RubyGems - websocket-extensions - Versions diffs - 0.1.4 → 0.1.5 - Mend

websocket-extensions 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/LICENSE.md +1 -1
data/README.md +5 -5
data/lib/websocket/extensions.rb +6 -6
data/lib/websocket/extensions/parser.rb +5 -5
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7820a309cf08485c15d1b831be4a2a9b15d4e754dbdf573cc67960f68526fe25
-  data.tar.gz: 0f47a86a75722413a3086b2d97ff7a9395926279ba9da7a0a3b7e8beea7dab34
+  metadata.gz: f36fd7e2c8bc73038cff930e7872156bf85804e80c3fe87510373b9093ede11c
+  data.tar.gz: 755d19c6d59b56001a3e2afa5b2397324d69ebbdea730738c13b4cfe212a3f31
 SHA512:
-  metadata.gz: b40d64358de343b7684a64ab68a18d4e9c4951ff8027271710c1450fb68315f416c785acbba94098fbdd3e1a9910b435d6fa09e1522ba710cae70223fecba28f
-  data.tar.gz: 13892dac1c28a87fea45d24c4d3107614396fd99fb9b04d2f55b3012f48dc4a31ff50f281488cb63eacfebc46f849e326f50519ae72df742bf36706675f8d28b
+  metadata.gz: d658c00d7d482283fa112e5a86d798f0ad3972ec4b4558462e05e54137bac6f8a898038f1c185ab13b3c282557fe0b80932c2e66a5a2d0bf7f2a09b5f614760e
+  data.tar.gz: f2dba49a2ea8a8f6b6de80a749ce115fe926dd5785971653e5075bf3bea1d6c39d8ade728bcb5048c60f0ef93bd75ed39cc01a1d6d50ccf4e83061dde278d5a7

data/CHANGELOG.md CHANGED

@@ -1,6 +1,11 @@
+### 0.1.5 / 2020-06-02
+- Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
 ### 0.1.4 / 2019-06-10
 - Fix a deprecation warning for using the `=~` operator on `true`
+- Change license from MIT to Apache 2.0
 ### 0.1.3 / 2017-11-11

data/LICENSE.md CHANGED

@@ -1,4 +1,4 @@
-Copyright 2014-2019 James Coglan
+Copyright 2014-2020 James Coglan
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 this file except in compliance with the License. You may obtain a copy of the

data/README.md CHANGED

@@ -227,8 +227,8 @@ then the `permessage-deflate` extension will receive the call:
 ```rb
 ext.create_server_session([
-  {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
-  {'server_max_window_bits' => 15}
+  { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
+  { 'server_max_window_bits' => 15 }
 ])
 ```
@@ -244,8 +244,8 @@ implement the following methods, as well as the *Session* API listed below.
 ```rb
 client_session.generate_offer
 # e.g.  -> [
-#            {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
-#            {'server_max_window_bits' => 15}
+#            { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
+#            { 'server_max_window_bits' => 15 }
 #          ]
 ```
@@ -270,7 +270,7 @@ must implement the following methods, as well as the *Session* API listed below.
 ```rb
 server_session.generate_response
-# e.g.  -> {'server_max_window_bits' => 8}
+# e.g.  -> { 'server_max_window_bits' => 8 }
 ```
 This returns the set of parameters the server session wants to send in its

data/lib/websocket/extensions.rb CHANGED

@@ -38,7 +38,7 @@ module WebSocket
       end
       if @by_name.has_key?(ext.name)
-        raise TypeError, %Q{An extension with name "#{ext.name}" is already registered}
+        raise TypeError, %Q{An extension with name "#{ ext.name }" is already registered}
       end
       @by_name[ext.name] = ext
@@ -78,18 +78,18 @@ module WebSocket
       responses.each_offer do |name, params|
         unless record = @index[name]
-          raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{name}"}
+          raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{ name } }
         end
         ext, session = *record
         if reserved = reserved?(ext)
-          raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{reserved[0]} } +
-                               %Q{ bit: "#{reserved[1]}" and "#{ext.name}"}
+          raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{ reserved[0] }} +
+                                %Q{bit: "#{ reserved[1] }" and "#{ ext.name }"}
         end
         unless session.activate(params) == true
-          raise ExtensionError, %Q{Server send unacceptable extension parameters: #{Parser.serialize_params(name, params)}}
+          raise ExtensionError, %Q{Server send unacceptable extension parameters: #{ Parser.serialize_params(name, params) }}
         end
         reserve(ext)
@@ -118,7 +118,7 @@ module WebSocket
     end
     def valid_frame_rsv(frame)
-      allowed = {:rsv1 => false, :rsv2 => false, :rsv3 => false}
+      allowed = { :rsv1 => false, :rsv2 => false, :rsv3 => false }
       if MESSAGE_OPCODES.include?(frame.opcode)
         @sessions.each do |ext, session|

data/lib/websocket/extensions/parser.rb CHANGED

@@ -6,10 +6,10 @@ module WebSocket
     class Parser
       TOKEN    = /([!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z]+)/
       NOTOKEN  = /([^!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z])/
-      QUOTED   = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"])*)"/
-      PARAM    = %r{#{TOKEN.source}(?:=(?:#{TOKEN.source}|#{QUOTED.source}))?}
-      EXT      = %r{#{TOKEN.source}(?: *; *#{PARAM.source})*}
-      EXT_LIST = %r{^#{EXT.source}(?: *, *#{EXT.source})*$}
+      QUOTED   = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"\\])*)"/
+      PARAM    = %r{#{ TOKEN.source }(?:=(?:#{ TOKEN.source }|#{ QUOTED.source }))?}
+      EXT      = %r{#{ TOKEN.source }(?: *; *#{ PARAM.source })*}
+      EXT_LIST = %r{^#{ EXT.source }(?: *, *#{ EXT.source })*$}
       NUMBER   = /^-?(0|[1-9][0-9]*)(\.[0-9]+)?$/
       ParseError = Class.new(ArgumentError)
@@ -19,7 +19,7 @@ module WebSocket
         return offers if header == '' or header.nil?
         unless header =~ EXT_LIST
-          raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{header}"
+          raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{ header }"
         end
         scanner = StringScanner.new(header)

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: websocket-extensions
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - James Coglan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-06-10 00:00:00.000000000 Z
+date: 2020-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -59,7 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
 summary: Generic extension manager for WebSocket connections