RubyGems - newrelic_security - Versions diffs - 0.1.0 - Mend

newrelic_security 0.1.0

Files changed (205) hide show

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler/handler75.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# encoding: binary
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      class Handler75 < Base
+        # @see NewRelic::Security::WebSocket::Frame::Base#supported_frames
+        def supported_frames
+          %i[text close]
+        end
+        # @see NewRelic::Security::WebSocket::Frame::Handler::Base#encode_frame
+        def encode_frame
+          case @frame.type
+          when :close then "\xff\x00"
+          when :text then
+            ary = ["\x00", @frame.data, "\xff"]
+            ary.map { |s| s.encode('UTF-8', 'UTF-8', invalid: :replace) }
+            ary.join
+          else raise NewRelic::Security::WebSocket::Error::Frame::UnknownFrameType
+          end
+        end
+        # @see NewRelic::Security::WebSocket::Frame::Handler::Base#decode_frame
+        def decode_frame
+          return if @frame.data.size.zero?
+          pointer = 0
+          frame_type = @frame.data.getbyte(pointer)
+          pointer += 1
+          if (frame_type & 0x80) == 0x80
+            # If the high-order bit of the /frame type/ byte is set
+            length = 0
+            loop do
+              return unless @frame.data.getbyte(pointer)
+              b = @frame.data.getbyte(pointer)
+              pointer += 1
+              b_v = b & 0x7F
+              length = length * 128 + b_v
+              break unless (b & 0x80) == 0x80
+            end
+            raise NewRelic::Security::WebSocket::Error::Frame::TooLong if length > ::NewRelic::Security::WebSocket.max_frame_size
+            unless @frame.data.getbyte(pointer + length - 1).nil?
+              # Straight from spec - I'm sure this isn't crazy...
+              # 6. Read /length/ bytes.
+              # 7. Discard the read bytes.
+              @frame.instance_variable_set '@data', @frame.data[(pointer + length)..-1]
+              # If the /frame type/ is 0xFF and the /length/ was 0, then close
+              if length.zero?
+                @frame.class.new(version: @frame.version, type: :close, decoded: true)
+              end
+            end
+          else
+            # If the high-order bit of the /frame type/ byte is _not_ set
+            raise NewRelic::Security::WebSocket::Error::Frame::Invalid if @frame.data.getbyte(0) != 0x00
+            # Addition to the spec to protect against malicious requests
+            raise NewRelic::Security::WebSocket::Error::Frame::TooLong if @frame.data.size > ::NewRelic::Security::WebSocket.max_frame_size
+            msg = @frame.data.slice!(/\A\x00[^\xff]*\xff/)
+            if msg
+              msg.gsub!(/\A\x00|\xff\z/, '')
+              msg.force_encoding('UTF-8')
+              @frame.class.new(version: @frame.version, type: :text, data: msg, decoded: true)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/handler.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    module Handler
+      autoload :Base,      "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/base"
+      autoload :Handler03, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler03"
+      autoload :Handler04, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler04"
+      autoload :Handler05, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler05"
+      autoload :Handler07, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler07"
+      autoload :Handler75, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler/handler75"
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming/client.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Incoming
+      class Client < Incoming
+        def incoming_masking?
+          false
+        end
+        def outgoing_masking?
+          @handler.masking?
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming/server.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Incoming
+      class Server < Incoming
+        def incoming_masking?
+          @handler.masking?
+        end
+        def outgoing_masking?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/incoming.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    # Construct or parse incoming WebSocket Frame.
+    # @note You should NEVER use this class directly - use Client or Server subclasses instead, as they contain additional frame options(i.e. Client-side masking in draft 04)
+    #
+    # @example
+    #   frame = NewRelic::Security::WebSocket::Frame::Incoming::Server.new(version: @handshake.version)
+    #   frame << "\x81\x05\x48\x65\x6c\x6c\x6f\x81\x06\x77\x6f\x72\x6c\x64\x21"
+    #   frame.next # "Hello"
+    #   frame.next # "world!""
+    class Incoming < Base
+      autoload :Client, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/incoming/client"
+      autoload :Server, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/incoming/server"
+      def initialize(args = {})
+        @decoded = args[:decoded] || false
+        super
+      end
+      # If data is still encoded after receiving then this is false. After calling "next" you will receive
+      # another instance of incoming frame, but with data decoded - this function will return true and
+      # to_s will return frame content instead of raw data.
