better_errors 2.5.1 → 2.9.1

data/gemfiles/rails52.gemfile

@@ -1,7 +1,9 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.2.0"
+gem 'i18n', '< 1.5.2' if RUBY_VERSION < '2.3'
 
-gem 'coveralls', require: false
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
 
 gemspec path: "../"

data/gemfiles/rails52_boc.gemfile

@@ -1,8 +1,10 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.2.0"
+gem 'i18n', '< 1.5.2' if RUBY_VERSION < '2.3'
 gem "binding_of_caller"
 
-gem 'coveralls', require: false
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
 
 gemspec path: "../"

data/gemfiles/rails52_haml.gemfile

@@ -1,8 +1,10 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.2.0"
+gem 'i18n', '< 1.5.2' if RUBY_VERSION < '2.3'
 gem "haml"
 
-gem 'coveralls', require: false
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
 
 gemspec path: "../"

data/gemfiles/rails60.gemfile

@@ -0,0 +1,8 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
+
+gemspec path: "../"

data/gemfiles/rails60_boc.gemfile

@@ -0,0 +1,9 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+gem "binding_of_caller"
+
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
+
+gemspec path: "../"

data/gemfiles/rails60_haml.gemfile

@@ -0,0 +1,9 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+gem "haml"
+
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
+
+gemspec path: "../"

data/lib/better_errors.rb

@@ -3,6 +3,7 @@ require "erubi"
 require "coderay"
 require "uri"
 
+require "better_errors/version"
 require "better_errors/code_formatter"
 require "better_errors/inspectable_value"
 require "better_errors/error_page"
@@ -10,20 +11,9 @@ require "better_errors/middleware"
 require "better_errors/raised_exception"
 require "better_errors/repl"
 require "better_errors/stack_frame"
-require "better_errors/version"
+require "better_errors/editor"
 
 module BetterErrors
-  POSSIBLE_EDITOR_PRESETS = [
-    { symbols: [:emacs, :emacsclient],  sniff: /emacs/i, url: "emacs://open?url=file://%{file}&line=%{line}" },
-    { symbols: [:macvim, :mvim],        sniff: /vim/i,   url: proc { |file, line| "mvim://open?url=file://#{file}&line=#{line}" } },
-    { symbols: [:sublime, :subl, :st],  sniff: /subl/i,  url: "subl://open?url=file://%{file}&line=%{line}" },
-    { symbols: [:textmate, :txmt, :tm], sniff: /mate/i,  url: "txmt://open?url=file://%{file}&line=%{line}" },
-    { symbols: [:idea], sniff: /idea/i, url: "idea://open?file=%{file}&line=%{line}" },
-    { symbols: [:rubymine], sniff: /mine/i, url: "x-mine://open?file=%{file}&line=%{line}" },
-    { symbols: [:vscode, :code], sniff: /code/i, url: "vscode://file/%{file}:%{line}" },
-    { symbols: [:atom], sniff: /atom/i,  url: "atom://core/open/file?filename=%{file}&line=%{line}" },
-  ]
-
   class << self
     # The path to the root of the application. Better Errors uses this property
     # to determine if a file in a backtrace should be considered an application
@@ -54,21 +44,27 @@ module BetterErrors
     # the variable won't be returned.
     # @return int
     attr_accessor :maximum_variable_inspect_size
+
+    # List of classes that are excluded from inspection.
+    # @return [Array]
+    attr_accessor :ignored_classes
   end
   @ignored_instance_variables = []
   @maximum_variable_inspect_size = 100_000
+  @ignored_classes = ['ActionDispatch::Request', 'ActionDispatch::Response']
 
-  # Returns a proc, which when called with a filename and line number argument,
+  # Returns an object which responds to #url, which when called with
+  # a filename and line number argument,
   # returns a URL to open the filename and line in the selected editor.
   #
   # Generates TextMate URLs by default.
   #
-  #   BetterErrors.editor["/some/file", 123]
+  #   BetterErrors.editor.url("/some/file", 123)
   #     # => txmt://open?url=file:///some/file&line=123
   #
   # @return [Proc]
   def self.editor
-    @editor
+    @editor ||= default_editor
   end
 
