addressable 2.6.0 → 2.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: afa411655b3715e655e0cdca551d20df31b83491
-  data.tar.gz: 0cd2871c45abb19f6b6238ad202856e7afb8619d
+SHA256:
+  metadata.gz: 03a21b1eab156a16e90bd7963af85980edfbddc8f3dbe052766303dba76cc000
+  data.tar.gz: 03eca5d86f4c70f9320000f36e3cff4fd8023342a4e0ac855d0ef1ec89ee6183
 SHA512:
-  metadata.gz: 16274bd51d38c58b3712dbbdad1368417051937dbe33d74fa73951a39b71d824092c0ecd50005d467db9c914cc074fd0344282df2e23e1182c764b1a1da9750a
-  data.tar.gz: c53ff1d0e09a5e3d997a13a464d50c45fd7d548326f94d3ad40dc97753ce3a47aad4804a62faea48b89775394538982e70ac22d7488fab8ee6594b6816d8ff28
+  metadata.gz: d504f9475ad823f5bb077b9c039a2c91c83e52c20896247a7289b61725c61b1ddefe8ae06155fb018fc67087cf04276081b42105a18394b45e2374ad0b2fadb0
+  data.tar.gz: b81766fbcb9335d5ca94403b62d3b2a6fae31b66cd3c05f48e1885eaf07883bfa1321b6930271fe1415135aec687af51312a26ce27bd4b83b2ac6424dec597c9

data/CHANGELOG.md

@@ -1,3 +1,22 @@
+# Addressable 2.8.0
+- fixes ReDoS vulnerability in Addressable::Template#match
+- no longer replaces `+` with spaces in queries for non-http(s) schemes
+- fixed encoding ipv6 literals
+- the `:compacted` flag for `normalized_query` now dedupes parameters
+- fix broken `escape_component` alias
+- dropping support for Ruby 2.0 and 2.1
+- adding Ruby 3.0 compatibility for development tasks
+- drop support for `rack-mount` and remove Addressable::Template#generate
+- performance improvements
+- switch CI/CD to GitHub Actions
+
+# Addressable 2.7.0
+- added `:compacted` flag to `normalized_query`
+- `heuristic_parse` handles `mailto:` more intuitively
+- dropped explicit support for JRuby 9.0.5.0
+- compatibility w/ public_suffix 4.x
+- performance improvements
+
 # Addressable 2.6.0
 - added `tld=` method to allow assignment to the public suffix
 - most `heuristic_parse` patterns are now case-insensitive

data/Gemfile

@@ -1,10 +1,17 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
-gemspec
+gemspec(path: __FILE__ == "(eval)" ? ".." : ".")
 
 group :test do
-  gem 'rspec', '~> 3.5'
-  gem 'rspec-its', '~> 1.1'
+  gem 'rspec', '~> 3.8'
+  gem 'rspec-its', '~> 1.3'
+end
+
+group :coverage do
+  gem "coveralls", "> 0.7", require: false, platforms: :mri
+  gem "simplecov", require: false
 end
 
 group :development do
@@ -14,19 +21,8 @@ group :development do
 end
 
 group :test, :development do
-  gem 'rake', '> 10.0', '< 12'
-  gem 'simplecov', :require => false
-  gem 'coveralls', :require => false, :platforms => [
-    :ruby_20, :ruby_21, :ruby_22, :ruby_23
-  ]
-  # Used to test compatibility.
-  gem 'rack-mount', git: 'https://github.com/sporkmonger/rack-mount.git', require: 'rack/mount'
-
-  if RUBY_VERSION.start_with?('2.0', '2.1')
-    gem 'rack', '< 2', :require => false
-  else
-    gem 'rack', :require => false
-  end
+  gem 'memory_profiler'
+  gem "rake", ">= 12.3.3"
 end
 
