--- parser3/src/main/pa_http.C 2005/11/28 11:32:47 1.2 +++ parser3/src/main/pa_http.C 2009/08/22 14:22:33 1.35 @@ -1,27 +1,35 @@ /** @file Parser: http support functions. - Copyright(c) 2001-2005 ArtLebedev Group (http://www.artlebedev.com) + Copyright(c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_HTTP_C="$Date: 2005/11/28 11:32:47 $"; +static const char * const IDENT_HTTP_C="$Date: 2009/08/22 14:22:33 $"; #include "pa_http.h" #include "pa_common.h" #include "pa_charsets.h" #include "pa_request_charsets.h" +#include "pa_request.h" +#include "pa_vfile.h" +#include "pa_random.h" // defines -#define HTTP_METHOD_NAME "method" -#define HTTP_FORM_NAME "form" -#define HTTP_BODY_NAME "body" -#define HTTP_TIMEOUT_NAME "timeout" -#define HTTP_HEADERS_NAME "headers" -#define HTTP_ANY_STATUS_NAME "any-status" -#define HTTP_CHARSET_NAME "charset" +#define HTTP_METHOD_NAME "method" +#define HTTP_FORM_NAME "form" +#define HTTP_BODY_NAME "body" +#define HTTP_TIMEOUT_NAME "timeout" +#define HTTP_HEADERS_NAME "headers" +#define HTTP_COOKIES_NAME "cookies" +#define HTTP_FORM_ENCTYPE_NAME "enctype" +#define HTTP_ANY_STATUS_NAME "any-status" +#define HTTP_OMIT_POST_CHARSET_NAME "omit-post-charset" // ^file::load[...;http://...;$.form[...]$.method[post]] + // by default add charset to content-type + #define HTTP_TABLES_NAME "tables" + #define HTTP_USER "user" #define HTTP_PASSWORD "password" @@ -35,10 +43,10 @@ static const char * const IDENT_HTTP_C=" #define CRLF "\r\n" static bool set_addr(struct sockaddr_in *addr, const char* host, const short port){ - memset(addr, 0, sizeof(*addr)); - addr->sin_family=AF_INET; - addr->sin_port=htons(port); - if(host) { + memset(addr, 0, sizeof(*addr)); + addr->sin_family=AF_INET; + addr->sin_port=htons(port); + if(host) { ulong packed_ip=inet_addr(host); if(packed_ip!=INADDR_NONE) memcpy(&addr->sin_addr, &packed_ip, sizeof(packed_ip)); @@ -49,9 +57,9 @@ static bool set_addr(struct sockaddr_in else return false; } - } else + } else addr->sin_addr.s_addr=INADDR_ANY; - return true; + return true; } size_t guess_content_length(char* buf) { @@ -182,13 +190,36 @@ done: #ifdef PA_USE_ALARM static sigjmp_buf timeout_env; static void timeout_handler(int /*sig*/){ - siglongjmp(timeout_env, 1); + siglongjmp(timeout_env, 1); } #endif +static size_t file_untaint(const char* str, size_t len) { + // untaint file from L_FILE_POST encoding + char* j=(char *)str; + const char* end=str+len-1; + for(const char* i=str; i<=end; i++, j++){ + if(*i=='\\' && i!=end){ + switch(*(i+1)){ + case '0': + *j='\0'; + i++; + continue; + case '\\': + *j='\\'; + i++; + continue; + } + } + if(i!=j) + *j=*i; + } + return j-str; // new length +} + static int http_request(char*& response, size_t& response_size, const char* host, short port, - const char* request, + const char* request, size_t request_size, int timeout_secs, bool fail_on_status_ne_200) { if(!host) @@ -251,7 +282,7 @@ static int http_request(char*& response, 0, "can not connect to host \"%s\": %s (%d)", host, pa_socks_strerr(no), no); } - size_t request_size=strlen(request); + if(send(sock, request, request_size, 0)!