websocket-extensions 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +13 -4
- data/LICENSE.md +9 -17
- data/README.md +7 -7
- data/lib/websocket/extensions.rb +6 -6
- data/lib/websocket/extensions/parser.rb +6 -6
- metadata +4 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f36fd7e2c8bc73038cff930e7872156bf85804e80c3fe87510373b9093ede11c
|
4
|
+
data.tar.gz: 755d19c6d59b56001a3e2afa5b2397324d69ebbdea730738c13b4cfe212a3f31
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d658c00d7d482283fa112e5a86d798f0ad3972ec4b4558462e05e54137bac6f8a898038f1c185ab13b3c282557fe0b80932c2e66a5a2d0bf7f2a09b5f614760e
|
7
|
+
data.tar.gz: f2dba49a2ea8a8f6b6de80a749ce115fe926dd5785971653e5075bf3bea1d6c39d8ade728bcb5048c60f0ef93bd75ed39cc01a1d6d50ccf4e83061dde278d5a7
|
data/CHANGELOG.md
CHANGED
@@ -1,15 +1,24 @@
|
|
1
|
+
### 0.1.5 / 2020-06-02
|
2
|
+
|
3
|
+
- Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
|
4
|
+
|
5
|
+
### 0.1.4 / 2019-06-10
|
6
|
+
|
7
|
+
- Fix a deprecation warning for using the `=~` operator on `true`
|
8
|
+
- Change license from MIT to Apache 2.0
|
9
|
+
|
1
10
|
### 0.1.3 / 2017-11-11
|
2
11
|
|
3
|
-
|
12
|
+
- Accept extension names and parameters including uppercase letters
|
4
13
|
|
5
14
|
### 0.1.2 / 2015-02-19
|
6
15
|
|
7
|
-
|
16
|
+
- Make it safe to call `Extensions#close` if the handshake is not complete
|
8
17
|
|
9
18
|
### 0.1.1 / 2014-12-14
|
10
19
|
|
11
|
-
|
20
|
+
- Explicitly require `strscan` which is not loaded in a vanilla Ruby environment
|
12
21
|
|
13
22
|
### 0.1.0 / 2014-12-13
|
14
23
|
|
15
|
-
|
24
|
+
- Initial release
|
data/LICENSE.md
CHANGED
@@ -1,20 +1,12 @@
|
|
1
|
-
|
1
|
+
Copyright 2014-2020 James Coglan
|
2
2
|
|
3
|
-
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
|
4
|
+
this file except in compliance with the License. You may obtain a copy of the
|
5
|
+
License at
|
4
6
|
|
5
|
-
|
6
|
-
this software and associated documentation files (the 'Software'), to deal in
|
7
|
-
the Software without restriction, including without limitation the rights to
|
8
|
-
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
9
|
-
the Software, and to permit persons to whom the Software is furnished to do so,
|
10
|
-
subject to the following conditions:
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
11
8
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
17
|
-
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
18
|
-
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
19
|
-
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
20
|
-
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
9
|
+
Unless required by applicable law or agreed to in writing, software distributed
|
10
|
+
under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
11
|
+
CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
12
|
+
specific language governing permissions and limitations under the License.
|
data/README.md
CHANGED
@@ -227,8 +227,8 @@ then the `permessage-deflate` extension will receive the call:
|
|
227
227
|
|
228
228
|
```rb
|
229
229
|
ext.create_server_session([
|
230
|
-
{'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
|
231
|
-
{'server_max_window_bits' => 15}
|
230
|
+
{ 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
|
231
|
+
{ 'server_max_window_bits' => 15 }
|
232
232
|
])
|
233
233
|
```
|
234
234
|
|
@@ -244,8 +244,8 @@ implement the following methods, as well as the *Session* API listed below.
|
|
244
244
|
```rb
|
245
245
|
client_session.generate_offer
|
246
246
|
# e.g. -> [
|
247
|
-
# {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
|
248
|
-
# {'server_max_window_bits' => 15}
|
247
|
+
# { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
|
248
|
+
# { 'server_max_window_bits' => 15 }
|
249
249
|
# ]
|
250
250
|
```
|
251
251
|
|
@@ -270,7 +270,7 @@ must implement the following methods, as well as the *Session* API listed below.
|
|
270
270
|
|
271
271
|
```rb
|
272
272
|
server_session.generate_response
|
273
|
-
# e.g. -> {'server_max_window_bits' => 8}
|
273
|
+
# e.g. -> { 'server_max_window_bits' => 8 }
|
274
274
|
```
|
275
275
|
|
276
276
|
This returns the set of parameters the server session wants to send in its
|
@@ -309,5 +309,5 @@ the session to release any resources it's using.
