3 unstable releases

0.2.1 Dec 31, 2022
0.2.0 Dec 30, 2022
0.1.0 Dec 29, 2022

#1304 in HTTP server

MIT/Apache

39KB
697 lines

Simple CGI (RFC 3875) handler for Rocket

Simple standards compliant CGI handler for Rocket. This is still a WIP, and will remain so until the security todo items have been handled.

Usage

Simply mount a directory with a CGI handler.

rocket().mount("/cgi", CGIDir::new("./cgi"))

Configuration

  • cgi data limit for post requests (1 MiB default)

Notes

This CGI handler will automatically attempt to kill the script as soon as possible. If the process closes stdout, the header lines have been printed for a HEAD request, or a redirect was sent will all cause the process to be killed.

This also don't implement several optional parts of the spec. For example, extension methods (even just PUT & DELETE) are not supported.

TODO

  • Security
    • Check file permissions - Deny writable files?
    • Check file permissions - Deny setuid bit
    • Block path traversal
    • Ignore dot files / hidden files
  • Functionality
    • Additional default filetypes
    • Redirection
    • Extension headers
  • Testing
    • Test Windows-only features (Hidden Files & System/Temporary Files)

Dependencies

~15–49MB
~789K SLoC