mirrors/EWF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,488 Commits 18 Branches 60 Tags
7f36e539f12cceb99de73036c5cccd7ed4dfa5c6
Commit Graph

2488 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jocelyn Fiat
7d738a164d Added missing comments. 2017-11-30 14:54:46 +01:00
Jocelyn Fiat
1037256ea6 Refactored using an abstraction WSF_PROTECTION. 
This protection could be implemented with a regular expression,
    or using another solution (as manual parsing).
  Also, when a protection detects an issue, instead of returning empty string,
    it returns Void. If the value is a multiple string value, if an item is detected for an issue,
    the returned multiple string value is now Void.
  This abstraction will allow to return either Void, or a "corrected" value,
    for instance the string value, without the detected "<script..>..</script>" text.
  TODO: improve the WSF_PROTECTION_REGEXP to allow replacement strategy.
 2017-11-27 15:44:19 +01:00
Jocelyn Fiat
4d79bba04b Merge branch 'ewf_xss' 2017-11-23 11:50:47 +01:00
jvelilla
5de024923e Updated xss support. 
Added a new library wsf_security.
Updated test cases to cover protections policy.
Added a simple filter using an XSS implementation with WSF_XSS_REQUEST, but
it's possible to build custom filters and request using different protection patterns.
 2017-11-22 17:22:02 -03:00
jvelilla
8b90241986 Moved XSS protection to WSF_EXTENSION. 
Updated code to protect meta_variables.
Fixed typos.
Updated ecf's to use 1-16-0.
 2017-11-13 15:06:02 -03:00
Jocelyn Fiat
da1c0b8545 Fixed typo in script. 2017-11-13 19:01:16 +01:00
Jocelyn Fiat
603bedf71d Reverted change that made WSF_URI_FILTER_HANDLER and WSF_URI_TEMPLATE_FILTER_HANDLER inheriting from WSF_EXECUTE_FILTER_HANDLER as it breaks existing projects using EiffelWeb. es_rev101041 2017-11-13 18:58:29 +01:00
Jocelyn Fiat
5fedad7f2e Updated Changelog. 2017-11-13 12:31:19 +01:00
Jocelyn Fiat
e83f5654d8 Updated NOTIFICATION_SMTP_MAILER to follow the EiffelNet EMAIL design. 2017-11-13 12:29:16 +01:00
jvelilla
25446cac12 Initial import WSF XSS protection. 
Added an utility class to get safe query and form parameters.
Added a new WSF_XSS_REQUEST to use safe parameters.
Added a filter WSF_XSS_FILTER using WSF_XSS_REQUEST.
Added test cases

Signed-off-by: jvelilla <javier.hector@gmail.com>
 2017-11-10 10:37:32 -03:00
Jocelyn Fiat
ccff084642 Updated travis CI config to use install script. 2017-11-08 10:20:50 +01:00
Jocelyn Fiat
830adbe10c Fixed response handlers compilation. 2017-11-07 23:52:42 +01:00
Jocelyn Fiat
e6d998953e Updated changelog. 2017-11-07 23:17:39 +01:00
Jocelyn Fiat
6ca3cca88b Reverted change that made WSF_URI_HANDLER and WSF_URI_TEMPLATE_HANDLER inheriting from WSF_EXECUTE_HANDLER, as it breaks existing project using EiffelWeb. es_rev101020 2017-11-07 23:05:22 +01:00
Jocelyn Fiat
f91a676f41 fixed obsolete v0 wsf_extension ecf file. es_rev101018 2017-11-04 22:44:27 +01:00
Jocelyn Fiat
1c75e11e34 removed unused local variable. 2017-11-03 18:54:46 +01:00
Jocelyn Fiat
b5b4fa6b2f added develop branch for CI 2017-11-03 18:06:47 +01:00
Jocelyn Fiat
211fc425a3 Added handler to add support for CGI scripts. 
Added a new tool `httpd` which is a basic httpd server product (with file server and CGI handler).
 2017-11-03 18:00:39 +01:00
Jocelyn Fiat
95cebe26bb Added routing condition mapping. 
Added WSF_EXECUTE_HANDLER as common ancestor for handler with `execute (WSF_REQUEST, WSF_RESPONSE) ..` routine.
Made more flexible a few routine by accepting ITERABLE instead of ARRAY, and READABLE_STRING_GENERAL when possible.
 2017-11-03 17:59:10 +01:00
Jocelyn Fiat
f770c236d5 Improved support for absolute url passed tp HTTP_REQUEST_SESSION . 2017-10-27 19:24:52 +02:00
Jocelyn Fiat
503e5f7915 Merge branch 'master' into v1 2017-10-26 10:23:33 +02:00
Jocelyn Fiat
39f01e95fd Use single ecf file. 2017-10-26 10:19:56 +02:00
Jocelyn Fiat
c725159d7e Merge branch 'master' into with_compression 2017-10-26 10:13:27 +02:00
Jocelyn Fiat
e66f1cf7be updated changelog 2017-10-24 17:51:55 +02:00
Jocelyn Fiat
c03d28cabc Use new on_timer solution, to check every 1 second, the presence of ".stop" file. 
If this file exists, close all active websockets.

