--- parser3/src/main/pa_http.C 2008/02/22 17:29:38 1.11 +++ parser3/src/main/pa_http.C 2009/08/22 14:22:33 1.35 @@ -1,28 +1,35 @@ /** @file Parser: http support functions. - Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) + Copyright(c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_HTTP_C="$Date: 2008/02/22 17:29:38 $"; +static const char * const IDENT_HTTP_C="$Date: 2009/08/22 14:22:33 $"; #include "pa_http.h" #include "pa_common.h" #include "pa_charsets.h" #include "pa_request_charsets.h" +#include "pa_request.h" +#include "pa_vfile.h" +#include "pa_random.h" // defines -#define HTTP_METHOD_NAME "method" -#define HTTP_FORM_NAME "form" -#define HTTP_BODY_NAME "body" -#define HTTP_TIMEOUT_NAME "timeout" -#define HTTP_HEADERS_NAME "headers" -#define HTTP_COOKIES_NAME "cookies" -#define HTTP_ANY_STATUS_NAME "any-status" -// #define HTTP_CHARSET_NAME "charset" +#define HTTP_METHOD_NAME "method" +#define HTTP_FORM_NAME "form" +#define HTTP_BODY_NAME "body" +#define HTTP_TIMEOUT_NAME "timeout" +#define HTTP_HEADERS_NAME "headers" +#define HTTP_COOKIES_NAME "cookies" +#define HTTP_FORM_ENCTYPE_NAME "enctype" +#define HTTP_ANY_STATUS_NAME "any-status" +#define HTTP_OMIT_POST_CHARSET_NAME "omit-post-charset" // ^file::load[...;http://...;$.form[...]$.method[post]] + // by default add charset to content-type + #define HTTP_TABLES_NAME "tables" + #define HTTP_USER "user" #define HTTP_PASSWORD "password" @@ -36,10 +43,10 @@ static const char * const IDENT_HTTP_C=" #define CRLF "\r\n" static bool set_addr(struct sockaddr_in *addr, const char* host, const short port){ - memset(addr, 0, sizeof(*addr)); - addr->sin_family=AF_INET; - addr->sin_port=htons(port); - if(host) { + memset(addr, 0, sizeof(*addr)); + addr->sin_family=AF_INET; + addr->sin_port=htons(port); + if(host) { ulong packed_ip=inet_addr(host); if(packed_ip!=INADDR_NONE) memcpy(&addr->sin_addr, &packed_ip, sizeof(packed_ip)); @@ -50,9 +57,9 @@ static bool set_addr(struct sockaddr_in else return false; } - } else + } else addr->sin_addr.s_addr=INADDR_ANY; - return true; + return true; } size_t guess_content_length(char* buf) { @@ -183,13 +190,36 @@ done: #ifdef PA_USE_ALARM static sigjmp_buf timeout_env; static void timeout_handler(int /*sig*/){ - siglongjmp(timeout_env, 1); + siglongjmp(timeout_env, 1); } #endif +static size_t file_untaint(const char* str, size_t len) { + // untaint file from L_FILE_POST encoding + char* j=(char *)str; + const char* end=str+len-1; + for(const char* i=str; i<=end; i++, j++){ + if(*i=='\\' && i!=end){ + switch(*(i+1)){ + case '0': + *j='\0'; + i++; + continue; + case '\\': + *j='\\'; + i++; + continue; + } + } + if(i!=j) + *j=*i; + } + return j-str; // new length +} + static int http_request(char*& response, size_t& response_size, const char* host, short port, - const char* request, + const char* request, size_t request_size, int timeout_secs, bool fail_on_status_ne_200) { if(!host) @@ -252,7 +282,7 @@ static int http_request(char*& response, 0, "can not connect to host \"%s\": %s (%d)", host, pa_socks_strerr(no), no); } - size_t request_size=strlen(request); + if(send(sock, request, request_size, 0)!