addressable 2.6.0 → 2.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: afa411655b3715e655e0cdca551d20df31b83491
-  data.tar.gz: 0cd2871c45abb19f6b6238ad202856e7afb8619d
+SHA256:
+  metadata.gz: 3ddda72232f6aef9f6f4311c2855f1b3fea9acc80f51c4e5e90bd23820b0d74e
+  data.tar.gz: 88f208cb2d73dec64663e6e3c1710dc08b188402937038fefce6a2d47debc97d
 SHA512:
-  metadata.gz: 16274bd51d38c58b3712dbbdad1368417051937dbe33d74fa73951a39b71d824092c0ecd50005d467db9c914cc074fd0344282df2e23e1182c764b1a1da9750a
-  data.tar.gz: c53ff1d0e09a5e3d997a13a464d50c45fd7d548326f94d3ad40dc97753ce3a47aad4804a62faea48b89775394538982e70ac22d7488fab8ee6594b6816d8ff28
+  metadata.gz: 4e1b0c83fc2f2e54cba6804f3840c8bb29f0d73259979d5bf678ebd5d32257b91585d9b71a780321427835d10f98b9c07969267878f0b032c53d031c30202a4c
+  data.tar.gz: 35abc3652c8ff92032411e4daad7133b7c4649aff4a1a25fe622cf1c9b661d56f096a1084392e053788baea79f551a9d4a448d16c9e61e23bf4d9692a6728bf3

data/CHANGELOG.md

@@ -1,3 +1,38 @@
+# Addressable 2.8.1
+- refactor `Addressable::URI.normalize_path` to address linter offenses ([#430](https://github.com/sporkmonger/addressable/pull/430))
+- remove redundant colon in `Addressable::URI::CharacterClasses::AUTHORITY` regex ([#438](https://github.com/sporkmonger/addressable/pull/438))
+- update gemspec to reflect supported Ruby versions ([#466], [#464], [#463])
+- compatibility w/ public_suffix 5.x ([#466], [#465], [#460])
+- fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters ([#459](https://github.com/sporkmonger/addressable/pull/459))
+- `Ractor` compatibility ([#449](https://github.com/sporkmonger/addressable/pull/449))
+- use the whole string instead of a single line for template match ([#431](https://github.com/sporkmonger/addressable/pull/431))
+- force UTF-8 encoding only if needed ([#341](https://github.com/sporkmonger/addressable/pull/341))
+
+[#460]: https://github.com/sporkmonger/addressable/pull/460
+[#463]: https://github.com/sporkmonger/addressable/pull/463
+[#464]: https://github.com/sporkmonger/addressable/pull/464
+[#465]: https://github.com/sporkmonger/addressable/pull/465
+[#466]: https://github.com/sporkmonger/addressable/pull/466
+
+# Addressable 2.8.0
+- fixes ReDoS vulnerability in Addressable::Template#match
+- no longer replaces `+` with spaces in queries for non-http(s) schemes
+- fixed encoding ipv6 literals
+- the `:compacted` flag for `normalized_query` now dedupes parameters
+- fix broken `escape_component` alias
+- dropping support for Ruby 2.0 and 2.1
+- adding Ruby 3.0 compatibility for development tasks
+- drop support for `rack-mount` and remove Addressable::Template#generate
+- performance improvements
+- switch CI/CD to GitHub Actions
+
+# Addressable 2.7.0
+- added `:compacted` flag to `normalized_query`
+- `heuristic_parse` handles `mailto:` more intuitively
+- dropped explicit support for JRuby 9.0.5.0
+- compatibility w/ public_suffix 4.x
+- performance improvements
+
 # Addressable 2.6.0
 - added `tld=` method to allow assignment to the public suffix
 - most `heuristic_parse` patterns are now case-insensitive

data/Gemfile

@@ -1,10 +1,17 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec
 
 group :test do
-  gem 'rspec', '~> 3.5'
-  gem 'rspec-its', '~> 1.1'
+  gem 'rspec', '~> 3.8'
+  gem 'rspec-its', '~> 1.3'
+end
+
+group :coverage do
+  gem "coveralls", "> 0.7", require: false, platforms: :mri
+  gem "simplecov", require: false
 end
 
