websocket-extensions 0.1.0 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +24 -0
- data/LICENSE.md +12 -0
- data/README.md +7 -31
- data/lib/websocket/extensions.rb +9 -7
- data/lib/websocket/extensions/parser.rb +10 -8
- metadata +7 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f36fd7e2c8bc73038cff930e7872156bf85804e80c3fe87510373b9093ede11c
|
4
|
+
data.tar.gz: 755d19c6d59b56001a3e2afa5b2397324d69ebbdea730738c13b4cfe212a3f31
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d658c00d7d482283fa112e5a86d798f0ad3972ec4b4558462e05e54137bac6f8a898038f1c185ab13b3c282557fe0b80932c2e66a5a2d0bf7f2a09b5f614760e
|
7
|
+
data.tar.gz: f2dba49a2ea8a8f6b6de80a749ce115fe926dd5785971653e5075bf3bea1d6c39d8ade728bcb5048c60f0ef93bd75ed39cc01a1d6d50ccf4e83061dde278d5a7
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
### 0.1.5 / 2020-06-02
|
2
|
+
|
3
|
+
- Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
|
4
|
+
|
5
|
+
### 0.1.4 / 2019-06-10
|
6
|
+
|
7
|
+
- Fix a deprecation warning for using the `=~` operator on `true`
|
8
|
+
- Change license from MIT to Apache 2.0
|
9
|
+
|
10
|
+
### 0.1.3 / 2017-11-11
|
11
|
+
|
12
|
+
- Accept extension names and parameters including uppercase letters
|
13
|
+
|
14
|
+
### 0.1.2 / 2015-02-19
|
15
|
+
|
16
|
+
- Make it safe to call `Extensions#close` if the handshake is not complete
|
17
|
+
|
18
|
+
### 0.1.1 / 2014-12-14
|
19
|
+
|
20
|
+
- Explicitly require `strscan` which is not loaded in a vanilla Ruby environment
|
21
|
+
|
22
|
+
### 0.1.0 / 2014-12-13
|
23
|
+
|
24
|
+
- Initial release
|
data/LICENSE.md
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
Copyright 2014-2020 James Coglan
|
2
|
+
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
|
4
|
+
this file except in compliance with the License. You may obtain a copy of the
|
5
|
+
License at
|
6
|
+
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
|
9
|
+
Unless required by applicable law or agreed to in writing, software distributed
|
10
|
+
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
11
|
+
CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
12
|
+
specific language governing permissions and limitations under the License.
|
data/README.md
CHANGED
@@ -227,8 +227,8 @@ then the `permessage-deflate` extension will receive the call:
|
|
227
227
|
|
228
228
|
```rb
|
229
229
|
ext.create_server_session([
|
230
|
-
{'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
|
231
|
-
{'server_max_window_bits' => 15}
|
230
|
+
{ 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
|
231
|
+
{ 'server_max_window_bits' => 15 }
|
232
232
|
])
|
233
233
|
```
|
234
234
|
|
@@ -244,8 +244,8 @@ implement the following methods, as well as the *Session* API listed below.
|
|
244
244
|
```rb
|
245
245
|
client_session.generate_offer
|
246
246
|
# e.g. -> [
|
247
|
-
# {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
|
248
|
-
# {'server_max_window_bits' => 15}
|
247
|
+
# { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
|
248
|
+
# { 'server_max_window_bits' => 15 }
|
249
249
|
# ]
|
250
250
|
```
|
251
251
|
|
@@ -270,7 +270,7 @@ must implement the following methods, as well as the *Session* API listed below.
|
|
270
270
|
|
271
271
|
```rb
|
272
272
|
server_session.generate_response
|
273
|
-
# e.g. -> {'server_max_window_bits' => 8}
|
273
|
+
# e.g. -> { 'server_max_window_bits' => 8 }
|
274
274
|
```
|
275
275
|
|
276
276
|
This returns the set of parameters the server session wants to send in its
|
@@ -309,29 +309,5 @@ the session to release any resources it's using.
