
+          result << ''
+          result << finishing_line
+          result.join("\r\n")
+        end
+        def valid?
+          true
+        end
+        private
+        # Set first line of text representation according to specification.
+        # @return [String] First line of HTTP header
+        def header_line
+          ''
+        end
+        # Set handshake headers. Provided as array because some protocol version require specific order of fields.
+        # @return [Array] List of headers as arrays [key, value]
+        def handshake_keys
+          []
+        end
+        # Set data to send after headers. In most cases it will be blank data.
+        # @return [String] data
+        def finishing_line
+          ''
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Handshake
+    module Handler
+      class Client < Base
+        private
+        # @see NewRelic::Security::WebSocket::Handshake::Handler::Base#header_line
+        def header_line
+          path = @handshake.path
+          path += '?' + @handshake.query if @handshake.query
+          "GET #{path} HTTP/1.1"
+        end
+        # @see NewRelic::Security::WebSocket::Handshake::Handler::Base#header_handshake_keys
+        def handshake_keys
+          super + @handshake.headers.to_a
+        end
+        # Verify if received header matches with one of the sent ones
+        # @return [Boolean] True if matching. False otherwise(appropriate error is set)
+        def verify_protocol
+          return true if supported_protocols.empty?
+          protos = provided_protocols & supported_protocols
+          raise NewRelic::Security::WebSocket::Error::Handshake::UnsupportedProtocol if protos.empty?
+          true
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client01.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+require 'digest/md5'
+module NewRelic::Security::WebSocket
+  module Handshake
+    module Handler
+      class Client01 < Client76
+        private
+        # @see NewRelic::Security::WebSocket::Handshake::Handler::Base#handshake_keys
+        def handshake_keys
+          keys = super
+          keys << ['Sec-WebSocket-Draft', @handshake.version]
+          keys
+        end
+      end
+    end
+  end
+end