better_errors 2.6.0 → 2.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8cb5c2454ca55776cbfa1c596788008c56d584202c55fc0599e9fbb0c6d45e9
-  data.tar.gz: ac7de8121e985ef3277da64604a72e1c117bddba34fa15aa5e838a2bb937bcb7
+  metadata.gz: 8d3d72dd8ce0e7e2cca7766facffd1e6ae40a51f23f870683427b2e50bec4e2c
+  data.tar.gz: 648379df7f566ebe03c271a42777920bae0b778f412b58d05f65a4eebd9066e7
 SHA512:
-  metadata.gz: 4ae119905448207a0af32b0f62fe812c533fe6bc990c85fb5b10066696be80f8ea44ad141a8eb4c7435180042c964a2258c8a5212bf56eb2c45050621aaa467a
-  data.tar.gz: 2ad99de05bd4905a79cd05bd5428b336e1cdf79d84889d3c6331275749fed3912671ed43e308e86d5afbccc83767ae43e4288bb48fccd00c205cd0c23571ece3
+  metadata.gz: c00de73b57d84b02f606bf8aca932ee54abd20a26ae4c8be0a77c57a93810e1483f9ef255ecf92beb4eb6b2573e3b870fa9a8891ea49951768627b02f0ae3852
+  data.tar.gz: 54172e86102ee07af71a12ae6e6dcda7d306bb85b0dc387d23ead5ec0c992d5e3372e56d2779bdad7370bed68e5d76c21cb7941083eba699ccc955045fb46941

data/.travis.yml

@@ -1,4 +1,3 @@
-sudo: false
 language: ruby
 cache: bundler
 notifications:
@@ -12,20 +11,26 @@ rvm:
   - 2.3.8
   - 2.4.9
   - 2.5.7
+  - 2.6.5
+  - 2.7.0
   - ruby-head
+  - truffleruby-head
 gemfile:
   - gemfiles/rails42.gemfile
   - gemfiles/rails50.gemfile
   - gemfiles/rails51.gemfile
   - gemfiles/rails52.gemfile
+  - gemfiles/rails60.gemfile
   - gemfiles/rails42_haml.gemfile
   - gemfiles/rails50_haml.gemfile
   - gemfiles/rails51_haml.gemfile
   - gemfiles/rails52_haml.gemfile
+  - gemfiles/rails60_haml.gemfile
   - gemfiles/rails42_boc.gemfile
   - gemfiles/rails50_boc.gemfile
   - gemfiles/rails51_boc.gemfile
   - gemfiles/rails52_boc.gemfile
+  - gemfiles/rails60_boc.gemfile
   - gemfiles/rack.gemfile
   - gemfiles/rack_boc.gemfile
   - gemfiles/pry09.gemfile
@@ -38,21 +43,69 @@ matrix:
     - gemfile: gemfiles/pry010.gemfile
     - gemfile: gemfiles/pry011.gemfile
   exclude:
+    - rvm: 2.2.10
+      gemfile: gemfiles/rails60.gemfile
+    - rvm: 2.2.10
+      gemfile: gemfiles/rails60_boc.gemfile
+    - rvm: 2.2.10
+      gemfile: gemfiles/rails60_haml.gemfile
     - rvm: 2.3.8
       gemfile: gemfiles/rails42.gemfile
     - rvm: 2.3.8
       gemfile: gemfiles/rails42_boc.gemfile
     - rvm: 2.3.8
       gemfile: gemfiles/rails42_haml.gemfile
+    - rvm: 2.3.8
+      gemfile: gemfiles/rails60.gemfile
+    - rvm: 2.3.8
+      gemfile: gemfiles/rails60_boc.gemfile
+    - rvm: 2.3.8
+      gemfile: gemfiles/rails60_haml.gemfile
     - rvm: 2.4.9
       gemfile: gemfiles/rails42.gemfile
     - rvm: 2.4.9
       gemfile: gemfiles/rails42_boc.gemfile
     - rvm: 2.4.9
       gemfile: gemfiles/rails42_haml.gemfile
+    - rvm: 2.4.9
+      gemfile: gemfiles/rails60.gemfile
+    - rvm: 2.4.9
+      gemfile: gemfiles/rails60_boc.gemfile
+    - rvm: 2.4.9
+      gemfile: gemfiles/rails60_haml.gemfile
     - rvm: 2.5.7
       gemfile: gemfiles/rails42.gemfile
     - rvm: 2.5.7
       gemfile: gemfiles/rails42_boc.gemfile
     - rvm: 2.5.7
       gemfile: gemfiles/rails42_haml.gemfile
+    - rvm: 2.6.5
+      gemfile: gemfiles/rails42.gemfile
+    - rvm: 2.6.5
