activesupport 5.1.7 → 7.0.4.1

data/lib/active_support/parameter_filter.rb

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/object/duplicable"
+
+module ActiveSupport
+  # +ParameterFilter+ allows you to specify keys for sensitive data from
+  # hash-like object and replace corresponding value. Filtering only certain
+  # sub-keys from a hash is possible by using the dot notation:
+  # 'credit_card.number'. If a proc is given, each key and value of a hash and
+  # all sub-hashes are passed to it, where the value or the key can be replaced
+  # using String#replace or similar methods.
+  #
+  #   ActiveSupport::ParameterFilter.new([:password])
+  #   => replaces the value to all keys matching /password/i with "[FILTERED]"
+  #
+  #   ActiveSupport::ParameterFilter.new([:foo, "bar"])
+  #   => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
+  #
+  #   ActiveSupport::ParameterFilter.new([/\Apin\z/i, /\Apin_/i])
+  #   => replaces the value for the exact (case-insensitive) key 'pin' and all
+  #   (case-insensitive) keys beginning with 'pin_', with "[FILTERED]".
+  #   Does not match keys with 'pin' as a substring, such as 'shipping_id'.
+  #
+  #   ActiveSupport::ParameterFilter.new(["credit_card.code"])
+  #   => replaces { credit_card: {code: "xxxx"} } with "[FILTERED]", does not
+  #   change { file: { code: "xxxx"} }
+  #
+  #   ActiveSupport::ParameterFilter.new([-> (k, v) do
+  #     v.reverse! if /secret/i.match?(k)
+  #   end])
+  #   => reverses the value to all keys matching /secret/i
+  class ParameterFilter
+    FILTERED = "[FILTERED]" # :nodoc:
+
+    # Create instance with given filters. Supported type of filters are +String+, +Regexp+, and +Proc+.
+    # Other types of filters are treated as +String+ using +to_s+.
+    # For +Proc+ filters, key, value, and optional original hash is passed to block arguments.
+    #
+    # ==== Options
+    #
+    # * <tt>:mask</tt> - A replaced object when filtered. Defaults to <tt>"[FILTERED]"</tt>.
+    def initialize(filters = [], mask: FILTERED)
+      @filters = filters
+      @mask = mask
+    end
+
+    # Mask value of +params+ if key matches one of filters.
+    def filter(params)
+      compiled_filter.call(params)
+    end
+
+    # Returns filtered value for given key. For +Proc+ filters, third block argument is not populated.
+    def filter_param(key, value)
+      @filters.empty? ? value : compiled_filter.value_for_key(key, value)
+    end
+
+  private
+    def compiled_filter
+      @compiled_filter ||= CompiledFilter.compile(@filters, mask: @mask)
+    end
+
+    class CompiledFilter # :nodoc:
+      def self.compile(filters, mask:)
+        return lambda { |params| params.dup } if filters.empty?
+
+        strings, regexps, blocks, deep_regexps, deep_strings = [], [], [], nil, nil
+
+        filters.each do |item|
+          case item
+          when Proc
+            blocks << item
+          when Regexp
+            if item.to_s.include?("\\.")
+              (deep_regexps ||= []) << item
+            else
+              regexps << item
+            end
+          else
+            s = Regexp.escape(item.to_s)
+            if s.include?("\\.")
+              (deep_strings ||= []) << s
+            else
+              strings << s
+            end
+          end
+        end
+
+        regexps << Regexp.new(strings.join("|"), true) unless strings.empty?
+        (deep_regexps ||= []) << Regexp.new(deep_strings.join("|"), true) if deep_strings&.any?
+
+        new regexps, deep_regexps, blocks, mask: mask
+      end
+
+      attr_reader :regexps, :deep_regexps, :blocks
+
+      def initialize(regexps, deep_regexps, blocks, mask:)
+        @regexps = regexps
+        @deep_regexps = deep_regexps&.any? ? deep_regexps : nil
+        @blocks = blocks
+        @mask = mask
+      end
+
+      def call(params, parents = [], original_params = params)
+        filtered_params = params.class.new
+
+        params.each do |key, value|
+          filtered_params[key] = value_for_key(key, value, parents, original_params)
+        end
+
+        filtered_params
+      end
+
+      def value_for_key(key, value, parents = [], original_params = nil)
+        parents.push(key) if deep_regexps
+        if regexps.any? { |r| r.match?(key.to_s) }
+          value = @mask
+        elsif deep_regexps && (joined = parents.join(".")) && deep_regexps.any? { |r| r.match?(joined) }
+          value = @mask
+        elsif value.is_a?(Hash)
+          value = call(value, parents, original_params)
+        elsif value.is_a?(Array)
+          # If we don't pop the current parent it will be duplicated as we
+          # process each array value.
+          parents.pop if deep_regexps
+          value = value.map { |v| value_for_key(key, v, parents, original_params) }
+          # Restore the parent stack after processing the array.
+          parents.push(key) if deep_regexps
+        elsif blocks.any?
+          key = key.dup if key.duplicable?
+          value = value.dup if value.duplicable?
+          blocks.each { |b| b.arity == 2 ? b.call(key, value) : b.call(key, value, original_params) }
+        end
+        parents.pop if deep_regexps
+        value
+      end
+    end
+  end
+end

