ronin-web-server 0.1.0.beta1

data/spec/reverse_proxy/request_spec.rb

@@ -0,0 +1,200 @@
+require 'spec_helper'
+require 'ronin/web/server/reverse_proxy/request'
+
+describe Ronin::Web::Server::ReverseProxy::Request do
+  it "must provide the same methods as Ronin::Web::Server::Request" do
+    expect(described_class).to be < Ronin::Web::Server::Request
+  end
+
+  let(:env) { {} }
+
+  subject { described_class.new(env) }
+
+  describe "#host=" do
+    let(:host)     { 'example.com' }
+    let(:new_host) { 'evil.com'    }
+    let(:env) do
+      {'HTTP_HOST' => host}
+    end
+
+    before { subject.host = new_host }
+
+    it "must set HTTP_HOST" do
+      expect(env['HTTP_HOST']).to eq(new_host)
+    end
+  end
+
+  describe "#port=" do
+    let(:port)     { 80   }
+    let(:new_port) { 8080 }
+    let(:env) do
+      {'SERVER_PORT' => port}
+    end
+
+    before { subject.port = new_port }
+
+    it "must set SERVER_PORT" do
+      expect(env['SERVER_PORT']).to eq(new_port)
+    end
+  end
+
+  describe "#scheme=" do
+    let(:scheme)     { 'https' }
+    let(:new_scheme) { 'http'  }
+    let(:env) do
+      {'rack.url_scheme' => scheme}
+    end
+
+    before { subject.scheme = new_scheme }
+
+    it "must set rack.url_scheme" do
+      expect(env['rack.url_scheme']).to eq(new_scheme)
+    end
+  end
+
+  describe "#ssl=" do
+    context "when given true" do
+      before { subject.ssl = true }
+
+      it "must set #port to 443" do
+        expect(subject.port).to eq(443)
+      end
+
+      it "must set #scheme to 'https'" do
+        expect(subject.scheme).to eq('https')
+      end
+    end
+
+    context "when given false" do
+      before { subject.ssl = false }
+
+      it "must set #port to 80" do
+        expect(subject.port).to eq(80)
+      end
+
+      it "must set #scheme to 'http'" do
+        expect(subject.scheme).to eq('http')
+      end
+    end
+  end
+
+  describe "#request_method=" do
+    let(:request_method)     { 'GET' }
+    let(:new_request_method) { 'POST' }
+    let(:env) do
+      {'REQUEST_METHOD' => request_method}
+    end
+
+    before { subject.request_method = new_request_method }
+
+    it "must set REQUEST_METHOD" do
+      expect(env['REQUEST_METHOD']).to eq(new_request_method)
+    end
+  end
+
+  describe "#query_string=" do
+    let(:query_string)     { 'GET' }
+    let(:new_query_string) { 'POST' }
+    let(:env) do
+      {'QUERY_STRING' => query_string}
+    end
+
+    before { subject.query_string = new_query_string }
+
+    it "must set QUERY_STRING" do
+      expect(env['QUERY_STRING']).to eq(new_query_string)
+    end
+  end
+
+  describe "#xhr=" do
+    context "when given true" do
+      before { subject.xhr = true }
+
+      it "must set HTTP_X_REQUESTED_WITH to 'XMLHttpRequest'" do
+        expect(env['HTTP_X_REQUESTED_WITH']).to eq('XMLHttpRequest')
+      end
+    end
+
+    context "when given false" do
+      let(:env) do
+        {'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'}
+      end
+
+      before { subject.xhr = false }
+
+      it "must delete the HTTP_X_REQUESTED_WITH header" do
+        expect(env['HTTP_X_REQUESTED_WITH']).to be(nil)
+      end
+    end
+  end
+
+  describe "#content_type=" do
+    let(:content_type)     { 'text/html' }
+    let(:new_content_type) { 'text/xml'  }
+    let(:env) do
+      {'CONTENT_TYPE' => content_type}
+    end
+
+    before { subject.content_type = new_content_type }
+
+    it "must set CONTENT_TYPE" do
+      expect(env['CONTENT_TYPE']).to eq(new_content_type)
+    end
+  end
+
+  describe "#accept_encoding=" do
+    let(:accept_encoding)     { 'gzip' }
+    let(:new_accept_encoding) { '*'    }
+    let(:env) do
+      {'HTTP_ACCEPT_ENCODING' => accept_encoding}
+    end
+
+    before { subject.accept_encoding = new_accept_encoding }
+
+    it "must set HTTP_ACCEPT_ENCODING" do
+      expect(env['HTTP_ACCEPT_ENCODING']).to eq(new_accept_encoding)
+    end
+  end
+
+  describe "#user_agent=" do
+    let(:user_agent)     { 'FireFox' }
+    let(:new_user_agent) { 'Chrome'  }
+    let(:env) do
+      {'HTTP_USER_AGENT' => user_agent}
+    end
+
+    before { subject.user_agent = new_user_agent }
+
+    it "must set HTTP_USER_AGENT" do
+      expect(env['HTTP_USER_AGENT']).to eq(new_user_agent)
+    end
+  end
+
+  describe "#referer=" do
+    let(:referer)     { 'http://example.com/' }
+    let(:new_referer) { 'http://evil.com/'    }
+    let(:env) do
+      {'HTTP_REFERER' => referer}
+    end
+
+    before { subject.referer = new_referer }
+
+    it "must set HTTP_REFERER" do
+      expect(env['HTTP_REFERER']).to eq(new_referer)
+    end
+  end
+
+  describe "#body=" do
+    let(:body)     { '<html><body>test</body></html>'       }
+    let(:new_body) { '<html><body>rewritten!</body></html>' }
+    let(:env) do
+      {'rack.input' => body}
+    end
+
+    before { subject.body = new_body }
+
+    it "must set rack.input" do
+      expect(env['rack.input']).to eq(new_body)
+    end
+  end
+end

