cloud_events 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 036b0516dd1cbb3d6f2c4855809facc6edb4ac994b00355056182a704a072306
-  data.tar.gz: 4eccf559900a089b4a86ce269a30bd604dd4bcad3973ad5ffbe69735acb2a7e7
+  metadata.gz: e92a0db6d57da2784f958e81f3416ade3c4c6c1e5e7830571be444c84a1001a0
+  data.tar.gz: e48bad4cf6cf8797c6f5a16817f6951a1c3b2138778fa2e6779b58fd49f28f21
 SHA512:
-  metadata.gz: b0d255359ad545ec1f0898f437b2b220e72cc8766de1f59e0534c71c4863fd093b410e9350048506d8b99a22235d23aef9b9c4ca0fee757242229cdd283faaf2
-  data.tar.gz: 84a043396ad6cd11e6cd05fd7ce6bdd2993fcede29d2fc780c88419dc2bbd99d230c573b8c237f53940e033fe42449c0976e85c9842fef6dd829e798ecd4daa2
+  metadata.gz: 4429473d95e6150514f796a907f74a96741ab9378e2c833ed6945fbe4f5d85fe654d0bb6502960900c349721b167f90fc62994a2525a3fd372bc7ea9468c66f6
+  data.tar.gz: 91f22bf6c0b20357326166d896e0036dd90ae32f66b7c233a63cb3e060abac51827b2a9d560f6324830db2b5240e436d0f942c99a41bf8a1c711a48fe6af8d80

data/.yardopts

@@ -8,4 +8,4 @@
 -
 README.md
 CHANGELOG.md
-LICENSE.md
+LICENSE

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+### v0.8.0 / 2025-11-04
+
+* BREAKING CHANGE: Raise AttributeError if an illegal attribute name is used
+* ADDED: Require Ruby 2.7 or later
+* FIXED: Improved hashing algorithm for opaque event objects
+* FIXED: Removed dependency on base64 gem
+* FIXED: Raise AttributeError if an illegal attribute name is used
+* DOCS: Add link to the security mailing list
+
+### v0.7.1 / 2023-10-04
+
+* DOCS: Governance docs per CE PR 1226
+
 ### v0.7.0 / 2022-01-14
 
 * HttpBinding#probable_event? returns false if the request method is GET or HEAD.