data/lib/active_support/per_thread_registry.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/module/delegation"
 
 module ActiveSupport
@@ -38,7 +40,11 @@ module ActiveSupport
   # If the class has an initializer, it must accept no arguments.
   module PerThreadRegistry
     def self.extended(object)
-      object.instance_variable_set "@per_thread_registry_key", object.name.freeze
+      ActiveSupport::Deprecation.warn(<<~MSG)
+        ActiveSupport::PerThreadRegistry is deprecated and will be removed in Rails 7.1.
+        Use `Module#thread_mattr_accessor` instead.
+      MSG
+      object.instance_variable_set :@per_thread_registry_key, object.name.freeze
     end
 
     def instance
@@ -54,5 +60,6 @@ module ActiveSupport
 
         send(name, *args, &block)
       end
+      ruby2_keywords(:method_missing)
   end
 end

data/lib/active_support/proxy_object.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActiveSupport
   # A class with no predefined methods that behaves similarly to Builder's
   # BlankSlate. Used for proxy classes.

data/lib/active_support/rails.rb

@@ -1,4 +1,6 @@
-# This is private interface.
+# frozen_string_literal: true
+
+# This is a private interface.
 #
 # Rails components cherry pick from Active Support as needed, but there are a
 # few features that are used for sure in some way or another and it is not worth
@@ -11,9 +13,6 @@
 # Defines Object#blank? and Object#present?.
 require "active_support/core_ext/object/blank"
 
-# Rails own autoload, eager_load, etc.
-require "active_support/dependencies/autoload"
-
 # Support for ClassMethods and the included macro.
 require "active_support/concern"
 
@@ -25,9 +24,3 @@ require "active_support/core_ext/module/delegation"
 
 # Defines ActiveSupport::Deprecation.
 require "active_support/deprecation"
-
-# Defines Regexp#match?.
-#
-# This should be removed when Rails needs Ruby 2.4 or later, and the require
-# added where other Regexp extensions are being used (easy to grep).
-require "active_support/core_ext/regexp"

data/lib/active_support/railtie.rb

@@ -1,15 +1,83 @@
+# frozen_string_literal: true
+
 require "active_support"
 require "active_support/i18n_railtie"
 
 module ActiveSupport
   class Railtie < Rails::Railtie # :nodoc:
     config.active_support = ActiveSupport::OrderedOptions.new
+    config.active_support.disable_to_s_conversion = false
 