 group :development do
@@ -14,19 +21,10 @@ group :development do
 end
 
 group :test, :development do
-  gem 'rake', '> 10.0', '< 12'
-  gem 'simplecov', :require => false
-  gem 'coveralls', :require => false, :platforms => [
-    :ruby_20, :ruby_21, :ruby_22, :ruby_23
-  ]
-  # Used to test compatibility.
-  gem 'rack-mount', git: 'https://github.com/sporkmonger/rack-mount.git', require: 'rack/mount'
-
-  if RUBY_VERSION.start_with?('2.0', '2.1')
-    gem 'rack', '< 2', :require => false
-  else
-    gem 'rack', :require => false
-  end
+  gem 'memory_profiler'
+  gem "rake", ">= 12.3.3"
 end
 
-gem 'idn-ruby', :platform => [:mri_20, :mri_21, :mri_22, :mri_23, :mri_24]
+unless ENV["IDNA_MODE"] == "pure"
+  gem "idn-ruby", platform: :mri
+end

data/README.md

@@ -7,21 +7,23 @@
   <dt>License</dt><dd>Apache 2.0</dd>
 </dl>
 
-[![Gem Version](http://img.shields.io/gem/dt/addressable.svg)][gem]
-[![Build Status](https://secure.travis-ci.org/sporkmonger/addressable.svg?branch=master)][travis]
+[![Gem Version](https://img.shields.io/gem/dt/addressable.svg)][gem]
+[![Build Status](https://github.com/sporkmonger/addressable/workflows/CI/badge.svg)][actions]
 [![Test Coverage Status](https://img.shields.io/coveralls/sporkmonger/addressable.svg)][coveralls]
-[![Documentation Coverage Status](http://inch-ci.org/github/sporkmonger/addressable.svg?branch=master)][inch]
+[![Documentation Coverage Status](https://inch-ci.org/github/sporkmonger/addressable.svg?branch=master)][inch]
 
 [gem]: https://rubygems.org/gems/addressable
-[travis]: http://travis-ci.org/sporkmonger/addressable
+[actions]: https://github.com/sporkmonger/addressable/actions
 [coveralls]: https://coveralls.io/r/sporkmonger/addressable
-[inch]: http://inch-ci.org/github/sporkmonger/addressable
+[inch]: https://inch-ci.org/github/sporkmonger/addressable
 
 # Description
 
-Addressable is a replacement for the URI implementation that is part of
-Ruby's standard library. It more closely conforms to RFC 3986, RFC 3987, and
-RFC 6570 (level 4), providing support for IRIs and URI templates.
+Addressable is an alternative implementation to the URI implementation
+that is part of Ruby's standard library. It is flexible, offers heuristic
+parsing, and additionally provides extensive support for IRIs and URI templates.
+
+Addressable closely conforms to RFC 3986, RFC 3987, and RFC 6570 (level 4).
 
 # Reference
 
@@ -96,7 +98,7 @@ You may optionally turn on native IDN support by installing libidn and the
 idn gem:
 
 ```console
-$ sudo apt-get install idn # Debian/Ubuntu
+$ sudo apt-get install libidn11-dev # Debian/Ubuntu
 $ brew install libidn # OS X
 $ gem install idn-ruby
 ```
@@ -108,7 +110,7 @@ dependency using a pessimistic version constraint covering the major and minor
 values:
 
 ```ruby
-spec.add_dependency 'addressable', '~> 2.5'
+spec.add_dependency 'addressable', '~> 2.7'
 ```
 
 If you need a specific bug fix, you can also specify minimum tiny versions

data/Rakefile

@@ -14,9 +14,9 @@ RELEASE_NAME       = "REL #{PKG_VERSION}"
 
 PKG_SUMMARY        = "URI Implementation"
 PKG_DESCRIPTION    = <<-TEXT
-Addressable is a replacement for the URI implementation that is part of
-Ruby's standard library. It more closely conforms to the relevant RFCs and
-adds support for IRIs and URI templates.
+Addressable is an alternative implementation to the URI implementation that is
+part of Ruby's standard library. It is flexible, offers heuristic parsing, and
+additionally provides extensive support for IRIs and URI templates.
 TEXT
 
