11 lines
7.0 KiB
JSON
Raw Normal View History

2025-01-04 07:20:50 +00:00
{
"extension": ".h",
"source": "#ifndef CALPACA_HTTP_H\n#define CALPACA_HTTP_H\n#include <stdio.h>\n#include <string.h>\n#include <stdlib.h>\n#include <unistd.h>\n#include <arpa/inet.h>\n#include <netdb.h>\n#include <openssl/ssl.h>\n#include <openssl/err.h>\n#include \"auth.h\"\n#include <json-c/json.h>\n\nvoid init_openssl()\n{\n SSL_load_error_strings();\n OpenSSL_add_ssl_algorithms();\n}\n\nvoid cleanup_openssl()\n{\n EVP_cleanup();\n}\n\nSSL_CTX *create_context()\n{\n const SSL_METHOD *method = TLS_method();\n SSL_CTX *ctx = SSL_CTX_new(method);\n SSL_CTX_load_verify_locations(ctx, \"/etc/ssl/certs/ca-certificates.crt\", NULL);\n\n return ctx;\n}\n\nSSL_CTX *create_context2()\n{\n const SSL_METHOD *method;\n SSL_CTX *ctx;\n\n method = TLS_client_method();\n ctx = SSL_CTX_new(method);\n if (!ctx)\n {\n perror(\"Unable to create SSL context\");\n ERR_print_errors_fp(stderr);\n exit(EXIT_FAILURE);\n }\n\n return ctx;\n}\n\nint create_socket(const char *hostname, int port)\n{\n struct hostent *host;\n struct sockaddr_in addr;\n\n host = gethostbyname(hostname);\n if (!host)\n {\n perror(\"Unable to resolve host\");\n exit(EXIT_FAILURE);\n }\n\n int sock = socket(AF_INET, SOCK_STREAM, 0);\n if (sock < 0)\n {\n perror(\"Unable to create socket\");\n exit(EXIT_FAILURE);\n }\n\n addr.sin_family = AF_INET;\n addr.sin_port = htons(port);\n addr.sin_addr.s_addr = *(long *)(host->h_addr);\n\n if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) != 0)\n {\n perror(\"Unable to connect to host\");\n close(sock);\n exit(EXIT_FAILURE);\n }\n\n return sock;\n}\n\nchar *http_post(const char *hostname, char *url, char *data)\n{\n init_openssl();\n int port = 443;\n\n SSL_CTX *ctx = create_context();\n\n int sock = create_socket(hostname, port);\n\n SSL *ssl = SSL_new(ctx);\n SSL_set_connect_state(ssl);\n\n SSL_set_tlsext_host_name(ssl, hostname);\n\n SSL_set_fd(ssl, sock);\n \n int buffer_size = 4096;\n char *buffer = (char *)malloc(buffer_size);\n\n\n if (SSL_connect(ssl) <= 0)\n {\n ERR_print_errors_fp(stderr);\n }\n else\n {\n //printf(\"Connected with %s encryption\\n\", SSL_get_cipher(ssl));\n size_t len = strlen(data);\n char *request = (char *)malloc(len + 4096);\n request[0] = 0;\n \n sprintf(request,\n \"POST %s HTTP/1.1\\r\\n\"\n \"Content-Length: %ld\\r\\n\"\n \"Content-Type: application/json\\r\\n\"\n \"Host: api.openai.com\\r\\n\"\n \"Authorization: Bearer %s\\r\\n\"\n \"Connection: close\\r\\n\\r\\n%s\",\n url, len, api_key, data);\n \n SSL_write(ssl, request, strlen(request));\n free(request);\n \n \n int bytes;\n int bytes_total = 0;\n while ((bytes = SSL_read(ssl, buffer + bytes_total, buffer_size - 1)) > 0)\n {\n if (bytes <= 0)\n {\n break;\n }\n bytes_total += bytes;\n buffer = realloc(buffer, bytes_total + buffer_size);\n buffer[bytes_total] = '\\0';\n }\n buffer[bytes_total] = '\\0';\n }\n\n SSL_free(ssl);\n close(sock);\n SSL_CTX_free(ctx);\n cleanup_openssl();\n\n return buffer;\n}\n\nchar *http_get(const char *hostname, char *url)\n{\n init_openssl();\n int port = 443;\n\n SSL_CTX *ctx = create_context();\n\n int sock = create_socket(hostname, port);\n\n SSL *ssl = SSL_new(ctx);\n SSL_set_connect_state(ssl);\n\n SSL_set_tlsext_host_name(ssl, hostname);\n\n SSL_set_fd(ssl, sock);\n\n int buffer_size = 4096;\n char *buffer = (char *)malloc(buffer_size * sizeof(char));\n\n if (SSL_connect(ssl) <= 0)\n {\n ERR_print_errors_fp(stderr);\n }\n else\n {\n //printf(\"Connected with %s encryption\\n\", SSL_get_cipher(ssl));\n\n char reque
"review": "# 6\n\n## Bugs\n- **Memory Leak**: The `buffer` variable is dynamically allocated memory in both `http_post` and `http_get` but is never freed.\n- **Use of Deprecated Function**: `EVP_cleanup()` is deprecated in OpenSSL 1.1.0 and should not be used.\n- **Potential Security Risk**: `gethostbyname()` is obsolete and may be unsafe; consider using `getaddrinfo()` instead.\n- **Error Handling**: Error messages from `SSL_read()` and `SSL_write()` are not fully managed; they should handle all negative return values properly, not just zero.\n\n## Optimizations\n- Reuse the SSL context and socket code by creating utility functions to avoid redundancy between `http_post` and `http_get`.\n- Error message functions and SSL context setup can be extracted into separate utility functions to reduce code duplication.\n- The buffer resizing logic can be optimized to avoid frequent reallocations by increasing the buffer size exponentially instead of linearly when limits are approached.\n\n## Good points\n- Uses `json-c` library which simplifies JSON data manipulation.\n- Appropriate use of OpenSSL for secure communication.\n- Includes comprehensive basic includes for socket and SSL handling.\n- The code structure is organized into functions for clarity.\n\n## Summary\nThe code provides HTTP communication functions over SSL/TLS. It features both POST and GET requests and includes basics such as initialization and cleanup of OpenSSL. However, there are issues related to deprecated functions, inefficient error handling, memory management, and certain parts of the code are repeated unnecessarily. Addressing these concerns will improve efficiency and security, and make the code cleaner and more maintainable.\n\n## Open source alternatives\n- **cURL**: A robust tool for sending and receiving data with URL syntax; provides extensive features for HTTP requests.\n- **libcurl**: The library version of cURL, which can be used within applications to leverage cURL's capabilities.\n- **neon**: An HTTP and WebDAV client library with a high-level interface wrapped around the lower-level Libxml and OpenSSL.",
"filename": "http.h",
"path": "http.h",
"directory": "",
"grade": 6,
"size": 4668,
"line_count": 210
}