websocket-driver 0.6.2 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f1bf44c48fb73c1472cc8c5752bc87cd38f545bf
4
- data.tar.gz: 9a95a47349ec213020574596650c27d50db93fa7
3
+ metadata.gz: e35545d555e0f2a1d4846483ed021aed831be4aa
4
+ data.tar.gz: 4fbb5db8194130225cc4130862cec3126729fafe
5
5
  SHA512:
6
- metadata.gz: ddf6c23ad1b0f2a9f9c5f4f67978efbec3916bb26754941008da6a488ea5b151ddd504664699cbf1bcee422aaea2b860955af9ccd5f257266be33e7f344be2fd
7
- data.tar.gz: cf55f6a6e0c62790f8b40efa7af9fdb174e354b8a2d14c218a6421f3258c8c2237c38449eb100e53c650191da8df8df35039e6456acf3c783ba2eeccbe79e70a
6
+ metadata.gz: ddf14ddda68f212cd4453fd0b5e97f8e3b1e0c9741d2bfbb1e6b7b208846cd636b7d73045af9975de3451d7a1c8995e455429e10ea00b3a03026b64d90c44d9f
7
+ data.tar.gz: dd0fd4513efe1a75012d942293b751de86e1c45836b3551b54e52044df95c0f005ae50ad2a8a761e79f5e3f1f4ec872d97116c7750ffbb3964f4ca327509abeb
@@ -1,3 +1,8 @@
1
+ ### 0.6.3 / 2015-11-06
2
+
3
+ * Reject draft-76 handshakes if their Sec-WebSocket-Key headers are invalid
4
+ * Throw a more helpful error if a client is created with an invalid URL
5
+
1
6
  ### 0.6.2 / 2015-07-18
2
7
 
3
8
  * When the peer sends a close frame with no error code, emit 1000
@@ -20,7 +20,7 @@ method_websocket_mask(VALUE self,
20
20
  VALUE mask)
21
21
  {
22
22
  char *payload_s, *mask_s, *unmasked_s;
23
- int i, n;
23
+ long i, n;
24
24
  VALUE unmasked;
25
25
 
26
26
  if (mask == Qnil || RSTRING_LEN(mask) != 4) {
@@ -46,6 +46,7 @@ module WebSocket
46
46
  CloseEvent = Struct.new(:code, :reason)
47
47
 
48
48
  ProtocolError = Class.new(StandardError)
49
+ URIError = Class.new(ArgumentError)
49
50
  ConfigurationError = Class.new(ArgumentError)
50
51
 
51
52
  autoload :Client, root + '/client'
@@ -2,6 +2,8 @@ module WebSocket
2
2
  class Driver
3
3
 
4
4
  class Client < Hybi
5
+ VALID_SCHEMES = %w[ws wss]
6
+
5
7
  def self.generate_key
6
8
  Base64.strict_encode64(SecureRandom.random_bytes(16))
7
9
  end
@@ -16,7 +18,11 @@ module WebSocket
16
18
  @accept = Hybi.generate_accept(@key)
17
19
  @http = HTTP::Response.new
18
20
 
19
- uri = URI.parse(@socket.url)
21
+ uri = URI.parse(@socket.url)
22
+ unless VALID_SCHEMES.include?(uri.scheme)
23
+ raise URIError, "#{socket.url} is not a valid WebSocket URL"
24
+ end
25
+
20
26
  host = uri.host + (uri.port ? ":#{uri.port}" : '')
21
27
  path = (uri.path == '') ? '/' : uri.path
22
28
  @pathname = path + (uri.query ? '?' + uri.query : '')
@@ -38,6 +38,24 @@ module WebSocket
38
38
  private
39
39
 
40
40
  def handshake_response
41
+ env = @socket.env
42
+
43
+ key1 = env['HTTP_SEC_WEBSOCKET_KEY1']
44
+ number1 = number_from_key(key1)
45
+ spaces1 = spaces_in_key(key1)
46
+
47
+ key2 = env['HTTP_SEC_WEBSOCKET_KEY2']
48
+ number2 = number_from_key(key2)
49
+ spaces2 = spaces_in_key(key2)
50
+
51
+ if number1 % spaces1 != 0 or number2 % spaces2 != 0
52
+ emit(:error, ProtocolError.new('Client sent invalid Sec-WebSocket-Key headers'))
53
+ close
54
+ return nil
55
+ end
56
+
57
+ @key_values = [number1 / spaces1, number2 / spaces2]
58
+
41
59
  start = 'HTTP/1.1 101 WebSocket Protocol Handshake'
42
60
  headers = [start, @headers.to_s, '']
43
61
  headers.join("\r\n")
@@ -46,14 +64,8 @@ module WebSocket
46
64
  def handshake_signature
47
65
  return nil unless @body.bytesize >= BODY_SIZE
48
66
 
49
- head = @body[0...BODY_SIZE]
50
- env = @socket.env
51
- key1 = env['HTTP_SEC_WEBSOCKET_KEY1']
52
- value1 = number_from_key(key1) / spaces_in_key(key1)
53
- key2 = env['HTTP_SEC_WEBSOCKET_KEY2']
54
- value2 = number_from_key(key2) / spaces_in_key(key2)
55
-
56
- Digest::MD5.digest([value1, value2, head].pack('N2A*'))
67
+ head = @body[0...BODY_SIZE]
68
+ Digest::MD5.digest((@key_values + [head]).pack('N2A*'))
57
69
  end
58
70
 
59
71
  def send_handshake_body
@@ -7,6 +7,7 @@ module WebSocket
7
7
  def initialize(socket, options = {})
8
8
  super
9
9
  @http = HTTP::Request.new
10
+ @delegate = nil
10
11
  end
11
12
 
12
13
  def env
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: websocket-driver
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.2
4
+ version: 0.6.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Coglan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-07-18 00:00:00.000000000 Z
11
+ date: 2015-11-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: websocket-extensions
@@ -136,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
136
136
  version: '0'
137
137
  requirements: []
138
138
  rubyforge_project:
139
- rubygems_version: 2.4.5
139
+ rubygems_version: 2.4.5.1
140
140
  signing_key:
141
141
  specification_version: 4
142
142
  summary: WebSocket protocol handler with pluggable I/O