From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Daniel Hartwig Newsgroups: gmane.lisp.guile.bugs Subject: bug#10109: [PATCH] (web http): list-style headers do not validate Date: Wed, 23 Nov 2011 02:18:36 +0800 Message-ID: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=f46d04479505fc743c04b256d482 X-Trace: dough.gmane.org 1321994771 17177 80.91.229.12 (22 Nov 2011 20:46:11 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 22 Nov 2011 20:46:11 +0000 (UTC) To: 10109@debbugs.gnu.org Original-X-From: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Tue Nov 22 21:46:01 2011 Return-path: Envelope-to: guile-bugs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RSxE0-0005td-Cd for guile-bugs@m.gmane.org; Tue, 22 Nov 2011 21:45:52 +0100 Original-Received: from localhost ([::1]:51777 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RSxDv-00037n-0f for guile-bugs@m.gmane.org; Tue, 22 Nov 2011 15:45:47 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:35929) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RSvA7-0001Tn-EB for bug-guile@gnu.org; Tue, 22 Nov 2011 13:33:47 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RSvA6-0006hV-1t for bug-guile@gnu.org; Tue, 22 Nov 2011 13:33:43 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:33122) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RSvA6-0006hI-0L for bug-guile@gnu.org; Tue, 22 Nov 2011 13:33:42 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1RSvBN-0000VO-VP for bug-guile@gnu.org; Tue, 22 Nov 2011 13:35:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Daniel Hartwig Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-guile@gnu.org Resent-Date: Tue, 22 Nov 2011 18:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 10109 X-GNU-PR-Package: guile X-GNU-PR-Keywords: patch X-Debbugs-Original-To: submit@debbugs.gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.13219868531880 (code B ref -1); Tue, 22 Nov 2011 18:35:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 22 Nov 2011 18:34:13 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RSvAZ-0000UC-1O for submit@debbugs.gnu.org; Tue, 22 Nov 2011 13:34:12 -0500 Original-Received: from mail-iy0-f172.google.com ([209.85.210.172]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RSuwo-00006m-Gt for submit@debbugs.gnu.org; Tue, 22 Nov 2011 13:20:00 -0500 Original-Received: by iaeo4 with SMTP id o4so502873iae.3 for ; Tue, 22 Nov 2011 10:18:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=3BGiC8k+MsqtY6g8Z+KQWwSzD+0R3URu6Un4wBhFXFs=; b=mynEAEY+80Qk4sFL0O7epC+7m16C8OxnKk3dDlIK7+6eUzwtl3wFUg0KVI3xuAwauS IRWNTg5OtT0LOuO8ILzoVNgR6cFX7Ha8mv6EBPmB3XcS223YmAgl9nNgIv4EvYaxco17 IHG7I6U8aCq8nhV07FKOmpkvipfH45p2EaBNk= Original-Received: by 10.50.242.1 with SMTP id wm1mr25181639igc.30.1321985917088; Tue, 22 Nov 2011 10:18:37 -0800 (PST) Original-Received: by 