+      # @return [Boolean] If frame already decoded?
+      def decoded?
+        @decoded
+      end
+      # Add provided string as raw incoming frame.
+      # @param data [String] Raw frame
+      def <<(data)
+        @data << data
+      end
+      # Return next complete frame.
+      # This function will merge together splitted frames and return as combined content.
+      # Check #error if nil received to check for eventual parsing errors
+      # @return [NewRelic::Security::WebSocket::Frame::Incoming] Single incoming frame or nil if no complete frame is available.
+      def next
+        @handler.decode_frame unless decoded?
+      end
+      rescue_method :next
+      # If decoded then this will return frame content. Otherwise it will return raw frame.
+      # @return [String] Data of frame
+      def to_s
+        @data
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing/client.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Outgoing
+      class Client < Outgoing
+        def incoming_masking?
+          false
+        end
+        def outgoing_masking?
+          @handler.masking?
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing/server.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    class Outgoing
+      class Server < Outgoing
+        def incoming_masking?
+          @handler.masking?
+        end
+        def outgoing_masking?
+          false
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame/outgoing.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    # Construct or parse outgoing WebSocket Frame.
+    # @note You should NEVER use this class directly - use Client or Server subclasses instead, as they contain additional frame options(i.e. Client-side masking in draft 04)
+    #
+    # @example
+    #   frame = NewRelic::Security::WebSocket::Frame::Outgoing::Server.new(version: @handshake.version, data: "Hello", type: :text)
+    #   frame.to_s # "\x81\x05\x48\x65\x6c\x6c\x6f"
+    class Outgoing < Base
+      autoload :Client, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/outgoing/client"
+      autoload :Server, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/outgoing/server"
+      # Is selected type supported by current draft version?
+      # @return [Boolean] true if frame type is supported
+      def supported?
+        support_type?
+      end
+      # Should current frame be sent? Exclude empty frames etc.
+      # @return [Boolean] true if frame should be sent
+      def require_sending?
+        !error?
+      end
+      # Return raw frame formatted for sending.
+      def to_s
+        raise NewRelic::Security::WebSocket::Error::Frame::UnknownFrameType unless supported?
+        @handler.encode_frame
+      end
+      rescue_method :to_s
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/frame.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Frame
+    autoload :Base,     "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/base"
+    autoload :Data,     "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/data"
+    autoload :Handler,  "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/handler"
+    autoload :Incoming, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/incoming"
+    autoload :Outgoing, "#{NewRelic::Security::WebSocket::ROOT}/websocket/frame/outgoing"
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/base.rb ADDED Viewed

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Handshake
+    # @abstract Subclass and override to implement custom handshakes
+    class Base
+      include ExceptionHandler
+      include NiceInspect
+      attr_reader :host, :path, :query,
+                  :state, :version, :secure,
+                  :headers, :protocols
+      # Initialize new WebSocket Handshake and set it's state to :new
+      def initialize(args = {})
+        args.each do |k, v|
+          value = begin
+            v.dup
+          rescue TypeError
+            v
+          end
+          instance_variable_set("@#{k}", value)
+        end
+        @state = :new
+        @handler = nil
+        @data = String.new('')
+        @headers ||= {}
+        @protocols ||= []
+      end
+      # @abstract Add data to handshake
+      def <<(data)
+        @data << data
+      end
+      # Return textual representation of handshake request or response
+      # @return [String] text of response
+      def to_s
+        @handler ? @handler.to_s : ''
+      end
+      rescue_method :to_s, return: ''
+      # Is parsing of data finished?
+      # @return [Boolena] True if request was completely parsed or error occured. False otherwise
+      def finished?
+        @state == :finished || @state == :error
+      end
+      # Is parsed data valid?
+      # @return [Boolean] False if some errors occured. Reason for error could be found in error method
+      def valid?
+        finished? && @error.nil? && @handler && @handler.valid?
+      end
+      rescue_method :valid?, return: false
+      # @abstract Should send data after parsing is finished?
+      def should_respond?
+        raise NotImplementedError
+      end
+      # Data left from parsing. Sometimes data that doesn't belong to handshake are added - use this method to retrieve them.
+      # @return [String] String if some data are available. Nil otherwise
+      def leftovers
+        (@leftovers.to_s.split("\n", reserved_leftover_lines + 1)[reserved_leftover_lines] || '').strip
+      end
+      # Return default port for protocol (80 for ws, 443 for wss)
+      def default_port
+        secure ? 443 : 80
+      end
+      # Check if provided port is a default one
+      def default_port?
