Tags: mrSalamanders/swift-nio
Tags
Fix flaky testTaskCancel_whenStreaming_andNotSuspended (apple#2355) # Motivation Currently `testTaskCancel_whenStreaming_andNotSuspended` is flaky since `didTerminate` can be called after the iterator is dropped. Fixes apple#2354 # Modification Let's modify that slightly so we hight the condition we want to hit. # Result No more flaky tests.
Avoid integer literals that won't fit. (apple#2348) Motivation: While the "giant buffer" test doesn't run on 32-bit systems, it does need to compile. That means we can't set a pointer to a value that won't fit into an Int. Modifications: Smaller pointers! Result: The compile should work again.
Make `NIOHTTP1TestServer` Sendable (apple#2318) `NIOHTTP1TestServer` is actually `Sendable` through an `EventLoop` which is also used as an `EventLoopGroup`.
Add utilties for reading and writing UUIDs (apple#2045) Motivation: UUIDs are often sent over the wire but writing and reading their bytes to/from a buffer is a bit of a pain. Modifications: - Add utilties to 'NIOFoundationCompat' for reading/writing and getting/setting a UUID on a `ByteBuffer`. Result: Easier to write/read UUIDs to/from a buffer. Co-authored-by: Cory Benfield <[email protected]>
Correctly manage Content-Length on HEAD responses (apple#2277) (apple… …#2289) Motivation When we receive a HEAD response, it's possible that the response contains a content-length. llhttp has a bug (nodejs/llhttp#202) that prevents it from properly managing that issue, which causes us to incorrectly parse responses. Modifications Forcibly set llhttp's content-length value to 0. Result Correctly handle HTTP framing around llhttp's issues. (cherry picked from commit 5aa4498)
Get NIO compiling with GM Xcode (apple#2284) Motivation It's good if we compile with the GM Xcode. Modifications Guard Duration usability to at least Swift 5.7.1. Result NIO compiles on GM Xcode again. Note that this is technically an API break for those using Xcode 14 Betas. As those users can (and should) update to 14.1 Beta, and we don't define API stability for Beta xcodes, this is acceptable.
Merge pull request from GHSA-7fj7-39wj-c64f Motivation HTTP headers are prevented from containing certain characters that can potentially affect parsing or interpretation. Inadequately policing this can lead to vulnerabilities in web applications, most notably HTTP Response Splitting. NIO was insufficiently policing the correctness of the header fields we emit in HTTP/1.1. We've therefore added a new handler that is automatically added to channel pipelines that will police the validity of header fields. For projects that are already running the validation themselves, this can be easily disabled. Note that by default NIO does not validate content length is correctly calculated, so applications can have their framing fall out of sync unless they appropriately calculate this themselves or use chunked transfer encoding. Modifications - Add thorough unit testing to confirm we will not emit invalid header fields. - Error if a user attempts to send an invalid header field. Result NIO applications are no longer vulnerable to response splitting by CRLF injection by default.
Merge pull request from GHSA-7fj7-39wj-c64f * Prevent sending headers containing invalid characters Motivation HTTP headers are prevented from containing certain characters that can potentially affect parsing or interpretation. Inadequately policing this can lead to vulnerabilities in web applications, most notably HTTP Response Splitting. NIO was insufficiently policing the correctness of the header fields we emit in HTTP/1.1. We've therefore added a new handler that is automatically added to channel pipelines that will police the validity of header fields. For projects that are already running the validation themselves, this can be easily disabled. Note that by default NIO does not validate content length is correctly calculated, so applications can have their framing fall out of sync unless they appropriately calculate this themselves or use chunked transfer encoding. Modifications - Add thorough unit testing to confirm we will not emit invalid header fields. - Error if a user attempts to send an invalid header field. Result NIO applications are no longer vulnerable to response splitting by CRLF injection by default. (cherry picked from commit 9cdd4e1faf51de3761c90f73e9a736e430ff2c1a) * Remove backported non-Sendable annotation
PreviousNext