core_ext 0.0.1

data/lib/core_ext/string/output_safety.rb

@@ -0,0 +1,261 @@
+require 'erb'
+require 'core_ext/kernel/singleton_class'
+
+class ERB
+  module Util
+    HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
+    JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003e', '<' => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
+    HTML_ESCAPE_REGEXP = /[&"'><]/
+    HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
+    JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
+
+    # A utility method for escaping HTML tag characters.
+    # This method is also aliased as <tt>h</tt>.
+    #
+    # In your ERB templates, use this method to escape any unsafe content. For example:
+    #   <%= h @person.name %>
+    #
+    #   puts html_escape('is a > 0 & a < 10?')
+    #   # => is a &gt; 0 &amp; a &lt; 10?
+    def html_escape(s)
+      unwrapped_html_escape(s).html_safe
+    end
+
+    # Aliasing twice issues a warning "discarding old...". Remove first to avoid it.
+    remove_method(:h)
+    alias h html_escape
+
+    module_function :h
+
+    singleton_class.send(:remove_method, :html_escape)
+    module_function :html_escape
+
+    # HTML escapes strings but doesn't wrap them with an CoreExt::SafeBuffer.
+    # This method is not for public consumption! Seriously!
+    def unwrapped_html_escape(s) # :nodoc:
+      s = s.to_s
+      if s.html_safe?
+        s
+      else
+        CoreExt::Multibyte::Unicode.tidy_bytes(s).gsub(HTML_ESCAPE_REGEXP, HTML_ESCAPE)
+      end
+    end
+    module_function :unwrapped_html_escape
+
+    # A utility method for escaping HTML without affecting existing escaped entities.
+    #
+    #   html_escape_once('1 < 2 &amp; 3')
+    #   # => "1 &lt; 2 &amp; 3"
+    #
+    #   html_escape_once('&lt;&lt; Accept & Checkout')
+    #   # => "&lt;&lt; Accept &amp; Checkout"
+    def html_escape_once(s)
+      result = CoreExt::Multibyte::Unicode.tidy_bytes(s.to_s).gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE)
+      s.html_safe? ? result.html_safe : result
+    end
+
+    module_function :html_escape_once
+
+    # A utility method for escaping HTML entities in JSON strings. Specifically, the
+    # &, > and < characters are replaced with their equivalent unicode escaped form -
+    # \u0026, \u003e, and \u003c. The Unicode sequences \u2028 and \u2029 are also
+    # escaped as they are treated as newline characters in some JavaScript engines.
+    # These sequences have identical meaning as the original characters inside the
+    # context of a JSON string, so assuming the input is a valid and well-formed
+    # JSON value, the output will have equivalent meaning when parsed:
+    #
+    #   json = JSON.generate({ name: "</script><script>alert('PWNED!!!')</script>"})
+    #   # => "{\"name\":\"</script><script>alert('PWNED!!!')</script>\"}"
+    #
+    #   json_escape(json)
+    #   # => "{\"name\":\"\\u003C/script\\u003E\\u003Cscript\\u003Ealert('PWNED!!!')\\u003C/script\\u003E\"}"
+    #
+    #   JSON.parse(json) == JSON.parse(json_escape(json))
+    #   # => true
+    #
+    # The intended use case for this method is to escape JSON strings before including
+    # them inside a script tag to avoid XSS vulnerability:
+    #
+    #   <script>
+    #     var currentUser = <%= raw json_escape(current_user.to_json) %>;
+    #   </script>
+    #
+    # It is necessary to +raw+ the result of +json_escape+, so that quotation marks
+    # don't get converted to <tt>&quot;</tt> entities. +json_escape+ doesn't
+    # automatically flag the result as HTML safe, since the raw value is unsafe to
+    # use inside HTML attributes.
+    #
+    # If your JSON is being used downstream for insertion into the DOM, be aware of
+    # whether or not it is being inserted via +html()+. Most jQuery plugins do this.
+    # If that is the case, be sure to +html_escape+ or +sanitize+ any user-generated
+    # content returned by your JSON.
+    #
+    # If you need to output JSON elsewhere in your HTML, you can just do something
+    # like this, as any unsafe characters (including quotation marks) will be
+    # automatically escaped for you:
+    #
+    #   <div data-user-info="<%= current_user.to_json %>">...</div>
+    #
+    # WARNING: this helper only works with valid JSON. Using this on non-JSON values
+    # will open up serious XSS vulnerabilities. For example, if you replace the
+    # +current_user.to_json+ in the example above with user input instead, the browser
