From cf70baeb1ccc9d97b1f8de088d548f2e622cfc5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Ostroluck=C3=BD?= Date: Sat, 28 Aug 2021 11:37:59 +0200 Subject: [PATCH] Add support for adjusting binary detection regex in FullHttpMessageFormatter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Regrettably, in our applications, php serialize() is often used instead of JSON as a serialization format used over wire. Instead of changing ∂efault regex for everyone (which could be a security risk in case target endpoint is untrusted), this allows to inject custom regex. --- CHANGELOG.md | 4 ++++ .../FullHttpMessageFormatterSpec.php | 21 +++++++++++++++++++ src/Formatter/FullHttpMessageFormatter.php | 12 ++++++++--- 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ab29dd..de4af69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [1.12.0] - ? + +- Added support for adjusting binary detection regex in FullHttpMessageFormatter + ## [1.11.2] - 2021-08-03 - Support GuzzleHttp/Psr7 version 2.0 in the (deprecated) GuzzleStreamFactory. diff --git a/spec/Formatter/FullHttpMessageFormatterSpec.php b/spec/Formatter/FullHttpMessageFormatterSpec.php index 5d2e6bf..e89b7f2 100644 --- a/spec/Formatter/FullHttpMessageFormatterSpec.php +++ b/spec/Formatter/FullHttpMessageFormatterSpec.php @@ -249,6 +249,27 @@ function it_omits_body_with_null_bytes(RequestInterface $request, StreamInterfac $this->formatRequest($request)->shouldReturn($expectedMessage); } + function it_allows_to_change_binary_detection(RequestInterface $request, StreamInterface $stream) + { + $this->beConstructedWith(1, '/\x01/'); + + $stream->isSeekable()->willReturn(true); + $stream->rewind()->shouldBeCalled(); + $stream->__toString()->willReturn("\0"); + $request->getBody()->willReturn($stream); + $request->getMethod()->willReturn('GET'); + $request->getRequestTarget()->willReturn('/foo'); + $request->getProtocolVersion()->willReturn('1.1'); + $request->getHeaders()->willReturn([]); + + $expectedMessage = <<formatRequest($request)->shouldReturn($expectedMessage); + } + function it_omits_body_with_line_break(RequestInterface $request, StreamInterface $stream) { $this->beConstructedWith(7); diff --git a/src/Formatter/FullHttpMessageFormatter.php b/src/Formatter/FullHttpMessageFormatter.php index 64ce3ce..bb22efe 100644 --- a/src/Formatter/FullHttpMessageFormatter.php +++ b/src/Formatter/FullHttpMessageFormatter.php @@ -21,12 +21,19 @@ class FullHttpMessageFormatter implements Formatter */ private $maxBodyLength; + /** + * @var string + */ + private $binaryDetectionRegex; + /** * @param int|null $maxBodyLength + * @param string $binaryDetectionRegex By default, this is all non-printable ASCII characters and except for \t, \r, \n */ - public function __construct($maxBodyLength = 1000) + public function __construct($maxBodyLength = 1000, string $binaryDetectionRegex = '/([\x00-\x09\x0C\x0E-\x1F\x7F])/') { $this->maxBodyLength = $maxBodyLength; + $this->binaryDetectionRegex = $binaryDetectionRegex; } /** @@ -86,8 +93,7 @@ private function addBody(MessageInterface $request, $message) $data = $stream->__toString(); $stream->rewind(); - // all non-printable ASCII characters and except for \t, \r, \n - if (preg_match('/([\x00-\x09\x0C\x0E-\x1F\x7F])/', $data)) { + if (preg_match($this->binaryDetectionRegex, $data)) { return $message.'[binary stream omitted]'; }