better_errors 2.7.1 → 2.9.1

data/gemfiles/rails60_boc.gemfile

@@ -3,6 +3,7 @@ source "https://rubygems.org"
 gem "rails", "~> 6.0.0"
 gem "binding_of_caller"
 
-gem 'coveralls', require: false
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
 
 gemspec path: "../"

data/gemfiles/rails60_haml.gemfile

@@ -3,6 +3,7 @@ source "https://rubygems.org"
 gem "rails", "~> 6.0.0"
 gem "haml"
 
-gem 'coveralls', require: false
+gem 'simplecov',      require: false
+gem 'simplecov-lcov', require: false
 
 gemspec path: "../"

data/lib/better_errors.rb

@@ -3,6 +3,7 @@ require "erubi"
 require "coderay"
 require "uri"
 
+require "better_errors/version"
 require "better_errors/code_formatter"
 require "better_errors/inspectable_value"
 require "better_errors/error_page"
@@ -10,21 +11,9 @@ require "better_errors/middleware"
 require "better_errors/raised_exception"
 require "better_errors/repl"
 require "better_errors/stack_frame"
-require "better_errors/version"
+require "better_errors/editor"
 
 module BetterErrors
-  POSSIBLE_EDITOR_PRESETS = [
-    { symbols: [:emacs, :emacsclient],  sniff: /emacs/i, url: "emacs://open?url=file://%{file}&line=%{line}" },
-    { symbols: [:macvim, :mvim],        sniff: /vim/i,   url: proc { |file, line| "mvim://open?url=file://#{file}&line=#{line}" } },
-    { symbols: [:sublime, :subl, :st],  sniff: /subl/i,  url: "subl://open?url=file://%{file}&line=%{line}" },
-    { symbols: [:textmate, :txmt, :tm], sniff: /mate/i,  url: "txmt://open?url=file://%{file}&line=%{line}" },
-    { symbols: [:idea], sniff: /idea/i, url: "idea://open?file=%{file}&line=%{line}" },
-    { symbols: [:rubymine], sniff: /mine/i, url: "x-mine://open?file=%{file}&line=%{line}" },
-    { symbols: [:vscode, :code], sniff: /code/i, url: "vscode://file/%{file}:%{line}" },
-    { symbols: [:vscodium, :codium], sniff: /codium/i, url: "vscodium://file/%{file}:%{line}" },
-    { symbols: [:atom], sniff: /atom/i,  url: "atom://core/open/file?filename=%{file}&line=%{line}" },
-  ]
-
   class << self
     # The path to the root of the application. Better Errors uses this property
     # to determine if a file in a backtrace should be considered an application
@@ -64,17 +53,18 @@ module BetterErrors
   @maximum_variable_inspect_size = 100_000
   @ignored_classes = ['ActionDispatch::Request', 'ActionDispatch::Response']
 
-  # Returns a proc, which when called with a filename and line number argument,
+  # Returns an object which responds to #url, which when called with
+  # a filename and line number argument,
   # returns a URL to open the filename and line in the selected editor.
   #
   # Generates TextMate URLs by default.
   #
-  #   BetterErrors.editor["/some/file", 123]
+  #   BetterErrors.editor.url("/some/file", 123)
   #     # => txmt://open?url=file:///some/file&line=123
   #
   # @return [Proc]
   def self.editor
-    @editor
+    @editor ||= default_editor
   end
 
   # Configures how Better Errors generates open-in-editor URLs.
@@ -115,20 +105,15 @@ module BetterErrors
   #   @param [Proc] proc
   #
   def self.editor=(editor)
-    POSSIBLE_EDITOR_PRESETS.each do |config|
-      if config[:symbols].include?(editor)
-        return self.editor = config[:url]
-      end
-    end
-
-    if editor.is_a? String
-      self.editor = proc { |file, line| editor % { file: URI.encode_www_form_component(file), line: line } }
+    if editor.is_a? Symbol
+      @editor = Editor.editor_from_symbol(editor)
+      raise(ArgumentError, "Symbol #{editor} is not a symbol in the list of supported errors.") unless editor
+    elsif editor.is_a? String
+      @editor = Editor.for_formatting_string(editor)
+    elsif editor.respond_to? :call
+      @editor = Editor.for_proc(editor)
     else
-      if editor.respond_to? :call
-        @editor = editor
-      else
-        raise TypeError, "Expected editor to be a valid editor key, a format string or a callable."
-      end
+      raise ArgumentError, "Expected editor to be a valid editor key, a format string or a callable."
     end
   end
 