data/spec/reverse_proxy/response_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+require 'ronin/web/server/reverse_proxy/response'
+
+describe Ronin::Web::Server::ReverseProxy::Response do
+  it "must provide the same methods as Ronin::Web::Server::Response" do
+    expect(described_class).to be < Ronin::Web::Server::Response
+  end
+end

data/spec/reverse_proxy_spec.rb

@@ -0,0 +1,223 @@
+require 'spec_helper'
+require 'ronin/web/server/reverse_proxy'
+
+require 'webmock/rspec'
+
+describe Ronin::Web::Server::ReverseProxy do
+  describe "#initialize" do
+    context "when given a block" do
+      it "must pass the newly created reverse proxy object" do
+        expect { |b|
+          described_class.new(&b)
+        }.to yield_with_args(described_class)
+      end
+    end
+  end
+
+  describe "#call" do
+    let(:request_method) { 'GET' }
+    let(:path) { '/' }
+    let(:port) { 80  }
+    let(:host) { 'example.com' }
+    let(:body) { '' }
+    let(:env) do
+      {
+        'REQUEST_METHOD' => request_method,
+        'REQUEST_PATH'   => path,
+        'PATH_INFO'      => path,
+        'HTTP_HOST'      => host,
+        'SERVER_PORT'    => port,
+        'rack.input'     => StringIO.new(body)
+      }
+    end
+
+    let(:http_request_method) { request_method.downcase.to_sym }
+    let(:http_request_uri) do
+      URI::HTTP.build(host: host, port: port, path: path)
+    end
+
+    let(:http_response_status) { 200 }
+    let(:http_response_headers) do
+      {'X-Foo' => 'bar'}
+    end
+    let(:http_response_body)   { nil }
+
+    before do
+      stub_request(:get,http_request_uri).to_return(
+        status:  http_response_status,
+        headers: http_response_headers,
+        body:    http_response_body
+      )
+    end
+
+    it "must return a #{described_class::Response} object" do
+      expect(subject.call(env)).to be_kind_of(described_class::Response)
+    end
+
+    it "must make an HTTP request for the requested Host header and path" do
+      subject.call(env)
+
+      expect(WebMock).to have_requested(http_request_method,http_request_uri)
+    end
+
+    it "must return all HTTP response headers in the respones object" do
+      response = subject.call(env)
+
+      expect(response.headers).to include(http_response_headers)
+    end
+
+    it "must default the response body to an empty String" do
+      response = subject.call(env)
+
+      expect(response.body).to eq([''])
+    end
+
+    context "when the #on_request callback is set" do
+      it "must pass the request object to the #on_request callback" do
+        yielded_request = nil
+
+        reverse_proxy = described_class.new do |proxy|
+          proxy.on_request do |request|
+            yielded_request = request
+          end
+        end
+
+        reverse_proxy.call(env)
+
+        expect(yielded_request).to be_kind_of(described_class::Request)
+      end
+    end
+
+    context "when the #on_response callback is set" do
+      it "must pass the response object to the #on_response callback" do
+        yielded_response = nil
+
+        reverse_proxy = described_class.new do |proxy|
+          proxy.on_response do |response|
+            yielded_response = response
+          end
+        end
+
+        reverse_proxy.call(env)
+
+        expect(yielded_response).to be_kind_of(described_class::Response)
+      end
+
+      context "when the #on_response callback accepts two arguments" do
+        it "must pass both the request and the response objects" do
+          yielded_request = nil
+          yielded_response = nil
+
+          reverse_proxy = described_class.new do |proxy|