10.231.166.69 with HTTP; Tue, 22 Nov 2011 10:18:36 -0800 (PST) X-Mailman-Approved-At: Tue, 22 Nov 2011 13:34:09 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Tue, 22 Nov 2011 13:35:01 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-Mailman-Approved-At: Tue, 22 Nov 2011 15:45:45 -0500 X-BeenThere: bug-guile@gnu.org List-Id: "Bug reports for GUILE, GNU's Ubiquitous Extension Language" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Original-Sender: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.bugs:5935 Archived-At: --f46d04479505fc743c04b256d482 Content-Type: text/plain; charset=ISO-8859-1 Package: guile Version: 2.0.3 Tags: patch Many of the list-style headers from (web http) do not validate correctly. The test suite only checks that the header's parse and does not test the associated validators. Attached is a very quick patch (0002) which exposes the failing validators through the test-suite: $ ./guile-test tests/web-http.test Running tests/web-http.test ... FAIL: tests/web-http.test: general headers: cache-control: "no-transform" -> (no-transform) FAIL: tests/web-http.test: general headers: cache-control: "no-transform,foo" -> (no-transform foo) FAIL: tests/web-http.test: general headers: cache-control: "no-cache" -> (no-cache) FAIL: tests/web-http.test: general headers: cache-control: "no-cache=\"Authorization, Date\"" -> ((no-cache authorization date)) FAIL: tests/web-http.test: general headers: cache-control: "private=\"Foo\"" -> ((private foo)) FAIL: tests/web-http.test: general headers: cache-control: "no-cache,max-age=10" -> (no-cache (max-age . 10)) FAIL: tests/web-http.test: general headers: pragma: "no-cache" -> (no-cache) FAIL: tests/web-http.test: general headers: pragma: "no-cache, foo" -> (no-cache foo) FAIL: tests/web-http.test: general headers: transfer-encoding: "foo, chunked" -> ((foo) (chunked)) FAIL: tests/web-http.test: entity headers: allow: "foo, bar" -> (foo bar) FAIL: tests/web-http.test: entity headers: content-encoding: "qux, baz" -> (qux baz) FAIL: tests/web-http.test: request headers: accept: "text/*;q=0.3, text/html;q=0.7, text/html;level=1" -> ((text/* (q . 300)) (text/html (q . 700)) (text/html (level . "1"))) FAIL: tests/web-http.test: request headers: authorization: "Basic foooo" -> (basic . "foooo") FAIL: tests/web-http.test: request headers: authorization: "Digest foooo" -> (digest foooo) FAIL: tests/web-http.test: request headers: expect: "100-continue, foo" -> ((#{100-continue}#) (foo)) FAIL: tests/web-http.test: request headers: proxy-authorization: "Basic foooo" -> (basic . "foooo") FAIL: tests/web-http.test: request headers: proxy-authorization: "Digest foooo" -> (digest foooo) FAIL: tests/web-http.test: request headers: te: "trailers" -> ((trailers)) FAIL: tests/web-http.test: request headers: te: "trailers,foo" -> ((trailers) (foo)) FAIL: tests/web-http.test: response headers: accept-ranges: "foo,bar" -> (foo bar) Totals for this test run: passes: 60 failures: 20 ... The other patch (0001) corrects `http.scm' for some typos and missing logic, after which the above failures no longer occur. $ ./guile-test tests/web-http.test Running tests/web-http.test ... Totals for this test run: passes: 80 failures: 0 ... 