   # Configures how Better Errors generates open-in-editor URLs.
@@ -109,20 +105,15 @@ module BetterErrors
   #   @param [Proc] proc
   #
   def self.editor=(editor)
-    POSSIBLE_EDITOR_PRESETS.each do |config|
-      if config[:symbols].include?(editor)
-        return self.editor = config[:url]
-      end
-    end
-
-    if editor.is_a? String
-      self.editor = proc { |file, line| editor % { file: URI.encode_www_form_component(file), line: line } }
+    if editor.is_a? Symbol
+      @editor = Editor.editor_from_symbol(editor)
+      raise(ArgumentError, "Symbol #{editor} is not a symbol in the list of supported errors.") unless editor
+    elsif editor.is_a? String
+      @editor = Editor.for_formatting_string(editor)
+    elsif editor.respond_to? :call
+      @editor = Editor.for_proc(editor)
     else
-      if editor.respond_to? :call
-        @editor = editor
-      else
-        raise TypeError, "Expected editor to be a valid editor key, a format string or a callable."
-      end
+      raise ArgumentError, "Expected editor to be a valid editor key, a format string or a callable."
     end
   end
 
@@ -139,12 +130,8 @@ module BetterErrors
   #
   # @return [Symbol]
   def self.default_editor
-    POSSIBLE_EDITOR_PRESETS.detect(-> { {} }) { |config|
-      ENV["EDITOR"] =~ config[:sniff]
-    }[:url] || :textmate
+    Editor.default_editor
   end
-
-  BetterErrors.editor = default_editor
 end
 
 begin

data/lib/better_errors/editor.rb

@@ -0,0 +1,99 @@
+require "uri"
+
+module BetterErrors
+  class Editor
+    KNOWN_EDITORS = [
+      { symbols: [:atom], sniff: /atom/i, url: "atom://core/open/file?filename=%{file}&line=%{line}" },
+      { symbols: [:emacs, :emacsclient], sniff: /emacs/i, url: "emacs://open?url=file://%{file}&line=%{line}" },
+      { symbols: [:idea], sniff: /idea/i, url: "idea://open?file=%{file}&line=%{line}" },
+      { symbols: [:macvim, :mvim], sniff: /vim/i, url: "mvim://open?url=file://%{file_unencoded}&line=%{line}" },
+      { symbols: [:rubymine], sniff: /mine/i, url: "x-mine://open?file=%{file}&line=%{line}" },
+      { symbols: [:sublime, :subl, :st], sniff: /subl/i, url: "subl://open?url=file://%{file}&line=%{line}" },
+      { symbols: [:textmate, :txmt, :tm], sniff: /mate/i, url: "txmt://open?url=file://%{file}&line=%{line}" },
+      { symbols: [:vscode, :code], sniff: /code/i, url: "vscode://file/%{file}:%{line}" },
+      { symbols: [:vscodium, :codium], sniff: /codium/i, url: "vscodium://file/%{file}:%{line}" },
+    ]
+
+    def self.for_formatting_string(formatting_string)
+      new proc { |file, line|
+        formatting_string % { file: URI.encode_www_form_component(file), file_unencoded: file, line: line }
+      }
+    end
+
+    def self.for_proc(url_proc)
+      new url_proc
+    end
+
+    # Automatically sniffs a default editor preset based on
+    # environment variables.
+    #
+    # @return [Symbol]
+    def self.default_editor
+      editor_from_environment_formatting_string ||
+        editor_from_environment_editor ||
+        editor_from_symbol(:textmate)
+    end
+
+    def self.editor_from_environment_editor
+      if ENV["BETTER_ERRORS_EDITOR"]
+        editor = editor_from_command(ENV["BETTER_ERRORS_EDITOR"])
+        return editor if editor
+        puts "BETTER_ERRORS_EDITOR environment variable is not recognized as a supported Better Errors editor."
+      end
+      if ENV["EDITOR"]
+        editor = editor_from_command(ENV["EDITOR"])
+        return editor if editor
+        puts "EDITOR environment variable is not recognized as a supported Better Errors editor. Using TextMate by default."
+      else
+        puts "Since there is no EDITOR or BETTER_ERRORS_EDITOR environment variable, using Textmate by default."
+      end
+    end
+
+    def self.editor_from_command(editor_command)
+      env_preset = KNOWN_EDITORS.find { |preset| editor_command =~ preset[:sniff] }
+      for_formatting_string(env_preset[:url]) if env_preset
+    end
+
+    def self.editor_from_environment_formatting_string
+      return unless ENV['BETTER_ERRORS_EDITOR_URL']
+
+      for_formatting_string(ENV['BETTER_ERRORS_EDITOR_URL'])
+    end
+
+    def self.editor_from_symbol(symbol)
+      KNOWN_EDITORS.each do |preset|
+        return for_formatting_string(preset[:url]) if preset[:symbols].include?(symbol)
+      end
+    end
+
+    def initialize(url_proc)
+      @url_proc = url_proc
+    end
+
+    def url(raw_path, line)
+      if virtual_path && raw_path.start_with?(virtual_path)
+        if host_path
+          file = raw_path.sub(%r{\A#{virtual_path}}, host_path)
+        else
+          file = raw_path.sub(%r{\A#{virtual_path}/}, '')
+        end
+      else
+        file = raw_path
+      end
+        
+      url_proc.call(file, line)
+    end
+
+    private
+
+    attr_reader :url_proc
+
+    def virtual_path
+      @virtual_path ||= ENV['BETTER_ERRORS_VIRTUAL_PATH']
+    end
+
+    def host_path
+      @host_path ||= ENV['BETTER_ERRORS_HOST_PATH']
+    end
+  end
+end

