* [PATCH] webrick: filter out HTTP_PROXY for CGIHandler
@ 2016-07-21 21:49 Eric Wong
0 siblings, 0 replies; 2+ messages in thread
From: Eric Wong @ 2016-07-21 21:49 UTC (permalink / raw)
To: spew
* lib/webrick/httpservlet/cgihandler.rb (do_GET): delete HTTP_PROXY
* test/webrick/test_cgi.rb (test_cgi_env): new test
* test/webrick/webrick.cgi (do_GET): new endpoint to dump env
---
lib/webrick/httpservlet/cgihandler.rb | 1 -
test/webrick/test_cgi.rb | 14 ++++++++++++++
test/webrick/webrick.cgi | 4 +++-
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/lib/webrick/httpservlet/cgihandler.rb b/lib/webrick/httpservlet/cgihandler.rb
index add0e44..ba6b0b6 100644
--- a/lib/webrick/httpservlet/cgihandler.rb
+++ b/lib/webrick/httpservlet/cgihandler.rb
@@ -53,7 +53,6 @@ def do_GET(req, res)
meta["SCRIPT_FILENAME"] = @script_filename
meta["PATH"] = @config[:CGIPathEnv]
meta.delete("HTTP_PROXY")
-
if /mswin|bccwin|mingw/ =~ RUBY_PLATFORM
meta["SystemRoot"] = ENV["SystemRoot"]
end
diff --git a/test/webrick/test_cgi.rb b/test/webrick/test_cgi.rb
index 9dd6be8..764c63f 100644
--- a/test/webrick/test_cgi.rb
+++ b/test/webrick/test_cgi.rb
@@ -114,6 +114,20 @@ def test_bad_request
}
end
+ def test_cgi_env
+ start_cgi_server do |server, addr, port, log|
+ http = Net::HTTP.new(addr, port)
+ req = Net::HTTP::Get.new("/webrick.cgi/dumpenv")
+ req['proxy'] = 'http://example.com/'
+ req['hello'] = 'world'
+ http.request(req) do |res|
+ env = Marshal.load(res.body)
+ assert_equal 'world', env['HTTP_HELLO']
+ assert_not_operator env, :include?, 'HTTP_PROXY'
+ end
+ end
+ end
+
CtrlSeq = [0x7f, *(1..31)].pack("C*").gsub(/\s+/, '')
CtrlPat = /#{Regexp.quote(CtrlSeq)}/o
DumpPat = /#{Regexp.quote(CtrlSeq.dump[1...-1])}/o
diff --git a/test/webrick/webrick.cgi b/test/webrick/webrick.cgi
index 43c1af8..a294fa7 100644
--- a/test/webrick/webrick.cgi
+++ b/test/webrick/webrick.cgi
@@ -4,7 +4,9 @@ require "webrick/cgi"
class TestApp < WEBrick::CGI
def do_GET(req, res)
res["content-type"] = "text/plain"
- if (p = req.path_info) && p.length > 0
+ if req.path_info == "/dumpenv"
+ res.body = Marshal.dump(ENV.to_hash)
+ elsif (p = req.path_info) && p.length > 0
res.body = p
elsif (q = req.query).size > 0
res.body = q.keys.sort.collect{|key|
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH] webrick: filter out HTTP_PROXY for CGIHandler
@ 2016-07-21 21:55 Eric Wong
0 siblings, 0 replies; 2+ messages in thread
From: Eric Wong @ 2016-07-21 21:55 UTC (permalink / raw)
To: spew
* lib/webrick/httpservlet/cgihandler.rb (do_GET): delete HTTP_PROXY
* test/webrick/test_cgi.rb (test_cgi_env): new test
* test/webrick/webrick.cgi (do_GET): new endpoint to dump env
---
lib/webrick/httpservlet/cgihandler.rb | 1 +
test/webrick/test_cgi.rb | 14 ++++++++++++++
test/webrick/webrick.cgi | 4 +++-
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/lib/webrick/httpservlet/cgihandler.rb b/lib/webrick/httpservlet/cgihandler.rb
index 051bb7c..ba6b0b6 100644
--- a/lib/webrick/httpservlet/cgihandler.rb
+++ b/lib/webrick/httpservlet/cgihandler.rb
@@ -52,6 +52,7 @@ def do_GET(req, res)
meta = req.meta_vars
meta["SCRIPT_FILENAME"] = @script_filename
meta["PATH"] = @config[:CGIPathEnv]
+ meta.delete("HTTP_PROXY")
if /mswin|bccwin|mingw/ =~ RUBY_PLATFORM
meta["SystemRoot"] = ENV["SystemRoot"]
end
diff --git a/test/webrick/test_cgi.rb b/test/webrick/test_cgi.rb
index 9dd6be8..764c63f 100644
--- a/test/webrick/test_cgi.rb
+++ b/test/webrick/test_cgi.rb
@@ -114,6 +114,20 @@ def test_bad_request
}
end
+ def test_cgi_env
+ start_cgi_server do |server, addr, port, log|
+ http = Net::HTTP.new(addr, port)
+ req = Net::HTTP::Get.new("/webrick.cgi/dumpenv")
+ req['proxy'] = 'http://example.com/'
+ req['hello'] = 'world'
+ http.request(req) do |res|
+ env = Marshal.load(res.body)
+ assert_equal 'world', env['HTTP_HELLO']
+ assert_not_operator env, :include?, 'HTTP_PROXY'
+ end
+ end
+ end
+
CtrlSeq = [0x7f, *(1..31)].pack("C*").gsub(/\s+/, '')
CtrlPat = /#{Regexp.quote(CtrlSeq)}/o
DumpPat = /#{Regexp.quote(CtrlSeq.dump[1...-1])}/o
diff --git a/test/webrick/webrick.cgi b/test/webrick/webrick.cgi
index 43c1af8..a294fa7 100644
--- a/test/webrick/webrick.cgi
+++ b/test/webrick/webrick.cgi
@@ -4,7 +4,9 @@ require "webrick/cgi"
class TestApp < WEBrick::CGI
def do_GET(req, res)
res["content-type"] = "text/plain"
- if (p = req.path_info) && p.length > 0
+ if req.path_info == "/dumpenv"
+ res.body = Marshal.dump(ENV.to_hash)
+ elsif (p = req.path_info) && p.length > 0
res.body = p
elsif (q = req.query).size > 0
res.body = q.keys.sort.collect{|key|
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-07-21 21:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-21 21:55 [PATCH] webrick: filter out HTTP_PROXY for CGIHandler Eric Wong
-- strict thread matches above, loose matches on Subject: below --
2016-07-21 21:49 Eric Wong
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).