0001 (web http): fix validators for various list-style headers * module/web/http.scm (default-val-validator): Valid with no value. (key-value-list?): Keys are always symbols, do not accept strings. (validate-param-list): Apply `valid?' to list elements. (validate-credentials): Validate param for Basic scheme, which is parsed as a string. (declare-symbol-list-header!): `list-of?' args were in wrong order. ("Cache-Control"): Replace `default-val-validator' with more specific procedure. ("Accept"): Validate on first param which has no value. --- module/web/http.scm | 26 ++++++++++++++++++-------- 1 files changed, 18 insertions(+), 8 deletions(-) --f46d04479505fc743c04b256d482 Content-Type: text/x-patch; charset=US-ASCII; name="0001-web-http-fix-validators-for-various-list-style-heade.patch" Content-Disposition: attachment; filename="0001-web-http-fix-validators-for-various-list-style-heade.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gvb86x5m0 ZGlmZiAtLWdpdCBhL21vZHVsZS93ZWIvaHR0cC5zY20gYi9tb2R1bGUvd2ViL2h0dHAuc2NtCmlu ZGV4IGU4NzY1ZjMuLmRjNzQyYTEgMTAwNjQ0Ci0tLSBhL21vZHVsZS93ZWIvaHR0cC5zY20KKysr IGIvbW9kdWxlL3dlYi9odHRwLnNjbQpAQCAtNDcwLDcgKzQ3MCw3IEBAIG9yZGVyZWQgYWxpc3Qu IgogICB2YWwpCiAKIChkZWZpbmUgKGRlZmF1bHQtdmFsLXZhbGlkYXRvciBrIHZhbCkKLSAgKHN0 cmluZz8gdmFsKSkKKyAgKG9yIChub3QgdmFsKSAoc3RyaW5nPyB2YWwpKSkKIAogKGRlZmluZSAo ZGVmYXVsdC12YWwtd3JpdGVyIGsgdmFsIHBvcnQpCiAgIChpZiAob3IgKHN0cmluZy1pbmRleCB2 YWwgI1w7KQpAQCAtNTE4LDkgKzUxOCw5IEBAIG9yZGVyZWQgYWxpc3QuIgogICAgICAgICAgICAg ICAgKChwYWlyPyBlbHQpCiAgICAgICAgICAgICAgICAgKGxldCAoKGsgKGNhciBlbHQpKQogICAg ICAgICAgICAgICAgICAgICAgICh2IChjZHIgZWx0KSkpCi0gICAgICAgICAgICAgICAgICAoYW5k IChvciAoc3RyaW5nPyBrKSAoc3ltYm9sPyBrKSkKKyAgICAgICAgICAgICAgICAgIChhbmQgKHN5 bWJvbD8gaykKICAgICAgICAgICAgICAgICAgICAgICAgKHZhbGlkPyBrIHYpKSkpCi0gICAgICAg ICAgICAgICAoKG9yIChzdHJpbmc/IGVsdCkgKHN5bWJvbD8gZWx0KSkKKyAgICAgICAgICAgICAg ICgoc3ltYm9sPyBlbHQpCiAgICAgICAgICAgICAgICAgKHZhbGlkPyBlbHQgI2YpKQogICAgICAg ICAgICAgICAgKGVsc2UgI2YpKSkpKQogCkBAIC02MTEsNyArNjExLDcgQEAgb3JkZXJlZCBhbGlz dC4iCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAodmFsaWQ/IGRlZmF1bHQtdmFsLXZh bGlkYXRvcikpCiAgIChsaXN0LW9mPyBsaXN0CiAgICAgICAgICAgICAobGFtYmRhIChlbHQpCi0g ICAgICAgICAgICAgIChrZXktdmFsdWUtbGlzdD8gbGlzdCB2YWxpZD8pKSkpCisgICAgICAgICAg ICAgIChrZXktdmFsdWUtbGlzdD8gZWx0IHZhbGlkPykpKSkKIAogKGRlZmluZSogKHdyaXRlLXBh cmFtLWxpc3QgbGlzdCBwb3J0ICM6b3B0aW9uYWwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICh2YWwtd3JpdGVyIGRlZmF1bHQtdmFsLXdyaXRlcikpCkBAIC04NzEsNyArODcxLDEwIEBAIG9y