Skip to content

fix: ensure websocket close messages are truncated to 123 bytes #779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Apr 1, 2022
Merged

fix: ensure websocket close messages are truncated to 123 bytes #779

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9472717
fix: ensure websocket close messages are truncated to 123 bytes
coadler Mar 31, 2022
c3bf516
move to coderd.go
coadler Mar 31, 2022
c3bae1c
simpler truncating
coadler Mar 31, 2022
82ea13c
fix imports
coadler Mar 31, 2022
ceab625
httpapi.WebsocketCloseMessage
coadler Apr 1, 2022
c70e408
msg -> sprintf
coadler Apr 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
move to coderd.go
  • Loading branch information
@coadler
coadler committed Mar 31, 2022
commit c3bf51609542d8c856f6e811ba4863f49236f631
36 changes: 36 additions & 0 deletions coderd/coderd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
package coderd

import (
"fmt"
"net/http"
"net/url"
"strings"
"sync"
"time"

Expand Down Expand Up @@ -199,3 +201,37 @@ type api struct {
websocketWaitMutex sync.Mutex
websocketWaitGroup sync.WaitGroup
}

const websocketCloseMaxLen = 123

// fmtWebsocketCloseMsg formats a websocket close message and ensures it is
// truncated to the maximum allowed length.
func FmtWebsocketCloseMsg(format string, vars ...any) string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's unfortunate we'll have to export this to test it - hmph. Any ideas on where we could place this structurally? It's both a little unfortunate to export this from coderd, and to create a package just for this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we could do the coderd_internal_test.go thing? I read about that after I wrote this!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But yea I agree having this exported is weird

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think httpapi would be more appropriate.

httpapi.WebsocketCloseMessage seems clean 😎

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that! I'll fix it up tomorrow

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Woooonderful

msg := fmt.Sprintf(format, vars...)

// Cap msg length at 123 bytes. nhooyr/websocket only allows close messages
// of this length.
if len(msg) > websocketCloseMaxLen {
// truncateString safely truncates a string to a maximum size of byteLen. It
// writes whole runes until a single rune would increase the string size above
// byteLen.
truncateString := func(str string, byteLen int) string {
builder := strings.Builder{}
builder.Grow(byteLen)

for _, char := range str {
if builder.Len()+len(string(char)) > byteLen {
break
}

_, _ = builder.WriteRune(char)
}

return builder.String()
}

return truncateString(msg, websocketCloseMaxLen)
}

return msg
}
24 changes: 24 additions & 0 deletions coderd/coderd_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,35 @@
package coderd_test

import (
"strings"
"testing"

"github.com/stretchr/testify/assert"
"go.uber.org/goleak"

"github.com/coder/coder/coderd"
)

func TestMain(m *testing.M) {
goleak.VerifyTestMain(m)
}

func TestFmtWebsocketCloseMsg(t *testing.T) {
t.Parallel()

t.Run("TruncateSingleByteCharacters", func(t *testing.T) {
t.Parallel()

msg := strings.Repeat("d", 255)
trunc := coderd.FmtWebsocketCloseMsg(msg)
assert.LessOrEqual(t, len(trunc), 123)
})

t.Run("TruncateMultiByteCharacters", func(t *testing.T) {
t.Parallel()

msg := strings.Repeat("こんにちは", 10)
trunc := coderd.FmtWebsocketCloseMsg(msg)
assert.LessOrEqual(t, len(trunc), 123)
})
}
8 changes: 4 additions & 4 deletions coderd/provisionerdaemons.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
Provisioners: []database.ProvisionerType{database.ProvisionerTypeEcho, database.ProvisionerTypeTerraform},
})
if err != nil {
_ = conn.Close(websocket.StatusInternalError, fmtWebsocketCloseMsg("insert provisioner daemon: %s", err))
_ = conn.Close(websocket.StatusInternalError, FmtWebsocketCloseMsg("insert provisioner daemon: %s", err))
return
}

Expand All @@ -67,7 +67,7 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
config.LogOutput = io.Discard
session, err := yamux.Server(websocket.NetConn(r.Context(), conn, websocket.MessageBinary), config)
if err != nil {
_ = conn.Close(websocket.StatusInternalError, fmtWebsocketCloseMsg("multiplex server: %s", err))
_ = conn.Close(websocket.StatusInternalError, FmtWebsocketCloseMsg("multiplex server: %s", err))
return
}
mux := drpcmux.New()
Expand All @@ -80,13 +80,13 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
Logger: api.Logger.Named(fmt.Sprintf("provisionerd-%s", daemon.Name)),
})
if err != nil {
_ = conn.Close(websocket.StatusInternalError, fmtWebsocketCloseMsg("drpc register provisioner daemon: %s", err))
_ = conn.Close(websocket.StatusInternalError, FmtWebsocketCloseMsg("drpc register provisioner daemon: %s", err))
return
}
server := drpcserver.New(mux)
err = server.Serve(r.Context(), session)
if err != nil {
_ = conn.Close(websocket.StatusInternalError, fmtWebsocketCloseMsg("serve: %s", err))
_ = conn.Close(websocket.StatusInternalError, FmtWebsocketCloseMsg("serve: %s", err))
return
}
_ = conn.Close(websocket.StatusGoingAway, "")
Expand Down
2 changes: 1 addition & 1 deletion coderd/workspaceresources.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ func (api *api) workspaceResourceDial(rw http.ResponseWriter, r *http.Request) {
Pubsub: api.Pubsub,
})
if err != nil {
_ = conn.Close(websocket.StatusInternalError, fmtWebsocketCloseMsg("serve: %s", err))
_ = conn.Close(websocket.StatusInternalError, FmtWebsocketCloseMsg("serve: %s", err))
return
}
}
Expand Down
40 changes: 0 additions & 40 deletions coderd/ws.go
View file
Open in desktop

This file was deleted.

30 changes: 0 additions & 30 deletions coderd/ws_test.go
View file
Open in desktop

This file was deleted.