--- parser3/src/main/pa_http.C 2005/11/28 11:32:47 1.2 +++ parser3/src/main/pa_http.C 2009/05/26 10:44:33 1.26 @@ -1,27 +1,35 @@ /** @file Parser: http support functions. - Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) + Copyright(c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_HTTP_C="$Date: 2005/11/28 11:32:47 $"; +static const char * const IDENT_HTTP_C="$Date: 2009/05/26 10:44:33 $"; #include "pa_http.h" #include "pa_common.h" #include "pa_charsets.h" #include "pa_request_charsets.h" +#include "pa_request.h" +#include "pa_vfile.h" +#include "pa_random.h" // defines -#define HTTP_METHOD_NAME "method" -#define HTTP_FORM_NAME "form" -#define HTTP_BODY_NAME "body" -#define HTTP_TIMEOUT_NAME "timeout" -#define HTTP_HEADERS_NAME "headers" -#define HTTP_ANY_STATUS_NAME "any-status" -#define HTTP_CHARSET_NAME "charset" +#define HTTP_METHOD_NAME "method" +#define HTTP_FORM_NAME "form" +#define HTTP_BODY_NAME "body" +#define HTTP_TIMEOUT_NAME "timeout" +#define HTTP_HEADERS_NAME "headers" +#define HTTP_COOKIES_NAME "cookies" +#define HTTP_FORM_ENCTYPE_NAME "enctype" +#define HTTP_ANY_STATUS_NAME "any-status" +#define HTTP_OMIT_POST_CHARSET_NAME "omit-post-charset" // ^file::load[...;http://...;$.form[...]$.method[post]] + // by default add charset to content-type + #define HTTP_TABLES_NAME "tables" + #define HTTP_USER "user" #define HTTP_PASSWORD "password" @@ -33,12 +41,13 @@ static const char * const IDENT_HTTP_C=" #undef CRLF #define CRLF "\r\n" +#define DCRLF "\r\n\r\n" static bool set_addr(struct sockaddr_in *addr, const char* host, const short port){ - memset(addr, 0, sizeof(*addr)); - addr->sin_family=AF_INET; - addr->sin_port=htons(port); - if(host) { + memset(addr, 0, sizeof(*addr)); + addr->sin_family=AF_INET; + addr->sin_port=htons(port); + if(host) { ulong packed_ip=inet_addr(host); if(packed_ip!=INADDR_NONE) memcpy(&addr->sin_addr, &packed_ip, sizeof(packed_ip)); @@ -49,9 +58,9 @@ static bool set_addr(struct sockaddr_in else return false; } - } else + } else addr->sin_addr.s_addr=INADDR_ANY; - return true; + return true; } size_t guess_content_length(char* buf) { @@ -182,13 +191,36 @@ done: #ifdef PA_USE_ALARM static sigjmp_buf timeout_env; static void timeout_handler(int /*sig*/){ - siglongjmp(timeout_env, 1); + siglongjmp(timeout_env, 1); } #endif +static size_t file_untaint(const char* str, size_t len) { + // untaint file from L_FILE_POST encoding + char* j=(char *)str; + const char* end=str+len-1; + for(const char* i=str; i<=end; i++, j++){ + if(*i=='\\' && i!=end){ + switch(*(i+1)){ + case '0': + *j='\0'; + i++; + continue; + case '\\': + *j='\\'; + i++; + continue; + } + } + if(i!=j) + *j=*i; + } + return j-str; // new length +} + static int http_request(char*& response, size_t& response_size, const char* host, short port, - const char* request, + const char* request, size_t request_size, int timeout_secs, bool fail_on_status_ne_200) { if(!host) @@ -251,7 +283,7 @@ static int http_request(char*& response, 0, "can not connect to host \"%s\": %s (%d)", host, pa_socks_strerr(no), no); } - size_t request_size=strlen(request); + if(send(sock, request, request_size, 0)!