websocket-extensions 0.1.0 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: b1c44128d3db51c789832e4c9c8a69f23dd8b477
4
- data.tar.gz: 5214cf7259a10a9a6d252b4fa6febaf75d8d8727
2
+ SHA256:
3
+ metadata.gz: f36fd7e2c8bc73038cff930e7872156bf85804e80c3fe87510373b9093ede11c
4
+ data.tar.gz: 755d19c6d59b56001a3e2afa5b2397324d69ebbdea730738c13b4cfe212a3f31
5
5
  SHA512:
6
- metadata.gz: 0f2189d6fae9bad78b6b5ec275f17435b09345e3113416b0ae2196d262e91ac20e20928a7692d2b448a7a6dac35a4db0091a1214538d50c24d0a25259e2e169c
7
- data.tar.gz: fdba7d6246380d2088c62837e6ffc84164d188f9d7c0e0a04d00412be766429ed5aca7382c7b8273f1c0f317fdca1d4d6ab5f158f66728d92dc46e80fcbee587
6
+ metadata.gz: d658c00d7d482283fa112e5a86d798f0ad3972ec4b4558462e05e54137bac6f8a898038f1c185ab13b3c282557fe0b80932c2e66a5a2d0bf7f2a09b5f614760e
7
+ data.tar.gz: f2dba49a2ea8a8f6b6de80a749ce115fe926dd5785971653e5075bf3bea1d6c39d8ade728bcb5048c60f0ef93bd75ed39cc01a1d6d50ccf4e83061dde278d5a7
@@ -0,0 +1,24 @@
1
+ ### 0.1.5 / 2020-06-02
2
+
3
+ - Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
4
+
5
+ ### 0.1.4 / 2019-06-10
6
+
7
+ - Fix a deprecation warning for using the `=~` operator on `true`
8
+ - Change license from MIT to Apache 2.0
9
+
10
+ ### 0.1.3 / 2017-11-11
11
+
12
+ - Accept extension names and parameters including uppercase letters
13
+
14
+ ### 0.1.2 / 2015-02-19
15
+
16
+ - Make it safe to call `Extensions#close` if the handshake is not complete
17
+
18
+ ### 0.1.1 / 2014-12-14
19
+
20
+ - Explicitly require `strscan` which is not loaded in a vanilla Ruby environment
21
+
22
+ ### 0.1.0 / 2014-12-13
23
+
24
+ - Initial release
@@ -0,0 +1,12 @@
1
+ Copyright 2014-2020 James Coglan
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License"); you may not use
4
+ this file except in compliance with the License. You may obtain a copy of the
5
+ License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software distributed
10
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
11
+ CONDITIONS OF ANY KIND, either express or implied. See the License for the
12
+ specific language governing permissions and limitations under the License.
data/README.md CHANGED
@@ -227,8 +227,8 @@ then the `permessage-deflate` extension will receive the call:
227
227
 
228
228
  ```rb
229
229
  ext.create_server_session([
230
- {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
231
- {'server_max_window_bits' => 15}
230
+ { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
231
+ { 'server_max_window_bits' => 15 }
232
232
  ])
233
233
  ```
234
234
 
@@ -244,8 +244,8 @@ implement the following methods, as well as the *Session* API listed below.
244
244
  ```rb
245
245
  client_session.generate_offer
246
246
  # e.g. -> [
247
- # {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
248
- # {'server_max_window_bits' => 15}
247
+ # { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
248
+ # { 'server_max_window_bits' => 15 }
249
249
  # ]
250
250
  ```
251
251
 
@@ -270,7 +270,7 @@ must implement the following methods, as well as the *Session* API listed below.
270
270
 
271
271
  ```rb
272
272
  server_session.generate_response
273
- # e.g. -> {'server_max_window_bits' => 8}
273
+ # e.g. -> { 'server_max_window_bits' => 8 }
274
274
  ```
275
275
 
276
276
  This returns the set of parameters the server session wants to send in its
@@ -309,29 +309,5 @@ the session to release any resources it's using.
309
309
 
310
310
  ## Examples
311
311
 
312
- * Consumer: [websocket-driver](https://github.com/faye/websocket-driver-ruby)
313
- * Provider: [permessage-deflate](https://github.com/faye/permessage-deflate-ruby)
314
-
315
- ## License
316
-
317
- (The MIT License)
318
-
319
- Copyright (c) 2014 James Coglan
320
-
321
- Permission is hereby granted, free of charge, to any person obtaining a copy of
322
- this software and associated documentation files (the 'Software'), to deal in
323
- the Software without restriction, including without limitation the rights to
324
- use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
325
- of the Software, and to permit persons to whom the Software is furnished to do
326
- so, subject to the following conditions:
327
-
328
- The above copyright notice and this permission notice shall be included in all
329
- copies or substantial portions of the Software.
330
-
331
- THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
332
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
333
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
334
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
335
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
336
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
337
- SOFTWARE.
312
+ - Consumer: [websocket-driver](https://github.com/faye/websocket-driver-ruby)
313
+ - Provider: [permessage-deflate](https://github.com/faye/permessage-deflate-ruby)
@@ -38,7 +38,7 @@ module WebSocket
38
38
  end
39
39
 
40
40
  if @by_name.has_key?(ext.name)
41
- raise TypeError, %Q{An extension with name "#{ext.name}" is already registered}
41
+ raise TypeError, %Q{An extension with name "#{ ext.name }" is already registered}
42
42
  end
43
43
 
