Age | Commit message (Collapse) | Author |
|
|
|
Some regexps were too tolerant.
https://github.com/ruby/webrick/commit/8946bb38b4
|
|
This reverts commit ed12019ce6abe87aac87ec77ac081d37b25180a2.
https://github.com/ruby/ruby/runs/1160423667?check_suite_focus=true#step:14:752
|
|
https://github.com/ruby/webrick/commit/30152b4bf9
|
|
RFC 7230 section 3.3.3 allows for this.
Fixes #30
https://github.com/ruby/webrick/commit/069e9b1908
|
|
stored as integers
https://github.com/ruby/webrick/commit/86ed621e11
|
|
https://github.com/ruby/webrick/commit/e693f501bd
|
|
|
|
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3270
|
|
`path_info` contains filesystem encoding and binary.
Example is `"/webrick.cgi/%A5%DB%A4%B2/%A4%DB%A4%B2"` in `TestWEBrickCGI#test_cgi`.
|
|
http://ci.rvm.jp/results/trunk-test@ruby-sky1/3012894
```
/tmp/ruby/v3/src/trunk-test/tool/lib/minitest/unit.rb:199:in `assert': webrick log start: (MiniTest::Assertion)
[2020-06-19 23:01:59] ERROR ArgumentError: invalid byte sequence in UTF-8
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:336:in `scan'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:336:in `set_filename'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:310:in `exec_handler'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:245:in `do_GET'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/abstract.rb:105:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpservlet/filehandler.rb:241:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpserver.rb:140:in `service'
/tmp/ruby/v3/src/trunk-test/lib/webrick/httpserver.rb:96:in `run'
/tmp/ruby/v3/src/trunk-test/lib/webrick/server.rb:307:in `block in start_thread'
```
|
|
instead of `@root.encoding`.
And fallback to ASCII-8BIT when filesystem encoding is US-ASCII.
When `@root.encoding` is not compatible filesystem encoding,
`Encoding::CompatibilityError` raised at `webrick/httpservlet/filehandler.rb:341`.
So `DocumentRoot` must be compatible with filesystem encoding.
|
|
This reverts 750203c514e0e9a49f7d53fb54084e6844fca42a and 93e6fa1d319d19ce7fba37e4b9924862447b9f38
|
|
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200619T054159Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200619-14304-utgij/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-19 16:28:42] ERROR `/あ.txt' not found.
webrick log end
Filesystem encoding is Windows-31J.
<"200"> expected but was
<"404">.
---
<[]> expected but was
<["[2020-06-19 16:28:42] ERROR `/\xE3\x81\x82.txt' not found.\n"]>.
```
`prevent_directory_traversal` treats `path_info` as filesystem encoding.
So path_info should be filesystem encoding in request URL.
On some environments, fallback to ASCII-8BIT when EncodingError.
|
|
|
|
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200618T113134Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200618-84004-1t0dh8f/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-18 22:18:07] ERROR `/??.txt' not found.
webrick log end
Filesystem encoding is Windows-31J.
<"200"> expected but was
<"404">.
```
|
|
Try to fix 404 error on mswinci.
https://rubyci.org/logs/mswinci.japaneast.cloudapp.azure.com/vc12-x64/ruby-master/log/20200614T225859Z.fail.html.gz
```
1) Failure:
WEBrick::TestFileHandler#test_cjk_in_path [D:/tmp/mswin-build20200615-24932-11ykstf/ruby/test/webrick/utils.rb:72]:
exceptions on 2 threads:
webrick log start:
[2020-06-15 09:48:29] ERROR `/あ.txt' not found.
webrick log end.
<"200"> expected but was
<"404">.
---
<[]> expected but was
<["[2020-06-15 09:48:29] ERROR `/\xE3\x81\x82.txt' not found.\n"]>.
```
Notes:
Merged: https://github.com/ruby/ruby/pull/3227
|
|
[Bug #16753]
https://github.com/ruby/webrick/commit/83cf440858
|
|
https://github.com/ruby/webrick/commit/e58195faf8
|
|
Chrome 75+ started to strictly enforce X.509 keyUsage against TLS server
certificates. Webrick supports generating instant self-signed
certificates for debugging purpose and these certificates lacks required
keyUsage for modern TLS. So adding the following keyUsages:
- digitalSignature (for server authentication)
- keyAgreement (for DH key exchange)
- dataEncipherment (for data encryption)
References:
- https://tools.ietf.org/html/rfc5280#section-4.2.1.3
- https://crbug.com/795089
- https://boringssl-review.googlesource.com/c/34604
|
|
to /projects/ruby-master
|
|
Fixed misspellings reported at [Bug #16437], for default gems.
|
|
is set
Patch from Leonard Garvey.
Fixes Ruby Bug 9986.
https://github.com/ruby/webrick/commit/8cff7f3995
|
|
https://github.com/ruby/webrick/commit/c5635fa5e2
|
|
to be array
This way you don't need to escape each entry.