=(ssize_t)request_size) { int no=pa_socks_errno(); throw Exception("http.timeout", @@ -283,50 +315,34 @@ struct Http_pass_header_info { Request_charsets* charsets; String* request; bool user_agent_specified; + bool content_type_specified; }; #endif -static void http_pass_header(HashStringValue::key_type key, - HashStringValue::value_type value, - Http_pass_header_info *info) { - *info->request <request << aname << ": " + << attributed_meaning_to_string(*value, String::L_URI, false) + << CRLF; - if(String(key, String::L_TAINTED).change_case(info->charsets->source(), String::CC_UPPER)=="USER-AGENT") - info->user_agent_specified=true; + const String::Body name_upper=aname.change_case(info->charsets->source(), String::CC_UPPER); + if(name_upper==HTTP_USER_AGENT_UPPER) + info->user_agent_specified=true; + if(name_upper==HTTP_CONTENT_TYPE_UPPER) + info->content_type_specified=true; } +static void http_pass_cookie(HashStringValue::key_type name, + HashStringValue::value_type value, + Http_pass_header_info *info) { + + *info->request << String(name, String::L_HTTP_COOKIE) << "=" + << attributed_meaning_to_string(*value, String::L_HTTP_COOKIE, false) + << "; "; -static Charset* detect_charset(Charset& source_charset, const String& content_type_value) { - const String::Body CONTENT_TYPE_VALUE= - content_type_value.change_case(source_charset, String::CC_UPPER); - // content-type: xxx/xxx; source_charset=WE-NEED-THIS - // content-type: xxx/xxx; source_charset="WE-NEED-THIS" - // content-type: xxx/xxx; source_charset="WE-NEED-THIS"; - size_t before_charseteq_pos=CONTENT_TYPE_VALUE.pos("CHARSET="); - if(before_charseteq_pos!=STRING_NOT_FOUND) { - size_t charset_begin=before_charseteq_pos+8/*CHARSET="*/; - size_t open_quote_pos=CONTENT_TYPE_VALUE.pos('"', charset_begin); - bool quoted=open_quote_pos==charset_begin; - if(quoted) - charset_begin++; // skip opening '"' - size_t charset_end=CONTENT_TYPE_VALUE.length(); - if(quoted) { - size_t close_quote_pos=CONTENT_TYPE_VALUE.pos('"', charset_begin); - if(close_quote_pos!=STRING_NOT_FOUND) - charset_end=close_quote_pos; - } else { - size_t delim_pos=CONTENT_TYPE_VALUE.pos(';', charset_begin); - if(delim_pos!=STRING_NOT_FOUND) - charset_end=delim_pos; - } - const String::Body CHARSET_NAME_BODY= - CONTENT_TYPE_VALUE.mid(charset_begin, charset_end); - - return &charsets.get(CHARSET_NAME_BODY); - } - - return 0; } static const String* basic_authorization_field(const char* user, const char* pass) { @@ -340,19 +356,21 @@ static const String* basic_authorization if(pass) combined<key, *row->get(0), info->result); } static void form_value2string( - HashStringValue::key_type key, - HashStringValue::value_type value, - String* result) + HashStringValue::key_type key, + HashStringValue::value_type value, + String* result) { if(const String* svalue=value->get_string()) form_string_value2string(key, *svalue, *result); @@ -376,15 +394,89 @@ static void form_value2string( Form_table_value2string_info info(key, *result); tvalue->for_each(form_table_value2string, &info); } else - throw Exception(0, + throw Exception(PARSER_RUNTIME, new String(key, String::L_TAINTED), - "is %s, "HTTP_FORM_NAME" option value must either string or table", value->type()); + "is %s, "HTTP_FORM_NAME" option value can be string or table only (file is allowed for $."HTTP_METHOD_NAME"[POST] + $."HTTP_FORM_ENCTYPE_NAME"["HTTP_CONTENT_TYPE_MULTIPART_FORMDATA"])", value->type()); +} + +const char* pa_form2string(HashStringValue& form, Request_charsets& charsets) { + String string; + form.for_each(form_value2string, &string); + return string.cstr(String::L_UNSPECIFIED, 0, &charsets); } -const char* pa_form2string(HashStringValue& form) { + +struct FormPart { + Request* r; + const char* boundary; String string; - form.for_each(form_value2string, &string); - return string.cstr(String::L_UNSPECIFIED); + Form_table_value2string_info* info; +}; + +static void form_part_boundary_header(FormPart& part, String name, const char* file_name=0){ + part.string << "--" << part.boundary; + part.string << CRLF HTTP_CONTENT_DISPOSITION ": form-data; name=\"" << name << "\""; + if(file_name){ + if(strcmp(file_name, NONAME_DAT)!