|
|
309
309
|
|
310
310
|
## Examples
|
311
311
|
|
312
|
-
|
313
|
-
|
312
|
+
- Consumer: [websocket-driver](https://github.com/faye/websocket-driver-ruby)
|
313
|
+
- Provider: [permessage-deflate](https://github.com/faye/permessage-deflate-ruby)
|
data/lib/websocket/extensions.rb
CHANGED
@@ -38,7 +38,7 @@ module WebSocket
|
|
38
38
|
end
|
39
39
|
|
40
40
|
if @by_name.has_key?(ext.name)
|
41
|
-
raise TypeError, %Q{An extension with name "#{ext.name}" is already registered}
|
41
|
+
raise TypeError, %Q{An extension with name "#{ ext.name }" is already registered}
|
42
42
|
end
|
43
43
|
|
44
44
|
@by_name[ext.name] = ext
|
@@ -78,18 +78,18 @@ module WebSocket
|
|
78
78
|
|
79
79
|
responses.each_offer do |name, params|
|
80
80
|
unless record = @index[name]
|
81
|
-
raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{name}
|
81
|
+
raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{ name } }
|
82
82
|
end
|
83
83
|
|
84
84
|
ext, session = *record
|
85
85
|
|
86
86
|
if reserved = reserved?(ext)
|
87
|
-
raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{reserved[0]
|
88
|
-
|
87
|
+
raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{ reserved[0] }} +
|
88
|
+
%Q{bit: "#{ reserved[1] }" and "#{ ext.name }"}
|
89
89
|
end
|
90
90
|
|
91
91
|
unless session.activate(params) == true
|
92
|
-
raise ExtensionError, %Q{Server send unacceptable extension parameters: #{Parser.serialize_params(name, params)}}
|
92
|
+
raise ExtensionError, %Q{Server send unacceptable extension parameters: #{ Parser.serialize_params(name, params) }}
|
93
93
|
end
|
94
94
|
|
95
95
|
reserve(ext)
|
@@ -118,7 +118,7 @@ module WebSocket
|
|
118
118
|
end
|
119
119
|
|
120
120
|
def valid_frame_rsv(frame)
|
121
|
-
allowed = {:rsv1 => false, :rsv2 => false, :rsv3 => false}
|
121
|
+
allowed = { :rsv1 => false, :rsv2 => false, :rsv3 => false }
|
122
122
|
|
123
123
|
if MESSAGE_OPCODES.include?(frame.opcode)
|
124
124
|
@sessions.each do |ext, session|
|
@@ -6,10 +6,10 @@ module WebSocket
|
|
6
6
|
class Parser
|
7
7
|
TOKEN = /([!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z]+)/
|
8
8
|
NOTOKEN = /([^!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z])/
|
9
|
-
QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"])*)"/
|
10
|
-
PARAM = %r{#{TOKEN.source}(?:=(?:#{TOKEN.source}|#{QUOTED.source}))?}
|
11
|
-
EXT = %r{#{TOKEN.source}(?: *; *#{PARAM.source})*}
|
12
|
-
EXT_LIST = %r{^#{EXT.source}(?: *, *#{EXT.source})*$}
|
9
|
+
QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"\\])*)"/
|
10
|
+
PARAM = %r{#{ TOKEN.source }(?:=(?:#{ TOKEN.source }|#{ QUOTED.source }))?}
|
11
|
+
EXT = %r{#{ TOKEN.source }(?: *; *#{ PARAM.source })*}
|
12
|
+
EXT_LIST = %r{^#{ EXT.source }(?: *, *#{ EXT.source })*$}
|
13
13
|
NUMBER = /^-?(0|[1-9][0-9]*)(\.[0-9]+)?$/
|
14
14
|
|
15
15
|
ParseError = Class.new(ArgumentError)
|
@@ -19,7 +19,7 @@ module WebSocket
|
|
19
19
|
return offers if header == '' or header.nil?
|
20
20
|
|
21
21
|
unless header =~ EXT_LIST
|
22
|
-
raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{header}"
|
22
|
+
raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{ header }"
|
23
23
|
end
|
24
24
|
|
25
25
|
scanner = StringScanner.new(header)
|
@@ -38,7 +38,7 @@ module WebSocket
|
|
38
38
|
else
|
39
39
|
data = true
|
40
40
|
end
|
41
|
-
if data =~ NUMBER
|
41
|
+
if data != true and data =~ NUMBER
|
42
42
|
data = data =~ /\./ ? data.to_f : data.to_i(10)
|
43
43
|
end
|
44
44
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: websocket-extensions
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- James Coglan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -38,7 +38,7 @@ files:
|
|
38
38
|
- lib/websocket/extensions/parser.rb
|
39
39
|
homepage: https://github.com/faye/websocket-extensions-ruby
|
40
40
|
licenses:
|
41
|
-
-
|
41
|
+
- Apache-2.0
|
42
42
|
metadata: {}
|
43
43
|
post_install_message:
|
44
44
|
rdoc_options:
|
@@ -59,8 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: '0'
|
61
61
|
requirements: []
|
62
|
-
|
63
|
-
rubygems_version: 2.6.13
|
62
|
+
rubygems_version: 3.1.2
|
64
63
|
signing_key:
|
65
64
|
specification_version: 4
|
66
65
|
summary: Generic extension manager for WebSocket connections
|