websocket-extensions 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: ddb4c7765ef0aa140fa983e4b565023f88cd0409
4
- data.tar.gz: cbbbe7b54d2afa723f28373bd1ed494d683208dd
2
+ SHA256:
3
+ metadata.gz: f36fd7e2c8bc73038cff930e7872156bf85804e80c3fe87510373b9093ede11c
4
+ data.tar.gz: 755d19c6d59b56001a3e2afa5b2397324d69ebbdea730738c13b4cfe212a3f31
5
5
  SHA512:
6
- metadata.gz: d46b1af3f4d8939e034a38a37899948d0efe3524a7647120ee4ece4b77e4d9954497a2221f2abfd337015c2e74b01a8dc1a575379b547d51980e859be5e7ac2b
7
- data.tar.gz: 2149b48885360a4f84a32286b2f4cd6678256706c5e4038c1bd386bed0bedb835bb3b4f653a6e1554fce0b2ceba8c1d18501058c84aa814e189bb4a797895bf8
6
+ metadata.gz: d658c00d7d482283fa112e5a86d798f0ad3972ec4b4558462e05e54137bac6f8a898038f1c185ab13b3c282557fe0b80932c2e66a5a2d0bf7f2a09b5f614760e
7
+ data.tar.gz: f2dba49a2ea8a8f6b6de80a749ce115fe926dd5785971653e5075bf3bea1d6c39d8ade728bcb5048c60f0ef93bd75ed39cc01a1d6d50ccf4e83061dde278d5a7
data/CHANGELOG.md CHANGED
@@ -1,15 +1,24 @@
1
+ ### 0.1.5 / 2020-06-02
2
+
3
+ - Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
4
+
5
+ ### 0.1.4 / 2019-06-10
6
+
7
+ - Fix a deprecation warning for using the `=~` operator on `true`
8
+ - Change license from MIT to Apache 2.0
9
+
1
10
  ### 0.1.3 / 2017-11-11
2
11
 
3
- * Accept extension names and parameters including uppercase letters
12
+ - Accept extension names and parameters including uppercase letters
4
13
 
5
14
  ### 0.1.2 / 2015-02-19
6
15
 
7
- * Make it safe to call `Extensions#close` if the handshake is not complete
16
+ - Make it safe to call `Extensions#close` if the handshake is not complete
8
17
 
9
18
  ### 0.1.1 / 2014-12-14
10
19
 
11
- * Explicitly require `strscan` which is not loaded in a vanilla Ruby environment
20
+ - Explicitly require `strscan` which is not loaded in a vanilla Ruby environment
12
21
 
13
22
  ### 0.1.0 / 2014-12-13
14
23
 
15
- * Initial release
24
+ - Initial release
data/LICENSE.md CHANGED
@@ -1,20 +1,12 @@
1
- # The MIT license
1
+ Copyright 2014-2020 James Coglan
2
2
 
3
- Copyright (c) 2014-2017 James Coglan
3
+ Licensed under the Apache License, Version 2.0 (the "License"); you may not use
4
+ this file except in compliance with the License. You may obtain a copy of the
5
+ License at
4
6
 
5
- Permission is hereby granted, free of charge, to any person obtaining a copy of
6
- this software and associated documentation files (the 'Software'), to deal in
7
- the Software without restriction, including without limitation the rights to
8
- use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9
- the Software, and to permit persons to whom the Software is furnished to do so,
10
- subject to the following conditions:
7
+ http://www.apache.org/licenses/LICENSE-2.0
11
8
 
12
- The above copyright notice and this permission notice shall be included in all
13
- copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17
- FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18
- COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19
- IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20
- CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
9
+ Unless required by applicable law or agreed to in writing, software distributed
10
+ under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
11
+ CONDITIONS OF ANY KIND, either express or implied. See the License for the
12
+ specific language governing permissions and limitations under the License.
data/README.md CHANGED
@@ -227,8 +227,8 @@ then the `permessage-deflate` extension will receive the call:
227
227
 
228
228
  ```rb
229
229
  ext.create_server_session([
230
- {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
231
- {'server_max_window_bits' => 15}
230
+ { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
231
+ { 'server_max_window_bits' => 15 }
232
232
  ])
233
233
  ```
234
234
 
@@ -244,8 +244,8 @@ implement the following methods, as well as the *Session* API listed below.
244
244
  ```rb
245
245
  client_session.generate_offer
246
246
  # e.g. -> [
247
- # {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
248
- # {'server_max_window_bits' => 15}
247
+ # { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
248
+ # { 'server_max_window_bits' => 15 }
249
249
  # ]
250
250
  ```
251
251
 
@@ -270,7 +270,7 @@ must implement the following methods, as well as the *Session* API listed below.
270
270
 
271
271
  ```rb
272
272
  server_session.generate_response
273
- # e.g. -> {'server_max_window_bits' => 8}
273
+ # e.g. -> { 'server_max_window_bits' => 8 }
274
274
  ```
275
275
 