|
|
309
309
|
|
310
310
|
## Examples
|
311
311
|
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
## License
|
316
|
-
|
317
|
-
(The MIT License)
|
318
|
-
|
319
|
-
Copyright (c) 2014 James Coglan
|
320
|
-
|
321
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
322
|
-
this software and associated documentation files (the 'Software'), to deal in
|
323
|
-
the Software without restriction, including without limitation the rights to
|
324
|
-
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
325
|
-
of the Software, and to permit persons to whom the Software is furnished to do
|
326
|
-
so, subject to the following conditions:
|
327
|
-
|
328
|
-
The above copyright notice and this permission notice shall be included in all
|
329
|
-
copies or substantial portions of the Software.
|
330
|
-
|
331
|
-
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
332
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
333
|
-
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
334
|
-
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
335
|
-
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
336
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
337
|
-
SOFTWARE.
|
312
|
+
- Consumer: [websocket-driver](https://github.com/faye/websocket-driver-ruby)
|
313
|
+
- Provider: [permessage-deflate](https://github.com/faye/permessage-deflate-ruby)
|
data/lib/websocket/extensions.rb
CHANGED
@@ -38,7 +38,7 @@ module WebSocket
|
|
38
38
|
end
|
39
39
|
|
40
40
|
if @by_name.has_key?(ext.name)
|
41
|
-
raise TypeError, %Q{An extension with name "#{ext.name}" is already registered}
|
41
|
+
raise TypeError, %Q{An extension with name "#{ ext.name }" is already registered}
|
42
42
|
end
|
43
43
|
|
44
44
|
@by_name[ext.name] = ext
|
@@ -78,18 +78,18 @@ module WebSocket
|
|
78
78
|
|
79
79
|
responses.each_offer do |name, params|
|
80
80
|
unless record = @index[name]
|
81
|
-
raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{name}
|
81
|
+
raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{ name } }
|
82
82
|
end
|
83
83
|
|
84
84
|
ext, session = *record
|
85
85
|
|
86
86
|
if reserved = reserved?(ext)
|
87
|
-
raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{reserved[0]
|
88
|
-
|
87
|
+
raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{ reserved[0] }} +
|
88
|
+
%Q{bit: "#{ reserved[1] }" and "#{ ext.name }"}
|
89
89
|
end
|
90
90
|
|
91
91
|
unless session.activate(params) == true
|
92
|
-
raise ExtensionError, %Q{Server send unacceptable extension parameters: #{Parser.serialize_params(name, params)}}
|
92
|
+
raise ExtensionError, %Q{Server send unacceptable extension parameters: #{ Parser.serialize_params(name, params) }}
|
93
93
|
end
|
94
94
|
|
95
95
|
reserve(ext)
|
@@ -98,9 +98,9 @@ module WebSocket
|
|
98
98
|
end
|
99
99
|
|
100
100
|
def generate_response(header)
|
101
|
-
offers = Parser.parse_header(header)
|
102
101
|
sessions = []
|
103
102
|
response = []
|
103
|
+
offers = Parser.parse_header(header)
|
104
104
|
|
105
105
|
@in_order.each do |ext|
|
106
106
|
offer = offers.by_name(ext.name)
|
@@ -118,7 +118,7 @@ module WebSocket
|
|
118
118
|
end
|
119
119
|
|
120
120
|
