rwf2
/
Rocket
mirror of https://github.com/rwf2/Rocket.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
550 Commits 7 Branches 63 Tags 23 MiB
Commit Graph

110 Commits

Author SHA1 Message Date
Sergio Benitez ff57fb7341 New version: 0.2.11. 2017-09-04 19:44:17 -07:00
Sergio Benitez 35589738a1 Update lints for latest nightly. 2017-09-04 19:42:14 -07:00
Sergio Benitez 74805df1fc New version: 0.2.10. 2017-08-11 09:21:21 -07:00
Sergio Benitez 16229385cd Update lints for latest nightly, '2017-08-10'. 2017-08-11 09:17:28 -07:00
Sergio Benitez c441cf0b07 New version: 0.2.9. 2017-07-09 22:19:33 -07:00
Sergio Benitez ebb6bb7860 Restrict compilation to nightlies >= 2017-07-09. 2017-07-09 22:16:16 -07:00
Sergio Benitez c7a2240442 Update for 2017-07-09. 'associated_consts' is stable. 2017-07-09 22:02:38 -07:00
Sergio Benitez 61b19b1863 Remove 'unicode' feature from codegen. Update min nightly. 2017-06-30 19:09:21 -07:00
Sergio Benitez ee0bec095e New version: 0.2.8. 2017-06-01 22:03:25 -07:00
Sergio Benitez cfcddf5e00 Update codegen lints for latest nightly. 2017-06-01 21:59:40 -07:00
Sergio Benitez 68f6d51ebe New version: 0.2.7. 2017-05-26 20:06:01 -07:00
Sergio Benitez bdf73b4758 Update codegen for latest nightly. 2017-05-26 20:04:15 -07:00
Sergio Benitez d5a70b76cd New version: 0.2.6. 2017-04-17 16:23:27 -07:00
Sergio Benitez 71878ffebf Avoid collision in FromForm derive by using weird names. 
Fixes #265.
 2017-04-17 15:54:44 -07:00
Sergio Benitez 9f0c8a80ae New version: 0.2.5. 2017-04-16 14:25:16 -07:00
Sergio Benitez d2388081e7 Update minimum nightly version in codegen. 2017-04-16 14:23:48 -07:00
Sergio Benitez 153e7f0480 Fix lints for latest nightly. 2017-04-16 14:22:27 -07:00
Sergio Benitez 355da8a1ba New version: 0.2.4. 2017-03-30 19:50:07 -07:00
Sergio Benitez 3a2edba2a9 Update codegen for latest nightly. 2017-03-30 19:50:03 -07:00
Sergio Benitez bd66cc1313 New version: 0.2.3. 2017-03-22 19:44:33 -07:00
Sergio Benitez 266aa2fd5b Update minimum rustc version for codegen. 2017-03-22 19:44:32 -07:00
Sergio Benitez cc3eb57d7f Update codegen for latest nightly. 2017-03-22 19:44:32 -07:00
Sergio Benitez 6be902162d New version: 0.2.2. 2017-02-26 18:31:15 -08:00
Sergio Benitez 56a631d4ba Update codegen for latest nightly. 2017-02-26 18:26:02 -08:00
Sergio Benitez d99de8e05b New version: 0.2.1. 2017-02-24 13:57:33 -08:00
Sergio Benitez 7d2695d19f Use type index to find type span in unmanaged_state lint. 
Fixes #179.
 2017-02-08 00:56:17 -08:00
Sergio Benitez c7db553286 New version: 0.2.0. 2017-02-06 05:35:19 -08:00
Sergio Benitez 8eef42a256 Compile-time enforce paths as absolute, non-empty, valid segments. 2017-02-06 04:03:30 -08:00
Sergio Benitez 92f22ca63b Fix false positives in unmounted_routes lint due to 'launch'. 2017-02-05 02:11:32 -08:00
Sergio Benitez e966925455 Use full URI in codegen routes; log query params in routes. 2017-02-05 01:34:48 -08:00
Sergio Benitez ecd72f686e Record instances in lint from launch calls. 2017-02-04 13:52:23 -08:00
Sergio Benitez d23a0fa80a Move lint note message to correct spot. 2017-02-03 17:38:51 -08:00
Sergio Benitez a6c27b7243 Document codegen lints. 2017-02-02 23:06:35 -08:00
Sergio Benitez b69527c392 Reenable the options decorator. 2017-02-02 15:02:32 -08:00
Sergio Benitez 58678e53fb Update codegen for latest nightly. 2017-02-02 14:45:43 -08:00
Sergio Benitez d4eda278a2 Parallelize testing. Fix compiletest dependencies. 2017-02-02 00:41:47 -08:00
Sergio Benitez ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings. 
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
 2017-02-01 18:22:51 -08:00
Sergio Benitez 3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez c0235d0cde Condense cases in 'def_id_opt'. 2017-01-31 17:38:25 -08:00
Sergio Benitez c1697509ba Improve lints: gather info on per-instance basis. 2017-01-31 02:01:30 -08:00
Sergio Benitez 4eaf9ba9c5 Add lints to catch unmanaged state and unmounted routes. 
* The `unmanaged_state` lint emits a warning when a `State<T>` request
    guard is used without an accompanying `manage` call for `T`.

  * The `unmounted_route` lint emits a warning when a route declared via
    a Rocket attribute is not mounted via a call to `mount`.

There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
 2017-01-29 01:13:52 -08:00
Sergio Benitez 0063f2524e Remove unused macro_use in codegen. 2017-01-27 00:06:16 -08:00
Sergio Benitez 0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez 307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez 08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`. 
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
 2017-01-13 13:25:33 -08:00
Sergio Benitez b109bb41ff One more clippy warning (in FromForm derive). 2017-01-09 20:45:34 -08:00
Josh Holmer 59043e262a Fix more codegen clippy warnings. 2017-01-09 20:33:54 -08:00
Josh Holmer 17bbd41f73 Fix clippy warnings caused by codegen. 2017-01-09 17:36:47 -08:00
Sergio Benitez e230ce9b95 Don't overwrite catcher response status if it is set. 
Resolves #113.
 2017-01-06 01:32:43 -06:00