46 lines
1.7 KiB
Ruby
46 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Net
|
|
class HTTPResponse
|
|
# rubocop: disable Cop/LineBreakAfterGuardClauses
|
|
# rubocop: disable Cop/LineBreakAroundConditionalBlock
|
|
# rubocop: disable Layout/EmptyLineAfterGuardClause
|
|
# rubocop: disable Style/AndOr
|
|
# rubocop: disable Style/CharacterLiteral
|
|
# rubocop: disable Style/InfiniteLoop
|
|
|
|
# Original method:
|
|
# https://github.com/ruby/ruby/blob/v2_7_5/lib/net/http/response.rb#L54-L69
|
|
#
|
|
# Our changes:
|
|
# - Pass along the `start_time` to `Gitlab::BufferedIo`, so we can raise a timeout
|
|
# if reading the headers takes too long.
|
|
# - Limit the regexes to avoid ReDoS attacks.
|
|
def self.each_response_header(sock)
|
|
start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
|
key = value = nil
|
|
while true
|
|
line = sock.is_a?(Gitlab::BufferedIo) ? sock.readuntil("\n", true, start_time) : sock.readuntil("\n", true)
|
|
line = line.sub(/\s{0,10}\z/, '')
|
|
break if line.empty?
|
|
if line[0] == ?\s or line[0] == ?\t and value
|
|
# :nocov:
|
|
value << ' ' unless value.empty?
|
|
value << line.strip
|
|
# :nocov:
|
|
else
|
|
yield key, value if key
|
|
key, value = line.strip.split(/\s{0,10}:\s{0,10}/, 2)
|
|
raise Net::HTTPBadResponse, 'wrong header line format' if value.nil?
|
|
end
|
|
end
|
|
yield key, value if key
|
|
end
|
|
# rubocop: enable Cop/LineBreakAfterGuardClauses
|
|
# rubocop: enable Cop/LineBreakAroundConditionalBlock
|
|
# rubocop: enable Layout/EmptyLineAfterGuardClause
|
|
# rubocop: enable Style/AndOr
|
|
# rubocop: enable Style/CharacterLiteral
|
|
# rubocop: enable Style/InfiniteLoop
|
|
end
|
|
end
|