+      gemfile: gemfiles/rails42_boc.gemfile
+    - rvm: 2.6.5
+      gemfile: gemfiles/rails42_haml.gemfile
+    - rvm: 2.7.0
+      gemfile: gemfiles/rails42.gemfile
+    - rvm: 2.7.0
+      gemfile: gemfiles/rails42_boc.gemfile
+    - rvm: 2.7.0
+      gemfile: gemfiles/rails42_haml.gemfile
+    - rvm: ruby-head
+      gemfile: gemfiles/rails42.gemfile
+    - rvm: ruby-head
+      gemfile: gemfiles/rails42_boc.gemfile
+    - rvm: ruby-head
+      gemfile: gemfiles/rails42_haml.gemfile
+    - rvm: truffleruby-head
+      gemfile: gemfiles/rails42_boc.gemfile
+    - rvm: truffleruby-head
+      gemfile: gemfiles/rails50_boc.gemfile
+    - rvm: truffleruby-head
+      gemfile: gemfiles/rails51_boc.gemfile
+    - rvm: truffleruby-head
+      gemfile: gemfiles/rails52_boc.gemfile
+    - rvm: truffleruby-head
+      gemfile: gemfiles/rails60_boc.gemfile
+    - rvm: truffleruby-head
+      gemfile: gemfiles/rack_boc.gemfile

data/README.md

@@ -35,6 +35,28 @@ end
 
 _Note: If you discover that Better Errors isn't working - particularly after upgrading from version 0.5.0 or less - be sure to set `config.consider_all_requests_local = true` in `config/environments/development.rb`._
 
+### Optional: Set `EDITOR`
+
+For many reasons outside of Better Errors, you should have the `EDITOR` environment variable set to your preferred
+editor.
+Better Errors, like many other tools, will use that environment variable to show a link that opens your
+editor to the file and line from the console.
+
+By default the links will open TextMate-protocol links.
+
+To see if your editor is supported or to set up a different editor, see [the wiki](https://github.com/BetterErrors/better_errors/wiki/Link-to-your-editor).
+
+### Optional: Set `BETTER_ERRORS_INSIDE_FRAME`
+
+If your application is running inside of an iframe, or if you have a Content Security Policy that disallows links
+to other protocols, the editor links will not work.
+
+To work around this set `BETTER_ERRORS_INSIDE_FRAME=1` in the environment, and the links will include `target=_blank`,
+allowing the link to open regardless of the policy.
+
+_This works because it opens the editor from a new browser tab, escaping from the restrictions of your site._
+_Unfortunately it leaves behind an empty tab each time, so only use this if needed._
+
 ## Security
 
 **NOTE:** It is *critical* you put better\_errors only in the **development** section of your Gemfile.
@@ -93,6 +115,16 @@ See [the wiki for instructions on configuring the editor](https://github.com/Bet
 BetterErrors.maximum_variable_inspect_size = 100_000
 ```
 
+## Ignore inspection of variables with certain classes.
+
+```ruby
+# e.g. in config/initializers/better_errors.rb
+# This will stop BetterErrors from trying to inspect objects of these classes, which can cause
+# slow loading times and unneccessary database queries. Does not check inheritance chain, use
+# strings not contants.
+# default value: ['ActionDispatch::Request', 'ActionDispatch::Response']
+BetterErrors.ignored_classes = ['ActionDispatch::Request', 'ActionDispatch::Response']
+```
 
