actionpack 7.2.1 → 8.0.0.beta1

data/lib/action_dispatch/http/request.rb

@@ -55,6 +55,8 @@ module ActionDispatch
       METHOD
     end
 
+    TRANSFER_ENCODING = "HTTP_TRANSFER_ENCODING" # :nodoc:
+
     def self.empty
       new({})
     end
@@ -282,7 +284,7 @@ module ActionDispatch
 
     # Returns the content length of the request as an integer.
     def content_length
-      return raw_post.bytesize if headers.key?("Transfer-Encoding")
+      return raw_post.bytesize if has_header?(TRANSFER_ENCODING)
       super.to_i
     end
 
@@ -468,7 +470,7 @@ module ActionDispatch
       def read_body_stream
         if body_stream
           reset_stream(body_stream) do
-            if headers.key?("Transfer-Encoding")
+            if has_header?(TRANSFER_ENCODING)
               body_stream.read # Read body stream until EOF if "Transfer-Encoding" is present
             else
               body_stream.read(content_length)

data/lib/action_dispatch/journey/parser.rb

@@ -1,200 +1,103 @@
-#
-# DO NOT MODIFY!!!!
-# This file is automatically generated by Racc 1.4.16 from
-# Racc grammar file "".
+# frozen_string_literal: true
 
-# :markup: markdown
+require "action_dispatch/journey/scanner"
+require "action_dispatch/journey/nodes/node"
 