@@ -145,12 +130,8 @@ module BetterErrors
   #
   # @return [Symbol]
   def self.default_editor
-    POSSIBLE_EDITOR_PRESETS.detect(-> { {} }) { |config|
-      ENV["EDITOR"] =~ config[:sniff]
-    }[:url] || :textmate
+    Editor.default_editor
   end
-
-  BetterErrors.editor = default_editor
 end
 
 begin

data/lib/better_errors/editor.rb

@@ -0,0 +1,99 @@
+require "uri"
+
+module BetterErrors
+  class Editor
+    KNOWN_EDITORS = [
+      { symbols: [:atom], sniff: /atom/i, url: "atom://core/open/file?filename=%{file}&line=%{line}" },
+      { symbols: [:emacs, :emacsclient], sniff: /emacs/i, url: "emacs://open?url=file://%{file}&line=%{line}" },
+      { symbols: [:idea], sniff: /idea/i, url: "idea://open?file=%{file}&line=%{line}" },
+      { symbols: [:macvim, :mvim], sniff: /vim/i, url: "mvim://open?url=file://%{file_unencoded}&line=%{line}" },
+      { symbols: [:rubymine], sniff: /mine/i, url: "x-mine://open?file=%{file}&line=%{line}" },
+      { symbols: [:sublime, :subl, :st], sniff: /subl/i, url: "subl://open?url=file://%{file}&line=%{line}" },
+      { symbols: [:textmate, :txmt, :tm], sniff: /mate/i, url: "txmt://open?url=file://%{file}&line=%{line}" },
+      { symbols: [:vscode, :code], sniff: /code/i, url: "vscode://file/%{file}:%{line}" },
+      { symbols: [:vscodium, :codium], sniff: /codium/i, url: "vscodium://file/%{file}:%{line}" },
+    ]
+
+    def self.for_formatting_string(formatting_string)
+      new proc { |file, line|
+        formatting_string % { file: URI.encode_www_form_component(file), file_unencoded: file, line: line }
+      }
+    end
+
+    def self.for_proc(url_proc)
+      new url_proc
+    end
+
+    # Automatically sniffs a default editor preset based on
+    # environment variables.
+    #
+    # @return [Symbol]
+    def self.default_editor
+      editor_from_environment_formatting_string ||
+        editor_from_environment_editor ||
+        editor_from_symbol(:textmate)
+    end
+
+    def self.editor_from_environment_editor
+      if ENV["BETTER_ERRORS_EDITOR"]
+        editor = editor_from_command(ENV["BETTER_ERRORS_EDITOR"])
+        return editor if editor
+        puts "BETTER_ERRORS_EDITOR environment variable is not recognized as a supported Better Errors editor."
+      end
+      if ENV["EDITOR"]
+        editor = editor_from_command(ENV["EDITOR"])
+        return editor if editor
+        puts "EDITOR environment variable is not recognized as a supported Better Errors editor. Using TextMate by default."
+      else
+        puts "Since there is no EDITOR or BETTER_ERRORS_EDITOR environment variable, using Textmate by default."
+      end
+    end
+
+    def self.editor_from_command(editor_command)
+      env_preset = KNOWN_EDITORS.find { |preset| editor_command =~ preset[:sniff] }
+      for_formatting_string(env_preset[:url]) if env_preset
+    end
+
+    def self.editor_from_environment_formatting_string
+      return unless ENV['BETTER_ERRORS_EDITOR_URL']
+
+      for_formatting_string(ENV['BETTER_ERRORS_EDITOR_URL'])
+    end
+
+    def self.editor_from_symbol(symbol)
+      KNOWN_EDITORS.each do |preset|
+        return for_formatting_string(preset[:url]) if preset[:symbols].include?(symbol)
+      end
+    end
+
+    def initialize(url_proc)
+      @url_proc = url_proc
+    end
+
+    def url(raw_path, line)
+      if virtual_path && raw_path.start_with?(virtual_path)
+        if host_path
+          file = raw_path.sub(%r{\A#{virtual_path}}, host_path)
+        else
+          file = raw_path.sub(%r{\A#{virtual_path}/}, '')
+        end
+      else
+        file = raw_path
+      end
+        
+      url_proc.call(file, line)
+    end
+
+    private
+
+    attr_reader :url_proc
+
+    def virtual_path
+      @virtual_path ||= ENV['BETTER_ERRORS_VIRTUAL_PATH']
+    end
+
+    def host_path
+      @host_path ||= ENV['BETTER_ERRORS_HOST_PATH']
+    end
+  end
+end

data/lib/better_errors/error_page.rb

@@ -26,8 +26,13 @@ module BetterErrors
       @id ||= SecureRandom.hex(8)
     end
 
