activesupport 5.0.7.2 → 5.1.7

data/lib/active_support/inflector/transliterate.rb

@@ -1,9 +1,8 @@
-require 'active_support/core_ext/string/multibyte'
-require 'active_support/i18n'
+require "active_support/core_ext/string/multibyte"
+require "active_support/i18n"
 
 module ActiveSupport
   module Inflector
-
     # Replaces non-ASCII characters with an ASCII approximation, or if none
     # exists, a replacement character which defaults to "?".
     #
@@ -58,9 +57,11 @@ module ActiveSupport
     #   transliterate('Jürgen')
     #   # => "Juergen"
     def transliterate(string, replacement = "?".freeze)
+      raise ArgumentError, "Can only transliterate strings. Received #{string.class.name}" unless string.is_a?(String)
+
       I18n.transliterate(ActiveSupport::Multibyte::Unicode.normalize(
         ActiveSupport::Multibyte::Unicode.tidy_bytes(string), :c),
-          :replacement => replacement)
+          replacement: replacement)
     end
 
     # Replaces special characters in a string so that it may be used as part of
@@ -79,11 +80,7 @@ module ActiveSupport
     #   parameterize("Donald E. Knuth", preserve_case: true) # => "Donald-E-Knuth"
     #   parameterize("^trés|Jolie-- ", preserve_case: true) # => "tres-Jolie"
     #
-    def parameterize(string, sep = :unused, separator: '-', preserve_case: false)
-      unless sep == :unused
-        ActiveSupport::Deprecation.warn("Passing the separator argument as a positional parameter is deprecated and will soon be removed. Use `separator: '#{sep}'` instead.")
-        separator = sep
-      end
+    def parameterize(string, separator: "-", preserve_case: false)
       # Replace accented chars with their ASCII equivalents.
       parameterized_string = transliterate(string)
 
@@ -102,9 +99,9 @@ module ActiveSupport
         # No more than one of the separator in a row.
         parameterized_string.gsub!(re_duplicate_separator, separator)
         # Remove leading/trailing separator.
-        parameterized_string.gsub!(re_leading_trailing_separator, ''.freeze)
+        parameterized_string.gsub!(re_leading_trailing_separator, "".freeze)
       end
-      
+
       parameterized_string.downcase! unless preserve_case
       parameterized_string
     end

data/lib/active_support/json.rb

@@ -1,2 +1,2 @@
-require 'active_support/json/decoding'
-require 'active_support/json/encoding'
+require "active_support/json/decoding"
+require "active_support/json/encoding"

data/lib/active_support/json/decoding.rb

@@ -1,6 +1,6 @@
-require 'active_support/core_ext/module/attribute_accessors'
-require 'active_support/core_ext/module/delegation'
-require 'json'
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/core_ext/module/delegation"
+require "json"
 
 module ActiveSupport
   # Look for and parse json strings that look like ISO 8601 times.

data/lib/active_support/json/encoding.rb

@@ -1,5 +1,5 @@
-require 'active_support/core_ext/object/json'
-require 'active_support/core_ext/module/delegation'
+require "active_support/core_ext/object/json"
+require "active_support/core_ext/module/delegation"
 
 module ActiveSupport
   class << self
@@ -7,7 +7,7 @@ module ActiveSupport
       :time_precision, :time_precision=,
       :escape_html_entities_in_json, :escape_html_entities_in_json=,
       :json_encoder, :json_encoder=,
-      :to => :'ActiveSupport::JSON::Encoding'
+      to: :'ActiveSupport::JSON::Encoding'
   end
 
   module JSON
@@ -40,9 +40,9 @@ module ActiveSupport
           ESCAPED_CHARS = {
             "\u2028" => '\u2028',
             "\u2029" => '\u2029',
-            '>'      => '\u003e',
-            '<'      => '\u003c',
-            '&'      => '\u0026',
+            ">"      => '\u003e',
+            "<"      => '\u003c',
+            "&"      => '\u0026',
             }
 
           ESCAPE_REGEX_WITH_HTML_ENTITIES = /[\u2028\u2029><&]/u
@@ -68,7 +68,8 @@ module ActiveSupport
             :ESCAPE_REGEX_WITHOUT_HTML_ENTITIES, :EscapedString
 
