rubyamf / rocketamf Goto Github PK

Using RocketAMF native

class ProxyArray
  instance_methods.each { |m| undef_method m unless m =~ /(^__|^send$|^object_id$)/ }

  def proxy_method
     puts "you just called the proxy method!"
  end

  protected

  def method_missing(name, *args, &block)
    target.send(name, *args, &block)
  end

  def target
    @target ||= []
  end
end

baz = ProxyArray.new
=> []
baz << 1
=> [1]
baz << 2
=> [1, 2]
baz << 3
=> [1, 2, 3]
baz << 4
=> [1, 2, 3, 4]
baz.class
=> Array
RocketAMF.serialize baz, 3
ArgumentError: wrong number of arguments (0 for 1..4)
from /home/justinsharp/.rvm/gems/ruby-1.9.3-p194@cr2rails/bundler/gems/rocketamf-71f372747536/lib/rocketamf/class_mapping.rb:232:in `select'
RocketAMF.serialize baz + [], 3
=> "\n\aCflex.messaging.io.ArrayCollection\t\t\x01\x04\x01\x04\x02\x04\x03\x04\x04"

The second call works because adding [] to the proxy object produces a new true Array object.

Using RocketAMF pure

class ProxyArray
 instance_methods.each { |m| undef_method m unless m =~ /(^__|^send$|^object_id$)/ }

 def proxy_method
   puts "you just called the proxy method!"
 end

 protected

 def method_missing(name, *args, &block)
   target.send(name, *args, &block)
 end

 def target
   @target ||= []
 end
end
=> nil

baz = ProxyArray.new
=> []
baz << 1
=> [1]
baz << 2
=> [1, 2]
baz << 3
=> [1, 2, 3]
baz << 4
=> [1, 2, 3, 4]
baz.class
=> Array
RocketAMF.serialize baz, 3
=> "\n\aCflex.messaging.io.ArrayCollection\t\t\x01\x04\x01\x04\x02\x04\x03\x04\x04"

The common use case for this would be if you were trying to serialize something like this code

class User < ActiveRecord::Base
  has_many :pets
end
class Pet < ActiveRecord::Base
  belongs_to :user
end

user = User.first
RocketAMF.serialize(user.pets, 3)

I trounced around in the C code a bit, but it's not immediately obvious to me what the problem is, as I don't have a lot of experience in native ruby C api. If I have some time I will put together a spec for this.

Objects, Traits and Strings aren't cached properly as they're deserialized, and the parser chokes when trying to dereference said elements

deserializer.rb:

36,38c36,38
<           @string_cache = []
<           @object_cache = []
<           @trait_cache = []

---
>           @string_cache = [] unless @string_cache
>           @object_cache = [] unless @object_cache
>           @trait_cache = [] unless @trait_cache

@kirillian:

Infinite loop when serializing BigDecimal (SystemStackError Exception: stack level too deep)

I kept getting an infinite loop issue on some of my models and after quite a lot of frustration and tracing, finally noticed that I was seeing a BigDecimal class in my variables...after doing some checking and not finding support, I checked out how these had previously been handled in other AMF serializers and saw them being converted to Floats, so I forked and added in a fix.

For people trying to troubleshoot, the errors I was seeing looked like this:
SystemStackError Exception: stack level too deep

Upon tracing through callstacks, I saw repetition through these methods on the serializer:
serialize
write_prop_list
write_object
serialize

When I type these code in irb:

req = RocketAMF::Envelope.new :amf_version => 3
req.call_flex 'Controller.action', "arg_1", ["args", "args"]

it reports:

NoMethodError: undefined method `call_flex' for #<RocketAMF::Envelope:0x007fa464376aa8>

Thanks for working on this. I'm using

• ruby 1.9.3p0 (2011-10-30) [i386-mingw32] on Win 7 x64

When I did an initial bundle install using

• gem "RocketAMF", :git => "git://github.com/rubyamf/rocketamf.git"

I got a false native extension building error as if DevKit wasn't installed, similar to the one Stephen reported here:

• rubygems/bundler#1120

So I tried

• gem "RocketAMF"

That installs fine but then on server startup gives this error:

• Uncaught exception: uninitialized constant RocketAMF::MappingSet

Is there a version that works with Ruby 1.9.3 or would I have to go back to 1.9.2 or what?