-gem 'idn-ruby', :platform => [:mri_20, :mri_21, :mri_22, :mri_23, :mri_24]
+gem "idn-ruby", platform: :mri

data/README.md

@@ -7,21 +7,23 @@
   <dt>License</dt><dd>Apache 2.0</dd>
 </dl>
 
-[![Gem Version](http://img.shields.io/gem/dt/addressable.svg)][gem]
-[![Build Status](https://secure.travis-ci.org/sporkmonger/addressable.svg?branch=master)][travis]
+[![Gem Version](https://img.shields.io/gem/dt/addressable.svg)][gem]
+[![Build Status](https://github.com/sporkmonger/addressable/workflows/CI/badge.svg)][actions]
 [![Test Coverage Status](https://img.shields.io/coveralls/sporkmonger/addressable.svg)][coveralls]
-[![Documentation Coverage Status](http://inch-ci.org/github/sporkmonger/addressable.svg?branch=master)][inch]
+[![Documentation Coverage Status](https://inch-ci.org/github/sporkmonger/addressable.svg?branch=master)][inch]
 
 [gem]: https://rubygems.org/gems/addressable
-[travis]: http://travis-ci.org/sporkmonger/addressable
+[actions]: https://github.com/sporkmonger/addressable/actions
 [coveralls]: https://coveralls.io/r/sporkmonger/addressable
-[inch]: http://inch-ci.org/github/sporkmonger/addressable
+[inch]: https://inch-ci.org/github/sporkmonger/addressable
 
 # Description
 
-Addressable is a replacement for the URI implementation that is part of
-Ruby's standard library. It more closely conforms to RFC 3986, RFC 3987, and
-RFC 6570 (level 4), providing support for IRIs and URI templates.
+Addressable is an alternative implementation to the URI implementation
+that is part of Ruby's standard library. It is flexible, offers heuristic
+parsing, and additionally provides extensive support for IRIs and URI templates.
+
+Addressable closely conforms to RFC 3986, RFC 3987, and RFC 6570 (level 4).
 
 # Reference
 
@@ -96,7 +98,7 @@ You may optionally turn on native IDN support by installing libidn and the
 idn gem:
 
 ```console
-$ sudo apt-get install idn # Debian/Ubuntu
+$ sudo apt-get install libidn11-dev # Debian/Ubuntu
 $ brew install libidn # OS X
 $ gem install idn-ruby
 ```
@@ -108,7 +110,7 @@ dependency using a pessimistic version constraint covering the major and minor
 values:
 
 ```ruby
-spec.add_dependency 'addressable', '~> 2.5'
+spec.add_dependency 'addressable', '~> 2.7'
 ```
 
 If you need a specific bug fix, you can also specify minimum tiny versions

data/Rakefile

@@ -14,9 +14,9 @@ RELEASE_NAME       = "REL #{PKG_VERSION}"
 
 PKG_SUMMARY        = "URI Implementation"
 PKG_DESCRIPTION    = <<-TEXT
-Addressable is a replacement for the URI implementation that is part of
-Ruby's standard library. It more closely conforms to the relevant RFCs and
-adds support for IRIs and URI templates.
+Addressable is an alternative implementation to the URI implementation that is
+part of Ruby's standard library. It is flexible, offers heuristic parsing, and
+additionally provides extensive support for IRIs and URI templates.
 TEXT
 