276
276
  This returns the set of parameters the server session wants to send in its
@@ -309,5 +309,5 @@ the session to release any resources it's using.
309
309
 
310
310
  ## Examples
311
311
 
312
- * Consumer: [websocket-driver](https://github.com/faye/websocket-driver-ruby)
313
- * Provider: [permessage-deflate](https://github.com/faye/permessage-deflate-ruby)
312
+ - Consumer: [websocket-driver](https://github.com/faye/websocket-driver-ruby)
313
+ - Provider: [permessage-deflate](https://github.com/faye/permessage-deflate-ruby)
@@ -38,7 +38,7 @@ module WebSocket
38
38
  end
39
39
 
40
40
  if @by_name.has_key?(ext.name)
41
- raise TypeError, %Q{An extension with name "#{ext.name}" is already registered}
41
+ raise TypeError, %Q{An extension with name "#{ ext.name }" is already registered}
42
42
  end
43
43
 
44
44
  @by_name[ext.name] = ext
@@ -78,18 +78,18 @@ module WebSocket
78
78
 
79
79
  responses.each_offer do |name, params|
80
80
  unless record = @index[name]
81
- raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{name}"}
81
+ raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{ name } }
82
82
  end
83
83
 
84
84
  ext, session = *record
85
85
 
86
86
  if reserved = reserved?(ext)
87
- raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{reserved[0]} } +
88
- %Q{ bit: "#{reserved[1]}" and "#{ext.name}"}
87
+ raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{ reserved[0] }} +
88
+ %Q{bit: "#{ reserved[1] }" and "#{ ext.name }"}
89
89
  end
90
90
 
91
91
  unless session.activate(params) == true
92
- raise ExtensionError, %Q{Server send unacceptable extension parameters: #{Parser.serialize_params(name, params)}}
92
+ raise ExtensionError, %Q{Server send unacceptable extension parameters: #{ Parser.serialize_params(name, params) }}
93
93
  end
94
94
 
95
95
  reserve(ext)
@@ -118,7 +118,7 @@ module WebSocket
118
118
  end
119
119
 
120
120
  def valid_frame_rsv(frame)
121
- allowed = {:rsv1 => false, :rsv2 => false, :rsv3 => false}
121
+ allowed = { :rsv1 => false, :rsv2 => false, :rsv3 => false }
122
122
 
123
123
  if MESSAGE_OPCODES.include?(frame.opcode)
124
124
  @sessions.each do |ext, session|
@@ -6,10 +6,10 @@ module WebSocket
6
6
  class Parser
7
7
  TOKEN = /([!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z]+)/
8
8
  NOTOKEN = /([^!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z])/
9
- QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"])*)"/
10
- PARAM = %r{#{TOKEN.source}(?:=(?:#{TOKEN.source}|#{QUOTED.source}))?}
11
- EXT = %r{#{TOKEN.source}(?: *; *#{PARAM.source})*}
12
- EXT_LIST = %r{^#{EXT.source}(?: *, *#{EXT.source})*$}
9
+ QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"\\])*)"/
10
+ PARAM = %r{#{ TOKEN.source }(?:=(?:#{ TOKEN.source }|#{ QUOTED.source }))?}
11
+ EXT = %r{#{ TOKEN.source }(?: *; *#{ PARAM.source })*}
12
+ EXT_LIST = %r{^#{ EXT.source }(?: *, *#{ EXT.source })*$}
13
13
  NUMBER = /^-?(0|[1-9][0-9]*)(\.[0-9]+)?$/
14
14
 
15
15
  ParseError = Class.new(ArgumentError)
@@ -19,7 +19,7 @@ module WebSocket
19
19
  return offers if header == '' or header.nil?
20
20
 
21
21
  unless header =~ EXT_LIST
22
- raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{header}"
22
+ raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{ header }"
23
23
  end
24
24
 
25
25
  scanner = StringScanner.new(header)
@@ -38,7 +38,7 @@ module WebSocket
38
38
  else
39
39
  data = true
40
40
  end
41
- if data =~ NUMBER
41
+ if data != true and data =~ NUMBER
42
42
  data = data =~ /\./ ? data.to_f : data.to_i(10)
43
43
  end
44
44
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: websocket-extensions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Coglan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-11 00:00:00.000000000 Z
11
+ date: 2020-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -38,7 +38,7 @@ files:
38
38
  - lib/websocket/extensions/parser.rb
39
39
  homepage: https://github.com/faye/websocket-extensions-ruby
40
40
  licenses:
41
- - MIT
41
+ - Apache-2.0
42
42
  metadata: {}
43
43
  post_install_message:
44
44
  rdoc_options:
@@ -59,8 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
59
59
  - !ruby/object:Gem::Version
60
60
  version: '0'
61
61
  requirements: []
62
- rubyforge_project:
63
- rubygems_version: 2.6.13
62
+ rubygems_version: 3.1.2
64
63
  signing_key:
65
64
  specification_version: 4
66
65
  summary: Generic extension manager for WebSocket connections