diff --git a/actix-http/src/cookie/jar.rs b/actix-http/src/cookie/jar.rs index d9ab8f05..b60d73fe 100644 --- a/actix-http/src/cookie/jar.rs +++ b/actix-http/src/cookie/jar.rs @@ -470,7 +470,9 @@ impl<'a> Iterator for Iter<'a> { #[cfg(test)] mod test { - use super::{Cookie, CookieJar, Key}; + #[cfg(feature = "secure-cookies")] + use super::Key; + use super::{Cookie, CookieJar}; #[test] #[allow(deprecated)] diff --git a/actix-http/src/cookie/secure/private.rs b/actix-http/src/cookie/secure/private.rs index 74352d72..32368730 100644 --- a/actix-http/src/cookie/secure/private.rs +++ b/actix-http/src/cookie/secure/private.rs @@ -63,9 +63,11 @@ impl<'a> PrivateJar<'a> { if let Ok(unsealed_utf8) = str::from_utf8(unsealed) { Ok(unsealed_utf8.to_string()) } else { - warn!("Private cookie does not have utf8 content! + warn!( + "Private cookie does not have utf8 content! It is likely the secret key used to encrypt them has been leaked. -Please change it as soon as possible."); +Please change it as soon as possible." + ); Err("bad unsealed utf8") } } @@ -206,15 +208,15 @@ fn encrypt_name_value(name: &[u8], value: &[u8], key: &[u8]) -> Vec { .fill(nonce) .expect("couldn't random fill nonce"); in_out[..value.len()].copy_from_slice(value); - let nonce = Nonce::try_assume_unique_for_key(nonce) - .expect("invalid length of `nonce`"); + let nonce = + Nonce::try_assume_unique_for_key(nonce).expect("invalid length of `nonce`"); // Use cookie's name as associated data to prevent value swapping. let ad = Aad::from(name); // Perform the actual sealing operation and get the output length. - let output_len = seal_in_place(&key, nonce, ad, in_out, overhead) - .expect("in-place seal"); + let output_len = + seal_in_place(&key, nonce, ad, in_out, overhead).expect("in-place seal"); // Remove the overhead and return the sealed content. data.truncate(NONCE_LEN + output_len); @@ -223,7 +225,7 @@ fn encrypt_name_value(name: &[u8], value: &[u8], key: &[u8]) -> Vec { #[cfg(test)] mod test { - use super::{Cookie, CookieJar, Key, encrypt_name_value}; + use super::{encrypt_name_value, Cookie, CookieJar, Key}; #[test] fn simple() { @@ -248,15 +250,18 @@ mod test { let mut assert_non_utf8 = |value: &[u8]| { let sealed = encrypt_name_value(name.as_bytes(), value, &key.encryption()); let encoded = base64::encode(&sealed); - assert_eq!(jar.private(&key).unseal(name, &encoded), Err("bad unsealed utf8")); + assert_eq!( + jar.private(&key).unseal(name, &encoded), + Err("bad unsealed utf8") + ); jar.add(Cookie::new(name, encoded)); assert_eq!(jar.private(&key).get(name), None); }; - assert_non_utf8(&[0x72, 0xfb, 0xdf, 0x74]); // rûst in ISO/IEC 8859-1 + assert_non_utf8(&[0x72, 0xfb, 0xdf, 0x74]); // rûst in ISO/IEC 8859-1 - let mut malicious = String::from(r#"{"id":"abc123??%X","admin":true}"#) - .into_bytes(); + let mut malicious = + String::from(r#"{"id":"abc123??%X","admin":true}"#).into_bytes(); malicious[8] |= 0b1100_0000; malicious[9] |= 0b1100_0000; assert_non_utf8(&malicious); diff --git a/actix-http/src/lib.rs b/actix-http/src/lib.rs index a8c44e83..088125ae 100644 --- a/actix-http/src/lib.rs +++ b/actix-http/src/lib.rs @@ -8,6 +8,7 @@ pub mod body; mod builder; pub mod client; mod config; +#[cfg(any(feature = "flate2-zlib", feature = "flate2-rust", feature = "brotli"))] pub mod encoding; mod extensions; mod header; diff --git a/actix-http/tests/test_server.rs b/actix-http/tests/test_server.rs index f1f82b08..a18d1962 100644 --- a/actix-http/tests/test_server.rs +++ b/actix-http/tests/test_server.rs @@ -16,6 +16,7 @@ use actix_http::{ body, error, http, http::header, Error, HttpService, KeepAlive, Request, Response, }; +#[cfg(feature = "ssl")] fn load_body(stream: S) -> impl Future where S: Stream, @@ -346,6 +347,7 @@ fn test_content_length() { } } +#[cfg(feature = "ssl")] #[test] fn test_h2_content_length() { use actix_http::http::{ @@ -443,6 +445,7 @@ fn test_h1_headers() { assert_eq!(bytes, Bytes::from(data2)); } +#[cfg(feature = "ssl")] #[test] fn test_h2_headers() { let data = STR.repeat(10); @@ -523,6 +526,7 @@ fn test_h1_body() { assert_eq!(bytes, Bytes::from_static(STR.as_ref())); } +#[cfg(feature = "ssl")] #[test] fn test_h2_body2() { let openssl = ssl_acceptor().unwrap(); @@ -567,6 +571,7 @@ fn test_h1_head_empty() { assert!(bytes.is_empty()); } +#[cfg(feature = "ssl")] #[test] fn test_h2_head_empty() { let openssl = ssl_acceptor().unwrap(); @@ -622,6 +627,7 @@ fn test_h1_head_binary() { assert!(bytes.is_empty()); } +#[cfg(feature = "ssl")] #[test] fn test_h2_head_binary() { let openssl = ssl_acceptor().unwrap(); @@ -674,6 +680,7 @@ fn test_h1_head_binary2() { } } +#[cfg(feature = "ssl")] #[test] fn test_h2_head_binary2() { let openssl = ssl_acceptor().unwrap(); @@ -720,6 +727,7 @@ fn test_h1_body_length() { assert_eq!(bytes, Bytes::from_static(STR.as_ref())); } +#[cfg(feature = "ssl")] #[test] fn test_h2_body_length() { let openssl = ssl_acceptor().unwrap(); @@ -779,6 +787,7 @@ fn test_h1_body_chunked_explicit() { assert_eq!(bytes, Bytes::from_static(STR.as_ref())); } +#[cfg(feature = "ssl")] #[test] fn test_h2_body_chunked_explicit() { let openssl = ssl_acceptor().unwrap(); @@ -861,6 +870,7 @@ fn test_h1_response_http_error_handling() { assert!(bytes.is_empty()); } +#[cfg(feature = "ssl")] #[test] fn test_h2_response_http_error_handling() { let openssl = ssl_acceptor().unwrap(); @@ -908,6 +918,7 @@ fn test_h1_service_error() { assert!(bytes.is_empty()); } +#[cfg(feature = "ssl")] #[test] fn test_h2_service_error() { let openssl = ssl_acceptor().unwrap();