44
44
  @by_name[ext.name] = ext
@@ -78,18 +78,18 @@ module WebSocket
78
78
 
79
79
  responses.each_offer do |name, params|
80
80
  unless record = @index[name]
81
- raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{name}"}
81
+ raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{ name } }
82
82
  end
83
83
 
84
84
  ext, session = *record
85
85
 
86
86
  if reserved = reserved?(ext)
87
- raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{reserved[0]} } +
88
- %Q{ bit: "#{reserved[1]}" and "#{ext.name}"}
87
+ raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{ reserved[0] }} +
88
+ %Q{bit: "#{ reserved[1] }" and "#{ ext.name }"}
89
89
  end
90
90
 
91
91
  unless session.activate(params) == true
92
- raise ExtensionError, %Q{Server send unacceptable extension parameters: #{Parser.serialize_params(name, params)}}
92
+ raise ExtensionError, %Q{Server send unacceptable extension parameters: #{ Parser.serialize_params(name, params) }}
93
93
  end
94
94
 
95
95
  reserve(ext)
@@ -98,9 +98,9 @@ module WebSocket
98
98
  end
99
99
 
100
100
  def generate_response(header)
101
- offers = Parser.parse_header(header)
102
101
  sessions = []
103
102
  response = []
103
+ offers = Parser.parse_header(header)
104
104
 
105
105
  @in_order.each do |ext|
106
106
  offer = offers.by_name(ext.name)
@@ -118,7 +118,7 @@ module WebSocket
118
118
  end
119
119
 
120
120
  def valid_frame_rsv(frame)
121
- allowed = {:rsv1 => false, :rsv2 => false, :rsv3 => false}
121
+ allowed = { :rsv1 => false, :rsv2 => false, :rsv3 => false }
122
122
 
123
123
  if MESSAGE_OPCODES.include?(frame.opcode)
124
124
  @sessions.each do |ext, session|
@@ -155,6 +155,8 @@ module WebSocket
155
155
  end
156
156
 
157
157
  def close
158
+ return unless @sessions
159
+
158
160
  @sessions.each do |ext, session|
159
161
  session.close rescue nil
160
162
  end
@@ -1,13 +1,15 @@
1
+ require 'strscan'
2
+
1
3
  module WebSocket
2
4
  class Extensions
3
5
 
4
6
  class Parser
5
- TOKEN = /([!#\$%&'\*\+\-\.\^_`\|~0-9a-z]+)/
6
- NOTOKEN = /([^!#\$%&'\*\+\-\.\^_`\|~0-9a-z])/
7
- QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"])*)"/
8
- PARAM = %r{#{TOKEN.source}(?:=(?:#{TOKEN.source}|#{QUOTED.source}))?}
9
- EXT = %r{#{TOKEN.source}(?: *; *#{PARAM.source})*}
10
- EXT_LIST = %r{^#{EXT.source}(?: *, *#{EXT.source})*$}
7
+ TOKEN = /([!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z]+)/
8
+ NOTOKEN = /([^!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z])/
9
+ QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"\\])*)"/
10
+ PARAM = %r{#{ TOKEN.source }(?:=(?:#{ TOKEN.source }|#{ QUOTED.source }))?}
11
+ EXT = %r{#{ TOKEN.source }(?: *; *#{ PARAM.source })*}
12
+ EXT_LIST = %r{^#{ EXT.source }(?: *, *#{ EXT.source })*$}
11
13
  NUMBER = /^-?(0|[1-9][0-9]*)(\.[0-9]+)?$/
12
14
 
13
15
  ParseError = Class.new(ArgumentError)
@@ -17,7 +19,7 @@ module WebSocket
17
19
  return offers if header == '' or header.nil?
18
20
 
19
21
  unless header =~ EXT_LIST
20
- raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{header}"
22
+ raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{ header }"
21
23
  end
22
24
 
23
25
  scanner = StringScanner.new(header)
@@ -36,7 +38,7 @@ module WebSocket
36
38
  else
37
39
  data = true
38
40
  end
39
- if data =~ NUMBER
41
+ if data != true and data =~ NUMBER
40
42
  data = data =~ /\./ ? data.to_f : data.to_i(10)
41
43
  end
42
44
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: websocket-extensions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Coglan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-13 00:00:00.000000000 Z
11
+ date: 2020-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -31,12 +31,14 @@ extensions: []
31
31
  extra_rdoc_files:
32
32
  - README.md
33
33
  files:
34
+ - CHANGELOG.md
35
+ - LICENSE.md
34
36
  - README.md
35
37
  - lib/websocket/extensions.rb
36
38
  - lib/websocket/extensions/parser.rb
37
- homepage: http://github.com/faye/websocket-extensions-ruby
39
+ homepage: https://github.com/faye/websocket-extensions-ruby
38
40
  licenses:
39
- - MIT
41
+ - Apache-2.0
40
42
  metadata: {}
41
43
  post_install_message:
42
44
  rdoc_options:
@@ -57,8 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
57
59
  - !ruby/object:Gem::Version
58
60
  version: '0'
59
61
  requirements: []
60
- rubyforge_project:
61
- rubygems_version: 2.2.2
62
+ rubygems_version: 3.1.2
62
63
  signing_key:
63
64
  specification_version: 4
64
65
  summary: Generic extension manager for WebSocket connections