+            proxy.on_response do |request,response|
+              yielded_request = request
+              yielded_response = response
+            end
+          end
+
+          reverse_proxy.call(env)
+
+          expect(yielded_request).to be_kind_of(described_class::Request)
+          expect(yielded_response).to be_kind_of(described_class::Response)
+        end
+      end
+    end
+  end
+
+  describe "#connection_for" do
+    let(:host) { 'example.com' }
+    let(:port) { 443  }
+    let(:ssl)  { true }
+
+    context "when there is no connection for the host/port/ssl combination" do
+      it "must return a new Ronin::Support::Network::HTTP instance for the host/port/ssl combination" do
+        http = subject.connection_for(host,port,ssl: ssl)
+
+        expect(http).to be_kind_of(Ronin::Support::Network::HTTP)
+        expect(http.host).to eq(host)
+        expect(http.port).to eq(port)
+        expect(http.ssl?).to eq(ssl)
+      end
+    end
+
+    context "when there is an existing connection for the host/port/ssl combination" do
+      it "must return the existing Ronin::Support::Network::HTTP instance for the host/port/ssl combination" do
+        expect(subject.connection_for(host,port,ssl: ssl)).to be(
+          subject.connection_for(host,port,ssl: ssl)
+        )
+      end
+    end
+  end
+
+  describe "#reverse_proxy" do
+    let(:request_method) { 'GET' }
+    let(:path) { '/' }
+    let(:port) { 80  }
+    let(:host) { 'example.com' }
+    let(:body) { '' }
+    let(:env) do
+      {
+        'REQUEST_METHOD' => request_method,
+        'REQUEST_PATH'   => path,
+        'PATH_INFO'      => path,
+        'HTTP_HOST'      => host,
+        'SERVER_PORT'    => port,
+        'rack.input'     => StringIO.new(body)
+      }
+    end
+    let(:request) { described_class::Request.new(env) }
+
+    let(:http_request_method) { request_method.downcase.to_sym }
+    let(:http_request_uri) do
+      URI::HTTP.build(host: host, port: port, path: path)
+    end
+
+    let(:http_response_status) { 200 }
+    let(:http_response_headers) do
+      {'X-Foo' => 'bar'}
+    end
+    let(:http_response_body)   { nil }
+
+    before do
+      stub_request(:get,http_request_uri).to_return(
+        status:  http_response_status,
+        headers: http_response_headers,
+        body:    http_response_body
+      )
+    end
+
+    it "must return a #{described_class::Response} object" do
+      expect(subject.reverse_proxy(request)).to be_kind_of(described_class::Response)
+    end
+
+    it "must make an HTTP request for the requested Host header and path" do
+      subject.reverse_proxy(request)
+
+      expect(WebMock).to have_requested(http_request_method,http_request_uri)
+    end
+
+    it "must return all HTTP response headers in the respones object" do
+      response = subject.reverse_proxy(request)
+
+      expect(response.headers).to include(http_response_headers)
+    end
+
+    it "must default the response body to an empty String" do
+      response = subject.reverse_proxy(request)
+
+      expect(response.body).to eq([''])
+    end
+
+    context "when the response contains the 'Transfer-Encoding' header" do
+      let(:http_response_headers) do
+        {'Transfer-Encoding' => 'chunked'}
+      end
+
+      it "must omit the 'Transfer-Encoding' header from the response" do
+        response = subject.reverse_proxy(request)
+
+        expect(response.headers).to_not have_key('Transfer-Encoding')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+require 'rspec'
+require 'simplecov'
+require 'ronin/web/server/version'
+
+SimpleCov.start
+
+RSpec.configure do |c|
+  c.include Ronin::Web::Server
+end