-    def render(template_name = "main")
+    def render(template_name = "main", csrf_token = nil)
       binding.eval(self.class.template(template_name).src)
+    rescue => e
+      # Fix the backtrace, which doesn't identify the template that failed (within Better Errors).
+      # We don't know the line number, so just injecting the template path has to be enough.
+      e.backtrace.unshift "#{self.class.template_path(template_name)}:0"
+      raise
     end
 
     def do_variables(opts)
@@ -59,7 +64,23 @@ module BetterErrors
     end
 
     def exception_message
-      exception.message.lstrip
+      exception.message.strip.gsub(/(\r?\n\s*\r?\n)+/, "\n")
+    end
+
+    def exception_hint
+      exception.hint
+    end
+
+    def active_support_actions
+      return [] unless defined?(ActiveSupport::ActionableError)
+
+      ActiveSupport::ActionableError.actions(exception.type)
+    end
+
+    def action_dispatch_action_endpoint
+      return unless defined?(ActionDispatch::ActionableExceptions)
+
+      ActionDispatch::ActionableExceptions.endpoint
     end
 
     def application_frames
@@ -73,7 +94,7 @@ module BetterErrors
     private
 
     def editor_url(frame)
-      BetterErrors.editor[frame.filename, frame.line]
+      BetterErrors.editor.url(frame.filename, frame.line)
     end
 
     def rack_session

data/lib/better_errors/exception_hint.rb

@@ -0,0 +1,29 @@
+module BetterErrors
+  class ExceptionHint
+    def initialize(exception)
+      @exception = exception
+    end
+
+    def hint
+      case exception
+      when NoMethodError
+        /\Aundefined method `(?<method>[^']+)' for (?<val>[^:]+):(?<klass>\w+)/.match(exception.message) do |match|
+          if match[:val] == "nil"
+            return "Something is `nil` when it probably shouldn't be."
+          elsif !match[:klass].start_with? '0x'
+            return "`#{match[:method]}` is being called on a `#{match[:klass]}` object, "\
+              "which might not be the type of object you were expecting."
+          end
+        end
+      when NameError
+        /\Aundefined local variable or method `(?<method>[^']+)' for/.match(exception.message) do |match|
+          return "`#{match[:method]}` is probably misspelled."
+        end
+      end
+    end
+
+    private
+
+    attr_reader :exception
+  end
+end

data/lib/better_errors/middleware.rb

@@ -1,5 +1,6 @@
 require "json"
 require "ipaddr"
+require "securerandom"
 require "set"
 require "rack"
 
@@ -39,6 +40,8 @@ module BetterErrors
     allow_ip! "127.0.0.0/8"
     allow_ip! "::1/128" rescue nil # windows ruby doesn't have ipv6 support
 
+    CSRF_TOKEN_COOKIE_NAME = "BetterErrors-#{BetterErrors::VERSION}-CSRF-Token"
+
     # A new instance of BetterErrors::Middleware
     #
     # @param app      The Rack app/middleware to wrap with Better Errors
@@ -72,7 +75,7 @@ module BetterErrors
     def better_errors_call(env)
       case env["PATH_INFO"]
       when %r{/__better_errors/(?<id>.+?)/(?<method>\w+)\z}
-        internal_call env, $~
+        internal_call(env, $~[:id], $~[:method])
       when %r{/__better_errors/?\z}
         show_error_page env
       else
@@ -89,11 +92,14 @@ module BetterErrors
     end
 
     def show_error_page(env, exception=nil)
+      request = Rack::Request.new(env)
+      csrf_token = request.cookies[CSRF_TOKEN_COOKIE_NAME] || SecureRandom.uuid
+
       type, content = if @error_page
         if text?(env)
           [ 'plain', @error_page.render('text') ]
         else
-          [ 'html', @error_page.render ]
+          [ 'html', @error_page.render('main', csrf_token) ]
         end
       else
         [ 'html', no_errors_page ]
@@ -104,12 +110,22 @@ module BetterErrors
         status_code = ActionDispatch::ExceptionWrapper.new(env, exception).status_code
       end
 