+    # will happily eval() that string as JavaScript.
+    #
+    # The escaping performed in this method is identical to those performed in the
+    # Active Support JSON encoder when +CoreExt.escape_html_entities_in_json+ is
+    # set to true. Because this transformation is idempotent, this helper can be
+    # applied even if +CoreExt.escape_html_entities_in_json+ is already true.
+    #
+    # Therefore, when you are unsure if +CoreExt.escape_html_entities_in_json+
+    # is enabled, or if you are unsure where your JSON string originated from, it
+    # is recommended that you always apply this helper (other libraries, such as the
+    # JSON gem, do not provide this kind of protection by default; also some gems
+    # might override +to_json+ to bypass Active Support's encoder).
+    def json_escape(s)
+      result = s.to_s.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
+      s.html_safe? ? result.html_safe : result
+    end
+
+    module_function :json_escape
+  end
+end
+
+class Object
+  def html_safe?
+    false
+  end
+end
+
+class Numeric
+  def html_safe?
+    true
+  end
+end
+
+module CoreExt #:nodoc:
+  class SafeBuffer < String
+    UNSAFE_STRING_METHODS = %w(
+      capitalize chomp chop delete downcase gsub lstrip next reverse rstrip
+      slice squeeze strip sub succ swapcase tr tr_s upcase
+    )
+
+    alias_method :original_concat, :concat
+    private :original_concat
+
+    class SafeConcatError < StandardError
+      def initialize
+        super 'Could not concatenate to the buffer because it is not html safe.'
+      end
+    end
+
+    def [](*args)
+      if args.size < 2
+        super
+      else
+        if html_safe?
+          new_safe_buffer = super
+
+          if new_safe_buffer
+            new_safe_buffer.instance_variable_set :@html_safe, true
+          end
+
+          new_safe_buffer
+        else
+          to_str[*args]
+        end
+      end
+    end
+
+    def safe_concat(value)
+      raise SafeConcatError unless html_safe?
+      original_concat(value)
+    end
+
+    def initialize(*)
+      @html_safe = true
+      super
+    end
+
+    def initialize_copy(other)
+      super
+      @html_safe = other.html_safe?
+    end
+
+    def clone_empty
+      self[0, 0]
+    end
+
+    def concat(value)
+      super(html_escape_interpolated_argument(value))
+    end
+    alias << concat
+
+    def prepend(value)
+      super(html_escape_interpolated_argument(value))
+    end
+
+    def +(other)
+      dup.concat(other)
+    end
+
+    def %(args)
+      case args
+      when Hash
+        escaped_args = Hash[args.map { |k,arg| [k, html_escape_interpolated_argument(arg)] }]
+      else
+        escaped_args = Array(args).map { |arg| html_escape_interpolated_argument(arg) }
+      end
+
+      self.class.new(super(escaped_args))
+    end
+
+    def html_safe?
+      defined?(@html_safe) && @html_safe
+    end
+
+    def to_s
+      self
+    end
+
+    def to_param
+      to_str
+    end
+
+    def encode_with(coder)
+      coder.represent_object nil, to_str
+    end
+
+    UNSAFE_STRING_METHODS.each do |unsafe_method|
+      if unsafe_method.respond_to?(unsafe_method)
+        class_eval <<-EOT, __FILE__, __LINE__ + 1
+          def #{unsafe_method}(*args, &block)       # def capitalize(*args, &block)
+            to_str.#{unsafe_method}(*args, &block)  #   to_str.capitalize(*args, &block)
+          end                                       # end
+
+          def #{unsafe_method}!(*args)              # def capitalize!(*args)
+            @html_safe = false                      #   @html_safe = false
+            super                                   #   super
+          end                                       # end
+        EOT
+      end
+    end
+
+    private
+
+    def html_escape_interpolated_argument(arg)
+      (!html_safe? || arg.html_safe?) ? arg :
+        arg.to_s.gsub(ERB::Util::HTML_ESCAPE_REGEXP, ERB::Util::HTML_ESCAPE)
+    end
+  end
+end
+
+class String
+  # Marks a string as trusted safe. It will be inserted into HTML with no
+  # additional escaping performed. It is your responsibilty to ensure that the
+  # string contains no malicious content. This method is equivalent to the
+  # `raw` helper in views. It is recommended that you use `sanitize` instead of
+  # this method. It should never be called on user input.
+  def html_safe
+    CoreExt::SafeBuffer.new(self)
+  end
+end