           # Convert an object into a "JSON-ready" representation composed of
-          # primitives like Hash, Array, String, Numeric, and true/false/nil.
+          # primitives like Hash, Array, String, Numeric,
+          # and +true+/+false+/+nil+.
           # Recursively calls #as_json to the object to recursively build a
           # fully JSON-ready object.
           #

data/lib/active_support/key_generator.rb

@@ -1,5 +1,5 @@
-require 'concurrent/map'
-require 'openssl'
+require "concurrent/map"
+require "openssl"
 
 module ActiveSupport
   # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2.
@@ -17,7 +17,7 @@ module ActiveSupport
     # Returns a derived key suitable for use.  The default key_size is chosen
     # to be compatible with the default settings of ActiveSupport::MessageVerifier.
     # i.e. OpenSSL::Digest::SHA1#block_length
-    def generate_key(salt, key_size=64)
+    def generate_key(salt, key_size = 64)
       OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
     end
   end
@@ -51,21 +51,21 @@ module ActiveSupport
 
     private
 
-    # To prevent users from using something insecure like "Password" we make sure that the
-    # secret they've provided is at least 30 characters in length.
-    def ensure_secret_secure(secret)
-      if secret.blank?
-        raise ArgumentError, "A secret is required to generate an integrity hash " \
-          "for cookie session data. Set a secret_key_base of at least " \
-          "#{SECRET_MIN_LENGTH} characters in config/secrets.yml."
-      end
+      # To prevent users from using something insecure like "Password" we make sure that the
+      # secret they've provided is at least 30 characters in length.
+      def ensure_secret_secure(secret)
+        if secret.blank?
+          raise ArgumentError, "A secret is required to generate an integrity hash " \
+            "for cookie session data. Set a secret_key_base of at least " \
+            "#{SECRET_MIN_LENGTH} characters in config/secrets.yml."
+        end
 
-      if secret.length < SECRET_MIN_LENGTH
-        raise ArgumentError, "Secret should be something secure, " \
-          "like \"#{SecureRandom.hex(16)}\". The value you " \
-          "provided, \"#{secret}\", is shorter than the minimum length " \
-          "of #{SECRET_MIN_LENGTH} characters."
+        if secret.length < SECRET_MIN_LENGTH
+          raise ArgumentError, "Secret should be something secure, " \
+            "like \"#{SecureRandom.hex(16)}\". The value you " \
+            "provided, \"#{secret}\", is shorter than the minimum length " \
+            "of #{SECRET_MIN_LENGTH} characters."
+        end
       end
-    end
   end
 end

data/lib/active_support/lazy_load_hooks.rb

@@ -15,9 +15,9 @@ module ActiveSupport
   #     end
   #   end
   #
-  # When the entirety of +activerecord/lib/active_record/base.rb+ has been
+  # When the entirety of +ActiveRecord::Base+ has been
   # evaluated then +run_load_hooks+ is invoked. The very last line of
-  # +activerecord/lib/active_record/base.rb+ is:
+  # +ActiveRecord::Base+ is:
   #
   #   ActiveSupport.run_load_hooks(:active_record, ActiveRecord::Base)
   module LazyLoadHooks

data/lib/active_support/log_subscriber.rb

@@ -1,6 +1,6 @@
-require 'active_support/core_ext/module/attribute_accessors'
-require 'active_support/core_ext/class/attribute'
-require 'active_support/subscriber'
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/core_ext/class/attribute"
+require "active_support/subscriber"
 
 module ActiveSupport
   # ActiveSupport::LogSubscriber is an object set to consume
@@ -81,11 +81,13 @@ module ActiveSupport
 
     def finish(name, id, payload)
       super if logger
-    rescue Exception => e
-      logger.error "Could not log #{name.inspect} event. #{e.class}: #{e.message} #{e.backtrace}"
+    rescue => e
+      if logger
+        logger.error "Could not log #{name.inspect} event. #{e.class}: #{e.message} #{e.backtrace}"
+      end
     end
 