 ## Get in touch!
 

data/better_errors.gemspec

@@ -22,6 +22,7 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency "rake", "~> 10.0"
   s.add_development_dependency "rspec", "~> 3.5"
+  s.add_development_dependency "rspec-html-matchers"
   s.add_development_dependency "rspec-its"
   s.add_development_dependency "yard"
   # kramdown 2.1 requires Ruby 2.3+

data/gemfiles/rails60.gemfile

@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+
+gem 'coveralls', require: false
+
+gemspec path: "../"

data/gemfiles/rails60_boc.gemfile

@@ -0,0 +1,8 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+gem "binding_of_caller"
+
+gem 'coveralls', require: false
+
+gemspec path: "../"

data/gemfiles/rails60_haml.gemfile

@@ -0,0 +1,8 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+gem "haml"
+
+gem 'coveralls', require: false
+
+gemspec path: "../"

data/lib/better_errors.rb

@@ -21,6 +21,7 @@ module BetterErrors
     { symbols: [:idea], sniff: /idea/i, url: "idea://open?file=%{file}&line=%{line}" },
     { symbols: [:rubymine], sniff: /mine/i, url: "x-mine://open?file=%{file}&line=%{line}" },
     { symbols: [:vscode, :code], sniff: /code/i, url: "vscode://file/%{file}:%{line}" },
+    { symbols: [:vscodium, :codium], sniff: /codium/i, url: "vscodium://file/%{file}:%{line}" },
     { symbols: [:atom], sniff: /atom/i,  url: "atom://core/open/file?filename=%{file}&line=%{line}" },
   ]
 
@@ -54,9 +55,14 @@ module BetterErrors
     # the variable won't be returned.
     # @return int
     attr_accessor :maximum_variable_inspect_size
+
+    # List of classes that are excluded from inspection.
+    # @return [Array]
+    attr_accessor :ignored_classes
   end
   @ignored_instance_variables = []
   @maximum_variable_inspect_size = 100_000
+  @ignored_classes = ['ActionDispatch::Request', 'ActionDispatch::Response']
 
   # Returns a proc, which when called with a filename and line number argument,
   # returns a URL to open the filename and line in the selected editor.

data/lib/better_errors/error_page.rb

@@ -26,8 +26,13 @@ module BetterErrors
       @id ||= SecureRandom.hex(8)
     end
 
-    def render(template_name = "main")
+    def render(template_name = "main", csrf_token = nil)
       binding.eval(self.class.template(template_name).src)
+    rescue => e
+      # Fix the backtrace, which doesn't identify the template that failed (within Better Errors).
+      # We don't know the line number, so just injecting the template path has to be enough.
+      e.backtrace.unshift "#{self.class.template_path(template_name)}:0"
+      raise
     end
 
     def do_variables(opts)
@@ -59,7 +64,19 @@ module BetterErrors
     end
 
     def exception_message
-      exception.message.lstrip
+      exception.message.strip.gsub(/(\r?\n\s*\r?\n)+/, "\n")
+    end
+
+    def active_support_actions
+      return [] unless defined?(ActiveSupport::ActionableError)
+
+      ActiveSupport::ActionableError.actions(exception.type)
+    end
+
+    def action_dispatch_action_endpoint
+      return unless defined?(ActionDispatch::ActionableExceptions)
+
+      ActionDispatch::ActionableExceptions.endpoint
     end
 
     def application_frames
@@ -105,7 +122,13 @@ module BetterErrors
     end
 
     def inspect_value(obj)
-      InspectableValue.new(obj).to_html
+      if BetterErrors.ignored_classes.include? obj.class.name
+        "<span class='unsupported'>(Instance of ignored class. "\
+        "#{obj.class.name ? "Remove #{CGI.escapeHTML(obj.class.name)} from" : "Modify"}"\
+        " BetterErrors.ignored_classes if you need to see it.)</span>"
+      else
+        InspectableValue.new(obj).to_html
+      end
     rescue BetterErrors::ValueLargerThanConfiguredMaximum
       "<span class='unsupported'>(Object too large. "\
         "#{obj.class.name ? "Modify #{CGI.escapeHTML(obj.class.name)}#inspect or a" : "A"}"\

data/lib/better_errors/middleware.rb

@@ -1,5 +1,6 @@
 require "json"
 require "ipaddr"
+require "securerandom"
 require "set"
 require "rack"
 
@@ -39,6 +40,8 @@ module BetterErrors
     allow_ip! "127.0.0.0/8"
     allow_ip! "::1/128" rescue nil # windows ruby doesn't have ipv6 support
 
+    CSRF_TOKEN_COOKIE_NAME = "BetterErrors-#{VERSION}-CSRF-Token"
+
     # A new instance of BetterErrors::Middleware
     #
     # @param app      The Rack app/middleware to wrap with Better Errors
@@ -72,7 +75,7 @@ module BetterErrors
     def better_errors_call(env)
       case env["PATH_INFO"]
       when %r{/__better_errors/(?<id>.+?)/(?<method>\w+)\z}
-        internal_call env, $~
+        internal_call(env, $~[:id], $~[:method])
       when %r{/__better_errors/?\z}
         show_error_page env
       else
@@ -89,11 +92,14 @@ module BetterErrors
     end
 
     def show_error_page(env, exception=nil)
+      request = Rack::Request.new(env)
+      csrf_token = request.cookies[CSRF_TOKEN_COOKIE_NAME] || SecureRandom.uuid
+
       type, content = if @error_page
         if text?(env)
           [ 'plain', @error_page.render('text') ]
         else
-          [ 'html', @error_page.render ]
+          [ 'html', @error_page.render('main', csrf_token) ]
         end
       else
         [ 'html', no_errors_page ]
@@ -104,12 +110,22 @@ module BetterErrors
         status_code = ActionDispatch::ExceptionWrapper.new(env, exception).status_code
       end
 
-      [status_code, { "Content-Type" => "text/#{type}; charset=utf-8" }, [content]]
+      response = Rack::Response.new(content, status_code, { "Content-Type" => "text/#{type}; charset=utf-8" })
+
+      unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
+        response.set_cookie(CSRF_TOKEN_COOKIE_NAME, value: csrf_token, path: "/", httponly: true, same_site: :strict)
+      end
+
+      # In older versions of Rack, the body returned here is actually a Rack::BodyProxy which seems to be a bug.