data/lib/core_ext/string/starts_ends_with.rb

@@ -0,0 +1,4 @@
+class String
+  alias_method :starts_with?, :start_with?
+  alias_method :ends_with?, :end_with?
+end

data/lib/core_ext/string/strip.rb

@@ -0,0 +1,23 @@
+class String
+  # Strips indentation in heredocs.
+  #
+  # For example in
+  #
+  #   if options[:usage]
+  #     puts <<-USAGE.strip_heredoc
+  #       This command does such and such.
+  #
+  #       Supported options are:
+  #         -h         This message
+  #         ...
+  #     USAGE
+  #   end
+  #
+  # the user would see the usage message aligned against the left margin.
+  #
+  # Technically, it looks for the least indented non-empty line
+  # in the whole string, and removes that amount of leading whitespace.
+  def strip_heredoc
+    gsub(/^#{scan(/^[ \t]*(?=\S)/).min}/, ''.freeze)
+  end
+end

data/lib/core_ext/string/zones.rb

@@ -0,0 +1,14 @@
+require 'core_ext/string/conversions'
+require 'core_ext/time/zones'
+
+class String
+  # Converts String to a TimeWithZone in the current zone if Time.zone or Time.zone_default
+  # is set, otherwise converts String to a Time via String#to_time
+  def in_time_zone(zone = ::Time.zone)
+    if zone
+      ::Time.find_zone!(zone).parse(self)
+    else
+      to_time
+    end
+  end
+end

data/lib/core_ext/string.rb

@@ -0,0 +1,13 @@
+require 'core_ext/string/conversions'
+require 'core_ext/string/filters'
+require 'core_ext/string/multibyte'
+require 'core_ext/string/starts_ends_with'
+require 'core_ext/string/inflections'
+require 'core_ext/string/access'
+require 'core_ext/string/behavior'
+require 'core_ext/string/output_safety'
+require 'core_ext/string/exclude'
+require 'core_ext/string/strip'
+require 'core_ext/string/inquiry'
+require 'core_ext/string/indent'
+require 'core_ext/string/zones'

data/lib/core_ext/string_inquirer.rb

@@ -0,0 +1,26 @@
+module CoreExt
+  # Wrapping a string in this class gives you a prettier way to test
+  # for equality. The value returned by <tt>Rails.env</tt> is wrapped
+  # in a StringInquirer object, so instead of calling this:
+  #
+  #   Rails.env == 'production'
+  #
+  # you can call this:
+  #
+  #   Rails.env.production?
+  class StringInquirer < String
+    private
+
+      def respond_to_missing?(method_name, include_private = false)
+        method_name[-1] == '?'
+      end
+
+      def method_missing(method_name, *arguments)
+        if method_name[-1] == '?'
+          self == method_name[0..-2]
+        else
+          super
+        end
+      end
+  end
+end

data/lib/core_ext/tagged_logging.rb

@@ -0,0 +1,78 @@
+require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/object/blank'
+require 'logger'
+require 'active_support/logger'
+
+module ActiveSupport
+  # Wraps any standard Logger object to provide tagging capabilities.
+  #
+  #   logger = ActiveSupport::TaggedLogging.new(Logger.new(STDOUT))
+  #   logger.tagged('BCX') { logger.info 'Stuff' }                            # Logs "[BCX] Stuff"
+  #   logger.tagged('BCX', "Jason") { logger.info 'Stuff' }                   # Logs "[BCX] [Jason] Stuff"
+  #   logger.tagged('BCX') { logger.tagged('Jason') { logger.info 'Stuff' } } # Logs "[BCX] [Jason] Stuff"
+  #
+  # This is used by the default Rails.logger as configured by Railties to make
+  # it easy to stamp log lines with subdomains, request ids, and anything else
+  # to aid debugging of multi-user production applications.
+  module TaggedLogging
+    module Formatter # :nodoc:
+      # This method is invoked when a log event occurs.
+      def call(severity, timestamp, progname, msg)
+        super(severity, timestamp, progname, "#{tags_text}#{msg}")
+      end
+
+      def tagged(*tags)
+        new_tags = push_tags(*tags)
+        yield self
+      ensure
+        pop_tags(new_tags.size)
+      end
+
+      def push_tags(*tags)
+        tags.flatten.reject(&:blank?).tap do |new_tags|
+          current_tags.concat new_tags
+        end
+      end
+
+      def pop_tags(size = 1)
+        current_tags.pop size
+      end
+
+      def clear_tags!
+        current_tags.clear
+      end
+
+      def current_tags
+        # We use our object ID here to avoid conflicting with other instances
+        thread_key = @thread_key ||= "activesupport_tagged_logging_tags:#{object_id}".freeze
+        Thread.current[thread_key] ||= []
+      end
+
+      private
+        def tags_text
+          tags = current_tags
+          if tags.any?
+            tags.collect { |tag| "[#{tag}] " }.join
+          end
+        end
+    end
+
+    def self.new(logger)
+      # Ensure we set a default formatter so we aren't extending nil!
+      logger.formatter ||= ActiveSupport::Logger::SimpleFormatter.new
+      logger.formatter.extend Formatter
+      logger.extend(self)
+    end
+
+    delegate :push_tags, :pop_tags, :clear_tags!, to: :formatter
+
+    def tagged(*tags)
+      formatter.tagged(*tags) { yield self }
+    end
+
+    def flush
+      clear_tags!
+      super if defined?(super)
+    end
+  end
+end

