nning / david Goto Github PK

When trying to use CBOR in my sinatra application, I get rack errors. It looks like the cbor part does not work for some reason.

[2017-09-13 12:56:51] DEBUG  #<struct CoRE::CoAP::Message ver=1, tt=:non, mcode=:post, mid=2385, options={:max_age=>60, :token=>0, :uri_path=>["th"], :content_format=>13362}, payload="\x82\x19\ng\x19\x10\x86">
#<Rack::BodyProxy:0x00000002d59b78 @body=#<Rack::Lint:0x00000002d84b70 @app=#<Rack::TempfileReaper:0x000000026c39a8 @app=#<Rack::Logger:0x000000027af268 @app=CoapServer, @level=1>>, @content_length="56", @body=#<Rack::BodyProxy:0x00000002d74310 @body=["Invalid query parameters: invalid byte sequence in UTF-8"], @block=#<Proc:0x00000002d742c0@/home/deploy/itsmybike-coap-adapter/shared/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/tempfile_reaper.rb:16>, @closed=false>, @head_request=false>, @block=#<Proc:0x00000002d59b28@/home/deploy/itsmybike-coap-adapter/shared/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/common_logger.rb:35>, @closed=false>
80.187.116.85 - - [13/Sep/2017:12:56:51 +0200] "POST /th " 400 56 0.0055
[2017-09-13 12:56:51] INFO  -> [80.187.116.85]:20143: non 4.00 / (block 0)
[2017-09-13 12:56:51] DEBUG  #<struct CoRE::CoAP::Message ver=1, tt=:non, mcode=[4, 0], mid=2385, options={:token=>0, :content_format=>nil, :etag=>nil}, payload="Invalid query parameters: invalid byte sequence in UTF-8">

I already tried to enable the cbor-flag that is false by default by starting the using the following command:

bundle exec rackup -p 5683 -o 0.0.0.0 -O CBOR=true -O Log=debug

I also tried to fix this by adding the rack utf-8 sanitizer gem to my sinatra project. Maybe this bug is caused by a rack problem and not by a david problem. As long as I don't know, I would assume this to be a problem specific to david.

I am trying to use david in my Rails 5.1.2 application alongside a normal http output (user frontend, etc) to get this connected to some iot devices.
Unfortunately, the application can not be used with http anymore after adding the david gem. First, I realized that http is simply disabled by the gem but I found the option coap.only = false.
Now, instead of immediately not answering, the framework freezes with the error message:

2017-07-03 15:21:12 +0200: Rack app error handling request { GET / }
#<NoMethodError: undefined method 'error' for nil:NilClass>
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/david-0.5.0/lib/david/show_exceptions.rb:31:in 'render_exception'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/david-0.5.0/lib/david/show_exceptions.rb:20:in 'rescue in _call'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/david-0.5.0/lib/david/show_exceptions.rb:12:in '_call'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/david-0.5.0/lib/david/show_exceptions.rb:8:in 'call'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/railties-5.1.2/lib/rails/rack/logger.rb:36:in 'call_app'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/railties-5.1.2/lib/rails/rack/logger.rb:24:in 'block in call'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/activesupport-5.1.2/lib/active_support/tagged_logging.rb:69:in 'block in tagged'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/activesupport-5.1.2/lib/active_support/tagged_logging.rb:26:in 'tagged'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/activesupport-5.1.2/lib/active_support/tagged_logging.rb:69:in 'tagged'
/Users/felixletkemann/.rvm/gems/ruby-2.4.0/gems/railties-5.1.2/lib/rails/rack/logger.rb:24:in 'call'

My current configuration (application.rb) is:

class Application < Rails::Application
  config.load_defaults 5.1
  config.coap.only = false
  config.coap.observe = false
  config.coap.log = :debug    
end

When the framework is frozen, I can stop it pressing Ctrl+C twice and I will get get the error message mentioned above. If I don't set the log level to :debug, I don't get anything.
Reaching the CoAP routes using Firefox and Copper works just fine. So, I can use david for the intended purpose but it breaks the rest of the framework.

Yours Sincerely,
Felix

Hello developers of ruby-coap/david,

My name is Bruno, and I'm an MSc. student in Brazil within the Institute of Computing from the University of Campinas.
As part of my research on the application of fuzzing techniques for robustness and security black-box testing of CoAP implementations, I've tested your library. The sample used in my research was compiled from distribution/commit nning/coap@86c8419. The application used to test it was bin/david from b9413ce @ 2018-03-04.

I'm contacting you because the application mentioned above was one of the samples for which our tool was able to detect robustness and/or security issues. In a broad sense, every failure we found can actually be classified as a security vulnerability, because they impact availability --- the application either aborts or needs forceful restart in order to restore servicing CoAP requests. However, we didn't go as far as performing a thorough root-cause analysis for those failures, since it would be unfeasible for us (more than 100 failures were detected across 25 samples, each one using a different CoAP library, spanning 8 programming languages) and thus out-of-scope of this particular research.

We think that one of our main contributions is the opportunity to make a real-world impact on IoT security by reporting those failures to CoAP libraries' maintainers, with a comprehensible and easy way to replicate them so developers can further investigate and fix those failures. So, in order to follow up with a responsible disclosure process, we ask for a proper e-mail address (or any other form of contact) so we can send you:

• A script to reproduce the failures;
• A pcap file used by the script, containing the packets causing the failures;
• A logfile with the stacktraces we got for each reported failure.

We expect a reply anytime soon.
Please let us know if which form of contact should we use --- or if it's ok to use this channel.

Thanks & Regards,
Bruno Melo.