=0) + part.string << "; filename=\"" << file_name << "\""; + part.string << CRLF HTTP_CONTENT_TYPE ": " << part.r->mime_type_of(file_name); + } + part.string << DCRLF; } + +static void form_string_value2part( + HashStringValue::key_type key, + const String& value, + FormPart& part) +{ + form_part_boundary_header(part, String(key, String::L_URI)); + part.string.append(value, String::L_AS_IS, true); + part.string << CRLF; +} + +static void form_file_value2part( + HashStringValue::key_type key, + VFile& vfile, + FormPart& part) +{ + form_part_boundary_header(part, String(key, String::L_URI), vfile.fields().get(name_name)->as_string().cstr()); + part.string.append_know_length(vfile.value_ptr(), vfile.value_size(), String::L_FILE_POST); + part.string << CRLF; +} + +static void form_table_value2part(Table::element_type row, FormPart* part) { + form_string_value2part(part->info->key, *row->get(0), *part); +} + +static void form_value2part( + HashStringValue::key_type key, + HashStringValue::value_type value, + FormPart& part) +{ + if(const String* svalue=value->get_string()) + form_string_value2part(key, *svalue, part); + else if(Table* tvalue=value->get_table()) { + Form_table_value2string_info info(key, part.string); + part.info = &info; + tvalue->for_each(form_table_value2part, &part); + } else if(VFile* vfile=static_cast(value->as("file", false))){ + form_file_value2part(key, *vfile, part); + } else + throw Exception(PARSER_RUNTIME, + new String(key, String::L_TAINTED), + "is %s, "HTTP_FORM_NAME" option value can be string, table or file only", value->type()); +} + +const char* pa_form2string_multipart(HashStringValue& form, Request& r, const char* boundary, size_t& post_size){ + FormPart formpart; + formpart.r=&r; + formpart.boundary=boundary; + formpart.info=NULL; + form.for_each(form_value2part, formpart); + formpart.string << "--" << boundary << "--"; + post_size=formpart.string.length(); + return formpart.string.cstr(String::L_UNSPECIFIED, 0, &(r.charsets)); +} + static void find_headers_end(char* p, char*& headers_end_at, char*& raw_body) @@ -405,54 +497,71 @@ static void find_headers_end(char* p, } /// @todo build .cookies field. use ^file.tables.SET-COOKIES.menu{ for now -File_read_http_result pa_internal_file_read_http(Request_charsets& charsets, - const String& file_spec, - bool as_text, - HashStringValue *options) { +File_read_http_result pa_internal_file_read_http(Request& r, + const String& file_spec, + bool as_text, + HashStringValue *options, + bool transcode_text_result) { File_read_http_result result; - char host[MAX_STRING]; + char host[MAX_STRING]; const char* uri; short port; - const char* method="GET"; bool method_is_get; + const char* method="GET"; + bool method_is_get=true; HashStringValue* form=0; const char* body_cstr=0; int timeout_secs=2; bool fail_on_status_ne_200=true; + bool omit_post_charset=false; Value* vheaders=0; + Value* vcookies=0; + Value* vbody=0; Charset *asked_remote_charset=0; const char* user_cstr=0; const char* password_cstr=0; + const char* encode=0; + bool multipart=false; if(options) { int