aboutsummaryrefslogtreecommitdiffstats
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* util.xtemplate: Yet another string template libraryKim Alvefur2022-01-241-0/+86
| | | | | | This one takes a stanza as input Roughly based on util.interpolation
* Merge 0.11->trunkKim Alvefur2022-01-201-13/+5
|\
| * util.xml: Deduplicate handlers for restricted XML0.11.13Kim Alvefur2022-01-201-12/+5
| | | | | | | | | | Makes the code more like util.xmppstream, allowing easier comparisons if we ever need to apply fixes in the future.
| * util.xml: Break reference to help the GC (fix #1711)Kim Alvefur2022-01-201-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LuaExpat uses a registry reference to track handlers, which makes it so that an upvalue like this creates a reference loop that keeps the parser and its handlers from being garbage collected. The same issue has affected util.xmppstream in the past. Code for checking: local xml_parse = require"util.xml".parse; for i = 1, 10000 do xml_parse("<root/>") end collectgarbage(); collectgarbage(); print(collectgarbage("count"), "KiB"); A future release of LuaExpat may fix the underlying issue there.
| * util.xml: Do not allow doctypes, comments or processing instructions0.11.12Jonas Schäfer2022-01-101-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* | util.prosodyctl.cert: Check success of copy operations, warn on failKim Alvefur2022-01-191-4/+9
| | | | | | | | | | Debugging a case where certs are not imported correctly but prosodyctl still reports success. Hoping this will shed some light on it.
* | util.prosodyctl.cert: Pass variables via formatting instead of concatenationKim Alvefur2022-01-191-5/+5
| | | | | | | | | | Prevents potential weirdness in case there's any %s or such in a host, file or directory name, since show_warning() is printf().
* | util.jid: Explicitly check for nil rather than falsyKim Alvefur2022-01-151-14/+14
| | | | | | | | A boolean false should blow up.
* | util.xml: Do not allow doctypes, comments or processing instructionsJonas Schäfer2022-01-101-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless.
* | util.prosodyctl.cert: Fix boolean logic bugKim Alvefur2022-01-091-1/+1
| | | | | | | | | | | | | | Boolean logic, never correct on the first try. We want to skip copying the same cert if it _has_ been imported already, not if it has not.
* | util.startup: Allow supplying an argument parsing settingsKim Alvefur2022-01-091-2/+2
| | | | | | | | | | | | The 'prosody' global is not global this early so there was no way to override the process type field or argument parsing settings from outside, e.g. from the migrator.
* | util.prosodyctl.check: Parameterize replacement instructionsKim Alvefur2022-01-081-11/+25
| | | | | | | | | | This ought to make it easier to translate in the future. And easier to reword, now!
* | util.prosodyctl.check: Move word to ease future translationsKim Alvefur2022-01-081-13/+13
| | | | | | | | | | | | | | | | | | | | | | Recent experience with translations in the context of Snikket highlighted that sentences spread across concatenated strings like this makes the experience less than pleasant for translators. We don't have translation yet, but it is a future goal and why not? The duplication can be solved with a parameterized function for the common cases.
* | util.prosodyctl.check: Use same wording about 'daemonize' and 'no_daemonize'Kim Alvefur2022-01-081-1/+1
| | | | | | | | Why would they use different wording?
* | util.pubsub: Fix item store resize to "max"Kim Alvefur2022-01-061-1/+6
| | | | | | | | | | Previously this would end up passing the "max" directly to the underlying storage.
* | util.dependencies: Enable warning about missing lua-unboundKim Alvefur2022-01-051-3/+2
| | | | | | | | Packages exists now.
* | util.stanza: Remove dead codeKim Alvefur2021-12-311-5/+0
| | | | | | | | | | These cases are caught by `check_text(v, ..)` above. Those errors do not contain the attribute however, which would have been nice.
* | util.stanza: Make type error message consistent with othersKim Alvefur2021-12-311-1/+1
| |
* | util.datamapper: Add support for $ref pointersKim Alvefur2021-12-291-18/+39
| | | | | | | | Allows reuse of repetitive definitions in schemas.
* | util.jsonschema: Add support for $ref pointersKim Alvefur2021-12-291-21/+33
| |
* | util.jsonpointer: Resolve JSON Pointers per RFC 6901Kim Alvefur2021-12-291-0/+40
| |
* | mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438Kim Alvefur2021-12-261-1/+1
| | | | | | | | | | | | | | | | More security for less pain than switching to SCRAM-SHA-256 The XEP will likely be change to reference the RFC that will probably come from draft-ietf-kitten-password-storage once it is ready, and then we should update to follow that.
* | openmetrics/histograms: improve code clarityKim Alvefur2021-12-272-2/+2
| | | | | | | | | | If buckets thresholds are to be taken as "less than or equal to", then using the less than or equal to operator seems sensible.
* | openmetrics/histograms: fix incorrect condition for bucketingJonas Schäfer2021-12-262-2/+2
| | | | | | | | | | | | The buckets thresholds are to be taken as "less than or equal to". The condition as written in the code did only "less than", not "less than or equal to". That's fixed now.