ZGVyZWQgYWxpc3QuIgogICAgICAgICAgKGNvbnMgc2NoZW1lIChwYXJzZS1rZXktdmFsdWUtbGlz dCBzdHIgZGVmYXVsdC12YWwtcGFyc2VyIGRlbGltIGVuZCkpKSkpKSkKIAogKGRlZmluZSAodmFs aWRhdGUtY3JlZGVudGlhbHMgdmFsKQotICAoYW5kIChwYWlyPyB2YWwpIChzeW1ib2w/IChjYXIg dmFsKSkgKGtleS12YWx1ZS1saXN0PyAoY2RyIHZhbCkpKSkKKyAgKGFuZCAocGFpcj8gdmFsKSAo c3ltYm9sPyAoY2FyIHZhbCkpCisgICAgICAgKGNhc2UgKGNhciB2YWwpCisgICAgICAgICAoKGJh c2ljKSAoc3RyaW5nPyAoY2RyIHZhbCkpKQorICAgICAgICAgKGVsc2UgKGtleS12YWx1ZS1saXN0 PyAoY2RyIHZhbCkpKSkpKQogCiAoZGVmaW5lICh3cml0ZS1jcmVkZW50aWFscyB2YWwgcG9ydCkK ICAgKGRpc3BsYXkgKGNhciB2YWwpIHBvcnQpCkBAIC0xMTM3LDcgKzExNDAsNyBAQCBwaHJhc2Vc Ii4iCiAgICAgKGxhbWJkYSAoc3RyKQogICAgICAgKG1hcCBzdHJpbmctPnN5bWJvbCAoc3BsaXQt YW5kLXRyaW0gc3RyKSkpCiAgICAgKGxhbWJkYSAodikKLSAgICAgIChsaXN0LW9mPyBzeW1ib2w/ IHYpKQorICAgICAgKGxpc3Qtb2Y/IHYgc3ltYm9sPykpCiAgICAgKGxhbWJkYSAodiBwb3J0KQog ICAgICAgKHdyaXRlLWxpc3QgdiBwb3J0IGRpc3BsYXkgIiwgIikpKSkKIApAQCAtMTI0Miw3ICsx MjQ1LDE0IEBAIHBocmFzZVwiLiIKICAgICAgICgocHJpdmF0ZSBuby1jYWNoZSkKICAgICAgICAo YW5kIHYtc3RyIChzcGxpdC1oZWFkZXItbmFtZXMgdi1zdHIpKSkKICAgICAgIChlbHNlIHYtc3Ry KSkpCi0gIGRlZmF1bHQtdmFsLXZhbGlkYXRvcgorICAobGFtYmRhIChrIHYpCisgICAgKGNhc2Ug aworICAgICAgKChtYXgtYWdlIG1heC1zdGFsZSBtaW4tZnJlc2ggcy1tYXhhZ2UpCisgICAgICAg KG5vbi1uZWdhdGl2ZS1pbnRlZ2VyPyB2KSkKKyAgICAgICgocHJpdmF0ZSBuby1jYWNoZSkKKyAg ICAgICAob3IgKG5vdCB2KSAobGlzdC1vZi1oZWFkZXItbmFtZXM/IHYpKSkKKyAgICAgIChlbHNl CisgICAgICAgKG5vdCB2KSkpKQogICAobGFtYmRhIChrIHYgcG9ydCkKICAgICAoY29uZAogICAg ICAoKHN0cmluZz8gdikgKGRpc3BsYXkgdiBwb3J0KSkKQEAgLTE1MjIsNyArMTUzMiw3IEBAIHBo cmFzZVwiLiIKICAgKGxhbWJkYSAoayB2KQogICAgIChpZiAoZXE/IGsgJ3EpCiAgICAgICAgICh2 YWxpZC1xdWFsaXR5PyB2KQotICAgICAgICAoc3RyaW5nPyB2KSkpCisgICAgICAgIChvciAobm90 IHYpIChzdHJpbmc/IHYpKSkpCiAgIChsYW1iZGEgKGsgdiBwb3J0KQogICAgIChpZiAoZXE/IGsg J3EpCiAgICAgICAgICh3cml0ZS1xdWFsaXR5IHYgcG9ydCkK --f46d04479505fc743c04b256d482 Content-Type: text/x-patch; charset=US-ASCII; name="0002-web-http-test.patch" Content-Disposition: attachment; filename="0002-web-http-test.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gvb86ya71 ZGlmZiAtLWdpdCBhL3Rlc3Qtc3VpdGUvdGVzdHMvd2ViLWh0dHAudGVzdCBiL3Rlc3Qtc3VpdGUv dGVzdHMvd2ViLWh0dHAudGVzdAppbmRleCBlNGQ2ZWZiLi5iNmFiYmYzIDEwMDY0NAotLS0gYS90 ZXN0LXN1aXRlL3Rlc3RzL3dlYi1odHRwLnRlc3QKKysrIGIvdGVzdC1zdWl0ZS90ZXN0cy93ZWIt aHR0cC50ZXN0CkBAIC00MSw4ICs0MSw5IEBACiAgIChzeW50YXgtcnVsZXMgKCkKICAgICAoKF8g c3ltIHN0ciB2YWwpCiAgICAgIChwYXNzLWlmIChmb3JtYXQgI2YgIn5hOiB+cyAtPiB+cyIgJ3N5 bSBzdHIgdmFsKQotICAgICAgIChlcXVhbD8gKHBhcnNlLWhlYWRlciAnc3ltIHN0cikKLSAgICAg ICAgICAgICAgIHZhbCkpKSkpCisgICAgICAgKGFuZCAoZXF1YWw/IChwYXJzZS1oZWFkZXIgJ3N5 bSBzdHIpCisgICAgICAgICAgICAgICAgICAgIHZhbCkKKyAgICAgICAgICAgICh2YWxpZC1oZWFk ZXI/ICdzeW0gdmFsKSkpKSkpCiAKIChkZWZpbmUtc3ludGF4IHBhc3MtaWYtYW55LWVycm9yCiAg IChzeW50YXgtcnVsZXMgKCkK --f46d04479505fc743c04b256d482--