From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.227.175.12 with SMTP id v12csp11201wbz; Sat, 27 Apr 2013 18:17:58 -0700 (PDT) Return-Path: Received-SPF: pass (google.com: domain of rack-devel+bncBD75LW742ECRBQXR6GFQKGQEBE7EBEI@googlegroups.com designates 10.49.4.169 as permitted sender) client-ip=10.49.4.169 Authentication-Results: mr.google.com; spf=pass (google.com: domain of rack-devel+bncBD75LW742ECRBQXR6GFQKGQEBE7EBEI@googlegroups.com designates 10.49.4.169 as permitted sender) smtp.mail=rack-devel+bncBD75LW742ECRBQXR6GFQKGQEBE7EBEI@googlegroups.com; dkim=pass header.i=@googlegroups.com X-Received: from mr.google.com ([10.49.4.169]) by 10.49.4.169 with SMTP id l9mr11960889qel.29.1367111878497 (num_hops = 1); Sat, 27 Apr 2013 18:17:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=x-received:x-beenthere:x-received:received-spf:mime-version :x-received:in-reply-to:references:date:message-id:subject:from:to :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:x-google-group-id:list-post :list-help:list-archive:sender:list-subscribe:list-unsubscribe :content-type; bh=u3KuWeqg83JMa/f9z1i8klqKVeGmLBkcNjJm9c9uNC4=; b=fkPipFyXx0AMUja0RkQbat2x0x2gHuanOkEJIYZ5BU8Kg1N+K/J4IyuqyC1R6w8ru0 8zUbRYWEk3DLazb63Vj3tEyywIarqEnxwfbnkDv5Yq858xf/l6R+IRGLaILdCbro50tM 1NB3Unr3/Z6gGrSYJzmbzV577zGgHwMqLOICJwvRJ/4B04esUdkiq/Lc51Ew9QSrZQrS z4Tgju0f8wWTyN6Xb48Hz51yR3lzLoCbj7grHTt4KqYMin8aH/dt/1eh+7LlNiNA0lAX Sn8y/niACs4hbT764lvEzT2KrJZkfVpVrv6YWI8nciiKCxACr6/x/6FJTobHwMN+vf+4 cenQ== X-Received: by 10.49.4.169 with SMTP id l9mr2760507qel.29.1367111878086; Sat, 27 Apr 2013 18:17:58 -0700 (PDT) X-BeenThere: rack-devel@googlegroups.com Received: by 10.49.36.69 with SMTP id o5ls2152128qej.55.gmail; Sat, 27 Apr 2013 18:17:54 -0700 (PDT) X-Received: by 10.58.252.105 with SMTP id zr9mr16546416vec.14.1367111874513; Sat, 27 Apr 2013 18:17:54 -0700 (PDT) Received: from mail-vb0-x22f.google.com (mail-vb0-x22f.google.com [2607:f8b0:400c:c02::22f]) by gmr-mx.google.com with ESMTPS id wc4si1055096vdb.1.2013.04.27.18.17.54 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 27 Apr 2013 18:17:54 -0700 (PDT) Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:400c:c02::22f as permitted sender) client-ip=2607:f8b0:400c:c02::22f; Received: by mail-vb0-x22f.google.com with SMTP id x13so4397670vbb.20 for ; Sat, 27 Apr 2013 18:17:54 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.220.150.74 with SMTP id x10mr31451991vcv.68.1367111874329; Sat, 27 Apr 2013 18:17:54 -0700 (PDT) Received: by 10.220.154.6 with HTTP; Sat, 27 Apr 2013 18:17:54 -0700 (PDT) In-Reply-To: References: <20130123002048.GA362@dcvr.yhbt.net> Date: Sat, 27 Apr 2013 18:17:54 -0700 Message-ID: Subject: Re: [RFC/PATCH] lint: additional response checking/skipping for hijack From: James Tucker To: rack-devel@googlegroups.com X-Original-Sender: jftucker@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:400c:c02::22f as permitted sender) smtp.mail=jftucker@gmail.com; dkim=pass header.i=@gmail.com Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: X-Google-Group-Id: 486215384060 List-Post: , List-Help: , List-Archive: Sender: rack-devel@googlegroups.com List-Subscribe: , List-Unsubscribe: , Content-Type: multipart/alternative; boundary=f46d043890bba36f0904db618931 --f46d043890bba36f0904db618931 Content-Type: text/plain; charset=ISO-8859-1 Hah, so it does. The other doesn't. That's what I get for writing teeny examples. On Mon, Apr 22, 2013 at 6:48 PM, Tim Carey-Smith wrote: > The referenced hijack.ru app returns the IO object instead of returning > [200, {}, []]. > > > https://github.com/raggi/thin/blob/e04855459cb42fd98a0a483075f8337cafe6d949/example/hijack.ru#L15 > > Thanks, > Tim > > On Apr 23, 2013, at 1:37 PM, James Tucker wrote: > > > The examples