-require 'racc/parser.rb'
-
-# :stopdoc:
-
-require "action_dispatch/journey/parser_extras"
 module ActionDispatch
-  module Journey
-    class Parser < Racc::Parser
-##### State transition tables begin ###
-
-racc_action_table = [
-    13,    15,    14,     7,    19,    16,     8,    19,    13,    15,
-    14,     7,    17,    16,     8,    13,    15,    14,     7,    21,
-    16,     8,    13,    15,    14,     7,    24,    16,     8 ]
-
-racc_action_check = [
-     2,     2,     2,     2,    22,     2,     2,     2,    19,    19,
-    19,    19,     1,    19,    19,     7,     7,     7,     7,    17,
-     7,     7,     0,     0,     0,     0,    20,     0,     0 ]
-
-racc_action_pointer = [
-    20,    12,    -2,   nil,   nil,   nil,   nil,    13,   nil,   nil,
-   nil,   nil,   nil,   nil,   nil,   nil,   nil,    19,   nil,     6,
-    20,   nil,    -5,   nil,   nil ]
-
-racc_action_default = [
-   -19,   -19,    -2,    -3,    -4,    -5,    -6,   -19,   -10,   -11,
-   -12,   -13,   -14,   -15,   -16,   -17,   -18,   -19,    -1,   -19,
-   -19,    25,    -8,    -9,    -7 ]
-
-racc_goto_table = [
-     1,    22,    18,    23,   nil,   nil,   nil,    20 ]
-
-racc_goto_check = [
-     1,     2,     1,     3,   nil,   nil,   nil,     1 ]
-
-racc_goto_pointer = [
-   nil,     0,   -18,   -16,   nil,   nil,   nil,   nil,   nil,   nil,
-   nil ]
-
-racc_goto_default = [
-   nil,   nil,     2,     3,     4,     5,     6,     9,    10,    11,
-    12 ]
-
-racc_reduce_table = [
-  0, 0, :racc_error,
-  2, 11, :_reduce_1,
-  1, 11, :_reduce_2,
-  1, 11, :_reduce_none,
-  1, 12, :_reduce_none,
-  1, 12, :_reduce_none,
-  1, 12, :_reduce_none,
-  3, 15, :_reduce_7,
-  3, 13, :_reduce_8,
-  3, 13, :_reduce_9,
-  1, 16, :_reduce_10,
-  1, 14, :_reduce_none,
-  1, 14, :_reduce_none,
-  1, 14, :_reduce_none,
-  1, 14, :_reduce_none,
-  1, 19, :_reduce_15,
-  1, 17, :_reduce_16,
-  1, 18, :_reduce_17,
-  1, 20, :_reduce_18 ]
-
-racc_reduce_n = 19
-
-racc_shift_n = 25
-
-racc_token_table = {
-  false => 0,
-  :error => 1,
-  :SLASH => 2,
-  :LITERAL => 3,
-  :SYMBOL => 4,
-  :LPAREN => 5,
-  :RPAREN => 6,
-  :DOT => 7,
-  :STAR => 8,
-  :OR => 9 }
-
-racc_nt_base = 10
-
-racc_use_result_var = false
-
-Racc_arg = [
-  racc_action_table,
-  racc_action_check,
-  racc_action_default,
-  racc_action_pointer,
-  racc_goto_table,
-  racc_goto_check,
-  racc_goto_default,
-  racc_goto_pointer,
-  racc_nt_base,
-  racc_reduce_table,
-  racc_token_table,
-  racc_shift_n,
-  racc_reduce_n,
-  racc_use_result_var ]
-
-Racc_token_to_s_table = [
-  "$end",
-  "error",
-  "SLASH",
-  "LITERAL",
-  "SYMBOL",
-  "LPAREN",
-  "RPAREN",
-  "DOT",
-  "STAR",
-  "OR",
-  "$start",
-  "expressions",
-  "expression",
-  "or",
-  "terminal",
-  "group",
-  "star",
-  "symbol",
-  "literal",
-  "slash",
-  "dot" ]
-
-Racc_debug_parser = false
-
-##### State transition tables end #####
-
-# reduce 0 omitted
-
-def _reduce_1(val, _values)
- Cat.new(val.first, val.last)
-end
-
-def _reduce_2(val, _values)
- val.first
-end
-
-# reduce 3 omitted
-
-# reduce 4 omitted
-
-# reduce 5 omitted
-
-# reduce 6 omitted
-
-def _reduce_7(val, _values)
- Group.new(val[1])
-end
-
-def _reduce_8(val, _values)
- Or.new([val.first, val.last])
-end
-
-def _reduce_9(val, _values)
- Or.new([val.first, val.last])
-end
-
-def _reduce_10(val, _values)
- Star.new(Symbol.new(val.last, Symbol::GREEDY_EXP))
+  module Journey # :nodoc:
+    class Parser # :nodoc:
+      include Journey::Nodes
+
+      def self.parse(string)
+        new.parse string
+      end
+
+      def initialize
+        @scanner = Scanner.new
+        @next_token = nil
+      end
+
+      def parse(string)
+        @scanner.scan_setup(string)
+        advance_token
+        do_parse
+      end
+
+      private
+        def advance_token
+          @next_token = @scanner.next_token
+        end
+
+        def do_parse
+          parse_expressions
+        end
+
+        def parse_expressions
+          node = parse_expression
+
+          while @next_token
+            case @next_token
+            when :RPAREN
+              break
+            when :OR
+              node = parse_or(node)
+            else
+              node = Cat.new(node, parse_expressions)
+            end
+          end
+
+          node
+        end
+
+        def parse_or(lhs)
+          advance_token
+          node = parse_expression
+          Or.new([lhs, node])
+        end
+
+        def parse_expression
+          if @next_token == :STAR
+            parse_star
+          elsif @next_token == :LPAREN
+            parse_group
+          else
+            parse_terminal
+          end
+        end
+
+        def parse_star
+          node = Star.new(Symbol.new(@scanner.last_string, Symbol::GREEDY_EXP))
+          advance_token
+          node
+        end
+
+        def parse_group
+          advance_token
+          node = parse_expressions
+          if @next_token == :RPAREN
+            node = Group.new(node)
+            advance_token
+            node
+          else
+            raise ArgumentError, "missing right parenthesis."
+          end
+        end
+
+        def parse_terminal
+          node = case @next_token
+          when :SYMBOL
+            Symbol.new(@scanner.last_string)
+          when :LITERAL
+            Literal.new(@scanner.last_literal)
+          when :SLASH
+            Slash.new("/")
+          when :DOT
+            Dot.new(".")
+          end
+
+          advance_token
+          node
+        end
+    end
+  end
 end
-
-# reduce 11 omitted
-
-# reduce 12 omitted
-
-# reduce 13 omitted
-
-# reduce 14 omitted
-
-def _reduce_15(val, _values)
- Slash.new(val.first)
-end
-
-def _reduce_16(val, _values)
- Symbol.new(val.first)
-end
-
-def _reduce_17(val, _values)
- Literal.new(val.first)
-end
-
-def _reduce_18(val, _values)
- Dot.new(val.first)
-end
-
-def _reduce_none(val, _values)
-  val[0]
-end
-
-    end   # class Parser
-  end   # module Journey
-end   # module ActionDispatch