-  protected
+  private
 
     %w(info debug warn error fatal unknown).each do |level|
       class_eval <<-METHOD, __FILE__, __LINE__ + 1
@@ -99,7 +101,7 @@ module ActiveSupport
     # option is set to +true+, it also adds bold to the string. This is based
     # on the Highline implementation and will automatically append CLEAR to the
     # end of the returned String.
-    def color(text, color, bold=false)
+    def color(text, color, bold = false) # :doc:
       return text unless colorize_logging
       color = self.class.const_get(color.upcase) if color.is_a?(Symbol)
       bold  = bold ? BOLD : ""

data/lib/active_support/log_subscriber/test_helper.rb

@@ -1,6 +1,6 @@
-require 'active_support/log_subscriber'
-require 'active_support/logger'
-require 'active_support/notifications'
+require "active_support/log_subscriber"
+require "active_support/logger"
+require "active_support/notifications"
 
 module ActiveSupport
   class LogSubscriber
@@ -58,15 +58,15 @@ module ActiveSupport
         def initialize(level = DEBUG)
           @flush_count = 0
           @level = level
-          @logged = Hash.new { |h,k| h[k] = [] }
+          @logged = Hash.new { |h, k| h[k] = [] }
         end
 
         def method_missing(level, message = nil)
-           if block_given?
-             @logged[level] << yield
-           else
-             @logged[level] << message
-           end
+          if block_given?
+            @logged[level] << yield
+          else
+            @logged[level] << message
+          end
         end
 
         def logged(level)

data/lib/active_support/logger.rb

@@ -1,6 +1,6 @@
-require 'active_support/logger_silence'
-require 'active_support/logger_thread_safe_level'
-require 'logger'
+require "active_support/logger_silence"
+require "active_support/logger_thread_safe_level"
+require "logger"
 
 module ActiveSupport
   class Logger < ::Logger

data/lib/active_support/logger_silence.rb

@@ -1,6 +1,6 @@
-require 'active_support/concern'
-require 'active_support/core_ext/module/attribute_accessors'
-require 'concurrent'
+require "active_support/concern"
+require "active_support/core_ext/module/attribute_accessors"
+require "concurrent"
 
 module LoggerSilence
   extend ActiveSupport::Concern

data/lib/active_support/logger_thread_safe_level.rb

@@ -1,4 +1,4 @@
-require 'active_support/concern'
+require "active_support/concern"
 
 module ActiveSupport
   module LoggerThreadSafeLevel # :nodoc:

data/lib/active_support/message_encryptor.rb

@@ -1,6 +1,7 @@
-require 'openssl'
-require 'base64'
-require 'active_support/core_ext/array/extract_options'
+require "openssl"
+require "base64"
+require "active_support/core_ext/array/extract_options"
+require "active_support/message_verifier"
 
 module ActiveSupport
   # MessageEncryptor is a simple way to encrypt values which get stored
@@ -30,6 +31,16 @@ module ActiveSupport
       end
     end
 
+    module NullVerifier #:nodoc:
+      def self.verify(value)
+        value
+      end
+
+      def self.generate(value)
+        value
+      end
+    end
+
     class InvalidMessage < StandardError; end
     OpenSSLCipherError = OpenSSL::Cipher::CipherError
 
@@ -39,18 +50,25 @@ module ActiveSupport
     # key by using <tt>ActiveSupport::KeyGenerator</tt> or a similar key
     # derivation function.
     #
+    # First additional parameter is used as the signature key for +MessageVerifier+.
+    # This allows you to specify keys to encrypt and sign data.
+    #
+    #    ActiveSupport::MessageEncryptor.new('secret', 'signature_secret')
+    #
     # Options:
     # * <tt>:cipher</tt>     - Cipher to use. Can be any cipher returned by
     #   <tt>OpenSSL::Cipher.ciphers</tt>. Default is 'aes-256-cbc'.
-    # * <tt>:digest</tt> - String of digest to use for signing. Default is +SHA1+.
+    # * <tt>:digest</tt> - String of digest to use for signing. Default is
+    #   +SHA1+. Ignored when using an AEAD cipher like 'aes-256-gcm'.
     # * <tt>:serializer</tt> - Object serializer to use. Default is +Marshal+.
     def initialize(secret, *signature_key_or_options)
       options = signature_key_or_options.extract_options!
       sign_secret = signature_key_or_options.first
       @secret = secret
       @sign_secret = sign_secret
-      @cipher = options[:cipher] || 'aes-256-cbc'
-      @verifier = MessageVerifier.new(@sign_secret || @secret, digest: options[:digest] || 'SHA1', serializer: NullSerializer)
+      @cipher = options[:cipher] || DEFAULT_CIPHER
+      @digest = options[:digest] || "SHA1" unless aead_mode?
+      @verifier = resolve_verifier
       @serializer = options[:serializer] || Marshal
     end
 
@@ -73,42 +91,66 @@ module ActiveSupport
 
     private
 
-    def _encrypt(value)
-      cipher = new_cipher
-      cipher.encrypt
-      cipher.key = @secret
-
-      # Rely on OpenSSL for the initialization vector
-      iv = cipher.random_iv
+      def _encrypt(value)
+        cipher = new_cipher
+        cipher.encrypt
+        cipher.key = @secret
 
-      encrypted_data = cipher.update(@serializer.dump(value))
-      encrypted_data << cipher.final
+        # Rely on OpenSSL for the initialization vector
+        iv = cipher.random_iv
+        cipher.auth_data = "" if aead_mode?
 