data/CONTRIBUTING.md

@@ -0,0 +1,167 @@
+# Contributing to CloudEvents' Ruby SDK
+
+:+1::tada: First off, thanks for taking the time to contribute! :tada::+1:
+
+We welcome contributions from the community! Please take some time to become
+acquainted with the process before submitting a pull request. There are just
+a few things to keep in mind.
+
+# Pull Requests
+
+Typically, a pull request should relate to an existing issue. If you have
+found a bug, want to add an improvement, or suggest an API change, please
+create an issue before proceeding with a pull request. For very minor changes
+such as typos in the documentation this isn't really necessary.
+
+## Pull Request Guidelines
+
+Here you will find step by step guidance for creating, submitting and updating
+a pull request in this repository. We hope it will help you have an easy time
+managing your work and a positive, satisfying experience when contributing
+your code. Thanks for getting involved! :rocket:
+
+* [Getting Started](#getting-started)
+* [Branches](#branches)
+* [Commit Messages](#commit-messages)
+* [Staying current with main](#staying-current-with-main)
+* [Submitting and Updating a Pull Request](#submitting-and-updating-a-pull-request)
+* [Congratulations!](#congratulations)
+
+## Getting Started
+
+When creating a pull request, first fork this repository and clone it to your
+local development environment. Then add this repository as the upstream.
+
+```console
+git clone https://github.com/mygithuborg/sdk-ruby.git
+cd sdk-ruby
+git remote add upstream https://github.com/cloudevents/sdk-ruby.git
+```
+
+## Branches
+
+The first thing you'll need to do is create a branch for your work.
+If you are submitting a pull request that fixes or relates to an existing
+GitHub issue, you can use the issue number in your branch name to keep things
+organized.
+
+```console
+git fetch upstream
+git reset --hard upstream/main
+git checkout FETCH_HEAD
+git checkout -b 48-fix-http-agent-error
+```
+
+## Commit Messages
+
+Please follow the
+[Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/#summary).
+The first line of your commit should be prefixed with a type, be a single
+sentence with no period, and succinctly indicate what this commit changes.
+
+All commit message lines should be kept to fewer than 80 characters if possible.
+
+An example of a good commit message.
+
+```log
+docs: remove 0.1, 0.2 spec support from README
+```
+
+### Signing your commits
+
+Each commit must be signed. Use the `--signoff` flag for your commits.
+
+```console
+git commit --signoff
+```
+
+This will add a line to every git commit message:
+
+    Signed-off-by: Joe Smith <joe.smith@email.com>
+
+Use your real name (sorry, no pseudonyms or anonymous contributions.)
+
+The sign-off is a signature line at the end of your commit message. Your
+signature certifies that you wrote the patch or otherwise have the right to pass
+it on as open-source code. See [developercertificate.org](http://developercertificate.org/)
+for the full text of the certification.
+
+Be sure to have your `user.name` and `user.email` set in your git config.
+If your git config information is set properly then viewing the `git log`
+information for your commit will look something like this:
+
+```
+Author: Joe Smith <joe.smith@email.com>
+Date:   Thu Feb 2 11:41:15 2018 -0800
+
+    Update README
+
+    Signed-off-by: Joe Smith <joe.smith@email.com>
+```
+
+Notice the `Author` and `Signed-off-by` lines match. If they don't your PR will
+be rejected by the automated DCO check.
+
+## Staying Current with `main`
+
+As you are working on your branch, changes may happen on `main`. Before
+submitting your pull request, be sure that your branch has been updated
+with the latest commits.
+
+```console
+git fetch upstream
+git rebase upstream/main
+```
+
+This may cause conflicts if the files you are changing on your branch are
+also changed on main. Error messages from `git` will indicate if conflicts
+exist and what files need attention. Resolve the conflicts in each file, then
+continue with the rebase with `git rebase --continue`.
+
+
+If you've already pushed some changes to your `origin` fork, you'll
+need to force push these changes.
+
+```console
+git push -f origin 48-fix-http-agent-error
+```
+
+## Submitting and Updating Your Pull Request
+
+Before submitting a pull request, you should make sure that all of the tests
+successfully pass.
+
+Once you have sent your pull request, `main` may continue to evolve
+before your pull request has landed. If there are any commits on `main`
+that conflict with your changes, you may need to update your branch with
+these changes before the pull request can land. Resolve conflicts the same
+way as before.
+
+```console
+git fetch upstream
+git rebase upstream/main
+# fix any potential conflicts
+git push -f origin 48-fix-http-agent-error
+```
+
+This will cause the pull request to be updated with your changes, and
+CI will rerun.
+
+A maintainer may ask you to make changes to your pull request. Sometimes these
+changes are minor and shouldn't appear in the commit log. For example, you may
+have a typo in one of your code comments that should be fixed before merge.
+You can prevent this from adding noise to the commit log with an interactive
+rebase. See the [git documentation](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History)
+for details.
+
+```console
+git commit -m "fixup: fix typo"
+git rebase -i upstream/main # follow git instructions
+```
+
+Once you have rebased your commits, you can force push to your fork as before.
+
+## Congratulations!
+
+Congratulations! You've done it! We really appreciate the time and energy
+you've given to the project. Thank you.

data/MAINTAINERS.md

@@ -0,0 +1,5 @@
+# Maintainers
+
+Current active maintainers of this SDK:
+
+- [Daniel Azuma](https://github.com/dazuma)

data/README.md

@@ -184,31 +184,6 @@ few things to keep in mind.
  *  **Make sure CI passes.** Invoke `toys ci` to run the tests locally before
     opening a pull request. This will include code style checks.
 