data/lib/better_errors/error_page.rb

@@ -26,8 +26,13 @@ module BetterErrors
       @id ||= SecureRandom.hex(8)
     end
 
-    def render(template_name = "main")
+    def render(template_name = "main", csrf_token = nil)
       binding.eval(self.class.template(template_name).src)
+    rescue => e
+      # Fix the backtrace, which doesn't identify the template that failed (within Better Errors).
+      # We don't know the line number, so just injecting the template path has to be enough.
+      e.backtrace.unshift "#{self.class.template_path(template_name)}:0"
+      raise
     end
 
     def do_variables(opts)
@@ -59,7 +64,23 @@ module BetterErrors
     end
 
     def exception_message
-      exception.message.lstrip
+      exception.message.strip.gsub(/(\r?\n\s*\r?\n)+/, "\n")
+    end
+
+    def exception_hint
+      exception.hint
+    end
+
+    def active_support_actions
+      return [] unless defined?(ActiveSupport::ActionableError)
+
+      ActiveSupport::ActionableError.actions(exception.type)
+    end
+
+    def action_dispatch_action_endpoint
+      return unless defined?(ActionDispatch::ActionableExceptions)
+
+      ActionDispatch::ActionableExceptions.endpoint
     end
 
     def application_frames
@@ -73,7 +94,7 @@ module BetterErrors
     private
 
     def editor_url(frame)
-      BetterErrors.editor[frame.filename, frame.line]
+      BetterErrors.editor.url(frame.filename, frame.line)
     end
 
     def rack_session
@@ -105,7 +126,13 @@ module BetterErrors
     end
 
     def inspect_value(obj)
-      InspectableValue.new(obj).to_html
+      if BetterErrors.ignored_classes.include? obj.class.name
+        "<span class='unsupported'>(Instance of ignored class. "\
+        "#{obj.class.name ? "Remove #{CGI.escapeHTML(obj.class.name)} from" : "Modify"}"\
+        " BetterErrors.ignored_classes if you need to see it.)</span>"
+      else
+        InspectableValue.new(obj).to_html
+      end
     rescue BetterErrors::ValueLargerThanConfiguredMaximum
       "<span class='unsupported'>(Object too large. "\
         "#{obj.class.name ? "Modify #{CGI.escapeHTML(obj.class.name)}#inspect or a" : "A"}"\

data/lib/better_errors/exception_hint.rb

@@ -0,0 +1,29 @@
+module BetterErrors
+  class ExceptionHint
+    def initialize(exception)
+      @exception = exception
+    end
+
+    def hint
+      case exception
+      when NoMethodError
+        /\Aundefined method `(?<method>[^']+)' for (?<val>[^:]+):(?<klass>\w+)/.match(exception.message) do |match|
+          if match[:val] == "nil"
+            return "Something is `nil` when it probably shouldn't be."
+          elsif !match[:klass].start_with? '0x'
+            return "`#{match[:method]}` is being called on a `#{match[:klass]}` object, "\
+              "which might not be the type of object you were expecting."
+          end
+        end
+      when NameError
+        /\Aundefined local variable or method `(?<method>[^']+)' for/.match(exception.message) do |match|
+          return "`#{match[:method]}` is probably misspelled."
+        end
+      end
+    end
+
+    private
+
+    attr_reader :exception
+  end
+end

data/lib/better_errors/middleware.rb

@@ -1,5 +1,6 @@
 require "json"
 require "ipaddr"
+require "securerandom"
 require "set"
 require "rack"
 