+        port == default_port
+      end
+      def port
+        @port || default_port
+      end
+      # URI of request.
+      # @return [String] Full URI with protocol
+      # @example
+      #   @handshake.uri #=> "ws://example.com/path?query=true"
+      def uri
+        uri =  String.new(secure ? 'wss://' : 'ws://')
+        uri << host
+        uri << ":#{port}" unless default_port?
+        uri << path
+        uri << "?#{query}" if query
+        uri
+      end
+      private
+      # Number of lines after header that should be handled as belonging to handshake. Any data after those lines will be handled as leftovers.
+      # @return [Integer] Number of lines
+      def reserved_leftover_lines
+        0
+      end
+      # Changes state to error and sets error message
+      # @param [String] message Error message to set
+      def error=(message)
+        @state = :error
+        super
+      end
+      HEADER = /^([^:]+):\s*(.+)$/
+      # Parse data imported to handshake and sets state to finished if necessary.
+      # @return [Boolean] True if finished parsing. False if not all data received yet.
+      def parse_data
+        header, @leftovers = @data.split("\r\n\r\n", 2)
+        return false unless @leftovers # The whole header has not been received yet.
+        lines = header.split("\r\n")
+        first_line = lines.shift
+        parse_first_line(first_line)
+        lines.each do |line|
+          h = HEADER.match(line)
+          next unless h # Skip any invalid headers
+          key = h[1].strip.downcase
+          val = h[2].strip
+          # If the header is already set and refers to the websocket protocol, append the new value
+          if @headers.key?(key) && key =~ /^(sec-)?websocket-protocol$/
+            @headers[key] << ", #{val}"
+          else
+            @headers[key] = val
+          end
+        end
+        @state = :finished
+        true
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/client.rb ADDED Viewed

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+require 'uri'
+module NewRelic::Security::WebSocket
+  module Handshake
+    # Construct or parse a client WebSocket handshake.
+    #
+    # @example
+    #   @handshake = NewRelic::Security::WebSocket::Handshake::Client.new(url: 'ws://example.com')
+    #
+    #   # Create request
+    #   @handshake.to_s # GET /demo HTTP/1.1
+    #                   # Upgrade: websocket
+    #                   # Connection: Upgrade
+    #                   # Host: example.com
+    #                   # Origin: http://example.com
+    #                   # Sec-WebSocket-Version: 13
+    #                   # Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
+    #
+    #   # Parse server response
+    #   @handshake << <<EOF
+    #   HTTP/1.1 101 Switching Protocols\r
+    #   Upgrade: websocket\r
+    #   Connection: Upgrade\r
+    #   Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=\r
+    #   \r
+    #   EOF
+    #
+    #   # All data received?
+    #   @handshake.finished?
+    #
+    #   # No parsing errors?
+    #   @handshake.valid?
+    #
+    class Client < Base
+      attr_reader :origin, :headers
+      # Initialize new WebSocket Client
+      #
+      # @param [Hash] args Arguments for client
+      #
+      # @option args [String]         :host Host of request. Required if no :url param was provided.
+      # @option args [String]         :origin Origin of request. Optional, should be used mostly by browsers. Default: nil
+      # @option args [String]         :path Path of request. Should start with '/'. Default: '/'
+      # @option args [Integer]        :port Port of request. Default: nil
+      # @option args [String]         :query. Query for request. Should be in format "aaa=bbb&ccc=ddd"
+      # @option args [Boolean]        :secure Defines protocol to use. If true then wss://, otherwise ws://. This option will not change default port - it should be handled by programmer.
+      # @option args [String]         :url URL of request. Must by in format like ws://example.com/path?query=true. Every part of this url will be overriden by more specific arguments.
+      # @option args [String]         :uri Alias to :url
+      # @option args [Array<String>]  :protocols An array of supported sub-protocols
+      # @option args [Integer]        :version Version of WebSocket to use. Default: 13 (this is version from RFC)
+      # @option args [Hash]           :headers HTTP headers to use in the handshake
+      #
+      # @example
+      #   Websocket::Handshake::Client.new(url: "ws://example.com/path?query=true")
+      def initialize(args = {})
+        super
+        if @url || @uri
+          uri = URI.parse(@url || @uri)
+          @secure ||= (uri.scheme == 'wss')
+          @host ||= uri.host
+          @port ||= uri.port || default_port
+          @path ||= uri.path
+          @query ||= uri.query
+        end
+        @path = '/' if @path.nil? || @path.empty?