-### Releasing
-
-Releases can be performed only by users with write access to the repository.
-
-To perform a release:
-
- 1. Go to the GitHub Actions tab, and launch the "Request Release" workflow.
-    You can leave the input field blank.
-
- 2. The workflow will analyze the commit messages since the last release, and
-    open a pull request with a new version and a changelog entry. You can
-    optionally edit this pull request to modify the changelog or change the
-    version released.
-
- 3. Merge the pull request (keeping the `release: pending` label set.) Once the
-    CI tests have run successfully, a job will run automatically to perform the
-    release, including tagging the commit in git, building and releasing a gem,
-    and building and pushing documentation.
-
-These tasks can also be performed manually by running the appropriate scripts
-locally. See `toys release request --help` and `toys release perform --help`
-for more information.
-
-If a release fails, you may need to delete the release tag before retrying.
-
 ### For more information
 
  *  Library documentation: https://cloudevents.github.io/sdk-ruby
@@ -243,18 +218,13 @@ for how PR reviews and approval, and our
 [Code of Conduct](https://github.com/cloudevents/spec/blob/master/community/GOVERNANCE.md#additional-information)
 information.
 
-## Licensing
-
-    Copyright 2020 Google LLC and the CloudEvents Ruby SDK Contributors
-
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this software except in compliance with the License.
-    You may obtain a copy of the License at
+If there is a security concern with one of the CloudEvents specifications, or
+with one of the project's SDKs, please send an email to
+[cncf-cloudevents-security@lists.cncf.io](mailto:cncf-cloudevents-security@lists.cncf.io).
 
-        https://www.apache.org/licenses/LICENSE-2.0
+## Additional SDK Resources
 
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
+- [List of current active maintainers](MAINTAINERS.md)
+- [How to contribute to the project](CONTRIBUTING.md)
+- [SDK's License](LICENSE)
+- [SDK's Release process](RELEASING.md)

data/RELEASING.md

@@ -0,0 +1,25 @@
+# Releasing
+
+Releases can be performed only by users with write access to the repository.
+
+To perform a release:
+
+ 1. Go to the GitHub Actions tab, and launch the "Request Release" workflow.
+    You can leave the input field blank.
+
+ 2. The workflow will analyze the commit messages since the last release, and
+    open a pull request with a new version and a changelog entry. You can
+    optionally edit this pull request to modify the changelog or change the
+    version released.
+
+ 3. Merge the pull request (keeping the `release: pending` label set.) Once the
+    CI tests have run successfully, a job will run automatically to perform the
+    release, including tagging the commit in git, building and releasing a gem,
+    and building and pushing documentation.
+
+These tasks can also be performed manually by running the appropriate scripts
+locally. See `toys release request --help` and `toys release perform --help`
+for more information.
+
+If a release fails, you may need to delete the release tag before retrying.
+

data/lib/cloud_events/content_type.rb

@@ -24,7 +24,7 @@ module CloudEvents
     # @param default_charset [String] Optional. The charset to use if none is
     #     specified. Defaults to `us-ascii`.
     #
-    def initialize string, default_charset: nil
+    def initialize(string, default_charset: nil)
       @string = string.to_s
       @media_type = "text"
       @subtype_base = @subtype = "plain"
@@ -32,9 +32,9 @@ module CloudEvents
       @params = []
       @charset = default_charset || "us-ascii"
       @error_message = nil
-      parse consume_comments @string.strip
+      parse(consume_comments(@string.strip))
       @canonical_string = "#{@media_type}/#{@subtype}" +
-                          @params.map { |k, v| "; #{k}=#{maybe_quote v}" }.join
+                          @params.map { |k, v| "; #{k}=#{maybe_quote(v)}" }.join
       full_freeze
     end
 
@@ -102,13 +102,13 @@ module CloudEvents
     # @param key [String]
     # @return [Array<String>]
     #
-    def param_values key
+    def param_values(key)
       key = key.downcase
       @params.inject([]) { |a, (k, v)| key == k ? a << v : a }
     end
 
