websocket-extensions 0.1.4 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7820a309cf08485c15d1b831be4a2a9b15d4e754dbdf573cc67960f68526fe25
4
- data.tar.gz: 0f47a86a75722413a3086b2d97ff7a9395926279ba9da7a0a3b7e8beea7dab34
3
+ metadata.gz: f36fd7e2c8bc73038cff930e7872156bf85804e80c3fe87510373b9093ede11c
4
+ data.tar.gz: 755d19c6d59b56001a3e2afa5b2397324d69ebbdea730738c13b4cfe212a3f31
5
5
  SHA512:
6
- metadata.gz: b40d64358de343b7684a64ab68a18d4e9c4951ff8027271710c1450fb68315f416c785acbba94098fbdd3e1a9910b435d6fa09e1522ba710cae70223fecba28f
7
- data.tar.gz: 13892dac1c28a87fea45d24c4d3107614396fd99fb9b04d2f55b3012f48dc4a31ff50f281488cb63eacfebc46f849e326f50519ae72df742bf36706675f8d28b
6
+ metadata.gz: d658c00d7d482283fa112e5a86d798f0ad3972ec4b4558462e05e54137bac6f8a898038f1c185ab13b3c282557fe0b80932c2e66a5a2d0bf7f2a09b5f614760e
7
+ data.tar.gz: f2dba49a2ea8a8f6b6de80a749ce115fe926dd5785971653e5075bf3bea1d6c39d8ade728bcb5048c60f0ef93bd75ed39cc01a1d6d50ccf4e83061dde278d5a7
@@ -1,6 +1,11 @@
1
+ ### 0.1.5 / 2020-06-02
2
+
3
+ - Remove a ReDoS vulnerability in the header parser (CVE-2020-7663)
4
+
1
5
  ### 0.1.4 / 2019-06-10
2
6
 
3
7
  - Fix a deprecation warning for using the `=~` operator on `true`
8
+ - Change license from MIT to Apache 2.0
4
9
 
5
10
  ### 0.1.3 / 2017-11-11
6
11
 
data/LICENSE.md CHANGED
@@ -1,4 +1,4 @@
1
- Copyright 2014-2019 James Coglan
1
+ Copyright 2014-2020 James Coglan
2
2
 
3
3
  Licensed under the Apache License, Version 2.0 (the "License"); you may not use
4
4
  this file except in compliance with the License. You may obtain a copy of the
data/README.md CHANGED
@@ -227,8 +227,8 @@ then the `permessage-deflate` extension will receive the call:
227
227
 
228
228
  ```rb
229
229
  ext.create_server_session([
230
- {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
231
- {'server_max_window_bits' => 15}
230
+ { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
231
+ { 'server_max_window_bits' => 15 }
232
232
  ])
233
233
  ```
234
234
 
@@ -244,8 +244,8 @@ implement the following methods, as well as the *Session* API listed below.
244
244
  ```rb
245
245
  client_session.generate_offer
246
246
  # e.g. -> [
247
- # {'server_no_context_takeover' => true, 'server_max_window_bits' => 8},
248
- # {'server_max_window_bits' => 15}
247
+ # { 'server_no_context_takeover' => true, 'server_max_window_bits' => 8 },
248
+ # { 'server_max_window_bits' => 15 }
249
249
  # ]
250
250
  ```
251
251
 
@@ -270,7 +270,7 @@ must implement the following methods, as well as the *Session* API listed below.
270
270
 
271
271
  ```rb
272
272
  server_session.generate_response
273
- # e.g. -> {'server_max_window_bits' => 8}
273
+ # e.g. -> { 'server_max_window_bits' => 8 }
274
274
  ```
275
275
 
276
276
  This returns the set of parameters the server session wants to send in its
@@ -38,7 +38,7 @@ module WebSocket
38
38
  end
39
39
 