     config.eager_load_namespaces << ActiveSupport
 
+    initializer "active_support.isolation_level" do |app|
+      config.after_initialize do
+        if level = app.config.active_support.delete(:isolation_level)
+          ActiveSupport::IsolatedExecutionState.isolation_level = level
+        end
+      end
+    end
+
+    initializer "active_support.remove_deprecated_time_with_zone_name" do |app|
+      config.after_initialize do
+        if app.config.active_support.remove_deprecated_time_with_zone_name
+          require "active_support/time_with_zone"
+          TimeWithZone.singleton_class.remove_method(:name)
+        end
+      end
+    end
+
+    initializer "active_support.set_authenticated_message_encryption" do |app|
+      config.after_initialize do
+        unless app.config.active_support.use_authenticated_message_encryption.nil?
+          ActiveSupport::MessageEncryptor.use_authenticated_message_encryption =
+            app.config.active_support.use_authenticated_message_encryption
+        end
+      end
+    end
+
+    initializer "active_support.reset_execution_context" do |app|
+      app.reloader.before_class_unload { ActiveSupport::ExecutionContext.clear }
+      app.executor.to_run              { ActiveSupport::ExecutionContext.clear }
+      app.executor.to_complete         { ActiveSupport::ExecutionContext.clear }
+    end
+
+    initializer "active_support.reset_all_current_attributes_instances" do |app|
+      app.reloader.before_class_unload { ActiveSupport::CurrentAttributes.clear_all }
+      app.executor.to_run              { ActiveSupport::CurrentAttributes.reset_all }
+      app.executor.to_complete         { ActiveSupport::CurrentAttributes.reset_all }
+
+      ActiveSupport.on_load(:active_support_test_case) do
+        if app.config.active_support.executor_around_test_case
+          require "active_support/executor/test_helper"
+          include ActiveSupport::Executor::TestHelper
+        else
+          require "active_support/current_attributes/test_helper"
+          include ActiveSupport::CurrentAttributes::TestHelper
+
+          require "active_support/execution_context/test_helper"
+          include ActiveSupport::ExecutionContext::TestHelper
+        end
+      end
+    end
+
     initializer "active_support.deprecation_behavior" do |app|
-      if deprecation = app.config.active_support.deprecation
-        ActiveSupport::Deprecation.behavior = deprecation
+      if app.config.active_support.report_deprecations == false
+        ActiveSupport::Deprecation.silenced = true
+        ActiveSupport::Deprecation.behavior = :silence
+        ActiveSupport::Deprecation.disallowed_behavior = :silence
+      else
+        if deprecation = app.config.active_support.deprecation
+          ActiveSupport::Deprecation.behavior = deprecation
+        end
+
+        if disallowed_deprecation = app.config.active_support.disallowed_deprecation
+          ActiveSupport::Deprecation.disallowed_behavior = disallowed_deprecation
+        end
+
+        if disallowed_warnings = app.config.active_support.disallowed_deprecation_warnings
+          ActiveSupport::Deprecation.disallowed_warnings = disallowed_warnings
+        end
       end
     end
 
@@ -22,14 +90,7 @@ module ActiveSupport
         raise e.exception "tzinfo-data is not present. Please add gem 'tzinfo-data' to your Gemfile and run bundle install"
       end
       require "active_support/core_ext/time/zones"
-      zone_default = Time.find_zone!(app.config.time_zone)
-
-      unless zone_default
-        raise "Value assigned to config.time_zone not recognized. " \
-          'Run "rake time:zones:all" for a time zone names list.'
-      end
-
-      Time.zone_default = zone_default
+      Time.zone_default = Time.find_zone!(app.config.time_zone)
     end
 
     # Sets the default week start
@@ -41,10 +102,50 @@ module ActiveSupport
       Date.beginning_of_week_default = beginning_of_week_default
     end
 
+    initializer "active_support.require_master_key" do |app|
+      if app.config.respond_to?(:require_master_key) && app.config.require_master_key
+        begin
+          app.credentials.key
+        rescue ActiveSupport::EncryptedFile::MissingKeyError => error
+          $stderr.puts error.message
+          exit 1
+        end
+      end
+    end
+
+    initializer "active_support.set_error_reporter" do |app|
+      ActiveSupport.error_reporter = app.executor.error_reporter
+    end
+
     initializer "active_support.set_configs" do |app|
       app.config.active_support.each do |k, v|
         k = "#{k}="
-        ActiveSupport.send(k, v) if ActiveSupport.respond_to? k
+        ActiveSupport.public_send(k, v) if ActiveSupport.respond_to? k
+      end
+    end
+
+    initializer "active_support.set_hash_digest_class" do |app|
+      config.after_initialize do
+        if klass = app.config.active_support.hash_digest_class
+          ActiveSupport::Digest.hash_digest_class = klass
+        end
+      end
+    end
+
+    initializer "active_support.set_key_generator_hash_digest_class" do |app|
+      config.after_initialize do
+        if klass = app.config.active_support.key_generator_hash_digest_class
+          ActiveSupport::KeyGenerator.hash_digest_class = klass
+        end
+      end
+    end
+
+    initializer "active_support.set_rfc4122_namespaced_uuids" do |app|
+      config.after_initialize do
+        if app.config.active_support.use_rfc4122_namespaced_uuids
+          require "active_support/core_ext/digest"
+          ::Digest::UUID.use_rfc4122_namespaced_uuids = app.config.active_support.use_rfc4122_namespaced_uuids
+        end
       end
     end
   end

data/lib/active_support/reloader.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require "active_support/execution_wrapper"
+require "active_support/executor"
 
 module ActiveSupport
   #--
@@ -26,14 +29,17 @@ module ActiveSupport
 
     define_callbacks :class_unload
 
+    # Registers a callback that will run once at application startup and every time the code is reloaded.
     def self.to_prepare(*args, &block)
       set_callback(:prepare, *args, &block)
     end
 