 PKG_FILES = FileList[

data/lib/addressable/idna/native.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-# encoding:utf-8
 #--
 # Copyright (C) Bob Aman
 #

data/lib/addressable/idna/pure.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-# encoding:utf-8
 #--
 # Copyright (C) Bob Aman
 #
@@ -135,7 +134,7 @@ module Addressable
       unpacked.map! { |codepoint| lookup_unicode_lowercase(codepoint) }
       return unpacked.pack("U*")
     end
-    (class <<self; private :unicode_downcase; end)
+    private_class_method :unicode_downcase
 
     def self.unicode_compose(unpacked)
       unpacked_result = []
@@ -160,7 +159,7 @@ module Addressable
       unpacked_result << starter
       return unpacked_result
     end
-    (class <<self; private :unicode_compose; end)
+    private_class_method :unicode_compose
 
     def self.unicode_compose_pair(ch_one, ch_two)
       if ch_one >= HANGUL_LBASE && ch_one < HANGUL_LBASE + HANGUL_LCOUNT &&
@@ -178,43 +177,45 @@ module Addressable
       end
 
       p = []
-      ucs4_to_utf8 = lambda do |ch|
-        if ch < 128
-          p << ch
-        elsif ch < 2048
-          p << (ch >> 6 | 192)
-          p << (ch & 63 | 128)
-        elsif ch < 0x10000
-          p << (ch >> 12 | 224)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x200000
-          p << (ch >> 18 | 240)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x4000000
-          p << (ch >> 24 | 248)
-          p << (ch >> 18 & 63 | 128)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        elsif ch < 0x80000000
-          p << (ch >> 30 | 252)
-          p << (ch >> 24 & 63 | 128)
-          p << (ch >> 18 & 63 | 128)
-          p << (ch >> 12 & 63 | 128)
-          p << (ch >> 6 & 63 | 128)
-          p << (ch & 63 | 128)
-        end
-      end
 
-      ucs4_to_utf8.call(ch_one)
-      ucs4_to_utf8.call(ch_two)
+      ucs4_to_utf8(ch_one, p)
+      ucs4_to_utf8(ch_two, p)
 
       return lookup_unicode_composition(p)
     end
-    (class <<self; private :unicode_compose_pair; end)
+    private_class_method :unicode_compose_pair
+
+    def self.ucs4_to_utf8(char, buffer)
+      if char < 128
+        buffer << char
+      elsif char < 2048
+        buffer << (char >> 6 | 192)
+        buffer << (char & 63 | 128)
+      elsif char < 0x10000
+        buffer << (char >> 12 | 224)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x200000
+        buffer << (char >> 18 | 240)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x4000000
+        buffer << (char >> 24 | 248)
+        buffer << (char >> 18 & 63 | 128)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      elsif char < 0x80000000
+        buffer << (char >> 30 | 252)
+        buffer << (char >> 24 & 63 | 128)
+        buffer << (char >> 18 & 63 | 128)
+        buffer << (char >> 12 & 63 | 128)
+        buffer << (char >> 6 & 63 | 128)
+        buffer << (char & 63 | 128)
+      end
+    end
+    private_class_method :ucs4_to_utf8
 
     def self.unicode_sort_canonical(unpacked)
       unpacked = unpacked.dup
@@ -238,7 +239,7 @@ module Addressable
       end
       return unpacked
     end
-    (class <<self; private :unicode_sort_canonical; end)
+    private_class_method :unicode_sort_canonical
 
     def self.unicode_decompose(unpacked)
       unpacked_result = []
@@ -259,7 +260,7 @@ module Addressable
       end
       return unpacked_result
     end
-    (class <<self; private :unicode_decompose; end)
+    private_class_method :unicode_decompose
 
