3 unstable releases
0.2.1 | Dec 31, 2022 |
---|---|
0.2.0 | Dec 30, 2022 |
0.1.0 | Dec 29, 2022 |
#1304 in HTTP server
39KB
697 lines
Simple CGI (RFC 3875) handler for Rocket
Simple standards compliant CGI handler for Rocket. This is still a WIP, and will remain so until the security todo items have been handled.
Usage
Simply mount a directory with a CGI handler.
rocket().mount("/cgi", CGIDir::new("./cgi"))
Configuration
cgi
data limit for post requests (1 MiB default)
Notes
This CGI handler will automatically attempt to kill the script as soon as possible. If the process closes stdout, the header lines have been printed for a HEAD request, or a redirect was sent will all cause the process to be killed.
This also don't implement several optional parts of the spec. For example, extension methods (even just PUT & DELETE) are not supported.
TODO
- Security
- Check file permissions - Deny writable files?
- Check file permissions - Deny setuid bit
- Block path traversal
- Ignore dot files / hidden files
- Functionality
- Additional default filetypes
- Redirection
- Extension headers
- Testing
- Test Windows-only features (Hidden Files & System/Temporary Files)
Dependencies
~15–49MB
~789K SLoC