=(ssize_t)request_size) { int no=pa_socks_errno(); throw Exception("http.timeout", @@ -283,65 +313,39 @@ static int http_request(char*& response, struct Http_pass_header_info { Request_charsets* charsets; String* request; - bool user_agent_specified; + bool* user_agent_specified; + bool* content_type_specified; + bool* content_type_url_encoded; }; #endif -static void http_pass_header(HashStringValue::key_type name, - HashStringValue::value_type value, - Http_pass_header_info *info) { - - String aname=String(name, String::L_URI); - - *info->request <request << name << ": " << value << CRLF; - if(aname.change_case(info->charsets->source(), String::CC_UPPER)=="USER-AGENT") - info->user_agent_specified=true; + const String::Body name_upper=name.change_case(info->charsets->source(), String::CC_UPPER); + if(name_upper==HTTP_USER_AGENT_UPPER) + *info->user_agent_specified=true; + if(name_upper==HTTP_CONTENT_TYPE_UPPER){ + *info->content_type_specified=true; + *info->content_type_url_encoded=StrStartFromNC(value.cstr(), HTTP_CONTENT_TYPE_FORM_URLENCODED); + } } static void http_pass_cookie(HashStringValue::key_type name, - HashStringValue::value_type value, - Http_pass_header_info *info) { + HashStringValue::value_type value, + Http_pass_header_info *info) { - *info->request << String(name, String::L_HTTP_HEADER) << "=" - << attributed_meaning_to_string(*value, String::L_HTTP_HEADER, false) + *info->request << String(name, String::L_HTTP_COOKIE) << "=" + << attributed_meaning_to_string(*value, String::L_HTTP_COOKIE, true) << "; "; } -static Charset* detect_charset(Charset& source_charset, const String& content_type_value) { - const String::Body CONTENT_TYPE_VALUE= - content_type_value.change_case(source_charset, String::CC_UPPER); - // content-type: xxx/xxx; source_charset=WE-NEED-THIS - // content-type: xxx/xxx; source_charset="WE-NEED-THIS" - // content-type: xxx/xxx; source_charset="WE-NEED-THIS"; - size_t before_charseteq_pos=CONTENT_TYPE_VALUE.pos("CHARSET="); - if(before_charseteq_pos!=STRING_NOT_FOUND) { - size_t charset_begin=before_charseteq_pos+8/*CHARSET=*/; - size_t open_quote_pos=CONTENT_TYPE_VALUE.pos('"', charset_begin); - bool quoted=open_quote_pos==charset_begin; - if(quoted) - charset_begin++; // skip opening '"' - size_t charset_end=CONTENT_TYPE_VALUE.length(); - if(quoted) { - size_t close_quote_pos=CONTENT_TYPE_VALUE.pos('"', charset_begin); - if(close_quote_pos!=STRING_NOT_FOUND) - charset_end=close_quote_pos; - } else { - size_t delim_pos=CONTENT_TYPE_VALUE.pos(';', charset_begin); - if(delim_pos!=STRING_NOT_FOUND) - charset_end=delim_pos; - } - const String::Body CHARSET_NAME_BODY= - CONTENT_TYPE_VALUE.mid(charset_begin, charset_end - charset_begin); - - return &charsets.get(CHARSET_NAME_BODY); - } - - return 0; -} - static const String* basic_authorization_field(const char* user, const char* pass) { if(!user&& !pass) return 0; @@ -353,19 +357,19 @@ static const String* basic_authorization if(pass) combined<key, *row->get(0), info->result); } static void form_value2string( - HashStringValue::key_type key, - HashStringValue::value_type value, - String* result) + HashStringValue::key_type key, + HashStringValue::value_type value, + String* result) { if(const String* svalue=value->get_string()) form_string_value2string(key, *svalue, *result); @@ -389,15 +393,90 @@ static void form_value2string( Form_table_value2string_info info(key, *result); tvalue->for_each(form_table_value2string, &info); } else - throw Exception(0, + throw Exception(PARSER_RUNTIME, new String(key, String::L_TAINTED), - "is %s, "HTTP_FORM_NAME" option value must either string or table", value->type()); + "is %s, "HTTP_FORM_NAME" option value can be string or table only (file is allowed for $."HTTP_METHOD_NAME"[POST] + $."HTTP_FORM_ENCTYPE_NAME"["HTTP_CONTENT_TYPE_MULTIPART_FORMDATA"])", value->type()); } + const char* pa_form2string(HashStringValue& form, Request_charsets& charsets) { String string; form.for_each(form_value2string, &string); - return string.cstr(String::L_UNSPECIFIED, 0, &charsets); + return string.transcode_and_untaint_cstr(String::L_URI, &charsets); } + +struct FormPart { + Request* r; + const char* boundary; + String string; + Form_table_value2string_info* info; +}; + +static void form_part_boundary_header(FormPart& part, String::Body name, const char* file_name=0){ + part.string << "--" << part.boundary + << CRLF HTTP_CONTENT_DISPOSITION ": form-data; name=\"" + << Charset::transcode(name, part.r->charsets.source(), part.r->charsets.client()) + << "\""; + if(file_name){ + if(strcmp(file_name, NONAME_DAT)!=0) + part.string << "; filename=\"" << file_name << "\""; + part.string << CRLF HTTP_CONTENT_TYPE ": " << part.r->mime_type_of(file_name); + } + part.string << CRLF CRLF; +} + +static void form_string_value2part( + HashStringValue::key_type key, + const String& value, + FormPart& part) +{ + form_part_boundary_header(part, key); + part.string << Charset::transcode(value, part.r->charsets.source(), part.r->charsets.client()) << CRLF; +} + +static void form_file_value2part( + HashStringValue::key_type key, + VFile& vfile, + FormPart& part) +{ + form_part_boundary_header(part, key, vfile.fields().get(name_name)->as_string().cstr()); + part.string.append_know_length(vfile.value_ptr(), vfile.value_size(), String::L_FILE_POST); + part.string << CRLF; +} + +static void form_table_value2part(Table::element_type row, FormPart* part) { + form_string_value2part(part->info->key, *row->get(0), *part); +} + +static void form_value2part( + HashStringValue::key_type key, + HashStringValue::value_type value, + FormPart& part) +{ + if(const String* svalue=value->get_string()) + form_string_value2part(key, *svalue, part); + else if(Table* tvalue=value->get_table()) { + Form_table_value2string_info info(key, part.string); + part.info = &info; + tvalue->for_each(form_table_value2part, &part); + } else if(VFile* vfile=static_cast(value->as("file"))){ + form_file_value2part(key, *vfile, part); + } else + throw Exception(PARSER_RUNTIME, + new String(key, String::L_TAINTED), + "is %s, "HTTP_FORM_NAME" option value can be string, table or file only", value->type()); +} + +const char* pa_form2string_multipart(HashStringValue& form, Request& r, const char* boundary, size_t& post_size){ + FormPart formpart; + formpart.r=&r; + formpart.boundary=boundary; + formpart.info=NULL; + form.for_each(form_value2part, formpart); + formpart.string << "--" << boundary << "--"; + post_size=formpart.string.length(); // very surprizing, but it calculates correct post_size even with binary files! + return formpart.string.untaint_cstr(String::L_AS_IS); // without transcoding +} + static void find_headers_end(char* p, char*& headers_end_at, char*& raw_body) @@ -418,32 +497,42 @@ static void find_headers_end(char* p, } /// @todo build .cookies field. use ^file.tables.SET-COOKIES.menu{ for now -File_read_http_result pa_internal_file_read_http(Request_charsets& charsets, - const String& file_spec, - bool as_text, - HashStringValue *options) { +File_read_http_result pa_internal_file_read_http(Request& r, + const String& file_spec, + bool as_text, + HashStringValue *options, + bool transcode_text_result) { File_read_http_result result; - char host[MAX_STRING]; + char host[MAX_STRING]; const