diff options
author | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 08:06:55 +0000 |
---|---|---|
committer | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-03-28 08:06:55 +0000 |
commit | 706c028909df2f9526c1cde1c2baa6bc0b4d318a (patch) | |
tree | 0d949ef750c32079b9220f0c8264e945535b75ad /test/webrick/test_httprequest.rb | |
parent | 32e277acbf35de454befc1573aff1063a55403cf (diff) |
webrick/httpproxy: stream request and response bodies
Reading entire request or response bodies into memory can lead
to trivial denial-of-service attacks. Introduce Fibers in both
cases to allow streaming.
WEBrick::HTTPRequest gains a new body_reader method to prepare
itself as a source for IO.copy_stream. This allows the
WEBrick::HTTPRequest object to be used as the
Net::HTTPGenericRequest#body_stream= arg for Net::HTTP.
For HTTP proxy response bodies, we also use a Fiber to
to make the HTTP request and read the response body.
* lib/webrick/httprequest.rb (body_reader): new method
(readpartial): ditto
* lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber
to stream response body
(do_GET, do_HEAD): adjust call
(do_POST): adjust call and supply body_reader
* test/webrick/test_httprequest.rb (test_chunked): test
for IO.copy_stream compatibility
* test/webrick/test_httpproxy.rb (test_big_bodies): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62966 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/webrick/test_httprequest.rb')
-rw-r--r-- | test/webrick/test_httprequest.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/test/webrick/test_httprequest.rb b/test/webrick/test_httprequest.rb index 855ff9d4a7..6b99e34569 100644 --- a/test/webrick/test_httprequest.rb +++ b/test/webrick/test_httprequest.rb @@ -237,6 +237,7 @@ GET / def test_chunked crlf = "\x0d\x0a" + expect = File.read(__FILE__).freeze msg = <<-_end_of_message_ POST /path HTTP/1.1 Host: test.ruby-lang.org:8080 @@ -253,7 +254,14 @@ GET / msg << "0" << crlf req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP) req.parse(StringIO.new(msg)) - assert_equal(File.read(__FILE__), req.body) + assert_equal(expect, req.body) + + # chunked req.body_reader + req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP) + req.parse(StringIO.new(msg)) + dst = StringIO.new + IO.copy_stream(req.body_reader, dst) + assert_equal(expect, dst.string) end def test_forwarded |