* | util.xml: Use variable instead of constant for consistency (thanks Thijs)Matthew Wild2021-12-261-1/+1
| |
* | util.prosodyctl.check: Remove obsolete settings from known globalsKim Alvefur2021-12-251-2/+0
| |
* | util.prosodyctl.check: Add some more obsolete settingsKim Alvefur2021-12-251-0/+6
| |
* | util.id: Add a 'tiny' variantKim Alvefur2021-12-021-0/+3
| | | | | | | | | | Conversations uses this for its randomized resources. Presumably fine and collision resistant enough when you have a few devices at most.
* | util.id: Adjust entropy levels, with rationalesKim Alvefur2021-12-021-3/+14
| | | | | | | | | | Modules using ids for logging should not need the now pretty large medium one.
* | util.prosodyctl.cert: Copy SAN/wildcard certs only onceKim Alvefur2021-12-221-1/+5
| |
* | util.x509: Fix to include wildcard identityKim Alvefur2021-12-221-0/+3
| |
* | prosodyctl cert: use the indexing functions for better UXJonas Schäfer2021-12-211-13/+15
| | | | | | | | | | | | These provide (a) a way to deal with random assortments of certs and (b) avoid unnecessary error messages and warnings, according to #1669 anyway, which this fixes.
* | core.certmanager: Rename preset option to 'tls_preset'Kim Alvefur2021-12-221-0/+1
| | | | | | | | TLS good, SSL bad.
* | adminstream: fire disconnected event on lower layer disconnectJonas Schäfer2021-12-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | This may in theory cause multiple disconnect events for the adminstream client, if the only code using that wasn't calling os.exit right away. Hence, this should be a good enough partial fix for #1671. It is not a full fix, because the shell will only notice the disconnect after one has hit enter in the input; until then, it is stuck in a read() call to stdin and completely oblivious to the disconnect.
* | util.smqueue: Simplify compat table, fix dependent modules (thanks Martin)Kim Alvefur2021-12-161-9/+4
| | | | | | | | | | | | There was an off-by-one in the modulo calculation. Switching to a plain old array-table makes the apparent size of the queue wrong, but since some of the queue may not be available this is likely for the best.
* | util.smqueue: Abstract queue with acknowledgements and overflowKim Alvefur2021-12-141-0/+61
| | | | | | | | | | | | | | | | Meant to be used in mod_smacks for XEP-0198 Meant to have a larger virtual size than actual number of items stored, on the theory that in most cases, the excess will be acked before needed for a resumption event.
* | util.format: Optimize most common integer formatKim Alvefur2021-12-131-0/+2
| | | | | | | | | | | | A search for log formats in use points to %s being the most common, followed by %d, so worth having a fast path for that. %g works well with most numbers and is what Lua 5.1 and 5.2 used
* | util.format: Ensure metatable __tostring results are also sanitizedKim Alvefur2021-12-131-1/+2
| |
* | util.format: Fix some formats expecting positive numbers in Lua 5.2Kim Alvefur2021-12-111-0/+5
| | | | | | | | Amazing how string.format behaves differently under each Lua version
* | util.format: Fix Lua 5.1 quirks thanks to ALL THE TESTSKim Alvefur2021-12-111-1/+6
| |
* | util.format: Also handle the %p format added in Lua 5.4Kim Alvefur2021-12-111-3/+18
| |
* | util.format: Ensure sanitation of strings passed to wrong formatKim Alvefur2021-12-111-21/+37
| | | | | | | | | | | | | | | | | | Ie. log("debug", "%d", "\1\2\3") should not result in garbage. Also optimizing for the common case of ASCII string passed to %s and early returns everywhere. Returning nil from a gsub callback keeps the original substring.
* | util.format: Escape invalid UTF-8 by passing trough serializationKim Alvefur2021-12-101-1/+10
| | | | | | | | | | | | Should prevent invalid UTF-8 from making it into the logs, which can cause trouble with terminals or log viewers or other tools, such as when grep determines that log files are binary.
* | util.sasl.scram: Store username property rather than cached local (#399)Matthew Wild2021-12-071-1/+1
| | | | | | | | | | This should allow modules to override the username in a profile handler by assigning to self.username.
* | util.dependencies: Fix typo (thanks jonas’)Kim Alvefur2021-11-301-1/+1
| | | | | | | | | | | | | | | | | | | | vim> Change "sevral" to: 1 "several" 2 "sacral" 3 "spiral" 4 "feral" 5 "serial" jonas’> I choose 4.
* | util.startup: Initialize util.async at startupMatthew Wild2021-11-291-0/+9
| |
* | util.async: Add next-tick configurationMatthew Wild2021-11-291-2/+8
| | | | | | | | | | | | | | | | Running woken runners in the next iteration of the event loop prevents unexpected recursion, unexpected tracebacks, and is generally more predictable. The pattern is borrowed from util.promise, where we're now doing the same.
* | util.async: Add sleep() method with configurable scheduling backendMatthew Wild2021-11-291-0/+15
| | | | | | | | | | | | | | | | | | No scheduler set by default, so it will error (we plan to initialize it in util.startup). We wanted to avoid a hard dependency on util.timer (which in turn depends on network backends, etc.), and we didn't add timer.sleep() because we didn't want to add a hard dependency on util.async for things that don't need it.
* | util.stanza: Adjust pretty printing for symmetryKim Alvefur2021-11-291-1/+1
| | | | | | | | | | Self-closing <tags/> and <?processing instructions?> had some asymmetries in applied colors.
* | util.dependencies: Discourage Lua 5.1Kim Alvefur2021-11-281-0/+2
| | | | | | | | Search for 'Lua 5.1' for reasons.