Redesigned the commands implementation for this example.
 2017-10-24 17:45:08 +02:00
Jocelyn Fiat
e834b2b360 Added on_timer callback event so that server can check regularly external state. 
This is a basic solution to implement a way to check for time to time for events to notify websocket clients.
 2017-10-24 17:43:06 +02:00
Jocelyn Fiat
d089fd3a03 Merge branch 'master' into v1 2017-10-19 11:20:55 +02:00
Jocelyn Fiat
a0c1ab5232 updated simple.ini settings. es_rev100938 2017-10-19 11:20:14 +02:00
Jocelyn Fiat
a8ddd10b46 Merge branch 'master' into v1 2017-10-19 10:57:45 +02:00
Jocelyn Fiat
db39068ceb Updated documentation for standalone connector. 
Changed `default_max_keep_alive_requests` from 100 to 300.
 2017-10-19 00:14:23 +02:00
Jocelyn Fiat
a1b4337438 Set keep_alive_timeout to 2, this way for single threaded case, browser does not wait too much to start the websocket connection. 
Set max_keep_alive_requests to -1, to allow unlimited number of requests within a same websocket connection.
 2017-10-18 23:41:03 +02:00
Jocelyn Fiat
74121be470 Support persistent connection, even in single thread mode (i.e concurrency=none). 
Warning: as there is no concurrent request handling in single threaded mode,
            it is recommended to either set the keep_alive_timeout to a small value,
            or disable persistent connection by setting max_keep_alive_requests to 0.
Change the default keep_alive_timeout from 15 to 5 seconds.
Accept -1 as value of max_keep_alive_requests to have unlimited number of request in the same persistent connection.
 2017-10-18 23:29:16 +02:00
Jocelyn Fiat
1c9f5ac0e7 Merge branch 'master' into v1 2017-10-17 14:52:17 +02:00
Jocelyn Fiat
edec837c4e Made interface of wsf forms and widgets a bit more flexible by accepting READABLE_STRING_GENERAL. es_rev100926 2017-10-17 14:34:50 +02:00
Jocelyn Fiat
f1642a444a Improved support of absolute/relative https:// and http:// in http_client. 2017-10-17 14:30:44 +02:00
Jocelyn Fiat
48af63af83 Fixed typo to process relative or absolute url. 2017-10-09 14:23:45 +02:00
Jocelyn Fiat
2f98d7031f Updated a few package.iron files. 2017-10-06 14:06:46 +02:00
Jocelyn Fiat
70f00651c7 update test case. 2017-10-06 13:58:54 +02:00
Jocelyn Fiat
199f84c7ef Updated Readme file with Build Status on Master Branch. 2017-10-06 10:37:11 +02:00
Jocelyn Fiat
9b97627c76 Update package.iron files. 2017-10-06 10:27:32 +02:00
Jocelyn Fiat
72c87cd74d Fixed curl implementation by setting Content-Type to x-www-form-urlencoded (if not set) when POST send data as x-www-form-urlencoded. 2017-10-06 10:24:48 +02:00
Jocelyn Fiat
2ed4d03168 Renamed ciphers_settings as ciphers_setting . 2017-10-06 09:34:08 +02:00
Jocelyn Fiat
18ed92a61d Moved to unique .ecf from ecf version 1-16-0 . 
Requires 17.05 or newer.
 2017-10-06 09:02:10 +02:00
Jocelyn Fiat
0a6a4281e7 Merge branch 'master' into es17.05 2017-10-06 08:18:50 +02:00
Jocelyn Fiat
38cf5d7a6f Updated requirements, now EiffelWeb requires 17.05 or newer. 
Improved support for future 17.11 version with new openssl library.
 2017-10-05 22:07:05 +02:00
jvelilla
96648a16dc Updated Readme file with Build Status on Master Branch. 
Update code style: refactor rename ciphers_settings to ciphers_setting.
 2017-09-25 14:21:35 -03:00
Javier Velilla
6f35ad7b16 Merge pull request #181 from jvelilla/ewf_http_client 
Update HTTP Client cURL implementation:
 2017-09-25 11:05:45 -03:00
Jocelyn Fiat
8ff20d34a7 Merge branch 'master' into v1 2017-09-21 21:22:38 +02:00
jvelilla
85c8a46c89 Update Readme.md with a note about ciphers implementation. 2017-09-21 08:07:11 -03:00
Jocelyn Fiat
498e4a6ec2 Fixed validation of iss and aud when issuer and audience are not set. 2017-09-21 10:46:08 +02:00