1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionpack/test/dispatch
Jonathan Hefner a21ebfa1c9 Refactor CVE-2021-22881 fix
Follow-up to 83a6ac3fee.

This allows `HTTP_HOST` to be omitted as before, and reduces the number
of object allocations per request.

Benchmark:

```ruby
 # frozen_string_literal: true
require "benchmark/memory"

HOST = "example.com:80"
BEFORE_REGEXP = /\A(?<host>[a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9.:]+\])(:\d+)?\z/
AFTER_REGEXP = /(?:\A|,[ ]?)([a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9.:]+\])(?::\d+)?\z/i

Benchmark.memory do |x|
  x.report("BEFORE (non-nil X-Forwarded-Host)") do
    origin_host = BEFORE_REGEXP.match(HOST.to_s.downcase)[:host]
    forwarded_host = BEFORE_REGEXP.match(HOST.to_s.split(/,\s?/).last)[:host]
  end

  x.report("BEFORE (nil X-Forwarded-Host)") do
    origin_host = BEFORE_REGEXP.match(HOST.to_s.downcase)[:host]
    forwarded_host = BEFORE_REGEXP.match(nil.to_s.split(/,\s?/).last)
  end

  x.report("AFTER (non-nil X-Forwarded-Host)") do
    origin_host = HOST&.slice(AFTER_REGEXP, 1) || ""
    forwarded_host = HOST&.slice(AFTER_REGEXP, 1) || ""
  end

  x.report("AFTER (nil X-Forwarded-Host)") do
    origin_host = HOST&.slice(AFTER_REGEXP, 1) || ""
    forwarded_host = nil&.slice(AFTER_REGEXP, 1) || ""
  end
end
```

Results:

```
BEFORE (non-nil X-Forwarded-Host)
                       616.000  memsize (   208.000  retained)
                         9.000  objects (     2.000  retained)
                         2.000  strings (     1.000  retained)
BEFORE (nil X-Forwarded-Host)
                       328.000  memsize (     0.000  retained)
                         5.000  objects (     0.000  retained)
                         2.000  strings (     0.000  retained)
AFTER (non-nil X-Forwarded-Host)
                       248.000  memsize (   168.000  retained)
                         3.000  objects (     1.000  retained)
                         1.000  strings (     0.000  retained)
AFTER (nil X-Forwarded-Host)
                        40.000  memsize (     0.000  retained)
                         1.000  objects (     0.000  retained)
                         1.000  strings (     0.000  retained)
```
2021-02-13 12:03:23 -06:00
..
request Add ability to set per param encoding 2020-10-26 11:26:29 -07:00
routing Allow tests to run without a TTY 2019-08-14 10:52:21 -07:00
session feat(rubocop): Add Style/RedundantRegexpEscape 2020-12-08 18:57:09 +00:00
system_testing Support selenium-webdriver 4 2020-12-29 02:36:01 +00:00
actionable_exceptions_test.rb Only allow ActionableErrors if show_detailed_exceptions is enabled 2020-06-17 07:59:57 -07:00
callbacks_test.rb Enable Layout/EmptyLinesAroundAccessModifier cop 2019-06-13 12:00:45 +09:00
content_disposition_test.rb Escape # in RFC 5987 pattern 2020-08-31 10:31:30 -04:00
content_security_policy_test.rb Add support for script-src-attr / elem and style-src-attr / elem directives 2019-07-18 10:00:54 +09:00
cookies_test.rb Allow a proc to be used in addition to a static value for cookies_same_site_protection 2020-08-25 14:33:48 -04:00
debug_exceptions_test.rb Display exception messages using simple_format for a better and clearer 2020-11-09 21:48:24 +00:00
debug_locks_test.rb Fix can't modify frozen String error in DebugLocks 2017-08-28 21:48:05 +09:00
exception_wrapper_test.rb Address all possible Performance/StartWith / Performance/EndWith violations 2019-11-14 03:20:29 +09:00
executor_test.rb Replace assert ! with assert_not 2018-04-19 08:11:33 -04:00
header_test.rb Remove Rubocop's comments from Rails code base 2018-07-26 23:37:31 +03:00
host_authorization_test.rb Refactor CVE-2021-22881 fix 2021-02-13 12:03:23 -06:00
live_response_test.rb allow for only no-store in cache-control header 2020-10-07 10:33:38 +08:00
mapper_test.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
middleware_stack_test.rb Delayed middleware delete does not allow move operations 2020-01-08 11:30:02 +02:00
mime_type_test.rb allow parameter delimiter without space 2020-02-07 14:43:35 -08:00
mount_test.rb mounted routes with non-word characters 2019-04-15 15:11:13 +02:00
permissions_policy_test.rb Use Feature-Policy header name for now 2020-11-19 16:08:09 +01:00
prefix_generation_test.rb Fix Ruby 2.7 keyword arguments warning 2020-05-11 15:33:08 -05:00
rack_cache_test.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
reloader_test.rb Replace assert ! with assert_not 2018-04-19 08:11:33 -04:00
request_id_test.rb Fix tests with Ruby 3 2020-10-30 02:20:04 +00:00
request_test.rb ActionDispatch::Request#content_type now returned Content-Type header as it is 2021-01-27 00:28:54 +00:00
response_test.rb Change ActionDispatch::Response#content_type to return the full Content-Type header 2020-10-30 00:25:49 +00:00
routing_assertions_test.rb Fix assert_recognizes on mounted root routes. 2020-08-10 16:59:52 -04:00
routing_test.rb Fix issue routing with optional parts of a segment 2021-01-12 14:30:59 -08:00
runner_test.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
show_exceptions_test.rb Raise more specific exception for invalid mime type from user-agent 2020-10-07 11:49:56 -04:00
ssl_test.rb quietly handle unknown HTTP methods in Action Dispatch SSL middleware 2020-12-28 07:27:50 -05:00
static_test.rb Allow rails to serve brotli encoded assets 2020-06-01 08:57:02 -07:00
test_request_test.rb Use frozen string literal in actionpack/ 2017-07-29 14:02:40 +03:00
test_response_test.rb Remove deprecated methods in ActionDispatch::TestResponse 2019-01-17 16:08:31 -05:00
uploaded_file_test.rb Restore UploadedFile compatibility with IO.copy_stream 2019-02-23 23:36:58 +01:00
url_generation_test.rb Heed config.force_ssl when building URL 2020-04-05 18:19:31 -05:00