@@ -33,12 +34,14 @@ module BetterErrors
     # Adds an address to the set of IP addresses allowed to access Better
     # Errors.
     def self.allow_ip!(addr)
-      ALLOWED_IPS << IPAddr.new(addr)
+      ALLOWED_IPS << (addr.is_a?(IPAddr) ? addr : IPAddr.new(addr))
     end
 
     allow_ip! "127.0.0.0/8"
     allow_ip! "::1/128" rescue nil # windows ruby doesn't have ipv6 support
 
+    CSRF_TOKEN_COOKIE_NAME = "BetterErrors-#{BetterErrors::VERSION}-CSRF-Token"
+
     # A new instance of BetterErrors::Middleware
     #
     # @param app      The Rack app/middleware to wrap with Better Errors
@@ -72,7 +75,7 @@ module BetterErrors
     def better_errors_call(env)
       case env["PATH_INFO"]
       when %r{/__better_errors/(?<id>.+?)/(?<method>\w+)\z}
-        internal_call env, $~
+        internal_call(env, $~[:id], $~[:method])
       when %r{/__better_errors/?\z}
         show_error_page env
       else
@@ -89,11 +92,14 @@ module BetterErrors
     end
 
     def show_error_page(env, exception=nil)
+      request = Rack::Request.new(env)
+      csrf_token = request.cookies[CSRF_TOKEN_COOKIE_NAME] || SecureRandom.uuid
+
       type, content = if @error_page
         if text?(env)
           [ 'plain', @error_page.render('text') ]
         else
-          [ 'html', @error_page.render ]
+          [ 'html', @error_page.render('main', csrf_token) ]
         end
       else
         [ 'html', no_errors_page ]
@@ -104,12 +110,22 @@ module BetterErrors
         status_code = ActionDispatch::ExceptionWrapper.new(env, exception).status_code
       end
 
-      [status_code, { "Content-Type" => "text/#{type}; charset=utf-8" }, [content]]
+      response = Rack::Response.new(content, status_code, { "Content-Type" => "text/#{type}; charset=utf-8" })
+
+      unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
+        response.set_cookie(CSRF_TOKEN_COOKIE_NAME, value: csrf_token, path: "/", httponly: true, same_site: :strict)
+      end
+
+      # In older versions of Rack, the body returned here is actually a Rack::BodyProxy which seems to be a bug.
+      # (It contains status, headers and body and does not act like an array of strings.)
+      # Since we already have status code and body here, there's no need to use the ones in the Rack::Response.
+      (_status_code, headers, _body) = response.finish
+      [status_code, headers, [content]]
     end
 
     def text?(env)
       env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" ||
-      !env["HTTP_ACCEPT"].to_s.include?('html')
+        !env["HTTP_ACCEPT"].to_s.include?('html')
     end
 
     def log_exception
@@ -129,13 +145,22 @@ module BetterErrors
       end
     end
 
-    def internal_call(env, opts)
+    def internal_call(env, id, method)
+      return not_found_json_response unless %w[variables eval].include?(method)
       return no_errors_json_response unless @error_page
-      return invalid_error_json_response if opts[:id] != @error_page.id
+      return invalid_error_json_response if id != @error_page.id
+
+      request = Rack::Request.new(env)
+      return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
+
+      request.body.rewind
+      body = JSON.parse(request.body.read)
+      return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME] == body['csrfToken']
+
+      return not_acceptable_json_response unless request.content_type == 'application/json'
 
-      env["rack.input"].rewind
-      response = @error_page.send("do_#{opts[:method]}", JSON.parse(env["rack.input"].read))
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(response)]]
+      response = @error_page.send("do_#{method}", body)
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(response)]]
     end
 
     def no_errors_page
@@ -157,18 +182,40 @@ module BetterErrors
         "The application has been restarted since this page loaded, " +
           "or the framework is reloading all gems before each request "
       end
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
         error: 'No exception information available',
         explanation: explanation,
       )]]
     end
 
     def invalid_error_json_response
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
         error: "Session expired",
         explanation: "This page was likely opened from a previous exception, " +
           "and the exception is no longer available in memory.",
       )]]
     end
+
+    def invalid_csrf_token_json_response
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Invalid CSRF Token",
+        explanation: "The browser session might have been cleared, " +
+          "or something went wrong.",
+      )]]
+    end
+
+    def not_found_json_response
+      [404, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Not found",
+        explanation: "Not a recognized internal call.",
+      )]]
+    end
+
+    def not_acceptable_json_response
+      [406, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Request not acceptable",
+        explanation: "The internal request did not match an acceptable content type.",
+      )]]
+    end
   end
 end