do work this way. > > > > What are you referring to? > > > > > > On Sun, Apr 21, 2013 at 8:41 AM, Tim Carey-Smith wrote: > > > >> Could you update the examples on the original issue to behave in this > way? > >> This is a point of confusion, I think. > >> > >> Perhaps this could be added to the SPEC as well? > >> > >> On Jan 29, 2013, at 11:01 AM, James Tucker wrote: > >> > >>> I'd generally recommend that the hijacking app return valid stub data, > >>> something like: [200, {}, []]. > >>> > >>> > >>> On 22 January 2013 16:20, Eric Wong wrote: > >>> > >>>> Not a serious patch for now, at least not all of it. > >>>> I suspect middlewares will break badly if the body.each/body.close > >>>> checks are enforced. > >>>> > >>>> --- > >>>> lib/rack/lint.rb | 17 +++++++++++++++++ > >>>> 1 file changed, 17 insertions(+) > >>>> > >>>> diff --git a/lib/rack/lint.rb b/lib/rack/lint.rb > >>>> index 1bc2127..f895772 100644 > >>>> --- a/lib/rack/lint.rb > >>>> +++ b/lib/rack/lint.rb > >>>> @@ -9,6 +9,7 @@ class Lint > >>>> def initialize(app) > >>>> @app = app > >>>> @content_length = nil > >>>> + @response_hijacked = false > >>>> end > >>>> > >>>> # :stopdoc: > >>>> @@ -47,6 +48,15 @@ def _call(env) > >>>> > >>>> ## and returns an Array of exactly three values: > >>>> status, headers, @body = @app.call(env) > >>>> + > >>>> + # hijacked requests may not give a valid response, do not check > >> them > >>>> + if env.include?("rack.hijack_io") > >>>> + # request hijacking implies response hijacking, this will > >> ensure > >>>> + # the response body raises if body.each or body.close gets > >> called > >>>> + @response_hijacked = true > >>>> + return [ status, headers, self ] > >>>> + end > >>>> + > >>>> ## The *status*, > >>>> check_status status > >>>> ## the *headers*, > >>>> @@ -530,6 +540,7 @@ def check_hijack_response(headers, env) > >>>> headers['rack.hijack'] = proc do |io| > >>>> original_hijack.call HijackWrapper.new(io) > >>>> end > >>>> + @response_hijacked = true > >>>> else > >>>> ## > >>>> ## The special response header rack.hijack must only > be > >>>> set > >>>> @@ -636,6 +647,9 @@ def verify_content_length(bytes) > >>>> > >>>> ## === The Body > >>>> def each > >>>> + assert("server is not attempting to iterate hijacked response > >>>> body") { > >>>> + @response_hijacked == false > >>>> + } > >>>> @closed = false > >>>> bytes = 0 > >>>> > >>>> @@ -683,6 +697,9 @@ def each > >>>> end > >>>> > >>>> def close > >>>> + assert("server is not attempting to close hijacked response") { > >>>> + @response_hijacked == false > >>>> + } > >>>> @closed = true > >>>> @body.close if @body.respond_to?(:close) > >>>> end > >>>> -- > >>>> Eric Wong > >>>> > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > >> Groups "Rack Development" group. > >>> To unsubscribe from this group, send email to > >> rack-devel+unsubscribe@googlegroups.com. > >>> For more options, visit https://groups.google.com/groups/opt_out. > >>> > >>> > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "Rack Development" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to rack-devel+unsubscribe@googlegroups.com. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > >> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "Rack Development" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to rack-devel+unsubscribe@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Rack Development" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rack-devel+unsubscribe@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "Rack Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. --f46d043890bba36f0904db618931 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hah, so it does. The other doesn't. That's what I = get for writing teeny examples.