=(ssize_t)request_size) { int no=pa_socks_errno(); throw Exception("http.timeout", @@ -282,51 +313,37 @@ static int http_request(char*& response, struct Http_pass_header_info { Request_charsets* charsets; String* request; - bool user_agent_specified; + bool* user_agent_specified; + bool* content_type_specified; + bool* content_type_url_encoded; }; #endif -static void http_pass_header(HashStringValue::key_type key, - HashStringValue::value_type value, - Http_pass_header_info *info) { - *info->request <charsets->source(), String::CC_UPPER)=="USER-AGENT") - info->user_agent_specified=true; -} - +static void http_pass_header(HashStringValue::key_type aname, + HashStringValue::value_type avalue, + Http_pass_header_info *info) { -static Charset* detect_charset(Charset& source_charset, const String& content_type_value) { - const String::Body CONTENT_TYPE_VALUE= - content_type_value.change_case(source_charset, String::CC_UPPER); - // content-type: xxx/xxx; source_charset=WE-NEED-THIS - // content-type: xxx/xxx; source_charset="WE-NEED-THIS" - // content-type: xxx/xxx; source_charset="WE-NEED-THIS"; - size_t before_charseteq_pos=CONTENT_TYPE_VALUE.pos("CHARSET="); - if(before_charseteq_pos!=STRING_NOT_FOUND) { - size_t charset_begin=before_charseteq_pos+8/*CHARSET="*/; - size_t open_quote_pos=CONTENT_TYPE_VALUE.pos('"', charset_begin); - bool quoted=open_quote_pos==charset_begin; - if(quoted) - charset_begin++; // skip opening '"' - size_t charset_end=CONTENT_TYPE_VALUE.length(); - if(quoted) { - size_t close_quote_pos=CONTENT_TYPE_VALUE.pos('"', charset_begin); - if(close_quote_pos!=STRING_NOT_FOUND) - charset_end=close_quote_pos; - } else { - size_t delim_pos=CONTENT_TYPE_VALUE.pos(';', charset_begin); - if(delim_pos!=STRING_NOT_FOUND) - charset_end=delim_pos; - } - const String::Body CHARSET_NAME_BODY= - CONTENT_TYPE_VALUE.mid(charset_begin, charset_end); + String name=String(aname, String::L_URI); + String value=attributed_meaning_to_string(*avalue, String::L_URI, false); - return &charsets.get(CHARSET_NAME_BODY); + *info->request << name << ": " << value << CRLF; + + const String::Body name_upper=name.change_case(info->charsets->source(), String::CC_UPPER); + if(name_upper==HTTP_USER_AGENT_UPPER) + *info->user_agent_specified=true; + if(name_upper==HTTP_CONTENT_TYPE_UPPER){ + *info->content_type_specified=true; + *info->content_type_url_encoded=StrStartFromNC(value.cstr(), HTTP_CONTENT_TYPE_FORM_URLENCODED); } +} + +static void http_pass_cookie(HashStringValue::key_type name, + HashStringValue::value_type value, + Http_pass_header_info *info) { + + *info->request << String(name, String::L_HTTP_COOKIE) << "=" + << attributed_meaning_to_string(*value, String::L_HTTP_COOKIE, true) + << "; "; - return 0; } static const String* basic_authorization_field(const char* user, const char* pass) { @@ -340,19 +357,19 @@ static const String* basic_authorization if(pass) combined<key, *row->get(0), info->result); } static void form_value2string( - HashStringValue::key_type key, - HashStringValue::value_type value, - String* result) + HashStringValue::key_type key, + HashStringValue::value_type value, + String* result) { if(const String* svalue=value->get_string()) form_string_value2string(key, *svalue, *result); @@ -376,15 +393,90 @@ static void form_value2string( Form_table_value2string_info info(key, *result); tvalue->for_each(form_table_value2string, &info); } else - throw Exception(0, + throw Exception(PARSER_RUNTIME, new String(key, String::L_TAINTED), - "is %s, "HTTP_FORM_NAME" option value must either string or table", value->type()); + "is %s, "HTTP_FORM_NAME" option value can be string or table only (file is allowed for $."HTTP_METHOD_NAME"[POST] + $."HTTP_FORM_ENCTYPE_NAME"["HTTP_CONTENT_TYPE_MULTIPART_FORMDATA"])", value->type()); +} + +const char* pa_form2string(HashStringValue& form, Request_charsets& charsets) { + String string; + form.for_each(form_value2string, &string); + return string.transcode_and_untaint_cstr(String::L_URI, &charsets); } -const char* pa_form2string(HashStringValue& form) { + +struct FormPart { + Request* r; + const char* boundary; String string; - form.for_each(form_value2string, &string); - return string.cstr(String::L_UNSPECIFIED); + Form_table_value2string_info* info; +}; + +static void form_part_boundary_header(FormPart& part, String::Body name, const char* file_name=0){ + part.string << "--" << part.boundary + << CRLF HTTP_CONTENT_DISPOSITION ": form-data; name=\"" + << Charset::transcode(name, part.r->charsets.source(), part.r->charsets.client()) + << "\""; + if(file_name){ + if(strcmp(file_name, NONAME_DAT)!