When I do a request to my rails application using postman, I get a hash in the parameters variable, looking like:
=> <ActionController::Parameters {"book"=>{"author"=>"ernest hemingway", "isbn"=>"1234567"}, "format"=>"json", "controller"=>"api/v1/book", "action"=>"create"} permitted: false>

When I do the same request over CoAP using Copper in Firefox, I get:

=> <ActionController::Parameters {"{ book: { author: \"ernest hemingway\", isbn: \"1234567"=>nil, "format"=>"json", "controller"=>"api/v1/book", "action"=>"create"} permitted: false>

Something must be doing strange things with the params variable.

@nning is it possible to add additional licences to the project (e.g. MIT) ?

If I transmit the following JSON over CoAP, everything works fine:
[52403729, 13437171, 123456789, -1171, 3794, 4, 21212121, 1000]

If I transmit the same encoded as CBOR, the "params" variable looks like
[0, 13437171, 123456789, -1171, 3794, 4, 21212121, 1000]

The first parameter seems to be lost. Switching back to non-cbor solves the problem - but I want to use cbor. The strange thing is, that all the other parameters are transmitted correctly. The problem only affects the first one. First I thought that the problem might be my cbor encoder. So I had a look into the request object. I found the following lines:

@params={"X?"=>{"52195380, 13498559, 123456789, -1171, 3794, 4, 21212121, 1000"=>nil}}>

So the correct value is transmitted - but lost somewhere. The correct value makes it into the request object but not to the params variable.

I am using david alongside puma to provide a CoAP + HTTP API with Rails 5.2.

While running puma, I noticed that the coap.only option inside my application.rb is ignored on server startup and important middleware classes like Rack::MethodOverride and ActionDispatch::ShowExceptions get removed. That is because in david's default config coap.only is set to true and the options set in application.rb are not yet evaluated at the time the HTTP middleware gets removed.

For everyone who experiences the same issue, I solved this by patching david's default config by placing

require 'david/railties/config'
David::Railties::Config.class_eval do
  config.coap.only = false
end

before the Bundler.require(*Rails.groups) line in my application.rb.

Cheers,
Alex

I naturally want to do rspec testing of my CoAP application.
It also speaks HTTP(S), although I imagine that production that it will be two completely different deploys.

I have changed things so that david is not automatically chosen for "rails server", so that I can develop in both worlds the same time. So one has to do something like: "bin/rails server david -b ::2 -p 5684"

rspec requests skip the framework layer and goes directly to routes. I can test my controllers via config/routes.rb just fine. But I can't test the resource discovery process, doing a GET to /.well-known/core?rt=est.ace to get the location of the resource and then using it.

I propose that the /.well-known/core processing no longer be special cased in lib/david/resource_discovery.rb's call, but instead be referenced in the applications' routes.rb.

The rails5 way might be to use a concern, I see that this how active-scaffold has gone, but the old rails4 "as_routes" may work as well for this.

When I try to run the HelloWorld example as run Rack::HelloWorld using rackup config.ru, I get the following error:

[2015-02-08 09:48:55] INFO  David 0.4.0 on ruby 2.1.1p76 (2014-02-24 revision 45161) [x86_64-darwin13.0]
[2015-02-08 09:48:55] INFO  Starting on [::1]:9292
[2015-02-08 09:48:55] ERROR  Actor crashed!
Errno::EINVAL: Invalid argument - setsockopt(2)
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/david-0.4.0/lib/david/server/multicast.rb:44:in `setsockopt'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/david-0.4.0/lib/david/server/multicast.rb:44:in `multicast_listen_ipv6'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/david-0.4.0/lib/david/server/multicast.rb:11:in `block in multicast_initialize!'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/david-0.4.0/lib/david/server/multicast.rb:11:in `each'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/david-0.4.0/lib/david/server/multicast.rb:11:in `multicast_initialize!'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/david-0.4.0/lib/david/server.rb:32:in `initialize'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/calls.rb:26:in `public_send'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/calls.rb:26:in `dispatch'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/calls.rb:63:in `dispatch'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/cell.rb:60:in `block in invoke'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/cell.rb:71:in `block in task'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/actor.rb:357:in `block in task'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/tasks.rb:57:in `block in initialize'
        /Users/matus/.rbenv/versions/2.1.1/lib/ruby/gems/2.1.0/gems/celluloid-0.16.0/lib/celluloid/tasks/task_fiber.rb:15:in `block in create'
[2015-02-08 09:48:55] ERROR  Actor crashed!

The error is repeated several times.

Am I doing something wrong?

I am on Mac OS X and use david 0.4.0.

according to lib/rack/handler/david.rb, David accepts a variety of options, like --Log.
But, when invoked from under Thunar/rails server, these options do not get passed through.
Going through the code, it appears that we simply aren't integrated correctly there, and it's not clear to me how to fix that. Did it ever work? Is it supposed to?

I've created a new empty rails project, added david to the Gemfile and installed it, but when I try to start the project (rails s) I get the following error message:

/var/lib/gems/1.9.1/gems/actionpack-4.2.4/lib/action_dispatch/middleware/stack.rb:125:in 'asset_index': No such middleware to insert before: ActionDispatch::DebugExceptions (RuntimeError)

While the readme of David lists sinatra as one of the frameworks which are compatible with david, I could not get david to work with sinatra so far.
Adding the david gem (together with cbor) will make rackup talk over coap just as desired. Unfortunately, there is no .well-known/core route to tell the CoAP client what is available.
Also, I can not use the discoverable option in my controller, since the "discoverable" option is depending on the railties.
In order to be compatible with all the other frameworks, there should be a way to make the .well-known/core route available.
Do you have any working example with sinatra and david?