valid_options=pa_get_valid_file_options_count(*options); if(Value* vmethod=options->get(HTTP_METHOD_NAME)) { valid_options++; - method=vmethod->as_string().cstr(); + method=vmethod->as_string().change_case(r.charsets.source(), String::CC_UPPER).cstr(); + method_is_get=strcmp(method, "GET")==0; + } + if(Value* vencode=options->get(HTTP_FORM_ENCTYPE_NAME)) { + valid_options++; + encode=vencode->as_string().cstr(); } if(Value* vform=options->get(HTTP_FORM_NAME)) { valid_options++; form=vform->get_hash(); } - if(Value* vbody=options->get(HTTP_BODY_NAME)) { + if(vbody=options->get(HTTP_BODY_NAME)) { valid_options++; - body_cstr=vbody->as_string().cstr(String::L_UNSPECIFIED); } if(Value* vtimeout=options->get(HTTP_TIMEOUT_NAME)) { valid_options++; timeout_secs=vtimeout->as_int(); } - if((vheaders=options->get(HTTP_HEADERS_NAME))) { + if(vheaders=options->get(HTTP_HEADERS_NAME)) { + valid_options++; + } + if(vcookies=options->get(HTTP_COOKIES_NAME)) { valid_options++; } if(Value* vany_status=options->get(HTTP_ANY_STATUS_NAME)) { valid_options++; fail_on_status_ne_200=!vany_status->as_bool(); - } - if(Value* vcharset_name=options->get(HTTP_CHARSET_NAME)) { + } + if(Value* vomit_post_charset=options->get(HTTP_OMIT_POST_CHARSET_NAME)){ valid_options++; - asked_remote_charset=&::charsets.get(vcharset_name->as_string(). - change_case(charsets.source(), String::CC_UPPER)); + omit_post_charset=vomit_post_charset->as_bool(); + } + if(Value* vcharset_name=options->get(PA_CHARSET_NAME)) { + asked_remote_charset=&charsets.get(vcharset_name->as_string(). + change_case(r.charsets.source(), String::CC_UPPER)); } if(Value* vuser=options->get(HTTP_USER)) { valid_options++; @@ -464,18 +573,38 @@ File_read_http_result pa_internal_file_r } if(valid_options!=options->count()) - throw Exception("parser.runtime", + throw Exception(PARSER_RUNTIME, 0, "invalid option passed"); } if(!asked_remote_charset) // defaulting to $request:charset - asked_remote_charset=&charsets.source(); + asked_remote_charset=&(r.charsets).source(); - method_is_get=strcmp(method, "GET")==0; - if(method_is_get && body_cstr) - throw Exception("parser.runtime", - 0, - "you can not use $."HTTP_BODY_NAME" option with method GET"); + if(encode){ + if(method_is_get) + throw Exception(PARSER_RUNTIME, + 0, + "you can not use $."HTTP_FORM_ENCTYPE_NAME" option with method GET"); + + multipart=strcasecmp(encode, HTTP_CONTENT_TYPE_MULTIPART_FORMDATA)==0; + + if(!multipart && strcasecmp(encode, HTTP_CONTENT_TYPE_FORM_URLENCODED)!=0) + throw Exception(PARSER_RUNTIME, + 0, + "$."HTTP_FORM_ENCTYPE_NAME" option value can be "HTTP_CONTENT_TYPE_FORM_URLENCODED" or "HTTP_CONTENT_TYPE_MULTIPART_FORMDATA" only"); + } + + if(vbody){ + if(method_is_get) + throw Exception(PARSER_RUNTIME, + 0, + "you can not use $."HTTP_BODY_NAME" option with method GET"); + + if(form) + throw Exception(PARSER_RUNTIME, + 0, + "you can not use options $."HTTP_BODY_NAME" and $."HTTP_FORM_NAME" together"); + } //preparing request String& connect_string=*new String; @@ -485,13 +614,13 @@ File_read_http_result pa_internal_file_r String request_head_and_body; { // influence URLencoding of tainted pieces to String::L_URI lang - Temp_client_charset temp(charsets, *asked_remote_charset); + Temp_client_charset temp(r.charsets, *asked_remote_charset); - const char* connect_string_cstr=connect_string.cstr(String::L_UNSPECIFIED); + const char* connect_string_cstr=connect_string.cstr(String::L_UNSPECIFIED, 0, &(r.charsets)); const char* current=connect_string_cstr; if(strncmp(current, "http://", 7)!=0) - throw Exception(0, + throw Exception(PARSER_RUNTIME, &connect_string, "does not start with http://"); //never current+=7; @@ -505,18 +634,51 @@ File_read_http_result pa_internal_file_r bool uri_has_query_string=strchr(uri, '?')!=0; - //making request head + // making request head String head; - head << method; - head << " " << uri; - if(form) - if(method_is_get) - head << (uri_has_query_string?"&":"?") << pa_form2string(*form); - head <<" HTTP/1.0" CRLF - "host: "<< host << CRLF; + head << method << " " << uri; + if(form && method_is_get) + head << (uri_has_query_string?"