Class: Html2rss::RequestService::Policy

Inherits:

Object

• Object
• Html2rss::RequestService::Policy

Defined in:

lib/html2rss/request_service/policy.rb

Overview

Describes the runtime request envelope for a single feed build.

Constant Summary

MAX_REQUESTS_CEILING =

rubocop:disable Metrics/ClassLength

10

LOCAL_HOSTS =

Hostnames treated as local/private surfaces.

%w[localhost localhost.localdomain metadata.google.internal].to_set.freeze

BLOCKED_IP_RANGES =

IP ranges blocked when private networks are disabled.

[
  IPAddr.new('0.0.0.0/8'),
  IPAddr.new('10.0.0.0/8'),
  IPAddr.new('127.0.0.0/8'),
  IPAddr.new('169.254.0.0/16'),
  IPAddr.new('172.16.0.0/12'),
  IPAddr.new('192.168.0.0/16'),
  IPAddr.new('224.0.0.0/4'),
  IPAddr.new('::/128'),
  IPAddr.new('::1/128'),
  IPAddr.new('fe80::/10'),
  IPAddr.new('fc00::/7'),
  IPAddr.new('ff00::/8')
].freeze

DEFAULTS =

Default policy values used when request controls are not explicitly set.

{
  connect_timeout_seconds: 5,
  read_timeout_seconds: 10,
  total_timeout_seconds: 30,
  max_redirects: 3,
  max_response_bytes: 5_242_880,
  max_decompressed_bytes: 10_485_760,
  max_requests: 1,
  allow_private_networks: false,
  allow_cross_origin_followups: false
}.freeze

DEFAULT_POLICY =

Shared immutable policy instance used for default request execution.

Policy.new

Instance Attribute Summary

• #connect_timeout_seconds ⇒ Object readonly

  Returns the value of attribute connect_timeout_seconds.

• #max_decompressed_bytes ⇒ Object readonly

  Returns the value of attribute max_decompressed_bytes.

• #max_redirects ⇒ Object readonly

  Returns the value of attribute max_redirects.

• #max_requests ⇒ Object readonly

  Returns the value of attribute max_requests.

• #max_response_bytes ⇒ Object readonly

  Returns the value of attribute max_response_bytes.

• #read_timeout_seconds ⇒ Object readonly

  Returns the value of attribute read_timeout_seconds.

• #total_timeout_seconds ⇒ Object readonly

  Returns the value of attribute total_timeout_seconds.

Class Method Summary

• .default ⇒ Policy

  Returns the default request policy.

Instance Method Summary

• #allow_cross_origin_followups? ⇒ Boolean

  Whether follow-up requests may leave the initial origin.

• #allow_private_networks? ⇒ Boolean

  Whether private network targets may be requested.

• #initialize(connect_timeout_seconds: , read_timeout_seconds: , total_timeout_seconds: , max_redirects: , max_response_bytes: , max_decompressed_bytes: , max_requests: , allow_private_networks: , allow_cross_origin_followups: , resolver: Socket) ⇒ Policy constructor

  A new instance of Policy.

• #validate_redirect!(from_url:, to_url:, origin_url:, relation:) ⇒ void

  Validates a redirect hop before it is followed.

• #validate_remote_ip!(ip:, url:) ⇒ void

  Validates the resolved remote IP for a completed request.

• #validate_request!(url:, origin_url:, relation:) ⇒ void

  Validates whether a request target is permitted for the given context.

Constructor Details

#initialize(connect_timeout_seconds: , read_timeout_seconds: , total_timeout_seconds: , max_redirects: , max_response_bytes: , max_decompressed_bytes: , max_requests: , allow_private_networks: , allow_cross_origin_followups: , resolver: Socket) ⇒ Policy

Returns a new instance of Policy.

Parameters:

• connect_timeout_seconds (Integer) (defaults to: ) —

  maximum connection setup time

• read_timeout_seconds (Integer) (defaults to: ) —

  maximum read stall time

• total_timeout_seconds (Integer) (defaults to: ) —

  maximum total request time

• max_redirects (Integer) (defaults to: ) —

  maximum redirect count

• max_response_bytes (Integer) (defaults to: ) —

  maximum streamed response bytes

• max_decompressed_bytes (Integer) (defaults to: ) —

  maximum final body size

• max_requests (Integer) (defaults to: ) —

  maximum requests per feed build

• allow_private_networks (Boolean) (defaults to: ) —

  whether private network targets are allowed

• allow_cross_origin_followups (Boolean) (defaults to: ) —

  whether follow-up requests may leave the origin host

• resolver (#each_address) (defaults to: Socket) —

  DNS resolver used for hostname classification

# File 'lib/html2rss/request_service/policy.rb', line 55

def initialize(connect_timeout_seconds: DEFAULTS[:connect_timeout_seconds], # rubocop:disable Metrics/MethodLength, Metrics/ParameterLists
               read_timeout_seconds: DEFAULTS[:read_timeout_seconds],
               total_timeout_seconds: DEFAULTS[:total_timeout_seconds],
               max_redirects: DEFAULTS[:max_redirects],
               max_response_bytes: DEFAULTS[:max_response_bytes],
               max_decompressed_bytes: DEFAULTS[:max_decompressed_bytes],
               max_requests: DEFAULTS[:max_requests],
               allow_private_networks: DEFAULTS[:allow_private_networks],
               allow_cross_origin_followups: DEFAULTS[:allow_cross_origin_followups],
               resolver: Socket)
  @connect_timeout_seconds = validate_positive_integer!(:connect_timeout_seconds, connect_timeout_seconds)
  @read_timeout_seconds = validate_positive_integer!(:read_timeout_seconds, read_timeout_seconds)
  @total_timeout_seconds = validate_positive_integer!(:total_timeout_seconds, total_timeout_seconds)
  @max_redirects = validate_non_negative_integer!(:max_redirects, max_redirects)
  @max_response_bytes = validate_positive_integer!(:max_response_bytes, max_response_bytes)
  @max_decompressed_bytes = validate_positive_integer!(:max_decompressed_bytes, max_decompressed_bytes)
  @max_requests = [validate_positive_integer!(:max_requests, max_requests), MAX_REQUESTS_CEILING].min
  @allow_private_networks = allow_private_networks ? true : false
  @allow_cross_origin_followups = allow_cross_origin_followups ? true : false
  @resolver = resolver
  freeze
end