=0) + part.string << "; filename=\"" << file_name << "\""; + part.string << CRLF HTTP_CONTENT_TYPE ": " << part.r->mime_type_of(file_name); + } + part.string << CRLF CRLF; +} + +static void form_string_value2part( + HashStringValue::key_type key, + const String& value, + FormPart& part) +{ + form_part_boundary_header(part, key); + part.string << Charset::transcode(value, part.r->charsets.source(), part.r->charsets.client()) << CRLF; } + +static void form_file_value2part( + HashStringValue::key_type key, + VFile& vfile, + FormPart& part) +{ + form_part_boundary_header(part, key, vfile.fields().get(name_name)->as_string().cstr()); + part.string.append_know_length(vfile.value_ptr(), vfile.value_size(), String::L_FILE_POST); + part.string << CRLF; +} + +static void form_table_value2part(Table::element_type row, FormPart* part) { + form_string_value2part(part->info->key, *row->get(0), *part); +} + +static void form_value2part( + HashStringValue::key_type key, + HashStringValue::value_type value, + FormPart& part) +{ + if(const String* svalue=value->get_string()) + form_string_value2part(key, *svalue, part); + else if(Table* tvalue=value->get_table()) { + Form_table_value2string_info info(key, part.string); + part.info = &info; + tvalue->for_each(form_table_value2part, &part); + } else if(VFile* vfile=static_cast(value->as("file"))){ + form_file_value2part(key, *vfile, part); + } else + throw Exception(PARSER_RUNTIME, + new String(key, String::L_TAINTED), + "is %s, "HTTP_FORM_NAME" option value can be string, table or file only", value->type()); +} + +const char* pa_form2string_multipart(HashStringValue& form, Request& r, const char* boundary, size_t& post_size){ + FormPart formpart; + formpart.r=&r; + formpart.boundary=boundary; + formpart.info=NULL; + form.for_each(form_value2part, formpart); + formpart.string << "--" << boundary << "--"; + post_size=formpart.string.length(); // very surprizing, but it calculates correct post_size even with binary files! + return formpart.string.untaint_cstr(String::L_AS_IS); // without transcoding +} + static void find_headers_end(char* p, char*& headers_end_at, char*& raw_body) @@ -405,54 +497,71 @@ static void find_headers_end(char* p, } /// @todo build .cookies field. use ^file.tables.SET-COOKIES.menu{ for now -File_read_http_result pa_internal_file_read_http(Request_charsets& charsets, - const String& file_spec, - bool as_text, - HashStringValue *options) { +File_read_http_result pa_internal_file_read_http(Request& r, + const String& file_spec, + bool as_text, + HashStringValue *options, + bool transcode_text_result) { File_read_http_result result; - char host[MAX_STRING]; + char host[MAX_STRING]; const char* uri; short port; - const char* method="GET"; bool method_is_get; + const char* method="GET"; + bool method_is_get=true; HashStringValue* form=0; const char* body_cstr=0; int timeout_secs=2; bool fail_on_status_ne_200=true; + bool omit_post_charset=false; Value* vheaders=0; + Value* vcookies=0; + Value* vbody=0; Charset *asked_remote_charset=0; const char* user_cstr=0; const char* password_cstr=0; + const