Thanks for any tips!

• Sanford

It looks like when the message contains a remote class, like this:

http://cookbooks.adobe.com/post_How_to_keep_the_type_of_your_objects_when_serializ-8323.html

Then the RemoteClass is skipped during the parsing.

Also, how would you create an object like a RemoteClass in Ruby to serialize?

Thanks!

Hi,

When I deserialize AMF3 data, modify it, and then serialize it, I noticed class names in AMF3 Objects is discarded.
For example:

require 'rocketamf'⏎
amf3_object_with_classname = "\x0a\x0b\x13ClassName\x01\x01"⏎
data = RocketAMF.deserialize( amf3_object_with_classname, 3 )⏎
p data.type # => "ClassName"⏎
data = RocketAMF.deserialize( RocketAMF.serialize( data, 3 ), 3 )⏎
p data.type # => ""⏎

I expect the class name "ClassName" is kept on serialization, but RocketAMF.serialize discards the class name and it will be an empty string instead. I know it can be avoided by mapping the class names, but it would be very convenient if class names in AMF3 Object is kept out-of-the-box. Especially, a class name stored in TypedHash should be kept because TypedHash is used to store the AMF3 Object and its class name.

I hope the following spec to be passed.

diff --git a/spec/class_mapping_spec.rb b/spec/class_mapping_spec.rb
index 16ff524..1a674b7 100644
--- a/spec/class_mapping_spec.rb
+++ b/spec/class_mapping_spec.rb
@@ -25,6 +25,10 @@ describe RocketAMF::ClassMapping do
       @mapper.get_as_class_name('BadClass').should be_nil
     end

+    it "should return the same AS class as of TypedHash" do
+      @mapper.get_as_class_name(RocketAMF::Values::TypedHash.new("UnmappedClass")).should == 'UnmappedClass'
+    end
+
     it "should instantiate a ruby class" do
       @mapper.get_ruby_obj('ASClass').should be_a(ClassMappingTest)
     end

Regards,

Consider the following AMF message received from AMFPHP on Neopets.com: https://dl.dropboxusercontent.com/u/803129/glitched.amf

Flash is able to read this response properly, as is SabreAMF: https://dl.dropboxusercontent.com/u/803129/glitched.txt

RocketAMF, however, fails to read the response:

> response = File.open('glitched.amf', 'rb') { |f| f.read }
> RocketAMF::Envelope.new.populate_from_stream(response)
RuntimeError: Not supported: 47

I suspect the issue is at messages[0]['custom_pet']['biology_by_zone']: note that the hash contains a null key. This really shouldn't be a part of the message and is almost certainly a bug on their part, but it still oughta be deserialized correctly, anyway—especially since it's just so hard to get those guys to fix bugs :P

RocketAMF can't be installed under JRuby because it tries to install the native extension and fails.

We are using rocketamf on our server to serialize data from remote client, which is the most case, but have found it could be easily attack by abused String::to_sym.
File:
lib/rocketamf/pure/deserializer.rb => to_sym
ext/rocketamf_ext/deserializer.c => rb_str_intern
As it is, rocketamf will convert every key in an object to sym, but in Ruby, the memory of a symbol will never be released. So, when a client transfer malicious data to server, our server will certainly get DoS attacked.

Maybe solutions:

1. no more use to_sym, only string as key. Some old code use rocketamf will not work.
2. to_sym only if the special symbol already exists. This maybe a good solution, but sometimes make something unexpected.
3. give an extra argument for deserializing amf object.