-      "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
-    end
+        encrypted_data = cipher.update(@serializer.dump(value))
+        encrypted_data << cipher.final
 
-    def _decrypt(encrypted_message)
-      cipher = new_cipher
-      encrypted_data, iv = encrypted_message.split("--".freeze).map {|v| ::Base64.strict_decode64(v)}
+        blob = "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
+        blob << "--#{::Base64.strict_encode64 cipher.auth_tag}" if aead_mode?
+        blob
+      end
 
-      cipher.decrypt
-      cipher.key = @secret
-      cipher.iv  = iv
+      def _decrypt(encrypted_message)
+        cipher = new_cipher
+        encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map { |v| ::Base64.strict_decode64(v) }
+
+        # Currently the OpenSSL bindings do not raise an error if auth_tag is
+        # truncated, which would allow an attacker to easily forge it. See
+        # https://github.com/ruby/openssl/issues/63
+        raise InvalidMessage if aead_mode? && (auth_tag.nil? || auth_tag.bytes.length != 16)
+
+        cipher.decrypt
+        cipher.key = @secret
+        cipher.iv  = iv
+        if aead_mode?
+          cipher.auth_tag = auth_tag
+          cipher.auth_data = ""
+        end
+
+        decrypted_data = cipher.update(encrypted_data)
+        decrypted_data << cipher.final
+
+        @serializer.load(decrypted_data)
+      rescue OpenSSLCipherError, TypeError, ArgumentError
+        raise InvalidMessage
+      end
 
-      decrypted_data = cipher.update(encrypted_data)
-      decrypted_data << cipher.final
+      def new_cipher
+        OpenSSL::Cipher.new(@cipher)
+      end
 
-      @serializer.load(decrypted_data)
-    rescue OpenSSLCipherError, TypeError, ArgumentError
-      raise InvalidMessage
-    end
+      def verifier
+        @verifier
+      end
 
-    def new_cipher
-      OpenSSL::Cipher.new(@cipher)
-    end
+      def aead_mode?
+        @aead_mode ||= new_cipher.authenticated?
+      end
 
-    def verifier
-      @verifier
-    end
+      def resolve_verifier
+        if aead_mode?
+          NullVerifier
+        else
+          MessageVerifier.new(@sign_secret || @secret, digest: @digest, serializer: NullSerializer)
+        end
+      end
   end
 end

data/lib/active_support/message_verifier.rb

@@ -1,6 +1,6 @@
-require 'base64'
-require 'active_support/core_ext/object/blank'
-require 'active_support/security_utils'
+require "base64"
+require "active_support/core_ext/object/blank"
+require "active_support/security_utils"
 
 module ActiveSupport
   # +MessageVerifier+ makes it easy to generate and verify messages which are
@@ -34,9 +34,9 @@ module ActiveSupport
     class InvalidSignature < StandardError; end
 
     def initialize(secret, options = {})
-      raise ArgumentError, 'Secret should not be nil.' unless secret
+      raise ArgumentError, "Secret should not be nil." unless secret
       @secret = secret
-      @digest = options[:digest] || 'SHA1'
+      @digest = options[:digest] || "SHA1"
       @serializer = options[:serializer] || Marshal
     end
 
@@ -83,7 +83,7 @@ module ActiveSupport
           data = signed_message.split("--".freeze)[0]
           @serializer.load(decode(data))
         rescue ArgumentError => argument_error
-          return if argument_error.message =~ %r{invalid base64}
+          return if argument_error.message.include?("invalid base64")
           raise
         end
       end
@@ -127,7 +127,7 @@ module ActiveSupport
       end
 
       def generate_digest(data)
-        require 'openssl' unless defined?(OpenSSL)
+        require "openssl" unless defined?(OpenSSL)
         OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data)
       end
   end