char* uri; short port; const char* method="GET"; + bool method_is_get=true; HashStringValue* form=0; const char* body_cstr=0; int timeout_secs=2; bool fail_on_status_ne_200=true; + bool omit_post_charset=false; Value* vheaders=0; Value* vcookies=0; Value* vbody=0; Charset *asked_remote_charset=0; const char* user_cstr=0; const char* password_cstr=0; + const char* encode=0; + bool multipart=false; if(options) { int valid_options=pa_get_valid_file_options_count(*options); if(Value* vmethod=options->get(HTTP_METHOD_NAME)) { valid_options++; - method=vmethod->as_string().cstr(); + method=vmethod->as_string().change_case(r.charsets.source(), String::CC_UPPER).cstr(); + method_is_get=strcmp(method, "GET")==0; + } + if(Value* vencode=options->get(HTTP_FORM_ENCTYPE_NAME)) { + valid_options++; + encode=vencode->as_string().cstr(); } if(Value* vform=options->get(HTTP_FORM_NAME)) { valid_options++; @@ -465,10 +554,14 @@ File_read_http_result pa_internal_file_r if(Value* vany_status=options->get(HTTP_ANY_STATUS_NAME)) { valid_options++; fail_on_status_ne_200=!vany_status->as_bool(); - } + } + if(Value* vomit_post_charset=options->get(HTTP_OMIT_POST_CHARSET_NAME)){ + valid_options++; + omit_post_charset=vomit_post_charset->as_bool(); + } if(Value* vcharset_name=options->get(PA_CHARSET_NAME)) { - asked_remote_charset=&::charsets.get(vcharset_name->as_string(). - change_case(charsets.source(), String::CC_UPPER)); + asked_remote_charset=&charsets.get(vcharset_name->as_string(). + change_case(r.charsets.source(), String::CC_UPPER)); } if(Value* vuser=options->get(HTTP_USER)) { valid_options++; @@ -485,9 +578,22 @@ File_read_http_result pa_internal_file_r "invalid option passed"); } if(!asked_remote_charset) // defaulting to $request:charset - asked_remote_charset=&charsets.source(); + asked_remote_charset=&(r.charsets).source(); + + if(encode){ + if(method_is_get) + throw Exception(PARSER_RUNTIME, + 0, + "you can not use $."HTTP_FORM_ENCTYPE_NAME" option with method GET"); + + multipart=strcasecmp(encode, HTTP_CONTENT_TYPE_MULTIPART_FORMDATA)==0; + + if(!multipart && strcasecmp(encode, HTTP_CONTENT_TYPE_FORM_URLENCODED)!=0) + throw Exception(PARSER_RUNTIME, + 0, + "$."HTTP_FORM_ENCTYPE_NAME" option value can be "HTTP_CONTENT_TYPE_FORM_URLENCODED" or "HTTP_CONTENT_TYPE_MULTIPART_FORMDATA" only"); + } - bool method_is_get=strcmp(method, "GET")==0; if(vbody){ if(method_is_get) throw Exception(PARSER_RUNTIME, @@ -501,106 +607,152 @@ File_read_http_result pa_internal_file_r } //preparing request - String& connect_string=*new String; - // not in ^sql{... L_SQL ...} spirit, but closer to ^file::load one - connect_string.append(file_spec, String::L_URI); // tainted pieces -> URI pieces + String& connect_string=*new String(file_spec); String request_head_and_body; { // influence URLencoding of tainted pieces to String::L_URI lang - Temp_client_charset temp(charsets, *asked_remote_charset); + Temp_client_charset temp(r.charsets, *asked_remote_charset); - const char* connect_string_cstr=connect_string.cstr(String::L_UNSPECIFIED, 0, &charsets); + const char* connect_string_cstr=connect_string.transcode_and_untaint_cstr(String::L_URI, &(r.charsets)); const char* current=connect_string_cstr; if(strncmp(current, "http://", 7)!