data/lib/core_ext/test_case.rb

@@ -0,0 +1,88 @@
+gem 'minitest' # make sure we get the gem, not stdlib
+
+require 'minitest'
+require 'core_ext/testing/tagged_logging'
+require 'core_ext/testing/setup_and_teardown'
+require 'core_ext/testing/assertions'
+require 'core_ext/testing/deprecation'
+require 'core_ext/testing/declarative'
+require 'core_ext/testing/isolation'
+require 'core_ext/testing/constant_lookup'
+require 'core_ext/testing/time_helpers'
+require 'core_ext/testing/file_fixtures'
+require 'core_ext/testing/composite_filter'
+require 'core_ext/kernel/reporting'
+
+module CoreExt
+  class TestCase < ::Minitest::Test
+    Assertion = Minitest::Assertion
+
+    class << self
+      # Sets the order in which test cases are run.
+      #
+      #   CoreExt::TestCase.test_order = :random # => :random
+      #
+      # Valid values are:
+      # * +:random+   (to run tests in random order)
+      # * +:parallel+ (to run tests in parallel)
+      # * +:sorted+   (to run tests alphabetically by method name)
+      # * +:alpha+    (equivalent to +:sorted+)
+      def test_order=(new_order)
+        CoreExt.test_order = new_order
+      end
+
+      # Returns the order in which test cases are run.
+      #
+      #   CoreExt::TestCase.test_order # => :random
+      #
+      # Possible values are +:random+, +:parallel+, +:alpha+, +:sorted+.
+      # Defaults to +:random+.
+      def test_order
+        CoreExt.test_order ||= :random
+      end
+
+      def run(reporter, options = {})
+        if options[:patterns] && options[:patterns].any? { |p| p =~ /:\d+/ }
+          options[:filter] = \
+            Testing::CompositeFilter.new(self, options[:filter], options[:patterns])
+        end
+
+        super
+      end
+    end
+
+    alias_method :method_name, :name
+
+    include CoreExt::Testing::TaggedLogging
+    include CoreExt::Testing::SetupAndTeardown
+    include CoreExt::Testing::Assertions
+    include CoreExt::Testing::TimeHelpers
+    include CoreExt::Testing::FileFixtures
+    extend  CoreExt::Testing::Declarative
+
+    # test/unit backwards compatibility methods
+    alias :assert_raise :assert_raises
+    alias :assert_not_empty :refute_empty
+    alias :assert_not_equal :refute_equal
+    alias :assert_not_in_delta :refute_in_delta
+    alias :assert_not_in_epsilon :refute_in_epsilon
+    alias :assert_not_includes :refute_includes
+    alias :assert_not_instance_of :refute_instance_of
+    alias :assert_not_kind_of :refute_kind_of
+    alias :assert_no_match :refute_match
+    alias :assert_not_nil :refute_nil
+    alias :assert_not_operator :refute_operator
+    alias :assert_not_predicate :refute_predicate
+    alias :assert_not_respond_to :refute_respond_to
+    alias :assert_not_same :refute_same
+
+    # Reveals the intention that the block should not raise any exception.
+    #
+    #   assert_nothing_raised do
+    #     ...
+    #   end
+    def assert_nothing_raised(*args)
+      yield
+    end
+  end
+end