+      # (It contains status, headers and body and does not act like an array of strings.)
+      # Since we already have status code and body here, there's no need to use the ones in the Rack::Response.
+      (_status_code, headers, _body) = response.finish
+      [status_code, headers, [content]]
     end
 
     def text?(env)
       env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" ||
-      !env["HTTP_ACCEPT"].to_s.include?('html')
+        !env["HTTP_ACCEPT"].to_s.include?('html')
     end
 
     def log_exception
@@ -129,13 +145,22 @@ module BetterErrors
       end
     end
 
-    def internal_call(env, opts)
+    def internal_call(env, id, method)
+      return not_found_json_response unless %w[variables eval].include?(method)
       return no_errors_json_response unless @error_page
-      return invalid_error_json_response if opts[:id] != @error_page.id
+      return invalid_error_json_response if id != @error_page.id
+
+      request = Rack::Request.new(env)
+      return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
+
+      request.body.rewind
+      body = JSON.parse(request.body.read)
+      return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME] == body['csrfToken']
+
+      return not_acceptable_json_response unless request.content_type == 'application/json'
 
-      env["rack.input"].rewind
-      response = @error_page.send("do_#{opts[:method]}", JSON.parse(env["rack.input"].read))
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(response)]]
+      response = @error_page.send("do_#{method}", body)
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(response)]]
     end
 
     def no_errors_page
@@ -157,18 +182,40 @@ module BetterErrors
         "The application has been restarted since this page loaded, " +
           "or the framework is reloading all gems before each request "
       end
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
         error: 'No exception information available',
         explanation: explanation,
       )]]
     end
 
     def invalid_error_json_response
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
         error: "Session expired",
         explanation: "This page was likely opened from a previous exception, " +
           "and the exception is no longer available in memory.",
       )]]
     end
+
+    def invalid_csrf_token_json_response
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Invalid CSRF Token",
+        explanation: "The browser session might have been cleared, " +
+          "or something went wrong.",
+      )]]
+    end
+
+    def not_found_json_response
+      [404, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Not found",
+        explanation: "Not a recognized internal call.",
+      )]]
+    end
+
+    def not_acceptable_json_response
+      [406, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Request not acceptable",
+        explanation: "The internal request did not match an acceptable content type.",
+      )]]
+    end
   end
 end

data/lib/better_errors/raised_exception.rb

@@ -4,9 +4,18 @@ module BetterErrors
     attr_reader :exception, :message, :backtrace
 
     def initialize(exception)
-      if exception.respond_to?(:cause)
+      if exception.class.name == "ActionView::Template::Error" && exception.respond_to?(:cause)
+        # Rails 6+ exceptions of this type wrap the "real" exception, and the real exception
+        # is actually more useful than the ActionView-provided wrapper. Once Better Errors
+        # supports showing all exceptions in the cause stack, this should go away. Or perhaps
+        # this can be changed to provide guidance by showing the second error in the cause stack
+        # under this condition.
         exception = exception.cause if exception.cause
       elsif exception.respond_to?(:original_exception) && exception.original_exception
+        # This supports some specific Rails exceptions, and this is not intended to act the same as
+        # the Ruby's {Exception#cause}.
