RubyGems - protocol-http1 - Versions diffs - 0.10.1 → 0.10.2 - Mend

protocol-http1 0.10.1 → 0.10.2

Potentially problematic release.

This version of protocol-http1 might be problematic. Click here for more details.

Files changed (14) hide show

checksums.yaml +4 -4
data/Gemfile +2 -0
data/README.md +1 -1
data/Rakefile +2 -0
data/examples/http1/request.rb +2 -1
data/lib/protocol/http1.rb +2 -0
data/lib/protocol/http1/body/chunked.rb +2 -0
data/lib/protocol/http1/body/fixed.rb +2 -0
data/lib/protocol/http1/body/remainder.rb +2 -0
data/lib/protocol/http1/connection.rb +44 -19
data/lib/protocol/http1/error.rb +5 -0
data/lib/protocol/http1/reason.rb +2 -0
data/lib/protocol/http1/version.rb +3 -1
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b52f567864d3915d86130972347027b27714a1796406d6a32f4867bbcd654244
-  data.tar.gz: aa84480d4729076515d4bdd1f404e5d57643940f52fe36db2ca08b12d37b30f8
+  metadata.gz: 7dbd1a16deecf77fd3b2b52f1081e87e0d6fff309660f6ea234c9be4af178aa4
+  data.tar.gz: f9dabc42905c0ae328d1a84523351f8d57da5551d86f591262849dbf7f5b83d0
 SHA512:
-  metadata.gz: d98704be139cded2dd123de2ede185e11aa9738ad3110eb573a59a915c441a103b47a83c383325683c0f2109654cb08d98627bc95497908914b84520ba4d589b
-  data.tar.gz: 1b3cb874b30b82181db4d6c666b9d79d99b6a3058f6c9f087660aea43344d114761b40c66dbda4ce125655b98c507a2ec7c5e8037c21bea8c938b9510683a693
+  metadata.gz: 2536f9d4e4596319e51a1cbb9921a3f0394ca8d360c9281cc88e46be1c8efc66a81a9fc5a5cc4564e78cceb7e6f0a6aca4aaa507b5aa596e45d51f132f3aa047
+  data.tar.gz: fdef6a5ac396848f03a0043f5adb14e055b46edb697881edfbc5f15edfaa4a29173506e9fc51e363a8f29297e76b623b62c0f411718d69b588afb6f96d48d394

data/Gemfile CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 source "https://rubygems.org"
 # Specify your gem's dependencies in protocol-http1.gemspec

data/README.md CHANGED

@@ -30,7 +30,7 @@ require 'async/io/stream'
 require 'async/http/endpoint'
 require 'protocol/http1/connection'
-Async.run do
+Async do
 	endpoint = Async::HTTP::Endpoint.parse("https://www.google.com/search?q=kittens", alpn_protocols: ["http/1.1"])
 	peer = endpoint.connect

data/Rakefile CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"

data/examples/http1/request.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 $LOAD_PATH.unshift File.expand_path("../../lib", __dir__)
@@ -7,7 +8,7 @@ require 'async/http/endpoint'
 require 'protocol/http1/connection'
 require 'pry'
-Async.run do
+Async do
 	endpoint = Async::HTTP::Endpoint.parse("https://www.google.com/search?q=kittens", alpn_protocols: ["http/1.1"])
 	peer = endpoint.connect

data/lib/protocol/http1.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2019, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy

data/lib/protocol/http1/body/chunked.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy

data/lib/protocol/http1/body/fixed.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy

data/lib/protocol/http1/body/remainder.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy

data/lib/protocol/http1/connection.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2018, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -31,26 +33,34 @@ require 'protocol/http/methods'
 module Protocol
 	module HTTP1
-		CONTENT_LENGTH = 'content-length'.freeze
+		CONTENT_LENGTH = 'content-length'
-		TRANSFER_ENCODING = 'transfer-encoding'.freeze
-		CHUNKED = 'chunked'.freeze
+		TRANSFER_ENCODING = 'transfer-encoding'
+		CHUNKED = 'chunked'
-		CONNECTION = 'connection'.freeze
-		CLOSE = 'close'.freeze
-		KEEP_ALIVE = 'keep-alive'.freeze
+		CONNECTION = 'connection'
+		CLOSE = 'close'
+		KEEP_ALIVE = 'keep-alive'
-		HOST = 'host'.freeze
-		UPGRADE = 'upgrade'.freeze
+		HOST = 'host'
+		UPGRADE = 'upgrade'
 		# HTTP/1.x request line parser:
 		TOKEN = /[!#$%&'*+-\.^_`|~0-9a-zA-Z]+/.freeze
-		REQUEST_LINE = /^(#{TOKEN}) ([^\s]+) (HTTP\/\d.\d)$/.freeze
+		REQUEST_LINE = /\A(#{TOKEN}) ([^\s]+) (HTTP\/\d.\d)\z/.freeze
+		# HTTP/1.x header parser:
+		FIELD_NAME = TOKEN
+		FIELD_VALUE = /[^\000-\037]*/.freeze
+		HEADER = /\A(#{FIELD_NAME}):\s*(#{FIELD_VALUE})\s*\z/.freeze
+		VALID_FIELD_NAME = /\A#{FIELD_NAME}\z/.freeze
+		VALID_FIELD_VALUE = /\A#{FIELD_VALUE}\z/.freeze
 		class Connection
-			CRLF = "\r\n".freeze
-			HTTP10 = "HTTP/1.0".freeze
-			HTTP11 = "HTTP/1.1".freeze
+			CRLF = "\r\n"
+			HTTP10 = "HTTP/1.0"
+			HTTP11 = "HTTP/1.1"
 			def initialize(stream, persistent = true)
 				@stream = stream
@@ -132,7 +142,7 @@ module Protocol
 			end
 			def write_response(version, status, headers, reason = Reason::DESCRIPTIONS[status])
-				# Safari WebSockets break if no reason is given.
+				# Safari WebSockets break if no reason is given:
 				@stream.write("#{version} #{status} #{reason}\r\n")
 				write_headers(headers)
@@ -140,8 +150,20 @@ module Protocol
 			def write_headers(headers)
 				headers.each do |name, value|
-					raise BadResponse, "invalid value for header #{name}: #{value.inspect}" if value.match?(/\r|\n/)
+					# Convert it to a string:
+					name = name.to_s
+					value = value.to_s
+					# Validate it:
+					unless name.match?(VALID_FIELD_NAME)
+						raise BadHeader, "Invalid header name: #{name.inspect}"
+					end
+					unless value.match?(VALID_FIELD_VALUE)
+						raise BadHeader, "Invalid header value for #{name}: #{value.inspect}"
+					end
+					# Write it:
 					@stream.write("#{name}: #{value}\r\n")
 				end
 			end
@@ -194,10 +216,13 @@ module Protocol
 				fields = []
 				while line = read_line
-					if line =~ /^([a-zA-Z\-\d]+):\s*(.+?)\s*$/
-						fields << [$1, $2]
+					# Empty line indicates end of headers:
+					break if line.empty?
+					if match = line.match(HEADER)
+						fields << [match[1], match[2]]
 					else
-						break
+						raise BadHeader, "Could not parse header: #{line.dump}"
 					end
 				end
@@ -361,8 +386,8 @@ module Protocol
 				read_remainder_body
 			end
-			HEAD = "HEAD".freeze
-			CONNECT = "CONNECT".freeze
+			HEAD = "HEAD"
+			CONNECT = "CONNECT"
 			def read_response_body(method, status, headers)
 				# RFC 7230 3.3.3

data/lib/protocol/http1/error.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2019, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -32,6 +34,9 @@ module Protocol
 		class BadRequest < Error
 		end
+		class BadHeader < Error
+		end
 		class BadResponse < Error
 		end
 	end

data/lib/protocol/http1/reason.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2019, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy

data/lib/protocol/http1/version.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Copyright, 2019, by Samuel G. D. Williams. <http://www.codeotaku.com>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -20,6 +22,6 @@
 module Protocol
 	module HTTP1
-		VERSION = "0.10.1"
+		VERSION = "0.10.2"
 	end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protocol-http1
 version: !ruby/object:Gem::Version
-  version: 0.10.1
+  version: 0.10.2
 platform: ruby
 authors:
 - Samuel Williams
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-07 00:00:00.000000000 Z
+date: 2020-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: protocol-http
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
 summary: A low level implementation of the HTTP/1 protocol.