-      [status_code, { "Content-Type" => "text/#{type}; charset=utf-8" }, [content]]
+      response = Rack::Response.new(content, status_code, { "Content-Type" => "text/#{type}; charset=utf-8" })
+
+      unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
+        response.set_cookie(CSRF_TOKEN_COOKIE_NAME, value: csrf_token, path: "/", httponly: true, same_site: :strict)
+      end
+
+      # In older versions of Rack, the body returned here is actually a Rack::BodyProxy which seems to be a bug.
+      # (It contains status, headers and body and does not act like an array of strings.)
+      # Since we already have status code and body here, there's no need to use the ones in the Rack::Response.
+      (_status_code, headers, _body) = response.finish
+      [status_code, headers, [content]]
     end
 
     def text?(env)
       env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" ||
-      !env["HTTP_ACCEPT"].to_s.include?('html')
+        !env["HTTP_ACCEPT"].to_s.include?('html')
     end
 
     def log_exception
@@ -129,13 +145,22 @@ module BetterErrors
       end
     end
 
-    def internal_call(env, opts)
+    def internal_call(env, id, method)
+      return not_found_json_response unless %w[variables eval].include?(method)
       return no_errors_json_response unless @error_page
-      return invalid_error_json_response if opts[:id] != @error_page.id
+      return invalid_error_json_response if id != @error_page.id
+
+      request = Rack::Request.new(env)
+      return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
+
+      request.body.rewind
+      body = JSON.parse(request.body.read)
+      return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME] == body['csrfToken']
+
+      return not_acceptable_json_response unless request.content_type == 'application/json'
 
-      env["rack.input"].rewind
-      response = @error_page.send("do_#{opts[:method]}", JSON.parse(env["rack.input"].read))
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(response)]]
+      response = @error_page.send("do_#{method}", body)
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(response)]]
     end
 
     def no_errors_page
@@ -157,18 +182,40 @@ module BetterErrors
         "The application has been restarted since this page loaded, " +
           "or the framework is reloading all gems before each request "
       end
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
         error: 'No exception information available',
         explanation: explanation,
       )]]
     end
 
     def invalid_error_json_response
-      [200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
         error: "Session expired",
         explanation: "This page was likely opened from a previous exception, " +
           "and the exception is no longer available in memory.",
       )]]
     end
+
+    def invalid_csrf_token_json_response
+      [200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Invalid CSRF Token",
+        explanation: "The browser session might have been cleared, " +
+          "or something went wrong.",
+      )]]
+    end
+
+    def not_found_json_response
+      [404, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Not found",
+        explanation: "Not a recognized internal call.",
+      )]]
+    end
+
+    def not_acceptable_json_response
+      [406, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
+        error: "Request not acceptable",
+        explanation: "The internal request did not match an acceptable content type.",
+      )]]
+    end
   end
 end

data/lib/better_errors/raised_exception.rb

@@ -1,11 +1,23 @@
+require 'better_errors/exception_hint'
+
 # @private
 module BetterErrors
   class RaisedException
-    attr_reader :exception, :message, :backtrace
+    attr_reader :exception, :message, :backtrace, :hint
 
     def initialize(exception)
-      if exception.respond_to?(:original_exception) && exception.original_exception
-        # This supports some specific Rails exceptions, and is not intended to act the same as `#cause`.
+      if exception.class.name == "ActionView::Template::Error" && exception.respond_to?(:cause)
+        # Rails 6+ exceptions of this type wrap the "real" exception, and the real exception
+        # is actually more useful than the ActionView-provided wrapper. Once Better Errors
+        # supports showing all exceptions in the cause stack, this should go away. Or perhaps
+        # this can be changed to provide guidance by showing the second error in the cause stack
+        # under this condition.
+        exception = exception.cause if exception.cause
+      elsif exception.respond_to?(:original_exception) && exception.original_exception
+        # This supports some specific Rails exceptions, and this is not intended to act the same as
+        # the Ruby's {Exception#cause}.
+        # It's possible this should only support ActionView::Template::Error, but by not changing
+        # this we're preserving longstanding behavior of Better Errors with Rails < 6.
         exception = exception.original_exception
       end
 
@@ -13,6 +25,7 @@ module BetterErrors
       @message = exception.message
 
       setup_backtrace
+      setup_hint
       massage_syntax_error
     end
 
@@ -57,10 +70,6 @@ module BetterErrors
 
     def massage_syntax_error
       case exception.class.to_s
-      when "ActionView::Template::Error"
-        if exception.respond_to?(:file_name) && exception.respond_to?(:line_number)
-          backtrace.unshift(StackFrame.new(exception.file_name, exception.line_number.to_i, "view template"))
-        end
       when "Haml::SyntaxError", "Sprockets::Coffeelint::Error"
         if /\A(.+?):(\d+)/ =~ exception.backtrace.first
           backtrace.unshift(StackFrame.new($1, $2.to_i, ""))
@@ -72,5 +81,9 @@ module BetterErrors
         end
       end
     end
+
+    def setup_hint
+      @hint = ExceptionHint.new(exception).hint
+    end
   end
 end