data/lib/core_ext/testing/assertions.rb

@@ -0,0 +1,99 @@
+require 'core_ext/object/blank'
+
+module CoreExt
+  module Testing
+    module Assertions
+      # Asserts that an expression is not truthy. Passes if <tt>object</tt> is
+      # +nil+ or +false+. "Truthy" means "considered true in a conditional"
+      # like <tt>if foo</tt>.
+      #
+      #   assert_not nil    # => true
+      #   assert_not false  # => true
+      #   assert_not 'foo'  # => Expected "foo" to be nil or false
+      #
+      # An error message can be specified.
+      #
+      #   assert_not foo, 'foo should be false'
+      def assert_not(object, message = nil)
+        message ||= "Expected #{mu_pp(object)} to be nil or false"
+        assert !object, message
+      end
+
+      # Test numeric difference between the return value of an expression as a
+      # result of what is evaluated in the yielded block.
+      #
+      #   assert_difference 'Article.count' do
+      #     post :create, params: { article: {...} }
+      #   end
+      #
+      # An arbitrary expression is passed in and evaluated.
+      #
+      #   assert_difference 'Article.last.comments(:reload).size' do
+      #     post :create, params: { comment: {...} }
+      #   end
+      #
+      # An arbitrary positive or negative difference can be specified.
+      # The default is <tt>1</tt>.
+      #
+      #   assert_difference 'Article.count', -1 do
+      #     post :delete, params: { id: ... }
+      #   end
+      #
+      # An array of expressions can also be passed in and evaluated.
+      #
+      #   assert_difference [ 'Article.count', 'Post.count' ], 2 do
+      #     post :create, params: { article: {...} }
+      #   end
+      #
+      # A lambda or a list of lambdas can be passed in and evaluated:
+      #
+      #   assert_difference ->{ Article.count }, 2 do
+      #     post :create, params: { article: {...} }
+      #   end
+      #
+      #   assert_difference [->{ Article.count }, ->{ Post.count }], 2 do
+      #     post :create, params: { article: {...} }
+      #   end
+      #
+      # An error message can be specified.
+      #
+      #   assert_difference 'Article.count', -1, 'An Article should be destroyed' do
+      #     post :delete, params: { id: ... }
+      #   end
+      def assert_difference(expression, difference = 1, message = nil, &block)
+        expressions = Array(expression)
+
+        exps = expressions.map { |e|
+          e.respond_to?(:call) ? e : lambda { eval(e, block.binding) }
+        }
+        before = exps.map(&:call)
+
+        retval = yield
+
+        expressions.zip(exps).each_with_index do |(code, e), i|
+          error  = "#{code.inspect} didn't change by #{difference}"
+          error  = "#{message}.\n#{error}" if message
+          assert_equal(before[i] + difference, e.call, error)
+        end
+
+        retval
+      end
+
+      # Assertion that the numeric result of evaluating an expression is not
+      # changed before and after invoking the passed in block.
+      #
+      #   assert_no_difference 'Article.count' do
+      #     post :create, params: { article: invalid_attributes }
+      #   end
+      #
+      # An error message can be specified.
+      #
+      #   assert_no_difference 'Article.count', 'An Article should not be created' do
+      #     post :create, params: { article: invalid_attributes }
+      #   end
+      def assert_no_difference(expression, message = nil, &block)
+        assert_difference expression, 0, message, &block
+      end
+    end
+  end
+end

data/lib/core_ext/testing/autorun.rb

@@ -0,0 +1,12 @@
+gem 'minitest'
+
+require 'minitest'
+
+if Minitest.respond_to?(:run_with_rails_extension)
+  unless Minitest.run_with_rails_extension
+    Minitest.run_with_autorun = true
+    Minitest.autorun
+  end
+else
+  Minitest.autorun
+end

data/lib/core_ext/testing/composite_filter.rb

@@ -0,0 +1,54 @@
+require 'method_source'
+
+module CoreExt
+  module Testing
+    class CompositeFilter # :nodoc:
+      def initialize(runnable, filter, patterns)
+        @runnable = runnable
+        @filters = [ derive_regexp(filter), *derive_line_filters(patterns) ].compact
+      end
+
+      def ===(method)
+        @filters.any? { |filter| filter === method }
+      end
+
+      private
+        def derive_regexp(filter)
+          filter =~ %r%/(.*)/% ? Regexp.new($1) : filter
+        end
+
+        def derive_line_filters(patterns)
+          patterns.map do |file_and_line|
+            file, line = file_and_line.split(':')
+            Filter.new(@runnable, file, line) if file
+          end
+        end
+
+        class Filter # :nodoc:
+          def initialize(runnable, file, line)
+            @runnable, @file = runnable, File.expand_path(file)
+            @line = line.to_i if line
+          end
+
+          def ===(method)
+            return unless @runnable.method_defined?(method)
+
+            if @line
+              test_file, test_range = definition_for(@runnable.instance_method(method))
+              test_file == @file && test_range.include?(@line)
+            else
+              @runnable.instance_method(method).source_location.first == @file
+            end
+          end
+
+          private
+            def definition_for(method)
+              file, start_line = method.source_location
+              end_line = method.source.count("\n") + start_line - 1
+
+              return file, start_line..end_line
+            end
+        end
+    end
+  end
+end