 PKG_FILES = FileList[

data/addressable.gemspec

@@ -0,0 +1,37 @@
+# -*- encoding: utf-8 -*-
+# stub: addressable 2.8.0 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "addressable".freeze
+  s.version = "2.8.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Bob Aman".freeze]
+  s.date = "2021-07-03"
+  s.description = "Addressable is an alternative implementation to the URI implementation that is\npart of Ruby's standard library. It is flexible, offers heuristic parsing, and\nadditionally provides extensive support for IRIs and URI templates.\n".freeze
+  s.email = "bob@sporkmonger.com".freeze
+  s.extra_rdoc_files = ["README.md".freeze]
+  s.files = ["CHANGELOG.md".freeze, "Gemfile".freeze, "LICENSE.txt".freeze, "README.md".freeze, "Rakefile".freeze, "addressable.gemspec".freeze, "data/unicode.data".freeze, "lib/addressable.rb".freeze, "lib/addressable/idna.rb".freeze, "lib/addressable/idna/native.rb".freeze, "lib/addressable/idna/pure.rb".freeze, "lib/addressable/template.rb".freeze, "lib/addressable/uri.rb".freeze, "lib/addressable/version.rb".freeze, "spec/addressable/idna_spec.rb".freeze, "spec/addressable/net_http_compat_spec.rb".freeze, "spec/addressable/security_spec.rb".freeze, "spec/addressable/template_spec.rb".freeze, "spec/addressable/uri_spec.rb".freeze, "spec/spec_helper.rb".freeze, "tasks/clobber.rake".freeze, "tasks/gem.rake".freeze, "tasks/git.rake".freeze, "tasks/metrics.rake".freeze, "tasks/profile.rake".freeze, "tasks/rspec.rake".freeze, "tasks/yard.rake".freeze]
+  s.homepage = "https://github.com/sporkmonger/addressable".freeze
+  s.licenses = ["Apache-2.0".freeze]
+  s.rdoc_options = ["--main".freeze, "README.md".freeze]
+  s.required_ruby_version = Gem::Requirement.new(">= 2.0".freeze)
+  s.rubygems_version = "3.0.3".freeze
+  s.summary = "URI Implementation".freeze
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<public_suffix>.freeze, [">= 2.0.2", "< 5.0"])
+      s.add_development_dependency(%q<bundler>.freeze, [">= 1.0", "< 3.0"])
+    else
+      s.add_dependency(%q<public_suffix>.freeze, [">= 2.0.2", "< 5.0"])
+      s.add_dependency(%q<bundler>.freeze, [">= 1.0", "< 3.0"])
+    end
+  else
+    s.add_dependency(%q<public_suffix>.freeze, [">= 2.0.2", "< 5.0"])
+    s.add_dependency(%q<bundler>.freeze, [">= 1.0", "< 3.0"])
+  end
+end

data/lib/addressable/idna/pure.rb

@@ -135,7 +135,7 @@ module Addressable
       unpacked.map! { |codepoint| lookup_unicode_lowercase(codepoint) }
       return unpacked.pack("U*")
     end
-    (class <<self; private :unicode_downcase; end)
+    private_class_method :unicode_downcase
 
     def self.unicode_compose(unpacked)
       unpacked_result = []
@@ -160,7 +160,7 @@ module Addressable
       unpacked_result << starter
       return unpacked_result
     end
-    (class <<self; private :unicode_compose; end)
+    private_class_method :unicode_compose
 
     def self.unicode_compose_pair(ch_one, ch_two)
       if ch_one >= HANGUL_LBASE && ch_one < HANGUL_LBASE + HANGUL_LCOUNT &&
@@ -178,43 +178,45 @@ module Addressable
       end
 
       p = []
-      ucs4_to_utf8 = lambda do |ch|
-        if ch < 128
-          p << ch
-        elsif ch < 2048
-          p << (ch >> 6 | 192)
-          p << (ch & 63 | 128)
-        elsif ch < 0x10000
-          p << (ch >> 12 | 224)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x200000
-          p << (ch >> 18 | 240)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x4000000
-          p << (ch >> 24 | 248)
-          p << (ch >> 18 & 63 | 128)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x80000000
-          p << (ch >> 30 | 252)
-          p << (ch >> 24 & 63 | 128)
-          p << (ch >> 18 & 63 | 128)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        end
-      end
 
-      ucs4_to_utf8.call(ch_one)
-      ucs4_to_utf8.call(ch_two)
+      ucs4_to_utf8(ch_one, p)
+      ucs4_to_utf8(ch_two, p)
 
       return lookup_unicode_composition(p)
     end
-    (class <<self; private :unicode_compose_pair; end)
+    private_class_method :unicode_compose_pair
+
+    def self.ucs4_to_utf8(char, buffer)
+      if char < 128
+        buffer << char
+      elsif char < 2048
+        buffer << (char >> 6 | 192)
+        buffer << (char & 63 | 128)
+      elsif char < 0x10000
+        buffer << (char >> 12 | 224)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x200000
+        buffer << (char >> 18 | 240)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x4000000
+        buffer << (char >> 24 | 248)
+        buffer << (char >> 18 & 63 | 128)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x80000000
+        buffer << (char >> 30 | 252)
+        buffer << (char >> 24 & 63 | 128)
+        buffer << (char >> 18 & 63 | 128)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      end
+    end
+    private_class_method :ucs4_to_utf8
 