Implements Ruby Feature 15170.
https://github.com/ruby/webrick/commit/d8086e600c
|
|
https://github.com/ruby/webrick/commit/d51836d03d
|
|
Only untaint result on Ruby <2.7, as taint support is deprecated
in Ruby 2.7+ and no longer has an effect.
https://github.com/ruby/webrick/commit/4c430f9410
|
|
https://github.com/ruby/webrick/commit/6b6990ec81
|
|
While the stripping of header values is required by RFC 2616 4.2 and
RFC 7230 3.2.4, the squishing is not and can break things, such as
when one header contains an HMAC of another header.
Fixes Ruby Bug 7021.
https://github.com/ruby/webrick/commit/8b96088a86
|
|
https://github.com/ruby/webrick/commit/00c281caa7
|
|
It is currently broken, and even if it worked, it can cause problems
when debugging. See Ruby Bug 10715.
https://github.com/ruby/webrick/commit/575dea8656
|
|
This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16.
The commit prevented CRLR, but did not address an isolated CR or an
isolated LF.
Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
|
|
Create the substrings necessary parts only, instead of cutting the
rest of the buffer. Also removed a useless, probable typo, regexp.
|
|
|
|
WEBrick::HTTPProxyServer implementes HTTP proxy using
WEBrick and Net::HTTP.
WEBrick accepts HTTP/1.0 clients and
Net::HTTP uses always HTTP/1.1.
However HTTP/1.1 supports chunked transfer coding HTTP/1.0 doesn't.
Chunked transfer coding doesn't require that
content-length before the content is sent.
But non-chunked transfer coding require content-length before
the content is sent.
So, when HTTP/1.0 clients connects WEBrick::HTTPProxyServer and
origin server returns chunked response,
WEBrick::HTTPProxyServer needs to store whole content to
know the length of it.
This patch do it using tempfile.
|
|
|
|
Remove extraneous spaces after the status code that is
non-compliant with RFC, i.e `HTTP 200 OK `, to unnecessary
confusion for WEBrick users, by a risk that WEBrick instances in
the wild will have server responses flagged as suspicious or
malicious due to a similar bug in [Cobalt Strike
misconfiguration].
Reported by Matt Tennis <mtennis@paloaltonetworks.com>
[Cobalt Strike misconfiguration]: https://blog.fox-it.com/2019/02/26/identifying-cobalt-strike-team-servers-in-the-wild/
|
|
|
|
So that a customized HTTPServer subclass can use it's own
Request/Response classes.
To apply the override, make a subclass of WEBrick::HTTPServer
and override the
`create_request_and_response(with_webrick_config)` method. The
method should return an Array of [request, response].
To check whether the Server supports this method (i.e. when
using older versions of WEBrick when needing this
functionality), you can ask the server if it responds to the
method
server.respond_to?(:create_request_and_response)
This is backportable.
[ruby-core:69604] [Feature #11266]
From: Julik Tarkhanov <me@julik.nl>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66452 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL complains abour our keys being small and weak :<
Make them big and strong with 2048-bit RSA keys and SHA256 digests
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
The values of @header are expected to be all strings;
WEBrick::HTTPResponse::[]=(key, val) explicitly converts the second
argument to a string and assigns it to @header hash.
However, there were some points in WEBrick internal code that assigns
non-String to @header. This change fixes the issues.
The values are checked by `header_value =~ /\r\n/` in check_header.
The type confusion caused conflict with removal of `Object#=~`
[Feature #15231].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65506 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/csv/csv.gemspec: [DOC] add comment for require fallback
in Ruby repository.
* lib/logger.gemspec: ditto.
* lib/prime.gemspec: ditto.
* lib/rexml/rexml.gemspec: ditto.
* lib/rss/rss.gemspec: ditto.
* lib/webrick/webrick.gemspec: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65037 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #15146]
From: Justin Li <git@justinli.net>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Based on patch by akr [ruby-core:88477], use Tempfile.create
to avoid unnecessary unlink call. Unlike akr's original patch,
this does not change the return value of flush.
Thanks-to: Tanaka Akira <akr@fsij.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64363 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64214 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
They are assigned automatically when pushing gem file to rubygems.org.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64213 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This adds a password_hash keyword argument to
WEBrick::HTTPAuth::Htpasswd#initialize. If set to :bcrypt, it
will create bcrypt hashes instead of crypt hashes, and will
raise an exception if the .htpasswd file uses crypt hashes.
If :bcrypt is used, then instead of calling
BasicAuth.make_passwd (which uses crypt),
WEBrick::HTTPAuth::Htpasswd#set_passwd will set the bcrypt
password directly. It isn't possible to change the
make_passwd API to accept the password hash format, as that
would break configurations who use Htpasswd#auth_type= to set
a custom auth_type.
This modifies WEBrick::HTTPAuth::BasicAuth to handle checking
both crypt and bcrypt hashes.
There are commented out requires for 'string/crypt', to handle
when String#crypt is deprecated and the undeprecated version is
moved to a gem.
There is also a commented out warning for the case when
the password_hash keyword is not specified and 'string/crypt'
cannot be required. I think the warning makes sense to nudge
users to using bcrypt.
I've updated the tests to test nil, :crypt, and :bcrypt values
for the password_hash keyword, skipping the bcrypt tests if the
bcrypt library cannot be required.
[ruby-core:88111] [Feature #14940]
From: Jeremy Evans <code@jeremyevans.net>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|