andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
d08e546c0f
netty5/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketDecoderConfig.java
ursa 7fc718db3c WebSocket is closed without an error on protocol violations (#9116) 
Motivation:

Incorrect WebSockets closure affects our production system.
Enforced 'close socket on any protocol violation' prevents our custom termination sequence from execution.
Huge number of parameters is a nightmare both in usage and in support (decoders configuration).
Modification:

Fix violations handling - send proper response codes.
Fix for messages leak.
Introduce decoder's option to disable default behavior (send close frame) on protocol violations.
Encapsulate WebSocket response codes - WebSocketCloseStatus.
Encapsulate decoder's configuration into a separate class - WebSocketDecoderConfig.
Result:

Fixes #8295.
2019-06-18 10:05:58 +02:00

148 lines
5.3 KiB
Java
Raw Blame History

/*
* Copyright 2019 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.codec.http.websocketx;
import io.netty.util.internal.ObjectUtil;
/**
* Frames decoder configuration.
*/
public final class WebSocketDecoderConfig {
private final int maxFramePayloadLength;
private final boolean expectMaskedFrames;
private final boolean allowMaskMismatch;
private final boolean allowExtensions;
private final boolean closeOnProtocolViolation;
/**
* Constructor
*
* @param maxFramePayloadLength
* Maximum length of a frame's payload. Setting this to an appropriate value for you application
* helps check for denial of services attacks.
* @param expectMaskedFrames
* Web socket servers must set this to true processed incoming masked payload. Client implementations
* must set this to false.
* @param allowMaskMismatch
* Allows to loosen the masking requirement on received frames. When this is set to false then also
* frames which are not masked properly according to the standard will still be accepted.
* @param allowExtensions
* Flag to allow reserved extension bits to be used or not
* @param closeOnProtocolViolation
* Flag to send close frame immediately on any protocol violation.ion.
*/
private WebSocketDecoderConfig(int maxFramePayloadLength, boolean expectMaskedFrames, boolean allowMaskMismatch,
boolean allowExtensions, boolean closeOnProtocolViolation) {
this.maxFramePayloadLength = maxFramePayloadLength;
this.expectMaskedFrames = expectMaskedFrames;
this.allowMaskMismatch = allowMaskMismatch;
this.allowExtensions = allowExtensions;
this.closeOnProtocolViolation = closeOnProtocolViolation;
}
public int maxFramePayloadLength() {
return maxFramePayloadLength;
}
public boolean expectMaskedFrames() {
return expectMaskedFrames;
}
public boolean allowMaskMismatch() {
return allowMaskMismatch;
}
public boolean allowExtensions() {
return allowExtensions;
}
public boolean closeOnProtocolViolation() {
return closeOnProtocolViolation;
}
@Override
public String toString() {
return "WebSocketDecoderConfig" +
" [maxFramePayloadLength=" + maxFramePayloadLength +
", expectMaskedFrames=" + expectMaskedFrames +
", allowMaskMismatch=" + allowMaskMismatch +
", allowExtensions=" + allowExtensions +
", closeOnProtocolViolation=" + closeOnProtocolViolation +
"]";
}
public Builder toBuilder() {
return new Builder(this);
}
public static Builder newBuilder() {
return new Builder();
}
public static final class Builder {
private int maxFramePayloadLength = 65536;
private boolean expectMaskedFrames = true;
private boolean allowMaskMismatch;
private boolean allowExtensions;
private boolean closeOnProtocolViolation = true;
private Builder() {
/* No-op */
}
private Builder(WebSocketDecoderConfig decoderConfig) {
ObjectUtil.checkNotNull(decoderConfig, "decoderConfig");
maxFramePayloadLength = decoderConfig.maxFramePayloadLength();
expectMaskedFrames = decoderConfig.expectMaskedFrames();
allowMaskMismatch = decoderConfig.allowMaskMismatch();
allowExtensions = decoderConfig.allowExtensions();
closeOnProtocolViolation = decoderConfig.closeOnProtocolViolation();
}
public Builder maxFramePayloadLength(int maxFramePayloadLength) {
this.maxFramePayloadLength = maxFramePayloadLength;
return this;
}
public Builder expectMaskedFrames(boolean expectMaskedFrames) {
this.expectMaskedFrames = expectMaskedFrames;
return this;
}
public Builder allowMaskMismatch(boolean allowMaskMismatch) {
this.allowMaskMismatch = allowMaskMismatch;
return this;
}
public Builder allowExtensions(boolean allowExtensions) {
this.allowExtensions = allowExtensions;
return this;
}
public Builder closeOnProtocolViolation(boolean closeOnProtocolViolation) {
this.closeOnProtocolViolation = closeOnProtocolViolation;
return this;
}
public WebSocketDecoderConfig build() {
return new WebSocketDecoderConfig(
maxFramePayloadLength, expectMaskedFrames, allowMaskMismatch,
allowExtensions, closeOnProtocolViolation);
}
}
}
Reference in New Issue View Git Blame Copy Permalink