     def self.unicode_sort_canonical(unpacked)
       unpacked = unpacked.dup
@@ -238,7 +240,7 @@ module Addressable
       end
       return unpacked
     end
-    (class <<self; private :unicode_sort_canonical; end)
+    private_class_method :unicode_sort_canonical
 
     def self.unicode_decompose(unpacked)
       unpacked_result = []
@@ -259,7 +261,7 @@ module Addressable
       end
       return unpacked_result
     end
-    (class <<self; private :unicode_decompose; end)
+    private_class_method :unicode_decompose
 
     def self.unicode_decompose_hangul(codepoint)
       sindex = codepoint - HANGUL_SBASE;
@@ -276,7 +278,7 @@ module Addressable
       end
       return l, v, t
     end
-    (class <<self; private :unicode_decompose_hangul; end)
+    private_class_method :unicode_decompose_hangul
 
     def self.lookup_unicode_combining_class(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
@@ -284,14 +286,14 @@ module Addressable
         (codepoint_data[UNICODE_DATA_COMBINING_CLASS] || 0) :
         0)
     end
-    (class <<self; private :lookup_unicode_combining_class; end)
+    private_class_method :lookup_unicode_combining_class
 
     def self.lookup_unicode_compatibility(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
       (codepoint_data ?
         codepoint_data[UNICODE_DATA_COMPATIBILITY] : nil)
     end
-    (class <<self; private :lookup_unicode_compatibility; end)
+    private_class_method :lookup_unicode_compatibility
 
     def self.lookup_unicode_lowercase(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
@@ -299,12 +301,12 @@ module Addressable
         (codepoint_data[UNICODE_DATA_LOWERCASE] || codepoint) :
         codepoint)
     end
-    (class <<self; private :lookup_unicode_lowercase; end)
+    private_class_method :lookup_unicode_lowercase
 
     def self.lookup_unicode_composition(unpacked)
       return COMPOSITION_TABLE[unpacked]
     end
-    (class <<self; private :lookup_unicode_composition; end)
+    private_class_method :lookup_unicode_composition
 
     HANGUL_SBASE =  0xac00
     HANGUL_LBASE =  0x1100
@@ -341,7 +343,7 @@ module Addressable
     end
 
     COMPOSITION_TABLE = {}
-    for codepoint, data in UNICODE_DATA
+    UNICODE_DATA.each do |codepoint, data|
       canonical = data[UNICODE_DATA_CANONICAL]
       exclusion = data[UNICODE_DATA_EXCLUSION]
 
@@ -500,7 +502,7 @@ module Addressable
 
       output[0..outlen].map { |x| x.chr }.join("").sub(/\0+\z/, "")
     end
-    (class <<self; private :punycode_encode; end)
+    private_class_method :punycode_encode
 
     def self.punycode_decode(punycode)
       input = []
@@ -622,22 +624,22 @@ module Addressable
 
       output.pack("U*")
     end
-    (class <<self; private :punycode_decode; end)
+    private_class_method :punycode_decode
 
     def self.punycode_basic?(codepoint)
       codepoint < 0x80
     end
-    (class <<self; private :punycode_basic?; end)
+    private_class_method :punycode_basic?
 
     def self.punycode_delimiter?(codepoint)
       codepoint == PUNYCODE_DELIMITER
     end
-    (class <<self; private :punycode_delimiter?; end)
+    private_class_method :punycode_delimiter?
 
     def self.punycode_encode_digit(d)
       d + 22 + 75 * ((d < 26) ? 1 : 0)
     end
-    (class <<self; private :punycode_encode_digit; end)
+    private_class_method :punycode_encode_digit
 
     # Returns the numeric value of a basic codepoint
     # (for use in representing integers) in the range 0 to
@@ -653,7 +655,7 @@ module Addressable
         PUNYCODE_BASE
       end
     end
-    (class <<self; private :punycode_decode_digit; end)
+    private_class_method :punycode_decode_digit
 
