Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update faraday gem to support additional HTTP methods #4234

Closed
megamorf opened this issue Jun 24, 2019 · 3 comments · Fixed by #5181
Closed

Update faraday gem to support additional HTTP methods #4234

megamorf opened this issue Jun 24, 2019 · 3 comments · Fixed by #5181
Labels
Component: Core Resources Resources shipped with InSpec.

Comments

@megamorf
Copy link

Only some HTTP methods can be used in the http resource. TRACE and CONNECT are not supported at the moment so invoking the http resource with them fails.

inspec> http('https://www.example.org', method: 'TRACE').headers
ArgumentError: unknown http method: trace
from /opt/inspec/embedded/lib/ruby/gems/2.6.0/gems/faraday-0.15.4/lib/faraday/connection.rb:373:in `run_request'

Detailed Description

Update the faraday gem once a new version has been released that includes the additional HTTP methods. The latest version 0.15.4 was released 27th Nov 2018.

Context

I want to validate web server hardening measures. One of the typical steps is to verify that the TRACE method is not allowed. This should be possible with the built-in http resource instead of having to rely on invoking the curl binary.

Possible Implementation

I've asked the faraday maintainers about a new release that includes the change for the HTTP methods so that the required functionality can be made available in InSpec: lostisland/faraday#462
@technoweenie
Copy link

Thanks for the reminder. We should have an RC out this week.

Question: do you need CONNECT? I believe that method is usually only used for proxy or websocket requests, so it probably won't ever be used by a Faraday end user.

@megamorf
Copy link
Author

@technoweenie Actually I only need TRACE and only mentioned CONNECT because you've added support for it as well. Thanks for the quick response 👍

@megamorf
Copy link
Author

megamorf commented Sep 2, 2019

Looks like Faraday is nearing version v1.0. It might be a good idea to check if there are any incompatibilities between InSpec and their upcoming release.

@miah miah added Component: Core Resources Resources shipped with InSpec. Triage/Feature Request labels Oct 9, 2019
Schwad pushed a commit that referenced this issue Aug 4, 2020
Bump faraday dependencies
72b8f49 
There are several outstanding issues about bumping faraday and
faraday_middleware. This gives us access to additional HTTP methods and
the versions we are pinned to are quite old.

Fixes #4234

Signed-off-by: Nick Schwaderer <nschwaderer@chef.io>
@Schwad Schwad mentioned this issue Aug 4, 2020
Merged
Schwad pushed a commit that referenced this issue Aug 10, 2020
Bump faraday dependencies
7f3af76 
There are several outstanding issues about bumping faraday and
faraday_middleware. This gives us access to additional HTTP methods and
the versions we are pinned to are quite old.

Fixes #4234

Signed-off-by: Nick Schwaderer <nschwaderer@chef.io>
Schwad pushed a commit that referenced this issue Aug 27, 2020
Bump faraday dependencies
36022c6 
There are several outstanding issues about bumping faraday and
faraday_middleware. This gives us access to additional HTTP methods and
the versions we are pinned to are quite old.

Fixes #4234

Signed-off-by: Nick Schwaderer <nschwaderer@chef.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Core Resources Resources shipped with InSpec.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump faraday dependencies inspec/inspec
4 participants
@technoweenie @zenspider @miah @megamorf