     ## @private
-    def == other
+    def ==(other)
       other.is_a?(ContentType) && canonical_string == other.canonical_string
     end
     alias eql? ==
@@ -124,16 +124,16 @@ module CloudEvents
 
     private
 
-    def parse str
-      @media_type, str = consume_token str, downcase: true, error_message: "Failed to parse media type"
-      str = consume_special str, "/"
-      @subtype, str = consume_token str, downcase: true, error_message: "Failed to parse subtype"
-      @subtype_base, @subtype_format = @subtype.split "+", 2
+    def parse(str)
+      @media_type, str = consume_token(str, downcase: true, error_message: "Failed to parse media type")
+      str = consume_special(str, "/")
+      @subtype, str = consume_token(str, downcase: true, error_message: "Failed to parse subtype")
+      @subtype_base, @subtype_format = @subtype.split("+", 2)
       until str.empty?
-        str = consume_special str, ";"
-        name, str = consume_token str, downcase: true, error_message: "Faled to parse attribute name"
-        str = consume_special str, "=", error_message: "Failed to find value for attribute #{name}"
-        val, str = consume_token_or_quoted str, error_message: "Failed to parse value for attribute #{name}"
+        str = consume_special(str, ";")
+        name, str = consume_token(str, downcase: true, error_message: "Faled to parse attribute name")
+        str = consume_special(str, "=", error_message: "Failed to find value for attribute #{name}")
+        val, str = consume_token_or_quoted(str, error_message: "Failed to parse value for attribute #{name}")
         @params << [name, val]
         @charset = val if name == "charset"
       end
@@ -141,34 +141,34 @@ module CloudEvents
       @error_message = e.message
     end
 
-    def consume_token str, downcase: false, error_message: nil
-      match = /^([\w!#$%&'*+.\^`{|}-]+)(.*)$/.match str
-      raise ParseError, error_message || "Expected token" unless match
+    def consume_token(str, downcase: false, error_message: nil)
+      match = /^([\w!#$%&'*+.\^`{|}-]+)(.*)$/.match(str)
+      raise(ParseError, error_message || "Expected token") unless match
       token = match[1]
       token.downcase! if downcase
-      str = consume_comments match[2].strip
+      str = consume_comments(match[2].strip)
       [token, str]
     end
 
-    def consume_special str, expected, error_message: nil
-      raise ParseError, error_message || "Expected #{expected.inspect}" unless str.start_with? expected
-      consume_comments str[1..-1].strip
+    def consume_special(str, expected, error_message: nil)
+      raise(ParseError, error_message || "Expected #{expected.inspect}") unless str.start_with?(expected)
+      consume_comments(str[1..].strip)
     end
 
-    def consume_token_or_quoted str, error_message: nil
-      return consume_token str unless str.start_with? '"'
+    def consume_token_or_quoted(str, error_message: nil)
+      return consume_token(str) unless str.start_with?('"')
       arr = []
       index = 1
       loop do
         char = str[index]
         case char
         when nil
-          raise ParseError, error_message || "Quoted-string never finished"
+          raise(ParseError, error_message || "Quoted-string never finished")
         when "\""
           break
         when "\\"
           char = str[index + 1]
-          raise ParseError, error_message || "Quoted-string never finished" unless char
+          raise(ParseError, error_message || "Quoted-string never finished") unless char
           arr << char
           index += 2
         else
@@ -177,34 +177,34 @@ module CloudEvents
         end
       end
       index += 1
-      str = consume_comments str[index..-1].strip
+      str = consume_comments(str[index..].strip)
       [arr.join, str]
     end
 
