Class: RequestParser

Inherits:
Object
  • Object
show all
Defined in:
lib/http.rb

Constant Summary collapse

REPLACEMENTS = 
[['%2e', '.'], ['%2f', '/'], ['%5c', ''], ['%255c', ''], ['.',''], [':', ':.'], ['=/', '']]

Instance Method Summary collapse

Constructor Details

#initialize(request) ⇒ RequestParser

Returns a new instance of RequestParser.



52
53
54
 
# File 'lib/http.rb', line 52

def initialize(request)
  @request = request
end

Instance Method Details

#normalize(data) ⇒ Object 



120
121
122
 
# File 'lib/http.rb', line 120

def normalize(data)
  data.gsub(":","").downcase.to_sym
end

#normalize_path(path) ⇒ Object

Normalizes this URI’s path. Not very clean but hopefully does the trick owasp.org/www-community/attacks/Path_Traversal docs.oracle.com/javase/7/docs/api/java/net/URI.html#normalize()



140
141
142
143
144
145
146
147
 
# File 'lib/http.rb', line 140

def normalize_path(path)
  # Removes . any number

  # path.gsub!(/\.+/, ".")

  REPLACEMENTS.each do |replacement|
    path.gsub!(replacement[0], replacement[1])
  end
  return path
end

#parseObject 



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/http.rb', line 56

def parse
  method, path, version = @request.lines[0].split
  path = normalize_path(path)

  if path.include? '?'
    query = path.split('?')[1]
    path = path.split('?')[0]
    query = parse_query(query)
  end

  headers = parse_headers(@request)

  body = nil
  if headers.has_key?(:"content-type")
    body = @request.split(/\n\r\n/)[1]
  end

  {
    method: method,
    version: version,
    path: path,
    query: query,
    headers: headers,
    body: body
  }
end

#parse_headers(headers_string) ⇒ Object

splits http headers and creates key values pairs



86
87
88
89
90
91
92
93
94
 
# File 'lib/http.rb', line 86

def parse_headers(headers_string)
  headers = {}
  headers_string.lines[1..-1].each do |line|
    return headers if line == "\r\n"
    header, value = line.split
    header = normalize(header)
    headers[header] = value
  end
end

#parse_query(query_string) ⇒ Object

This method parses url params

https://developer.mozilla.org/en-US/docs/Web/API/URL/searchParams

parameter = name=Jonathan%20Smith&age=18
returns
{
  :name=>"Jonathan Smith",
  :age=>"18"
}



108
109
110
111
112
113
114
115
116
117
118
 
# File 'lib/http.rb', line 108

def parse_query(query_string)
  params = query_string.split('&')
  queries = {}
  params.each do |param|
    param, value = param.split('=')
    param, value = remove_encoded_space(param, value)
    param = normalize(param)
    queries[param] = value
  end 
  return queries
end

#remove_encoded_space(*args) ⇒ Object

Remove url encoded space %20



125
126
127
128
129
130
131
132
133
134
135
 
# File 'lib/http.rb', line 125

def remove_encoded_space(*args)
  index = 0;
  args.each do |arg|
    if arg.nil? == false
      args[index] = arg.gsub("%20", " ")
      index += 1
    end
  end
  
  return args
end