On Mon, Apr 22, 2013 at 6:48 PM, Tim Carey-Smith <g@spork= .in> wrote:
The referenced hijack.ru app returns the IO object instead of return= ing [200, {}, []].

https://github.com/rag= gi/thin/blob/e04855459cb42fd98a0a483075f8337cafe6d949/example/hijack.ru#L15=

Thanks,
Tim

On Apr 23, 2013, at 1:37 PM, James Tucker <jftucker@gmail.com> wrote:

> The examples do work this way.
>
> What are you referring to?
>
>
> On Sun, Apr 21, 2013 at 8:41 AM, Tim Carey-Smith <g@spork.in> wrote:
>
>> Could you update the examples on the original issue to behave in t= his way?
>> This is a point of confusion, I think.
>>
>> Perhaps this could be added to the SPEC as well?
>>
>> On Jan 29, 2013, at 11:01 AM, James Tucker <jftucker@gmail.com> wrote:
>>
>>> I'd generally recommend that the hijacking app return vali= d stub data,
>>> something like: [200, {}, []].
>>>
>>>
>>> On 22 January 2013 16:20, Eric Wong <normalperson@yhbt.net> wrote:
>>>
>>>> Not a serious patch for now, at least not all of it.
>>>> I suspect middlewares will break badly if the body.each/bo= dy.close
>>>> checks are enforced.
>>>>
>>>> ---
>>>> lib/rack/lint.rb | 17 +++++++++++++++++
>>>> 1 file changed, 17 insertions(+)
>>>>
>>>> diff --git a/lib/rack/lint.rb b/lib/rack/lint.rb
>>>> index 1bc2127..f895772 100644
>>>> --- a/lib/rack/lint.rb
>>>> +++ b/lib/rack/lint.rb
>>>> @@ -9,6 +9,7 @@ class Lint
>>>> =A0 =A0def initialize(app)
>>>> =A0 =A0 =A0@app =3D app
>>>> =A0 =A0 =A0@content_length =3D nil
>>>> + =A0 =A0 =A0@response_hijacked =3D false
>>>> =A0 =A0end
>>>>
>>>> =A0 =A0# :stopdoc:
>>>> @@ -47,6 +48,15 @@ def _call(env)
>>>>
>>>> =A0 =A0 =A0## and returns an Array of exactly three values= :
>>>> =A0 =A0 =A0status, headers, @body =3D @app.call(env)
>>>> +
>>>> + =A0 =A0 =A0# hijacked requests may not give a valid resp= onse, do not check
>> them
>>>> + =A0 =A0 =A0if env.include?("rack.hijack_io") >>>> + =A0 =A0 =A0 =A0# request hijacking implies response hija= cking, this will
>> ensure
>>>> + =A0 =A0 =A0 =A0# the response body raises if body.each o= r body.close gets
>> called
>>>> + =A0 =A0 =A0 =A0@response_hijacked =3D true
>>>> + =A0 =A0 =A0 =A0return [ status, headers, self ]
>>>> + =A0 =A0 =A0end
>>>> +
>>>> =A0 =A0 =A0## The *status*,
>>>> =A0 =A0 =A0check_status status
>>>> =A0 =A0 =A0## the *headers*,
>>>> @@ -530,6 +540,7 @@ def check_hijack_response(headers, env= )
>>>> =A0 =A0 =A0 =A0headers['rack.hijack'] =3D proc do = |io|
>>>> =A0 =A0 =A0 =A0 =A0original_hijack.call HijackWrapper.new(= io)
>>>> =A0 =A0 =A0 =A0end
>>>> + =A0 =A0 =A0 =A0@response_hijacked =3D true
>>>> =A0 =A0 =A0else
>>>> =A0 =A0 =A0 =A0##
>>>> =A0 =A0 =A0 =A0## The special response header <tt>ra= ck.hijack</tt> must only be
>>>> set
>>>> @@ -636,6 +647,9 @@ def verify_content_length(bytes)
>>>>
>>>> =A0 =A0## =3D=3D=3D The Body
>>>> =A0 =A0def each
>>>> + =A0 =A0 =A0assert("server is not attempting to iter= ate hijacked response
>>>> body") {
>>>> + =A0 =A0 =A0 =A0@response_hijacked =3D=3D false
>>>> + =A0 =A0 =A0}
>>>> =A0 =A0 =A0@closed =3D false
>>>> =A0 =A0 =A0bytes =3D 0
>>>>
>>>> @@ -683,6 +697,9 @@ def each
>>>> =A0 =A0end
>>>>
>>>> =A0 =A0def close
>>>> + =A0 =A0 =A0assert("server is not attempting to clos= e hijacked response") {
>>>> + =A0 =A0 =A0 =A0@response_hijacked =3D=3D false
>>>> + =A0 =A0 =A0}
>>>> =A0 =A0 =A0@closed =3D true
>>>> =A0 =A0 =A0@body.close =A0if @body.respond_to?(:close)
>>>> =A0 =A0end
>>>> --
>>>> Eric Wong
>>>>
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Go= ogle
>> Groups "Rack Development" group.
>>> To unsubscribe from this group, send email to
>> rack-= devel+unsubscribe@googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>>
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google= Groups
>> "Rack Development" group.
>> To unsubscribe from this group and stop receiving emails from it, = send an
>> email to rack-devel+unsubscribe@googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.<= br> >>
>>
>>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Gro= ups "Rack Development" group.
> To unsubscribe from this group and stop receiving emails from it, send= an email to r= ack-devel+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

--

---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-d= evel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
 
---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 
--f46d043890bba36f0904db618931--