+    # Registers a callback that will run immediately before the classes are unloaded.
     def self.before_class_unload(*args, &block)
       set_callback(:class_unload, *args, &block)
     end
 
+    # Registers a callback that will run immediately after the classes are unloaded.
     def self.after_class_unload(*args, &block)
       set_callback(:class_unload, :after, *args, &block)
     end
@@ -44,17 +50,15 @@ module ActiveSupport
     def self.reload!
       executor.wrap do
         new.tap do |instance|
-          begin
-            instance.run!
-          ensure
-            instance.complete!
-          end
+          instance.run!
+        ensure
+          instance.complete!
         end
       end
       prepare!
     end
 
-    def self.run! # :nodoc:
+    def self.run!(reset: false) # :nodoc:
       if check!
         super
       else
@@ -69,11 +73,8 @@ module ActiveSupport
       end
     end
 
-    class_attribute :executor
-    class_attribute :check
-
-    self.executor = Executor
-    self.check = lambda { false }
+    class_attribute :executor, default: Executor
+    class_attribute :check, default: lambda { false }
 
     def self.check! # :nodoc:
       @should_reload ||= check.call

data/lib/active_support/rescuable.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/concern"
 require "active_support/core_ext/class/attribute"
 require "active_support/core_ext/string/inflections"
@@ -8,17 +10,16 @@ module ActiveSupport
     extend Concern
 
     included do
-      class_attribute :rescue_handlers
-      self.rescue_handlers = []
+      class_attribute :rescue_handlers, default: []
     end
 
     module ClassMethods
-      # Rescue exceptions raised in controller actions.
+      # Registers exception classes with a handler to be called by <tt>rescue_with_handler</tt>.
       #
       # <tt>rescue_from</tt> receives a series of exception classes or class
-      # names, and a trailing <tt>:with</tt> option with the name of a method
-      # or a Proc object to be called to handle them. Alternatively a block can
-      # be given.
+      # names, and an exception handler specified by a trailing <tt>:with</tt>
+      # option containing the name of a method or a Proc object. Alternatively, a block
+      # can be given as the handler.
       #
       # Handlers that take one argument will be called with the exception, so
       # that the exception can be inspected when dealing with it.
@@ -29,20 +30,20 @@ module ActiveSupport
       # any.
       #
       #   class ApplicationController < ActionController::Base
-      #     rescue_from User::NotAuthorized, with: :deny_access # self defined exception
-      #     rescue_from ActiveRecord::RecordInvalid, with: :show_errors
+      #     rescue_from User::NotAuthorized, with: :deny_access
+      #     rescue_from ActiveRecord::RecordInvalid, with: :show_record_errors
       #
-      #     rescue_from 'MyAppError::Base' do |exception|
-      #       render xml: exception, status: 500
+      #     rescue_from "MyApp::BaseError" do |exception|
+      #       redirect_to root_url, alert: exception.message
       #     end
       #
       #     private
       #       def deny_access
-      #         ...
+      #         head :forbidden
       #       end
       #
-      #       def show_errors(exception)
-      #         exception.record.new_record? ? ...
+      #       def show_record_errors(exception)
+      #         redirect_back_or_to root_url, alert: exception.record.errors.full_messages.to_sentence
       #       end
       #   end
       #
@@ -73,12 +74,12 @@ module ActiveSupport
       # Matches an exception to a handler based on the exception class.
       #
       # If no handler matches the exception, check for a handler matching the
-      # (optional) exception.cause. If no handler matches the exception or its
+      # (optional) +exception.cause+. If no handler matches the exception or its
       # cause, this returns +nil+, so you can deal with unhandled exceptions.
       # Be sure to re-raise unhandled exceptions if this is what you expect.
       #
       #     begin
-      #       …
+      #       # ...
       #     rescue => exception
       #       rescue_with_handler(exception) || raise
       #     end
@@ -99,7 +100,7 @@ module ActiveSupport
         end
       end
 
-      def handler_for_rescue(exception, object: self) #:nodoc:
+      def handler_for_rescue(exception, object: self) # :nodoc:
         case rescuer = find_rescue_handler(exception)
         when Symbol
           method = object.method(rescuer)
@@ -159,14 +160,14 @@ module ActiveSupport
     end
 
     # Delegates to the class method, but uses the instance as the subject for
-    # rescue_from handlers (method calls, instance_exec blocks).
+    # rescue_from handlers (method calls, +instance_exec+ blocks).
     def rescue_with_handler(exception)
       self.class.rescue_with_handler exception, object: self
     end
 