char* encode=0; + bool multipart=false; if(options) { int valid_options=pa_get_valid_file_options_count(*options); if(Value* vmethod=options->get(HTTP_METHOD_NAME)) { valid_options++; - method=vmethod->as_string().cstr(); + method=vmethod->as_string().change_case(r.charsets.source(), String::CC_UPPER).cstr(); + method_is_get=strcmp(method, "GET")==0; + } + if(Value* vencode=options->get(HTTP_FORM_ENCTYPE_NAME)) { + valid_options++; + encode=vencode->as_string().cstr(); } if(Value* vform=options->get(HTTP_FORM_NAME)) { valid_options++; form=vform->get_hash(); } - if(Value* vbody=options->get(HTTP_BODY_NAME)) { + if(vbody=options->get(HTTP_BODY_NAME)) { valid_options++; - body_cstr=vbody->as_string().cstr(String::L_UNSPECIFIED); } if(Value* vtimeout=options->get(HTTP_TIMEOUT_NAME)) { valid_options++; timeout_secs=vtimeout->as_int(); } - if((vheaders=options->get(HTTP_HEADERS_NAME))) { + if(vheaders=options->get(HTTP_HEADERS_NAME)) { + valid_options++; + } + if(vcookies=options->get(HTTP_COOKIES_NAME)) { valid_options++; } if(Value* vany_status=options->get(HTTP_ANY_STATUS_NAME)) { valid_options++; fail_on_status_ne_200=!vany_status->as_bool(); - } - if(Value* vcharset_name=options->get(HTTP_CHARSET_NAME)) { + } + if(Value* vomit_post_charset=options->get(HTTP_OMIT_POST_CHARSET_NAME)){ valid_options++; - asked_remote_charset=&::charsets.get(vcharset_name->as_string(). - change_case(charsets.source(), String::CC_UPPER)); + omit_post_charset=vomit_post_charset->as_bool(); + } + if(Value* vcharset_name=options->get(PA_CHARSET_NAME)) { + asked_remote_charset=&charsets.get(vcharset_name->as_string(). + change_case(r.charsets.source(), String::CC_UPPER)); } if(Value* vuser=options->get(HTTP_USER)) { valid_options++; @@ -464,114 +573,186 @@ File_read_http_result pa_internal_file_r } if(valid_options!=options->count()) - throw Exception("parser.runtime", + throw Exception(PARSER_RUNTIME, 0, "invalid option passed"); } if(!asked_remote_charset) // defaulting to $request:charset - asked_remote_charset=&charsets.source(); + asked_remote_charset=&(r.charsets).source(); - method_is_get=strcmp(method, "GET")==0; - if(method_is_get && body_cstr) - throw Exception("parser.runtime", - 0, - "you can not use $."HTTP_BODY_NAME" option with method GET"); + if(encode){ + if(method_is_get) + throw Exception(PARSER_RUNTIME, + 0, + "you can not use $."HTTP_FORM_ENCTYPE_NAME" option with method GET"); + + multipart=strcasecmp(encode, HTTP_CONTENT_TYPE_MULTIPART_FORMDATA)==0; + + if(!multipart && strcasecmp(encode, HTTP_CONTENT_TYPE_FORM_URLENCODED)!=0) + throw Exception(PARSER_RUNTIME, + 0, + "$."HTTP_FORM_ENCTYPE_NAME" option value can be "HTTP_CONTENT_TYPE_FORM_URLENCODED" or "HTTP_CONTENT_TYPE_MULTIPART_FORMDATA" only"); + } + + if(vbody){ + if(method_is_get) + throw Exception(PARSER_RUNTIME, + 0, + "you can not use $."HTTP_BODY_NAME" option with method GET"); + + if(form) + throw Exception(PARSER_RUNTIME, + 0, + "you can not use options $."HTTP_BODY_NAME" and $."HTTP_FORM_NAME" together"); + } //preparing request - String& connect_string=*new String; - // not in ^sql{... L_SQL ...} spirit, but closer to ^file::load one - connect_string.append(file_spec, String::L_URI); // tainted pieces -> URI pieces + String& connect_string=*new String(file_spec); String request_head_and_body; { // influence URLencoding of tainted pieces to String::L_URI lang - Temp_client_charset temp(charsets, *asked_remote_charset); + Temp_client_charset temp(r.charsets, *asked_remote_charset); - const char* connect_string_cstr=connect_string.cstr(String::L_UNSPECIFIED); + const char* connect_string_cstr=connect_string.transcode_and_untaint_cstr(String::L_URI, &(r.charsets)); const char* current=connect_string_cstr; if(strncmp(current, "http://", 7)!