data/lib/action_dispatch/journey/scanner.rb

@@ -7,64 +7,62 @@ require "strscan"
 module ActionDispatch
   module Journey # :nodoc:
     class Scanner # :nodoc:
+      STATIC_TOKENS = Array.new(150)
+      STATIC_TOKENS[".".ord] = :DOT
+      STATIC_TOKENS["/".ord] = :SLASH
+      STATIC_TOKENS["(".ord] = :LPAREN
+      STATIC_TOKENS[")".ord] = :RPAREN
+      STATIC_TOKENS["|".ord] = :OR
+      STATIC_TOKENS[":".ord] = :SYMBOL
+      STATIC_TOKENS["*".ord] = :STAR
+      STATIC_TOKENS.freeze
+
+      class Scanner < StringScanner
+        unless method_defined?(:peek_byte) # https://github.com/ruby/strscan/pull/89
+          def peek_byte
+            string.getbyte(pos)
+          end
+        end
+      end
+
       def initialize
-        @ss = nil
+        @scanner = nil
+        @length = nil
       end
 
       def scan_setup(str)
-        @ss = StringScanner.new(str)
+        @scanner = Scanner.new(str)
       end
 
-      def eos?
-        @ss.eos?
-      end
+      def next_token
+        return if @scanner.eos?
 
-      def pos
-        @ss.pos
+        until token = scan || @scanner.eos?; end
+        token
       end
 
-      def pre_match
-        @ss.pre_match
+      def last_string
+        -@scanner.string.byteslice(@scanner.pos - @length, @length)
       end
 
-      def next_token
-        return if @ss.eos?
-
-        until token = scan || @ss.eos?; end
-        token
+      def last_literal
+        last_str = @scanner.string.byteslice(@scanner.pos - @length, @length)
+        last_str.tr! "\\", ""
+        -last_str
       end
 
       private
-        # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards see:
-        # https://bugs.ruby-lang.org/issues/13077
-        def dedup_scan(regex)
-          r = @ss.scan(regex)
-          r ? -r : nil
-        end
-
         def scan
+          next_byte = @scanner.peek_byte
           case
-            # /
-          when @ss.skip(/\//)
-            [:SLASH, "/"]
-          when @ss.skip(/\(/)
-            [:LPAREN, "("]
-          when @ss.skip(/\)/)
-            [:RPAREN, ")"]
-          when @ss.skip(/\|/)
-            [:OR, "|"]
-          when @ss.skip(/\./)
-            [:DOT, "."]
-          when text = dedup_scan(/:\w+/)
-            [:SYMBOL, text]
-          when text = dedup_scan(/\*\w+/)
-            [:STAR, text]
-          when text = @ss.scan(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
-            text.tr! "\\", ""
-            [:LITERAL, -text]
-            # any char
-          when text = dedup_scan(/./)
-            [:LITERAL, text]
+          when (token = STATIC_TOKENS[next_byte])
+            @scanner.pos += 1
+            @length = @scanner.skip(/\w+/).to_i + 1 if token == :SYMBOL || token == :STAR
+            token
+          when @length = @scanner.skip(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
+            :LITERAL
+          when @length = @scanner.skip(/./)
+            :LITERAL
           end
         end
     end