-    def consume_comments str
-      return str unless str.start_with? "("
+    def consume_comments(str)
+      return str unless str.start_with?("(")
       index = 1
       loop do
         char = str[index]
         case char
         when nil
-          raise ParseError, "Comment never finished"
+          raise(ParseError, "Comment never finished")
         when ")"
           break
         when "\\"
           index += 2
         when "("
-          str = consume_comments str[index..-1]
+          str = consume_comments(str[index..])
           index = 0
         else
           index += 1
         end
       end
       index += 1
-      consume_comments str[index..-1].strip
+      consume_comments(str[index..].strip)
     end
 
-    def maybe_quote str
+    def maybe_quote(str)
       return str if /^[\w!#$%&'*+.\^`{|}-]+$/ =~ str
       str = str.gsub("\\", "\\\\\\\\").gsub("\"", "\\\\\"")
       "\"#{str}\""

data/lib/cloud_events/event/field_interpreter.rb

@@ -9,60 +9,61 @@ module CloudEvents
     # @private
     #
     class FieldInterpreter
-      def initialize args
-        @args = Utils.keys_to_strings args
+      def initialize(args)
+        @args = Utils.keys_to_strings(args)
         @attributes = {}
       end
 
-      def finish_attributes
+      def finish_attributes(requires_lc_start: false)
         @args.each do |key, value|
+          check_attribute_name(key, requires_lc_start)
           @attributes[key.freeze] = value.to_s.freeze unless value.nil?
         end
         @args = {}
         @attributes.freeze
       end
 
-      def string keys, required: false, allow_empty: false
-        object keys, required: required do |value|
+      def string(keys, required: false, allow_empty: false)
+        object(keys, required: required) do |value|
           case value
           when ::String
-            raise AttributeError, "The #{keys.first} field cannot be empty" if value.empty? && !allow_empty
+            raise(AttributeError, "The #{keys.first} field cannot be empty") if value.empty? && !allow_empty
             value.freeze
             [value, value]
           else
-            raise AttributeError, "Illegal type for #{keys.first}:" \
-                                  " String expected but #{value.class} found"
+            raise(AttributeError, "Illegal type for #{keys.first}: " \
+                                  "String expected but #{value.class} found")
           end
         end
       end
 
-      def uri keys, required: false
-        object keys, required: required do |value|
+      def uri(keys, required: false)
+        object(keys, required: required) do |value|
           case value
           when ::String
-            raise AttributeError, "The #{keys.first} field cannot be empty" if value.empty?
+            raise(AttributeError, "The #{keys.first} field cannot be empty") if value.empty?
             begin
               [Utils.deep_freeze(::URI.parse(value)), value.freeze]
             rescue ::URI::InvalidURIError => e
-              raise AttributeError, "Illegal format for #{keys.first}: #{e.message}"
+              raise(AttributeError, "Illegal format for #{keys.first}: #{e.message}")
             end
           when ::URI::Generic
             [Utils.deep_freeze(value), value.to_s.freeze]
           else
-            raise AttributeError, "Illegal type for #{keys.first}:" \
-                                  " String or URI expected but #{value.class} found"
+            raise(AttributeError, "Illegal type for #{keys.first}: " \
+                                  "String or URI expected but #{value.class} found")
           end
         end
       end
 
-      def rfc3339_date_time keys, required: false
-        object keys, required: required do |value|
+      def rfc3339_date_time(keys, required: false)
+        object(keys, required: required) do |value|
           case value
           when ::String
             begin
               [Utils.deep_freeze(::DateTime.rfc3339(value)), value.freeze]
             rescue ::Date::Error => e
-              raise AttributeError, "Illegal format for #{keys.first}: #{e.message}"
+              raise(AttributeError, "Illegal format for #{keys.first}: #{e.message}")
             end
           when ::DateTime
             [Utils.deep_freeze(value), value.rfc3339.freeze]
@@ -70,44 +71,44 @@ module CloudEvents
             value = value.to_datetime
             [Utils.deep_freeze(value), value.rfc3339.freeze]
           else
-            raise AttributeError, "Illegal type for #{keys.first}:" \
-                                  " String, Time, or DateTime expected but #{value.class} found"
+            raise(AttributeError, "Illegal type for #{keys.first}: " \
+                                  "String, Time, or DateTime expected but #{value.class} found")
           end
         end
       end
 