def valid_frame_rsv(frame)
|
121
|
-
allowed = {:rsv1 => false, :rsv2 => false, :rsv3 => false}
|
121
|
+
allowed = { :rsv1 => false, :rsv2 => false, :rsv3 => false }
|
122
122
|
|
123
123
|
if MESSAGE_OPCODES.include?(frame.opcode)
|
124
124
|
@sessions.each do |ext, session|
|
@@ -155,6 +155,8 @@ module WebSocket
|
|
155
155
|
end
|
156
156
|
|
157
157
|
def close
|
158
|
+
return unless @sessions
|
159
|
+
|
158
160
|
@sessions.each do |ext, session|
|
159
161
|
session.close rescue nil
|
160
162
|
end
|
@@ -1,13 +1,15 @@
|
|
1
|
+
require 'strscan'
|
2
|
+
|
1
3
|
module WebSocket
|
2
4
|
class Extensions
|
3
5
|
|
4
6
|
class Parser
|
5
|
-
TOKEN = /([!#\$%&'\*\+\-\.\^_`\|~0-
|
6
|
-
NOTOKEN = /([^!#\$%&'\*\+\-\.\^_`\|~0-
|
7
|
-
QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"])*)"/
|
8
|
-
PARAM = %r{#{TOKEN.source}(?:=(?:#{TOKEN.source}|#{QUOTED.source}))?}
|
9
|
-
EXT = %r{#{TOKEN.source}(?: *; *#{PARAM.source})*}
|
10
|
-
EXT_LIST = %r{^#{EXT.source}(?: *, *#{EXT.source})*$}
|
7
|
+
TOKEN = /([!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z]+)/
|
8
|
+
NOTOKEN = /([^!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z])/
|
9
|
+
QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"\\])*)"/
|
10
|
+
PARAM = %r{#{ TOKEN.source }(?:=(?:#{ TOKEN.source }|#{ QUOTED.source }))?}
|
11
|
+
EXT = %r{#{ TOKEN.source }(?: *; *#{ PARAM.source })*}
|
12
|
+
EXT_LIST = %r{^#{ EXT.source }(?: *, *#{ EXT.source })*$}
|
11
13
|
NUMBER = /^-?(0|[1-9][0-9]*)(\.[0-9]+)?$/
|
12
14
|
|
13
15
|
ParseError = Class.new(ArgumentError)
|
@@ -17,7 +19,7 @@ module WebSocket
|
|
17
19
|
return offers if header == '' or header.nil?
|
18
20
|
|
19
21
|
unless header =~ EXT_LIST
|
20
|
-
raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{header}"
|
22
|
+
raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{ header }"
|
21
23
|
end
|
22
24
|
|
23
25
|
scanner = StringScanner.new(header)
|
@@ -36,7 +38,7 @@ module WebSocket
|
|
36
38
|
else
|
37
39
|
data = true
|
38
40
|
end
|
39
|
-
if data =~ NUMBER
|
41
|
+
if data != true and data =~ NUMBER
|
40
42
|
data = data =~ /\./ ? data.to_f : data.to_i(10)
|
41
43
|
end
|
42
44
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: websocket-extensions
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- James Coglan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -31,12 +31,14 @@ extensions: []
|
|
31
31
|
extra_rdoc_files:
|
32
32
|
- README.md
|
33
33
|
files:
|
34
|
+
- CHANGELOG.md
|
35
|
+
- LICENSE.md
|
34
36
|
- README.md
|
35
37
|
- lib/websocket/extensions.rb
|
36
38
|
- lib/websocket/extensions/parser.rb
|
37
|
-
homepage:
|
39
|
+
homepage: https://github.com/faye/websocket-extensions-ruby
|
38
40
|
licenses:
|
39
|
-
-
|
41
|
+
- Apache-2.0
|
40
42
|
metadata: {}
|
41
43
|
post_install_message:
|
42
44
|
rdoc_options:
|
@@ -57,8 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
57
59
|
- !ruby/object:Gem::Version
|
58
60
|
version: '0'
|
59
61
|
requirements: []
|
60
|
-
|
61
|
-
rubygems_version: 2.2.2
|
62
|
+
rubygems_version: 3.1.2
|
62
63
|
signing_key:
|
63
64
|
specification_version: 4
|
64
65
|
summary: Generic extension manager for WebSocket connections
|