metadata

@@ -0,0 +1,180 @@
+--- !ruby/object:Gem::Specification
+name: ronin-web-server
+version: !ruby/object:Gem::Version
+  version: 0.1.0.beta1
+platform: ruby
+authors:
+- Postmodern
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-01-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: rack-user_agent
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: ronin-support
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0.beta1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0.beta1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: |
+  ronin-web-server is a custom Ruby web server based on Sinatra tailored for
+  security research and development.
+email: postmodern.mod3@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- COPYING.txt
+- ChangeLog.md
+- README.md
+files:
+- ".document"
+- ".github/workflows/ruby.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
+- ".yardopts"
+- COPYING.txt
+- ChangeLog.md
+- Gemfile
+- README.md
+- Rakefile
+- gemspec.yml
+- lib/ronin/web/server.rb
+- lib/ronin/web/server/app.rb
+- lib/ronin/web/server/base.rb
+- lib/ronin/web/server/conditions.rb
+- lib/ronin/web/server/helpers.rb
+- lib/ronin/web/server/request.rb
+- lib/ronin/web/server/response.rb
+- lib/ronin/web/server/reverse_proxy.rb
+- lib/ronin/web/server/reverse_proxy/request.rb
+- lib/ronin/web/server/reverse_proxy/response.rb
+- lib/ronin/web/server/routing.rb
+- lib/ronin/web/server/version.rb
+- ronin-web-server.gemspec
+- spec/base_spec.rb
+- spec/classes/public1/static1.txt
+- spec/classes/public2/static2.txt
+- spec/classes/sub_app.rb
+- spec/classes/test_app.rb
+- spec/helpers/rack_app.rb
+- spec/request_spec.rb
+- spec/response_spec.rb
+- spec/reverse_proxy/request_spec.rb
+- spec/reverse_proxy/response_spec.rb
+- spec/reverse_proxy_spec.rb
+- spec/spec_helper.rb
+homepage: https://ronin-rb.dev/
+licenses:
+- LGPL-3.0
+metadata:
+  documentation_uri: https://rubydoc.info/gems/ronin-web-server
+  source_code_uri: https://github.com/postmodern/ronin-web-server
+  bug_tracker_uri: https://github.com/postmodern/ronin-web-server/issues
+  changelog_uri: https://github.com/postmodern/ronin-web-server/blob/master/ChangeLog.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.26
+signing_key:
+specification_version: 4
+summary: A custom Ruby web server based on Sinatra.
+test_files:
+- spec/base_spec.rb
+- spec/request_spec.rb
+- spec/response_spec.rb
+- spec/reverse_proxy/request_spec.rb
+- spec/reverse_proxy/response_spec.rb
+- spec/reverse_proxy_spec.rb