data/lib/action_dispatch/middleware/cookies.rb

@@ -116,13 +116,15 @@ module ActionDispatch
   #     cookies[:login] = { value: "XJ-122", expires: Time.utc(2020, 10, 15, 5) }
   #
   #     # Sets a signed cookie, which prevents users from tampering with its value.
-  #     # It can be read using the signed method `cookies.signed[:name]`
   #     cookies.signed[:user_id] = current_user.id
+  #     # It can be read using the signed method.
+  #     cookies.signed[:user_id] # => 123
   #
   #     # Sets an encrypted cookie value before sending it to the client which
   #     # prevent users from reading and tampering with its value.
-  #     # It can be read using the encrypted method `cookies.encrypted[:name]`
   #     cookies.encrypted[:discount] = 45
+  #     # It can be read using the encrypted method.
+  #     cookies.encrypted[:discount] # => 45
   #
   #     # Sets a "permanent" cookie (which expires in 20 years from now).
   #     cookies.permanent[:login] = "XJ-122"

data/lib/action_dispatch/middleware/debug_exceptions.rb

@@ -142,17 +142,30 @@ module ActionDispatch
 
         message = []
         message << "  "
-        message << "#{wrapper.exception_class_name} (#{wrapper.message}):"
         if wrapper.has_cause?
-          message << "\nCauses:"
+          message << "#{wrapper.exception_class_name} (#{wrapper.message})"
           wrapper.wrapped_causes.each do |wrapped_cause|
-            message << "#{wrapped_cause.exception_class_name} (#{wrapped_cause.message})"
+            message << "Caused by: #{wrapped_cause.exception_class_name} (#{wrapped_cause.message})"
           end
+
+          message << "\nInformation for: #{wrapper.exception_class_name} (#{wrapper.message}):"
+        else
+          message << "#{wrapper.exception_class_name} (#{wrapper.message}):"
         end
+
         message.concat(wrapper.annotated_source_code)
         message << "  "
         message.concat(trace)
 
+        if wrapper.has_cause?
+          wrapper.wrapped_causes.each do |wrapped_cause|
+            message << "\nInformation for cause: #{wrapped_cause.exception_class_name} (#{wrapped_cause.message}):"
+            message.concat(wrapped_cause.annotated_source_code)
+            message << "  "
+            message.concat(wrapped_cause.exception_trace)
+          end
+        end
+
         log_array(logger, message, request)
       end
 

data/lib/action_dispatch/middleware/remote_ip.rb

@@ -18,8 +18,8 @@ module ActionDispatch
   # 2616](https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2) requires.
   # Some Rack servers simply drop preceding headers, and only report the value
   # that was [given in the last
-  # header](https://andre.arko.net/2011/12/26/repeated-headers-and-ruby-web-server
-  # s). If you are behind multiple proxy servers (like NGINX to HAProxy to
+  # header](https://andre.arko.net/2011/12/26/repeated-headers-and-ruby-web-servers).
+  # If you are behind multiple proxy servers (like NGINX to HAProxy to
   # Unicorn) then you should test your Rack server to make sure your data is good.
   #
   # IF YOU DON'T USE A PROXY, THIS MAKES YOU VULNERABLE TO IP SPOOFING. This
@@ -117,10 +117,9 @@ module ActionDispatch
       # instead, so we check that too.
       #
       # As discussed in [this post about Rails IP
-      # Spoofing](https://web.archive.org/web/20170626095448/https://blog.gingerlime.c
-      # om/2012/rails-ip-spoofing-vulnerabilities-and-protection/), while the first IP
-      # in the list is likely to be the "originating" IP, it could also have been set
-      # by the client maliciously.
+      # Spoofing](https://web.archive.org/web/20170626095448/https://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/),
+      # while the first IP in the list is likely to be the "originating" IP, it
+      # could also have been set by the client maliciously.
       #
       # In order to find the first address that is (probably) accurate, we take the
       # list of IPs, remove known and trusted proxies, and then take the last address