&":"?") << pa_form2string(*form, r.charsets); + + head <<" HTTP/1.0" CRLF "host: "<< host << CRLF; + + char* boundary; + + if(multipart){ + uuid uuid=get_uuid(); + const int boundary_bufsize=10+32+1/*for zero-teminator*/+1/*for faulty snprintfs*/; + boundary=new(PointerFreeGC) char[boundary_bufsize]; + snprintf(boundary, boundary_bufsize, + "----------%08X%04X%04X%02X%02X%02X%02X%02X%02X%02X%02X", + uuid.time_low, uuid.time_mid, uuid.time_hi_and_version, + uuid.clock_seq >> 8, uuid.clock_seq & 0xFF, + uuid.node[0], uuid.node[1], uuid.node[2], + uuid.node[3], uuid.node[4], uuid.node[5]); + } + + size_t post_size=0; if(form && !method_is_get) { - head << "content-type: application/x-www-form-urlencoded" CRLF; - body_cstr = pa_form2string(*form); + head << HTTP_CONTENT_TYPE ": "; + if(multipart) { + head << HTTP_CONTENT_TYPE_MULTIPART_FORMDATA "; boundary=" << boundary << CRLF; + // !!! charset? + body_cstr=pa_form2string_multipart(*form, r, boundary, post_size); + } else { + head << HTTP_CONTENT_TYPE_FORM_URLENCODED; + if(!omit_post_charset) + head << "; charset=" << asked_remote_charset->NAME_CSTR() << ";"; + head << CRLF; + body_cstr=pa_form2string(*form, r.charsets); + post_size=strlen(body_cstr); + } + } else if (vbody) { + body_cstr=vbody->as_string().cstr(String::L_UNSPECIFIED, 0, &(r.charsets)); + // needed for transcoded $.body[] first of all + body_cstr=Charset::transcode( + String::C(body_cstr, strlen(body_cstr)), + r.charsets.source(), + *asked_remote_charset + ); } // http://www.ietf.org/rfc/rfc2617.txt @@ -524,41 +686,46 @@ File_read_http_result pa_internal_file_r head<<"authorization: "<<*authorization_field_value<is_string()) { // allow empty if(HashStringValue *headers=vheaders->get_hash()) { - Http_pass_header_info info={&charsets, &head, false}; - headers->for_each(http_pass_header, &info); + Http_pass_header_info info={&(r.charsets), &head, false}; + headers->for_each(http_pass_header, &info); user_agent_specified=info.user_agent_specified; + content_type_specified=info.content_type_specified; } else - throw Exception("parser.runtime", + throw Exception(PARSER_RUNTIME, &connect_string, "headers param must be hash"); }; if(!user_agent_specified) // defaulting - head << "user-agent: " DEFAULT_USER_AGENT CRLF; - - if(body_cstr) { - // recode those pieces which are not in String::L_URI lang - // [those violating HTTP standard, but widly used] - body_cstr=Charset::transcode( - String::C(body_cstr, strlen(body_cstr)), - charsets.source(), - *asked_remote_charset); + head << HTTP_USER_AGENT ": " DEFAULT_USER_AGENT CRLF; - head << "content-length: " << format(strlen(body_cstr), "%u") << CRLF; + if(form && !method_is_get && content_type_specified) // POST + form + content-type was specified + throw Exception(PARSER_RUNTIME, + &connect_string, + "$.content-type can't be specified with method POST"); + + if(vcookies && !vcookies->is_string()){ // allow empty + if(HashStringValue* cookies=vcookies->get_hash()) { + head << "cookie: "; + Http_pass_header_info info={&(r.charsets), &head, false}; + cookies->for_each(http_pass_cookie, &info); + head << CRLF; + } else + throw Exception(PARSER_RUNTIME, + &connect_string, + "cookies param must be hash"); } - const char* head_cstr=head.cstr(String::L_UNSPECIFIED); + if(body_cstr) + head << "content-length: " << format(post_size, "%u") << CRLF; - // recode those pieces which are not in String::L_URI lang - // [those violating HTTP standard, but widly used] - head_cstr=Charset::transcode( - String::C(head_cstr, strlen(head_cstr)), - charsets.source(), - *asked_remote_charset); + const