=0) - throw Exception(0, + throw Exception(PARSER_RUNTIME, &connect_string, "does not start with http://"); //never current+=7; strncpy(host, current, sizeof(host)-1); host[sizeof(host)-1]=0; - char* host_uri=lsplit(host, '/'); - uri=host_uri?current+(host_uri-1-host):"/"; - char* port_cstr=lsplit(host, ':'); + char* host_uri=lsplit(host, '/'); + uri=host_uri?current+(host_uri-1-host):"/"; + char* port_cstr=lsplit(host, ':'); char* error_pos=0; port=port_cstr?(short)strtol(port_cstr, &error_pos, 0):80; - bool uri_has_query_string=strchr(uri, '?')!=0; - // making request head String head; head << method << " " << uri; - if(form && method_is_get) - head << (uri_has_query_string?"&":"?") << pa_form2string(*form, charsets); + if(method_is_get && form) + head << (strchr(uri, '?')!=0?"&":"?") << pa_form2string(*form, r.charsets); head <<" HTTP/1.0" CRLF "host: "<< host << CRLF; - if(form && !method_is_get) { - head << "content-type: application/x-www-form-urlencoded" CRLF; - body_cstr=pa_form2string(*form, charsets); - } else if (vbody) { - body_cstr=vbody->as_string().cstr(String::L_UNSPECIFIED, 0, &charsets); - // needed for transcoded $.body[] first of all - body_cstr=Charset::transcode( - String::C(body_cstr, strlen(body_cstr)), - charsets.source(), - *asked_remote_charset - ); - } + char* boundary=0; - // http://www.ietf.org/rfc/rfc2617.txt - if(const String* authorization_field_value=basic_authorization_field(user_cstr, password_cstr)) - head<<"authorization: "<<*authorization_field_value<> 8, uuid.clock_seq & 0xFF, + uuid.node[0], uuid.node[1], uuid.node[2], + uuid.node[3], uuid.node[4], uuid.node[5]); + } + String user_headers; bool user_agent_specified=false; + bool content_type_specified=false; + bool content_type_url_encoded=false; if(vheaders && !vheaders->is_string()) { // allow empty if(HashStringValue *headers=vheaders->get_hash()) { - Http_pass_header_info info={&charsets, &head, false}; + Http_pass_header_info info={ + &(r.charsets), + &user_headers, + &user_agent_specified, + &content_type_specified, + &content_type_url_encoded}; headers->for_each(http_pass_header, &info); - user_agent_specified=info.user_agent_specified; } else throw Exception(PARSER_RUNTIME, - &connect_string, + 0, "headers param must be hash"); }; + + size_t post_size=0; + if(form && !method_is_get) { + head << HTTP_CONTENT_TYPE ": " << (multipart ? HTTP_CONTENT_TYPE_MULTIPART_FORMDATA : HTTP_CONTENT_TYPE_FORM_URLENCODED); + + if(!omit_post_charset) + head << "; charset=" << asked_remote_charset->NAME_CSTR(); + + if(multipart) { + head << "; boundary=" << boundary; + body_cstr=pa_form2string_multipart(*form, r/*charsets & mime_type needed*/, boundary, post_size/*correct post_size returned here*/); + } else { + body_cstr=pa_form2string(*form, r.charsets); + post_size=strlen(body_cstr); + } + head << CRLF; + } else if(vbody) { + if(content_type_url_encoded){ + // transcode + url-escape + body_cstr=vbody->as_string().transcode_and_untaint_cstr(String::L_URI, &(r.charsets)); + } else { + // content-type != application/x-www-form-urlencoded -> transcode only, don't url-escape! + body_cstr=Charset::transcode( + String::C(vbody->as_string().cstr(), vbody->as_string().length()), + r.charsets.source(), + *asked_remote_charset + ); + } + post_size=strlen(body_cstr); + } + + // http://www.ietf.org/rfc/rfc2617.txt + if(const String* authorization_field_value=basic_authorization_field(user_cstr, password_cstr)) + head<<"authorization: "<<*authorization_field_value<is_string()){ // allow empty if(HashStringValue* cookies=vcookies->get_hash()) { head << "cookie: "; - Http_pass_header_info info={&charsets, &head, false}; + Http_pass_header_info