From: Eric Wong <normalperson@yhbt.net>
To: rack-devel <rack-devel@googlegroups.com>
Subject: [RFC/PATCH] lint: additional response checking/skipping for hijack
Date: Wed, 23 Jan 2013 00:20:48 +0000 [thread overview]
Message-ID: <20130123002048.GA362@dcvr.yhbt.net> (raw)
Not a serious patch for now, at least not all of it.
I suspect middlewares will break badly if the body.each/body.close
checks are enforced.
---
lib/rack/lint.rb | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/lib/rack/lint.rb b/lib/rack/lint.rb
index 1bc2127..f895772 100644
--- a/lib/rack/lint.rb
+++ b/lib/rack/lint.rb
@@ -9,6 +9,7 @@ class Lint
def initialize(app)
@app = app
@content_length = nil
+ @response_hijacked = false
end
# :stopdoc:
@@ -47,6 +48,15 @@ def _call(env)
## and returns an Array of exactly three values:
status, headers, @body = @app.call(env)
+
+ # hijacked requests may not give a valid response, do not check them
+ if env.include?("rack.hijack_io")
+ # request hijacking implies response hijacking, this will ensure
+ # the response body raises if body.each or body.close gets called
+ @response_hijacked = true
+ return [ status, headers, self ]
+ end
+
## The *status*,
check_status status
## the *headers*,
@@ -530,6 +540,7 @@ def check_hijack_response(headers, env)
headers['rack.hijack'] = proc do |io|
original_hijack.call HijackWrapper.new(io)
end
+ @response_hijacked = true
else
##
## The special response header <tt>rack.hijack</tt> must only be set
@@ -636,6 +647,9 @@ def verify_content_length(bytes)
## === The Body
def each
+ assert("server is not attempting to iterate hijacked response body") {
+ @response_hijacked == false
+ }
@closed = false
bytes = 0
@@ -683,6 +697,9 @@ def each
end
def close
+ assert("server is not attempting to close hijacked response") {
+ @response_hijacked == false
+ }
@closed = true
@body.close if @body.respond_to?(:close)
end
--
Eric Wong
next reply other threads:[~2013-01-23 0:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-23 0:20 Eric Wong [this message]
2013-01-28 22:01 ` [RFC/PATCH] lint: additional response checking/skipping for hijack James Tucker
2013-04-21 15:41 ` Tim Carey-Smith
2013-04-23 1:37 ` James Tucker
2013-04-23 1:48 ` Tim Carey-Smith
2013-04-28 1:17 ` James Tucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://groups.google.com/group/rack-devel
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130123002048.GA362@dcvr.yhbt.net \
--to=rack-devel@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).