     # Internal handler lookup. Delegates to class method. Some libraries call
     # this directly, so keeping it around for compatibility.
-    def handler_for_rescue(exception) #:nodoc:
+    def handler_for_rescue(exception) # :nodoc:
       self.class.handler_for_rescue exception, object: self
     end
   end

data/lib/active_support/ruby_features.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ActiveSupport
+  module RubyFeatures # :nodoc:
+    CLASS_SUBCLASSES = Class.method_defined?(:subclasses) # RUBY_VERSION >= "3.1"
+  end
+end

data/lib/active_support/secure_compare_rotator.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require "active_support/security_utils"
+require "active_support/messages/rotator"
+
+module ActiveSupport
+  # The ActiveSupport::SecureCompareRotator is a wrapper around ActiveSupport::SecurityUtils.secure_compare
+  # and allows you to rotate a previously defined value to a new one.
+  #
+  # It can be used as follow:
+  #
+  #   rotator = ActiveSupport::SecureCompareRotator.new('new_production_value')
+  #   rotator.rotate('previous_production_value')
+  #   rotator.secure_compare!('previous_production_value')
+  #
+  # One real use case example would be to rotate a basic auth credentials:
+  #
+  #   class MyController < ApplicationController
+  #     def authenticate_request
+  #       rotator = ActiveSupport::SecureCompareRotator.new('new_password')
+  #       rotator.rotate('old_password')
+  #
+  #       authenticate_or_request_with_http_basic do |username, password|
+  #         rotator.secure_compare!(password)
+  #       rescue ActiveSupport::SecureCompareRotator::InvalidMatch
+  #         false
+  #       end
+  #     end
+  #   end
+  class SecureCompareRotator
+    include SecurityUtils
+    prepend Messages::Rotator
+
+    InvalidMatch = Class.new(StandardError)
+
+    def initialize(value, **_options)
+      @value = value
+    end
+
+    def secure_compare!(other_value, on_rotation: @on_rotation)
+      secure_compare(@value, other_value) ||
+        run_rotations(on_rotation) { |wrapper| wrapper.secure_compare!(other_value) } ||
+        raise(InvalidMatch)
+    end
+
+    private
+      def build_rotation(previous_value, _options)
+        self.class.new(previous_value)
+      end
+  end
+end

data/lib/active_support/security_utils.rb

@@ -1,27 +1,38 @@
-require "digest"
+# frozen_string_literal: true
 
 module ActiveSupport
   module SecurityUtils
-    # Constant time string comparison.
+    # Constant time string comparison, for fixed length strings.
     #
     # The values compared should be of fixed length, such as strings
-    # that have already been processed by HMAC. This should not be used
-    # on variable length plaintext strings because it could leak length info
-    # via timing attacks.
-    def secure_compare(a, b)
-      return false unless a.bytesize == b.bytesize
+    # that have already been processed by HMAC. Raises in case of length mismatch.
+
+    if defined?(OpenSSL.fixed_length_secure_compare)
+      def fixed_length_secure_compare(a, b)
+        OpenSSL.fixed_length_secure_compare(a, b)
+      end
+    else
+      def fixed_length_secure_compare(a, b)
+        raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
 
-      l = a.unpack "C#{a.bytesize}"
+        l = a.unpack "C#{a.bytesize}"
 
-      res = 0
-      b.each_byte { |byte| res |= byte ^ l.shift }
-      res == 0
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
+      end
     end
-    module_function :secure_compare
+    module_function :fixed_length_secure_compare
 
-    def variable_size_secure_compare(a, b) # :nodoc:
-      secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))
+    # Secure string comparison for strings of variable length.
+    #
+    # While a timing attack would not be able to discern the content of
+    # a secret compared via secure_compare, it is possible to determine
+    # the secret length. This should be considered when using secure_compare
+    # to compare weak, short secrets to user input.
+    def secure_compare(a, b)
+      a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
     end
-    module_function :variable_size_secure_compare
+    module_function :secure_compare
   end
 end

data/lib/active_support/string_inquirer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActiveSupport
   # Wrapping a string in this class gives you a prettier way to test
   # for equality. The value returned by <tt>Rails.env</tt> is wrapped
@@ -16,13 +18,12 @@ module ActiveSupport
   #   vehicle.bike?  # => false
   class StringInquirer < String
     private
-
       def respond_to_missing?(method_name, include_private = false)
-        (method_name[-1] == "?") || super
+        method_name.end_with?("?") || super
       end
 
       def method_missing(method_name, *arguments)
-        if method_name[-1] == "?"
+        if method_name.end_with?("?")
           self == method_name[0..-2]
         else
           super