info={&(r.charsets), &head, 0, 0, 0}; cookies->for_each(http_pass_cookie, &info); head << CRLF; } else throw Exception(PARSER_RUNTIME, - &connect_string, + 0, "cookies param must be hash"); } - if(body_cstr) { - head << "content-length: " << format(strlen(body_cstr), "%u") << CRLF; - } - - const char* head_cstr=head.cstr(String::L_UNSPECIFIED, 0, &charsets); + if(body_cstr) + head << "content-length: " << format(post_size, "%u") << CRLF; // head + end of header - request_head_and_body << head_cstr << CRLF; + request_head_and_body << head.untaint_cstr(String::L_AS_IS, 0, &(r.charsets)) << CRLF; // body if(body_cstr) request_head_and_body << body_cstr; } - //sending request + const char* request_cstr=request_head_and_body.cstr(); + size_t request_size=strlen(request_cstr); + + if(multipart) + request_size=file_untaint(request_cstr, request_size); + char* response; size_t response_size; + + // sending request int status_code=http_request(response, response_size, - host, port, request_head_and_body.cstr(), + host, port, request_cstr, request_size, timeout_secs, fail_on_status_ne_200); - //processing results + // processing results char* raw_body; size_t raw_body_size; char* headers_end_at; find_headers_end(response, @@ -615,7 +767,7 @@ File_read_http_result pa_internal_file_r if(headers_end_at) { *headers_end_at=0; - const String header_block(String::C(response, headers_end_at-response), true); + const String header_block(String::C(response, headers_end_at-response), String::L_TAINTED); ArrayString aheaders; HashStringValue& tables=vtables->hash(); @@ -623,7 +775,7 @@ File_read_http_result pa_internal_file_r size_t pos_after=0; header_block.split(aheaders, pos_after, "\n"); - //processing headers + // processing headers size_t aheaders_count=aheaders.count(); for(size_t i=1; iget_table(); } else { // first appearence - Table::columns_type columns =new ArrayString(1); + Table::columns_type columns=new ArrayString(1); *columns+=new String("value"); table=new Table(columns); } // this string becomes next row ArrayString& row=*new ArrayString(1); - row+=&header_value; + row+=&HEADER_VALUE; *table+=&row; // not existed before? add it if(!existed) tables.put(HEADER_NAME, new VTable(table)); } - result.headers->put(HEADER_NAME, new VString(header_value)); + result.headers->put(HEADER_NAME, new VString(HEADER_VALUE)); } } + if(as_text && raw_body_size>=3 && strncmp(raw_body, "\xEF\xBB\xBF", 3)==0){ + // skip UTF-8 signature (BOM code) + raw_body+=3; + raw_body_size-=3; + } + // output response String::C real_body=String::C(raw_body, raw_body_size); - if(as_text && raw_body_size) { // must be checked because transcode returns CONST string in case length==0, which contradicts hacking few lines below + + if(as_text && transcode_text_result && raw_body_size) { // raw_body_size must be checked because transcode returns CONST string in case length==0, which contradicts hacking few lines below // defaulting to used-asked charset [it's never empty!] if(!real_remote_charset) real_remote_charset=asked_remote_charset; - real_body=Charset::transcode(real_body, *real_remote_charset, charsets.source()); + + real_body=Charset::transcode(real_body, *real_remote_charset, r.charsets.source()); + } result.str=const_cast(real_body.str); // hacking a little result.length=real_body.length; + + if(as_text && result.length) + fix_line_breaks(result.str, result.length); + result.headers->put(file_status_name, new VInt(status_code)); + return result; }