+        # It's possible this should only support ActionView::Template::Error, but by not changing
+        # this we're preserving longstanding behavior of Better Errors with Rails < 6.
         exception = exception.original_exception
       end
 
@@ -36,8 +45,13 @@ module BetterErrors
 
     def setup_backtrace_from_bindings
       @backtrace = exception.__better_errors_bindings_stack.map { |binding|
-        file = binding.eval "__FILE__"
-        line = binding.eval "__LINE__"
+        if binding.respond_to?(:source_location) # Ruby >= 2.6
+          file = binding.source_location[0]
+          line = binding.source_location[1]
+        else
+          file = binding.eval "__FILE__"
+          line = binding.eval "__LINE__"
+        end
         name = binding.frame_description
         StackFrame.new(file, line, name, binding)
       }

data/lib/better_errors/templates/main.erb

@@ -146,6 +146,14 @@
     }
 
     /* Heading */
+    header.exception .fix-actions {
+        margin-top: .5em;
+    }
+
+    header.exception .fix-actions input[type=submit] {
+        font-weight: bold;
+    }
+
     header.exception h2 {
         font-weight: 200;
         font-size: 11pt;
@@ -153,7 +161,7 @@
 
     header.exception h2,
     header.exception p {
-        line-height: 1.4em;
+        line-height: 1.5em;
         overflow: hidden;
         white-space: pre;
         text-overflow: ellipsis;
@@ -166,7 +174,7 @@
 
     header.exception p {
         font-weight: 200;
-        font-size: 20pt;
+        font-size: 17pt;
         color: white;
     }
 
@@ -744,6 +752,18 @@
         <header class="exception">
             <h2><strong><%= exception_type %></strong> <span>at <%= request_path %></span></h2>
             <p><%= exception_message %></p>
+            <% unless active_support_actions.empty? %>
+                <div class='fix-actions'>
+                    <% active_support_actions.each do |action, _| %>
+                        <form class="button_to" method="post" action="<%= action_dispatch_action_endpoint %>">
+                            <input type="submit" value="<%= action %>">
+                            <input type="hidden" name="action" value="<%= action %>">
+                            <input type="hidden" name="error" value="<%= exception_type %>">
+                            <input type="hidden" name="location" value="<%= request_path %>">
+                        </form>
+                    <% end %>
+                </div>
+            <% end %>
         </header>
     </div>
 
@@ -780,6 +800,7 @@
 (function() {
 
     var OID = "<%= id %>";
+    var csrfToken = "<%= csrf_token %>";
 
     var previousFrame = null;
     var previousFrameInfo = null;
@@ -790,6 +811,7 @@
         var req = new XMLHttpRequest();
         req.open("POST", "//" + window.location.host + <%== uri_prefix.gsub("<", "&lt;").inspect %> + "/__better_errors/" + OID + "/" + method, true);
         req.setRequestHeader("Content-Type", "application/json");
+        opts.csrfToken = csrfToken;
         req.send(JSON.stringify(opts));
         req.onreadystatechange = function() {
             if(req.readyState == 4) {

data/lib/better_errors/templates/variable_info.erb

@@ -1,7 +1,14 @@
 <header class="trace_info clearfix">
     <div class="title">
         <h2 class="name"><%= @frame.name %></h2>
-        <div class="location"><span class="filename"><a href="<%= editor_url(@frame) %>"><%= @frame.pretty_path %></a></span></div>
+        <div class="location">
+          <span class="filename">
+            <a
+              href="<%= editor_url(@frame) %>"
+              <%= ENV.key?('BETTER_ERRORS_INSIDE_FRAME') ? "target=_blank" : '' %>
+            ><%= @frame.pretty_path %></a>
+          </span>
+        </div>
     </div>
     <div class="code_block clearfix">
         <%== html_formatted_code_block @frame %>

data/lib/better_errors/version.rb

@@ -1,3 +1,3 @@
 module BetterErrors
-  VERSION = "2.6.0"
+  VERSION = "2.8.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: better_errors
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.8.2
 platform: ruby
 authors:
 - Charlie Somerville
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-25 00:00:00.000000000 Z
+date: 2020-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: rspec-html-matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -157,6 +171,9 @@ files:
 - gemfiles/rails52.gemfile
 - gemfiles/rails52_boc.gemfile
 - gemfiles/rails52_haml.gemfile
+- gemfiles/rails60.gemfile
+- gemfiles/rails60_boc.gemfile
+- gemfiles/rails60_haml.gemfile
 - lib/better_errors.rb
 - lib/better_errors/code_formatter.rb
 - lib/better_errors/code_formatter/html.rb
@@ -197,7 +214,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Better error page for Rails and other Rack apps