-      def content_type keys, required: false
-        object keys, required: required do |value|
+      def content_type(keys, required: false)
+        object(keys, required: required) do |value|
           case value
           when ::String
-            raise AttributeError, "The #{keys.first} field cannot be empty" if value.empty?
+            raise(AttributeError, "The #{keys.first} field cannot be empty") if value.empty?
             [ContentType.new(value), value.freeze]
           when ContentType
             [value, value.to_s]
           else
-            raise AttributeError, "Illegal type for #{keys.first}:" \
-                                  " String, or ContentType expected but #{value.class} found"
+            raise(AttributeError, "Illegal type for #{keys.first}: " \
+                                  "String, or ContentType expected but #{value.class} found")
           end
         end
       end
 
-      def spec_version keys, accept:
-        object keys, required: true do |value|
+      def spec_version(keys, accept:)
+        object(keys, required: true) do |value|
           case value
           when ::String
-            raise SpecVersionError, "Unrecognized specversion: #{value}" unless accept =~ value
+            raise(SpecVersionError, "Unrecognized specversion: #{value}") unless accept =~ value
             value.freeze
             [value, value]
           else
-            raise AttributeError, "Illegal type for #{keys.first}:" \
-                                  " String expected but #{value.class} found"
+            raise(AttributeError, "Illegal type for #{keys.first}: " \
+                                  "String expected but #{value.class} found")
           end
         end
       end
 
-      def data_object keys, required: false
-        object keys, required: required, allow_nil: true do |value|
-          Utils.deep_freeze value
+      def data_object(keys, required: false)
+        object(keys, required: required, allow_nil: true) do |value|
+          Utils.deep_freeze(value)
           [value, value]
         end
       end
@@ -116,21 +117,28 @@ module CloudEvents
 
       private
 
-      def object keys, required: false, allow_nil: false
+      def object(keys, required: false, allow_nil: false)
         value = UNDEFINED
         keys.each do |key|
-          key_present = @args.key? key
-          val = @args.delete key
-          value = val if allow_nil && key_present || !allow_nil && !val.nil?
+          key_present = @args.key?(key)
+          val = @args.delete(key)
+          value = val if (allow_nil && key_present) || (!allow_nil && !val.nil?)
         end
         if value == UNDEFINED
-          raise AttributeError, "The #{keys.first} field is required" if required
+          raise(AttributeError, "The #{keys.first} field is required") if required
           return allow_nil ? UNDEFINED : nil
         end
-        converted, raw = yield value
+        converted, raw = yield(value)
         @attributes[keys.first.freeze] = raw
         converted
       end
+
+      def check_attribute_name(key, requires_lc_start)
+        regex = requires_lc_start ? /^[a-z][a-z0-9]*$/ : /^[a-z0-9]+$/
+        unless regex.match?(key)
+          raise(AttributeError, "Illegal key: #{key.inspect} must consist only of digits and lower-case letters")
+        end
+      end
     end
   end
 end

data/lib/cloud_events/event/opaque.rb

@@ -24,7 +24,7 @@ module CloudEvents
       #     or not provided, the value will be inferred from the content type
       #     if possible, or otherwise set to `nil` indicating not known.
       #
-      def initialize content, content_type, batch: nil
+      def initialize(content, content_type, batch: nil)
         @content = content.freeze
         @content_type = content_type
         if batch.nil? && content_type&.media_type == "application"
@@ -63,7 +63,7 @@ module CloudEvents
       end
 
       ## @private
-      def == other
+      def ==(other)
         Opaque === other &&
           @content == other.content &&
           @content_type == other.content_type &&
@@ -73,7 +73,7 @@ module CloudEvents
 
       ## @private
       def hash
-        @content.hash ^ @content_type.hash ^ @batch.hash
+        [@content, @content_type, @batch].hash
       end
     end
   end