Instance Attribute Details

#connect_timeout_seconds ⇒ Object (readonly)

Returns the value of attribute connect_timeout_seconds.

# File 'lib/html2rss/request_service/policy.rb', line 78

def connect_timeout_seconds
  @connect_timeout_seconds
end

#max_decompressed_bytes ⇒ Object (readonly)

Returns the value of attribute max_decompressed_bytes.

# File 'lib/html2rss/request_service/policy.rb', line 78

def max_decompressed_bytes
  @max_decompressed_bytes
end

#max_redirects ⇒ Object (readonly)

Returns the value of attribute max_redirects.

# File 'lib/html2rss/request_service/policy.rb', line 78

def max_redirects
  @max_redirects
end

#max_requests ⇒ Object (readonly)

Returns the value of attribute max_requests.

# File 'lib/html2rss/request_service/policy.rb', line 78

def max_requests
  @max_requests
end

#max_response_bytes ⇒ Object (readonly)

Returns the value of attribute max_response_bytes.

# File 'lib/html2rss/request_service/policy.rb', line 78

def max_response_bytes
  @max_response_bytes
end

#read_timeout_seconds ⇒ Object (readonly)

Returns the value of attribute read_timeout_seconds.

# File 'lib/html2rss/request_service/policy.rb', line 78

def read_timeout_seconds
  @read_timeout_seconds
end

#total_timeout_seconds ⇒ Object (readonly)

Returns the value of attribute total_timeout_seconds.

# File 'lib/html2rss/request_service/policy.rb', line 78

def total_timeout_seconds
  @total_timeout_seconds
end

Class Method Details

.default ⇒ Policy

Returns the default request policy.

rubocop:disable Layout/ClassStructure

Returns:

• (Policy) —

  a default, frozen policy instance

# File 'lib/html2rss/request_service/policy.rb', line 103

def self.default
  new
end

Instance Method Details

#allow_cross_origin_followups? ⇒ Boolean

Returns whether follow-up requests may leave the initial origin.

Returns:

• (Boolean) —

  whether follow-up requests may leave the initial origin

# File 'lib/html2rss/request_service/policy.rb', line 94

def allow_cross_origin_followups?
  @allow_cross_origin_followups
end

#allow_private_networks? ⇒ Boolean

Returns whether private network targets may be requested.

Returns:

• (Boolean) —

  whether private network targets may be requested

# File 'lib/html2rss/request_service/policy.rb', line 88

def allow_private_networks?
  @allow_private_networks
end

#validate_redirect!(from_url:, to_url:, origin_url:, relation:) ⇒ void

This method returns an undefined value.

Validates a redirect hop before it is followed.

Parameters:

• from_url (Html2rss::Url) —

  URL that produced the redirect

• to_url (Html2rss::Url) —

  redirect destination

• origin_url (Html2rss::Url) —

  initial URL of the feed build

• relation (Symbol) —

  logical reason for the request

Raises:

• (UnsupportedUrlScheme) —

  if the redirect downgrades from HTTPS to HTTP

# File 'lib/html2rss/request_service/policy.rb', line 131

def validate_redirect!(from_url:, to_url:, origin_url:, relation:)
  if from_url.scheme == 'https' && to_url.scheme == 'http'
    raise UnsupportedUrlScheme, 'Redirect downgraded from https to http'
  end

  validate_request!(url: to_url, origin_url:, relation:)
end

#validate_remote_ip!(ip:, url:) ⇒ void

This method returns an undefined value.

Validates the resolved remote IP for a completed request.

Parameters:

• ip (String, nil) —

  remote IP address reported by the client

• url (Html2rss::Url) —

  URL associated with the response

Raises:

• (PrivateNetworkDenied) —

  if the response came from a blocked address

# File 'lib/html2rss/request_service/policy.rb', line 146

def validate_remote_ip!(ip:, url:)
  return if allow_private_networks?
  return if ip.nil? || ip.empty?

  parsed_ip = parse_ip(ip)
  raise PrivateNetworkDenied, "Remote IP could not be validated for #{url}" unless parsed_ip
  return unless blocked_ip?(parsed_ip)

  raise PrivateNetworkDenied, "Private network target denied for #{url}"
end

#validate_request!(url:, origin_url:, relation:) ⇒ void

This method returns an undefined value.

Validates whether a request target is permitted for the given context.

Parameters:

• url (Html2rss::Url) —

  destination URL

• origin_url (Html2rss::Url) —

  initial URL of the feed build

• relation (Symbol) —

  logical reason for the request

Raises:

• (CrossOriginFollowUpDenied) —

  if a follow-up leaves the origin host

• (PrivateNetworkDenied) —

  if the target resolves to a private address

# File 'lib/html2rss/request_service/policy.rb', line 117

def validate_request!(url:, origin_url:, relation:)
  enforce_same_origin!(url, origin_url, relation)
  enforce_public_network!(url)
end