     def self.unicode_decompose_hangul(codepoint)
       sindex = codepoint - HANGUL_SBASE;
@@ -276,7 +277,7 @@ module Addressable
       end
       return l, v, t
     end
-    (class <<self; private :unicode_decompose_hangul; end)
+    private_class_method :unicode_decompose_hangul
 
     def self.lookup_unicode_combining_class(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
@@ -284,14 +285,14 @@ module Addressable
         (codepoint_data[UNICODE_DATA_COMBINING_CLASS] || 0) :
         0)
     end
-    (class <<self; private :lookup_unicode_combining_class; end)
+    private_class_method :lookup_unicode_combining_class
 
     def self.lookup_unicode_compatibility(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
       (codepoint_data ?
         codepoint_data[UNICODE_DATA_COMPATIBILITY] : nil)
     end
-    (class <<self; private :lookup_unicode_compatibility; end)
+    private_class_method :lookup_unicode_compatibility
 
     def self.lookup_unicode_lowercase(codepoint)
       codepoint_data = UNICODE_DATA[codepoint]
@@ -299,12 +300,12 @@ module Addressable
         (codepoint_data[UNICODE_DATA_LOWERCASE] || codepoint) :
         codepoint)
     end
-    (class <<self; private :lookup_unicode_lowercase; end)
+    private_class_method :lookup_unicode_lowercase
 
     def self.lookup_unicode_composition(unpacked)
       return COMPOSITION_TABLE[unpacked]
     end
-    (class <<self; private :lookup_unicode_composition; end)
+    private_class_method :lookup_unicode_composition
 
     HANGUL_SBASE =  0xac00
     HANGUL_LBASE =  0x1100
@@ -341,7 +342,7 @@ module Addressable
     end
 
     COMPOSITION_TABLE = {}
-    for codepoint, data in UNICODE_DATA
+    UNICODE_DATA.each do |codepoint, data|
       canonical = data[UNICODE_DATA_CANONICAL]
       exclusion = data[UNICODE_DATA_EXCLUSION]
 
@@ -500,7 +501,7 @@ module Addressable
 
       output[0..outlen].map { |x| x.chr }.join("").sub(/\0+\z/, "")
     end
-    (class <<self; private :punycode_encode; end)
+    private_class_method :punycode_encode
 
     def self.punycode_decode(punycode)
       input = []
@@ -622,22 +623,22 @@ module Addressable
 
       output.pack("U*")
     end
-    (class <<self; private :punycode_decode; end)
+    private_class_method :punycode_decode
 
     def self.punycode_basic?(codepoint)
       codepoint < 0x80
     end
-    (class <<self; private :punycode_basic?; end)
+    private_class_method :punycode_basic?
 
     def self.punycode_delimiter?(codepoint)
       codepoint == PUNYCODE_DELIMITER
     end
-    (class <<self; private :punycode_delimiter?; end)
+    private_class_method :punycode_delimiter?
 
     def self.punycode_encode_digit(d)
       d + 22 + 75 * ((d < 26) ? 1 : 0)
     end
-    (class <<self; private :punycode_encode_digit; end)
+    private_class_method :punycode_encode_digit
 
     # Returns the numeric value of a basic codepoint
     # (for use in representing integers) in the range 0 to
@@ -653,7 +654,7 @@ module Addressable
         PUNYCODE_BASE
       end
     end
-    (class <<self; private :punycode_decode_digit; end)
+    private_class_method :punycode_decode_digit
 
     # Bias adaptation method
     def self.punycode_adapt(delta, numpoints, firsttime)
@@ -670,7 +671,7 @@ module Addressable
 
       k + (difference + 1) * delta / (delta + PUNYCODE_SKEW)
     end
-    (class <<self; private :punycode_adapt; end)
+    private_class_method :punycode_adapt
   end
   # :startdoc:
 end

data/lib/addressable/idna.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-# encoding:utf-8
 #--
 # Copyright (C) Bob Aman
 #

data/lib/addressable/template.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-# encoding:utf-8
 #--
 # Copyright (C) Bob Aman
 #
@@ -37,7 +36,7 @@ module Addressable
       Addressable::URI::CharacterClasses::DIGIT + '_'
 