=0) - throw Exception(0, + throw Exception(PARSER_RUNTIME, &connect_string, "does not start with http://"); //never current+=7; strncpy(host, current, sizeof(host)-1); host[sizeof(host)-1]=0; - char* host_uri=lsplit(host, '/'); - uri=host_uri?current+(host_uri-1-host):"/"; - char* port_cstr=lsplit(host, ':'); + char* host_uri=lsplit(host, '/'); + uri=host_uri?current+(host_uri-1-host):"/"; + char* port_cstr=lsplit(host, ':'); char* error_pos=0; port=port_cstr?(short)strtol(port_cstr, &error_pos, 0):80; - bool uri_has_query_string=strchr(uri, '?')!=0; - - //making request head + // making request head String head; - head << method; - head << " " << uri; - if(form) - if(method_is_get) - head << (uri_has_query_string?"&":"?") << pa_form2string(*form); - head <<" HTTP/1.0" CRLF - "host: "<< host << CRLF; - if(form && !method_is_get) { - head << "content-type: application/x-www-form-urlencoded" CRLF; - body_cstr = pa_form2string(*form); + head << method << " " << uri; + if(method_is_get && form) + head << (strchr(uri, '?')!=0?"&":"?") << pa_form2string(*form, r.charsets); + + head <<" HTTP/1.0" CRLF "host: "<< host << CRLF; + + char* boundary=0; + + if(multipart){ + uuid uuid=get_uuid(); + const int boundary_bufsize=10+32+1/*for zero-teminator*/+1/*for faulty snprintfs*/; + boundary=new(PointerFreeGC) char[boundary_bufsize]; + snprintf(boundary, boundary_bufsize, + "----------%08X%04X%04X%02X%02X%02X%02X%02X%02X%02X%02X", + uuid.time_low, uuid.time_mid, uuid.time_hi_and_version, + uuid.clock_seq >> 8, uuid.clock_seq & 0xFF, + uuid.node[0], uuid.node[1], uuid.node[2], + uuid.node[3], uuid.node[4], uuid.node[5]); } - // http://www.ietf.org/rfc/rfc2617.txt - if(const String* authorization_field_value=basic_authorization_field(user_cstr, password_cstr)) - head<<"authorization: "<<*authorization_field_value<is_string()) { // allow empty if(HashStringValue *headers=vheaders->get_hash()) { - Http_pass_header_info info={&charsets, &head, false}; - headers->for_each(http_pass_header, &info); - user_agent_specified=info.user_agent_specified; + Http_pass_header_info info={ + &(r.charsets), + &user_headers, + &user_agent_specified, + &content_type_specified, + &content_type_url_encoded}; + headers->for_each(http_pass_header, &info); } else - throw Exception("parser.runtime", - &connect_string, + throw Exception(PARSER_RUNTIME, + 0, "headers param must be hash"); }; + + size_t post_size=0; + if(form && !method_is_get) { + head << HTTP_CONTENT_TYPE ": " << (multipart ? HTTP_CONTENT_TYPE_MULTIPART_FORMDATA : HTTP_CONTENT_TYPE_FORM_URLENCODED); + + if(!omit_post_charset) + head << "; charset=" << asked_remote_charset->NAME_CSTR(); + + if(multipart) { + head << "; boundary=" << boundary; + body_cstr=pa_form2string_multipart(*form, r/*charsets & mime_type needed*/, boundary, post_size/*correct post_size returned here*/); + } else { + body_cstr=pa_form2string(*form, r.charsets); + post_size=strlen(body_cstr); + } + head << CRLF; + } else if(vbody) { + if(content_type_url_encoded){ + // transcode + url-escape + body_cstr=vbody->as_string().transcode_and_untaint_cstr(String::L_URI, &(r.charsets)); + } else { + // content-type != application/x-www-form-urlencoded -> transcode only, don't url-escape! + body_cstr=Charset::transcode( + String::C(vbody->as_string().cstr(), vbody->as_string().length()), + r.charsets.source(), + *asked_remote_charset + ); + } + post_size=strlen(body_cstr); + } + + // http://www.ietf.org/rfc/rfc2617.txt + if(const String* authorization_field_value=basic_authorization_field(user_cstr, password_cstr)) + head<<"authorization: "<<*authorization_field_value<is_string()){ // allow empty + if(HashStringValue* cookies=vcookies->get_hash()) { + head << "cookie: "; + Http_pass_header_info info={&(r.charsets), &head, 0, 0, 0}; + cookies->for_each(http_pass_cookie, &info); + head << CRLF; + } else + throw Exception(PARSER_RUNTIME, + 0, + "cookies param must be hash"); + } + + if(body_cstr) + head << "content-length: " << format(post_size, "%u") << CRLF; // head + end of header - request_head_and_body << head_cstr << CRLF; + request_head_and_body << head.untaint_cstr(String::L_AS_IS, 0, &(r.charsets)) << CRLF; + // body if(body_cstr) request_head_and_body << body_cstr; } - //sending request + const char* request_cstr=request_head_and_body.cstr(); + size_t request_size=strlen(request_cstr); + + if(multipart) + request_size=file_untaint(request_cstr, request_size); + char* response; size_t response_size; + + // sending request int status_code=http_request(response, response_size, - host, port, request_head_and_body.cstr(), + host, port, request_cstr, request_size, timeout_secs, fail_on_status_ne_200); - //processing results + // processing results char* raw_body; size_t raw_body_size; char* headers_end_at; find_headers_end(response, @@ -586,7 +767,7 @@ File_read_http_result pa_internal_file_r if(headers_end_at) { *headers_end_at=0; - const String header_block(String::C(response, headers_end_at-response), true); + const String header_block(String::C(response, headers_end_at-response), String::L_TAINTED); ArrayString aheaders; HashStringValue& tables=vtables->hash(); @@ -594,7 +775,7 @@ File_read_http_result pa_internal_file_r size_t pos_after=0; header_block.split(aheaders, pos_after, "\n"); - //processing headers + // processing headers size_t aheaders_count=aheaders.count(); for(size_t i=1; iget_table(); } else { // first appearence - Table::columns_type columns =new ArrayString(1); + Table::columns_type columns=new ArrayString(1); *columns+=new String("value"); table=new Table(columns); } // this string becomes next row ArrayString& row=*new ArrayString(1); - row+=&header_value; + row+=&HEADER_VALUE; *table+=&row; // not existed before? add it if(!existed) tables.put(HEADER_NAME, new VTable(table)); } - result.headers->put(HEADER_NAME, new VString(header_value)); + result.headers->put(HEADER_NAME, new VString(HEADER_VALUE)); } } + if(as_text && raw_body_size>=3 && strncmp(raw_body, "\xEF\xBB\xBF", 3)==0){ + // skip UTF-8 signature (BOM code) + raw_body+=3; + raw_body_size-=3; + } + // output response String::C real_body=String::C(raw_body, raw_body_size); - if(as_text && raw_body_size) { // must be checked because transcode returns CONST string in case length==0, which contradicts hacking few lines below + + if(as_text && transcode_text_result && raw_body_size) { // raw_body_size must be checked because transcode returns CONST string in case length==0, which contradicts hacking few lines below // defaulting to used-asked charset [it's never empty!] if(!real_remote_charset) real_remote_charset=asked_remote_charset; - real_body=Charset::transcode(real_body, *real_remote_charset, charsets.source()); + + real_body=Charset::transcode(real_body, *real_remote_charset, r.charsets.source()); + } result.str=const_cast(real_body.str); // hacking a little result.length=real_body.length; + + if(as_text && result.length) + fix_line_breaks(result.str, result.length); + result.headers->put(file_status_name, new VInt(status_code)); + return result; }