data/lib/action_dispatch/middleware/request_id.rb

@@ -25,11 +25,12 @@ module ActionDispatch
     def initialize(app, header:)
       @app = app
       @header = header
+      @env_header = "HTTP_#{header.upcase.tr("-", "_")}"
     end
 
     def call(env)
       req = ActionDispatch::Request.new env
-      req.request_id = make_request_id(req.headers[@header])
+      req.request_id = make_request_id(req.get_header(@env_header))
       @app.call(env).tap { |_status, headers, _body| headers[@header] = req.request_id }
     end
 

data/lib/action_dispatch/middleware/ssl.rb

@@ -11,16 +11,26 @@ module ActionDispatch
   #
   # 1.  **TLS redirect**: Permanently redirects `http://` requests to `https://`
   #     with the same URL host, path, etc. Enabled by default. Set
-  #     `config.ssl_options` to modify the destination URL (e.g. `redirect: {
-  #     host: "secure.widgets.com", port: 8080 }`), or set `redirect: false` to
-  #     disable this feature.
+  #     `config.ssl_options` to modify the destination URL:
+  #
+  #         config.ssl_options = { redirect: { host: "secure.widgets.com", port: 8080 }`
+  #
+  #     Or set `redirect: false` to disable redirection.
   #
   #     Requests can opt-out of redirection with `exclude`:
   #
-  #         config.ssl_options = { redirect: { exclude: -> request { /healthcheck/.match?(request.path) } } }
+  #         config.ssl_options = { redirect: { exclude: -> request { request.path == "/up" } } }
   #
   #     Cookies will not be flagged as secure for excluded requests.
   #
+  #     When proxying through a load balancer that terminates SSL, the forwarded
+  #     request will appear as though it's HTTP instead of HTTPS to the application.
+  #     This makes redirects and cookie security target HTTP instead of HTTPS.
+  #     To make the server assume that the proxy already terminated SSL, and
+  #     that the request really is HTTPS, set `config.assume_ssl` to `true`:
+  #
+  #         config.assume_ssl = true
+  #
   # 2.  **Secure cookies**: Sets the `secure` flag on cookies to tell browsers
   #     they must not be sent along with `http://` requests. Enabled by default.
   #     Set `config.ssl_options` with `secure_cookies: false` to disable this

data/lib/action_dispatch/railtie.rb

@@ -29,6 +29,7 @@ module ActionDispatch
     config.action_dispatch.request_id_header = ActionDispatch::Constants::X_REQUEST_ID
     config.action_dispatch.log_rescued_responses = true
     config.action_dispatch.debug_exception_log_level = :fatal
+    config.action_dispatch.strict_freshness = false
 
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
@@ -69,6 +70,7 @@ module ActionDispatch
 
       ActionDispatch::Routing::Mapper.route_source_locations = Rails.env.development?
 
+      ActionDispatch::Http::Cache::Request.strict_freshness = app.config.action_dispatch.strict_freshness
       ActionDispatch.test_app = app
     end
   end

data/lib/action_dispatch/routing/inspector.rb

@@ -101,7 +101,7 @@ module ActionDispatch
             { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
           elsif filter[:grep]
             grep_pattern = Regexp.new(filter[:grep])
-            path = URI::DEFAULT_PARSER.escape(filter[:grep])
+            path = URI::RFC2396_PARSER.escape(filter[:grep])
             normalized_path = ("/" + path).squeeze("/")
 
             {