     var_char =
-      "(?:(?:[#{variable_char_class}]|%[a-fA-F0-9][a-fA-F0-9])+)"
+      "(?>(?:[#{variable_char_class}]|%[a-fA-F0-9][a-fA-F0-9])+)"
     RESERVED =
       "(?:[#{anything}]|%[a-fA-F0-9][a-fA-F0-9])"
     UNRESERVED =
@@ -412,7 +411,7 @@ module Addressable
     #   match.captures
     #   #=> ["a", ["b", "c"]]
     def match(uri, processor=nil)
-      uri = Addressable::URI.parse(uri)
+      uri = Addressable::URI.parse(uri) unless uri.is_a?(Addressable::URI)
       mapping = {}
 
       # First, we need to process the pattern, and extract the values.
@@ -653,50 +652,16 @@ module Addressable
       self.to_regexp.named_captures
     end
 
-    ##
-    # Generates a route result for a given set of parameters.
-    # Should only be used by rack-mount.
-    #
-    # @param params [Hash] The set of parameters used to expand the template.
-    # @param recall [Hash] Default parameters used to expand the template.
-    # @param options [Hash] Either a `:processor` or a `:parameterize` block.
-    #
-    # @api private
-    def generate(params={}, recall={}, options={})
-      merged = recall.merge(params)
-      if options[:processor]
-        processor = options[:processor]
-      elsif options[:parameterize]
-        # TODO: This is sending me into fits trying to shoe-horn this into
-        # the existing API. I think I've got this backwards and processors
-        # should be a set of 4 optional blocks named :validate, :transform,
-        # :match, and :restore. Having to use a singleton here is a huge
-        # code smell.
-        processor = Object.new
-        class <<processor
-          attr_accessor :block
-          def transform(name, value)
-            block.call(name, value)
-          end
-        end
-        processor.block = options[:parameterize]
-      else
-        processor = nil
-      end
-      result = self.expand(merged, processor)
-      result.to_s if result
-    end
-
   private
     def ordered_variable_defaults
       @ordered_variable_defaults ||= begin
         expansions, _ = parse_template_pattern(pattern)
-        expansions.map do |capture|
+        expansions.flat_map do |capture|
           _, _, varlist = *capture.match(EXPRESSION)
           varlist.split(',').map do |varspec|
             varspec[VARSPEC, 1]
           end
-        end.flatten
+        end
       end
     end
 
@@ -973,15 +938,35 @@ module Addressable
       end
     end
 
+    ##
+    # Generates the <tt>Regexp</tt> that parses a template pattern. Memoizes the
+    # value if template processor not set (processors may not be deterministic)
+    #
+    # @param [String] pattern The URI template pattern.
+    # @param [#match] processor The template processor to use.
+    #
+    # @return [Array, Regexp]
+    #   An array of expansion variables nad a regular expression which may be
+    #   used to parse a template pattern
+    def parse_template_pattern(pattern, processor = nil)
+      if processor.nil? && pattern == @pattern
+        @cached_template_parse ||=
+          parse_new_template_pattern(pattern, processor)
+      else
+        parse_new_template_pattern(pattern, processor)
+      end
+    end
+
     ##
     # Generates the <tt>Regexp</tt> that parses a template pattern.
     #
     # @param [String] pattern The URI template pattern.
     # @param [#match] processor The template processor to use.
     #
-    # @return [Regexp]
-    #   A regular expression which may be used to parse a template pattern.
-    def parse_template_pattern(pattern, processor=nil)
+    # @return [Array, Regexp]
+    #   An array of expansion variables nad a regular expression which may be
+    #   used to parse a template pattern
+    def parse_new_template_pattern(pattern, processor = nil)
       # Escape the pattern. The two gsubs restore the escaped curly braces
       # back to their original form. Basically, escape everything that isn't
       # within an expansion.
@@ -1037,7 +1022,7 @@ module Addressable
       end
 
       # Ensure that the regular expression matches the whole URI.
-      regexp_string = "^#{regexp_string}$"
+      regexp_string = "\\A#{regexp_string}\\z"
       return expansions, Regexp.new(regexp_string)
     end