     # Bias adaptation method
     def self.punycode_adapt(delta, numpoints, firsttime)
@@ -670,7 +672,7 @@ module Addressable
 
       k + (difference + 1) * delta / (delta + PUNYCODE_SKEW)
     end
-    (class <<self; private :punycode_adapt; end)
+    private_class_method :punycode_adapt
   end
   # :startdoc:
 end

data/lib/addressable/template.rb

@@ -37,7 +37,7 @@ module Addressable
       Addressable::URI::CharacterClasses::DIGIT + '_'
 
     var_char =
-      "(?:(?:[#{variable_char_class}]|%[a-fA-F0-9][a-fA-F0-9])+)"
+      "(?>(?:[#{variable_char_class}]|%[a-fA-F0-9][a-fA-F0-9])+)"
     RESERVED =
       "(?:[#{anything}]|%[a-fA-F0-9][a-fA-F0-9])"
     UNRESERVED =
@@ -412,7 +412,7 @@ module Addressable
     #   match.captures
     #   #=> ["a", ["b", "c"]]
     def match(uri, processor=nil)
-      uri = Addressable::URI.parse(uri)
+      uri = Addressable::URI.parse(uri) unless uri.is_a?(Addressable::URI)
       mapping = {}
 
       # First, we need to process the pattern, and extract the values.
@@ -653,40 +653,6 @@ module Addressable
       self.to_regexp.named_captures
     end
 
-    ##
-    # Generates a route result for a given set of parameters.
-    # Should only be used by rack-mount.
-    #
-    # @param params [Hash] The set of parameters used to expand the template.
-    # @param recall [Hash] Default parameters used to expand the template.
-    # @param options [Hash] Either a `:processor` or a `:parameterize` block.
-    #
-    # @api private
-    def generate(params={}, recall={}, options={})
-      merged = recall.merge(params)
-      if options[:processor]
-        processor = options[:processor]
-      elsif options[:parameterize]
-        # TODO: This is sending me into fits trying to shoe-horn this into
-        # the existing API. I think I've got this backwards and processors
-        # should be a set of 4 optional blocks named :validate, :transform,
-        # :match, and :restore. Having to use a singleton here is a huge
-        # code smell.
-        processor = Object.new
-        class <<processor
-          attr_accessor :block
-          def transform(name, value)
-            block.call(name, value)
-          end
-        end
-        processor.block = options[:parameterize]
-      else
-        processor = nil
-      end
-      result = self.expand(merged, processor)
-      result.to_s if result
-    end
-
   private
     def ordered_variable_defaults
       @ordered_variable_defaults ||= begin
@@ -973,15 +939,35 @@ module Addressable
       end
     end
 
+    ##
+    # Generates the <tt>Regexp</tt> that parses a template pattern. Memoizes the
+    # value if template processor not set (processors may not be deterministic)
+    #
+    # @param [String] pattern The URI template pattern.
+    # @param [#match] processor The template processor to use.
+    #
+    # @return [Array, Regexp]
+    #   An array of expansion variables nad a regular expression which may be
+    #   used to parse a template pattern
+    def parse_template_pattern(pattern, processor = nil)
+      if processor.nil? && pattern == @pattern
+        @cached_template_parse ||=
+          parse_new_template_pattern(pattern, processor)
+      else
+        parse_new_template_pattern(pattern, processor)
+      end
+    end
+
     ##
     # Generates the <tt>Regexp</tt> that parses a template pattern.
     #
     # @param [String] pattern The URI template pattern.
     # @param [#match] processor The template processor to use.
     #
-    # @return [Regexp]
-    #   A regular expression which may be used to parse a template pattern.
-    def parse_template_pattern(pattern, processor=nil)
+    # @return [Array, Regexp]
+    #   An array of expansion variables nad a regular expression which may be
+    #   used to parse a template pattern
+    def parse_new_template_pattern(pattern, processor = nil)
       # Escape the pattern. The two gsubs restore the escaped curly braces
       # back to their original form. Basically, escape everything that isn't
       # within an expansion.