40
40
  if @by_name.has_key?(ext.name)
41
- raise TypeError, %Q{An extension with name "#{ext.name}" is already registered}
41
+ raise TypeError, %Q{An extension with name "#{ ext.name }" is already registered}
42
42
  end
43
43
 
44
44
  @by_name[ext.name] = ext
@@ -78,18 +78,18 @@ module WebSocket
78
78
 
79
79
  responses.each_offer do |name, params|
80
80
  unless record = @index[name]
81
- raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{name}"}
81
+ raise ExtensionError, %Q{Server sent am extension response for unknown extension "#{ name } }
82
82
  end
83
83
 
84
84
  ext, session = *record
85
85
 
86
86
  if reserved = reserved?(ext)
87
- raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{reserved[0]} } +
88
- %Q{ bit: "#{reserved[1]}" and "#{ext.name}"}
87
+ raise ExtensionError, %Q{Server sent two extension responses that use the RSV#{ reserved[0] }} +
88
+ %Q{bit: "#{ reserved[1] }" and "#{ ext.name }"}
89
89
  end
90
90
 
91
91
  unless session.activate(params) == true
92
- raise ExtensionError, %Q{Server send unacceptable extension parameters: #{Parser.serialize_params(name, params)}}
92
+ raise ExtensionError, %Q{Server send unacceptable extension parameters: #{ Parser.serialize_params(name, params) }}
93
93
  end
94
94
 
95
95
  reserve(ext)
@@ -118,7 +118,7 @@ module WebSocket
118
118
  end
119
119
 
120
120
  def valid_frame_rsv(frame)
121
- allowed = {:rsv1 => false, :rsv2 => false, :rsv3 => false}
121
+ allowed = { :rsv1 => false, :rsv2 => false, :rsv3 => false }
122
122
 
123
123
  if MESSAGE_OPCODES.include?(frame.opcode)
124
124
  @sessions.each do |ext, session|
@@ -6,10 +6,10 @@ module WebSocket
6
6
  class Parser
7
7
  TOKEN = /([!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z]+)/
8
8
  NOTOKEN = /([^!#\$%&'\*\+\-\.\^_`\|~0-9A-Za-z])/
9
- QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"])*)"/
10
- PARAM = %r{#{TOKEN.source}(?:=(?:#{TOKEN.source}|#{QUOTED.source}))?}
11
- EXT = %r{#{TOKEN.source}(?: *; *#{PARAM.source})*}
12
- EXT_LIST = %r{^#{EXT.source}(?: *, *#{EXT.source})*$}
9
+ QUOTED = /"((?:\\[\x00-\x7f]|[^\x00-\x08\x0a-\x1f\x7f"\\])*)"/
10
+ PARAM = %r{#{ TOKEN.source }(?:=(?:#{ TOKEN.source }|#{ QUOTED.source }))?}
11
+ EXT = %r{#{ TOKEN.source }(?: *; *#{ PARAM.source })*}
12
+ EXT_LIST = %r{^#{ EXT.source }(?: *, *#{ EXT.source })*$}
13
13
  NUMBER = /^-?(0|[1-9][0-9]*)(\.[0-9]+)?$/
14
14
 
15
15
  ParseError = Class.new(ArgumentError)
@@ -19,7 +19,7 @@ module WebSocket
19
19
  return offers if header == '' or header.nil?
20
20
 
21
21
  unless header =~ EXT_LIST
22
- raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{header}"
22
+ raise ParseError, "Invalid Sec-WebSocket-Extensions header: #{ header }"
23
23
  end
24
24
 
25
25
  scanner = StringScanner.new(header)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: websocket-extensions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Coglan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-06-10 00:00:00.000000000 Z
11
+ date: 2020-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -59,7 +59,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
59
59
  - !ruby/object:Gem::Version
60
60
  version: '0'
61
61
  requirements: []
62
- rubygems_version: 3.0.3
62
+ rubygems_version: 3.1.2
63
63
  signing_key:
64
64
  specification_version: 4
65
65
  summary: Generic extension manager for WebSocket connections