char* head_cstr=head.cstr(String::L_UNSPECIFIED, 0, &(r.charsets)); // head + end of header request_head_and_body << head_cstr << CRLF; + // body if(body_cstr) request_head_and_body << body_cstr; @@ -567,8 +734,15 @@ File_read_http_result pa_internal_file_r //sending request char* response; size_t response_size; + + const char* request=request_head_and_body.cstr(); + size_t request_size=strlen(request); + + if(multipart) + request_size=file_untaint(request, request_size); + int status_code=http_request(response, response_size, - host, port, request_head_and_body.cstr(), + host, port, request, request_size, timeout_secs, fail_on_status_ne_200); //processing results @@ -586,7 +760,7 @@ File_read_http_result pa_internal_file_r if(headers_end_at) { *headers_end_at=0; - const String header_block(String::C(response, headers_end_at-response), true); + const String header_block(String::C(response, headers_end_at-response), String::L_TAINTED); ArrayString aheaders; HashStringValue& tables=vtables->hash(); @@ -603,11 +777,10 @@ File_read_http_result pa_internal_file_r throw Exception("http.response", &connect_string, "bad response from host - bad header \"%s\"", line.cstr()); - const String::Body HEADER_NAME= - line.mid(0, pos).change_case(charsets.source(), String::CC_UPPER); - const String& header_value=line.mid(pos+1, line.length()).trim(String::TRIM_BOTH, " \t\r"); - if(as_text && HEADER_NAME=="CONTENT-TYPE") - real_remote_charset=detect_charset(charsets.source(), header_value); + const String::Body HEADER_NAME=line.mid(0, pos).change_case(r.charsets.source(), String::CC_UPPER); + const String& HEADER_VALUE=line.mid(pos+1, line.length()).trim(String::TRIM_BOTH, " \t\r"); + if(as_text && HEADER_NAME==HTTP_CONTENT_TYPE_UPPER) + real_remote_charset=detect_charset(HEADER_VALUE.cstr(), true/*already uppercased*/); // tables { @@ -619,34 +792,48 @@ File_read_http_result pa_internal_file_r table=valready->get_table(); } else { // first appearence - Table::columns_type columns =new ArrayString(1); + Table::columns_type columns=new ArrayString(1); *columns+=new String("value"); table=new Table(columns); } // this string becomes next row ArrayString& row=*new ArrayString(1); - row+=&header_value; + row+=&HEADER_VALUE; *table+=&row; // not existed before? add it if(!existed) tables.put(HEADER_NAME, new VTable(table)); } - result.headers->put(HEADER_NAME, new VString(header_value)); + result.headers->put(HEADER_NAME, new VString(HEADER_VALUE)); } } + if(as_text && raw_body_size>=3 && strncmp(raw_body, "\xEF\xBB\xBF", 3)==0){ + // skip UTF-8 signature (BOM code) + raw_body+=3; + raw_body_size-=3; + } + // output response String::C real_body=String::C(raw_body, raw_body_size); - if(as_text && raw_body_size) { // must be checked because transcode returns CONST string in case length==0, which contradicts hacking few lines below + + if(as_text && transcode_text_result && raw_body_size) { // raw_body_size must be checked because transcode returns CONST string in case length==0, which contradicts hacking few lines below // defaulting to used-asked charset [it's never empty!] if(!real_remote_charset) real_remote_charset=asked_remote_charset; - real_body=Charset::transcode(real_body, *real_remote_charset, charsets.source()); + + real_body=Charset::transcode(real_body, *real_remote_charset, r.charsets.source()); + } result.str=const_cast(real_body.str); // hacking a little result.length=real_body.length; + + if(as_text && result.length) + fix_line_breaks(result.str, result.length); + result.headers->put(file_status_name, new VInt(status_code)); + return result; }