+        @version ||= DEFAULT_VERSION
+        raise NewRelic::Security::WebSocket::Error::Handshake::NoHostProvided unless @host
+        include_version
+      end
+      rescue_method :initialize
+      # Add text of response from Server. This method will parse content immediately and update state and error(if neccessary)
+      #
+      # @param [String] data Data to add
+      #
+      # @example
+      #   @handshake << <<EOF
+      #   HTTP/1.1 101 Switching Protocols
+      #   Upgrade: websocket
+      #   Connection: Upgrade
+      #   Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=
+      #
+      #   EOF
+      def <<(data)
+        super
+        parse_data
+      end
+      rescue_method :<<
+      # Should send content to server after finished parsing?
+      # @return [Boolean] false
+      def should_respond?
+        false
+      end
+      private
+      # Include set of methods for selected protocol version
+      # @return [Boolean] false if protocol number is unknown, otherwise true
+      def include_version
+        @handler = case @version
+                   when 75 then Handler::Client75.new(self)
+                   when 76, 0 then Handler::Client76.new(self)
+                   when 1..3  then Handler::Client01.new(self)
+                   when 4..10 then Handler::Client04.new(self)
+                   when 11..17 then Handler::Client11.new(self)
+                   else raise NewRelic::Security::WebSocket::Error::Handshake::UnknownVersion
+                   end
+      end
+      FIRST_LINE = %r{^HTTP\/1\.1 (\d{3})[\w\s]*$}
+      # Parse first line of Server response.
+      # @param [String] line Line to parse
+      # @return [Boolean] True if parsed correctly. False otherwise
+      def parse_first_line(line)
+        line_parts = line.match(FIRST_LINE)
+        raise NewRelic::Security::WebSocket::Error::Handshake::InvalidHeader unless line_parts
+        status = line_parts[1]
+        raise NewRelic::Security::WebSocket::Error::Handshake::InvalidStatusCode unless status == '101'
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/base.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Handshake
+    module Handler
+      # This class and it's descendants are included in client or server handshake in order to extend basic functionality
+      class Base
+        def initialize(handshake)
+          @handshake = handshake
+        end
+        # @see NewRelic::Security::WebSocket::Handshake::Base#to_s
+        def to_s
+          result = [header_line]
+          handshake_keys.each do |key|
+            result << key.join(': ')
+          end
+          result << ''
+          result << finishing_line
+          result.join("\r\n")
+        end
+        def valid?
+          true
+        end
+        private
+        # Set first line of text representation according to specification.
+        # @return [String] First line of HTTP header
+        def header_line
+          ''
+        end
+        # Set handshake headers. Provided as array because some protocol version require specific order of fields.
+        # @return [Array] List of headers as arrays [key, value]
+        def handshake_keys
+          []
+        end
+        # Set data to send after headers. In most cases it will be blank data.
+        # @return [String] data
+        def finishing_line
+          ''
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+module NewRelic::Security::WebSocket
+  module Handshake
+    module Handler
+      class Client < Base
+        private
+        # @see NewRelic::Security::WebSocket::Handshake::Handler::Base#header_line
+        def header_line
+          path = @handshake.path
+          path += '?' + @handshake.query if @handshake.query
+          "GET #{path} HTTP/1.1"
+        end
+        # @see NewRelic::Security::WebSocket::Handshake::Handler::Base#header_handshake_keys
+        def handshake_keys
+          super + @handshake.headers.to_a
+        end
+        # Verify if received header matches with one of the sent ones
+        # @return [Boolean] True if matching. False otherwise(appropriate error is set)
+        def verify_protocol
+          return true if supported_protocols.empty?
+          protos = provided_protocols & supported_protocols
+          raise NewRelic::Security::WebSocket::Error::Handshake::UnsupportedProtocol if protos.empty?
+          true
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/websocket-client-simple/websocket-ruby/lib/websocket/handshake/handler/client01.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+require 'digest/md5'
+module NewRelic::Security::WebSocket
+  module Handshake
+    module Handler
+      class Client01 < Client76
+        private
+        # @see NewRelic::Security::WebSocket::Handshake::Handler::Base#handshake_keys
+        def handshake_keys
+          keys = super
+          keys << ['Sec-WebSocket-Draft', @handshake.version]
+          keys
+        end
+      end
+    end
+  end
+end