curb 1.3.5 → 1.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a502fb4afad21a24a20302b7522b616b08afbbe3d4b5b2a3eeee46d83b53c50d
-  data.tar.gz: 5e68fd3f3380f2045dfc6d4e8e157ebbb9fc56e4b76601574c92a755665eeef2
+  metadata.gz: 11348a158e7da3d3406acd021be1a15f881ce2c607ff04e60b522a3bd92cd828
+  data.tar.gz: 0c524ce914df77b109a2aad85289386b2bf54028733fcf4ec5657a84abf511b8
 SHA512:
-  metadata.gz: 940f343ad1d926ddcf27b994bca191e131176e766dce3d7f211f9ed5b28917ffb9ebfa5b8f71247ac8ca8a0b916e6565b60fb2ae57a964770b3273d1bd7d5d69
-  data.tar.gz: 77a44dd831eea50e786d4b4871c2f1702e3bee2c74d0484f7b0812a91d19d4bcdd79c12e20dce7cd8ffcbaf0e06ae77cc6cc7734b7c71fa2feabc636af82b0d8
+  metadata.gz: b4ebd6b04943bfc099a6593ede1c70298555ed1a6613958e8628cde43c30b8c7f8b86990d91c7a350481589495fe7d5dc4ad1ac3c313823bb7fb21e483e8910c
+  data.tar.gz: 0a78bc41496259eae9989d25e4a47c57a9a9aed6f79b00e77efae691b487a730e71e6cdf8081ae35d33893a84b033219ae24c40cf47effd8e3d1b0ca3591f222

data/README.md

@@ -199,6 +199,63 @@ Curl::Multi.download(urls, options) do |curl, file_path|
 end
 ```
 
+## Security considerations
+
+`curb` is a libcurl binding and intentionally supports protocols beyond HTTP.
+Do not pass untrusted URLs to `Curl.get`, `Curl::Easy.new`, or related raw
+helpers without application-level validation. For user-supplied URLs, enable the
+process-wide safety policy before making requests:
+
+```ruby
+Curl.safe! do |config|
+  config.network_policy = :public       # block local/private destination IPs
+  config.max_body_bytes = 1_000_000     # cap buffered/callback response bytes
+end
+
+curl = Curl.get(user_url)               # allows only http/https, including redirects
+```
+
+To allow a different protocol set, configure it explicitly. Redirects default to
+the same protocol list:
+
+```ruby
+Curl.safe! do |config|
+  config.protocols = [:http, :ftp]
+  config.max_body_bytes = 1_000_000
+end
+```
+
+For local per-handle policy instead of process-wide policy, use
+`easy.safe_http!` and `easy.max_body_bytes = ...` before `perform`.
+
+With `network_policy = :public`, curb checks peer addresses when libcurl opens
+the socket and blocks local/private destinations. Proxies, `resolve`,
+`connect_to`, DoH URL overrides, and Unix socket paths are disabled by default
+under this policy unless explicitly allowed in the safety config. Custom DNS
+server overrides are rejected. To use a trusted explicit proxy without
+re-enabling environment proxies, set `allowed_proxy_hosts` and configure
+`easy.proxy_url` on the request.
+
+For stricter egress, combine the public network policy with host and CIDR
+allowlists. Host allowlists gate the configured request URL and, when supported
+by libcurl, each followed redirect before the request is sent. CIDR allowlists
+are checked against the resolved peer address at socket-open time:
+
+```ruby
+Curl.safe! do |config|
+  config.network_policy = :public
+  config.allowed_hosts = ["api.example.com"]
+  config.allowed_proxy_hosts = ["proxy.example.com"]
+  config.allowed_cidrs = ["93.184.216.0/24", "2606:2800:220::/48"]
+end
+```
+
+By default, responses are buffered into `body` when no `on_body` callback is
+configured. For untrusted or large responses, use `on_body`, `download`, and/or
+`max_body_bytes` so a remote endpoint cannot force unbounded memory growth.
+`max_body_bytes` is enforced for downloads as well as buffered responses and
+custom body callbacks.
+
 ## You will need
 
 * A working Ruby installation (`2.0.0+` will work but `2.1+` preferred) (it's possible it still works with 1.8.7 but you'd have to tell me if not...)

data/Rakefile

@@ -107,9 +107,10 @@ else
 end
 
 ruby_memcheck_config = { binary_name: 'curb_core' }
+ruby_version = Gem::Version.new(RUBY_VERSION)
 
-if RUBY_ENGINE == 'ruby' && RUBY_VERSION == '4.0.4'
-  # Ruby 4.0.4 reports fiber/block-handler VM stack accesses under Valgrind.
+if RUBY_ENGINE == 'ruby' && ruby_version >= Gem::Version.new('4.0.4') && ruby_version < Gem::Version.new('4.1.0')
+  # Ruby 4.0.4+ reports fiber/block-handler VM stack accesses under Valgrind.
   # Keep reporting errors that originate in curb_core, but filter Ruby-side noise.
   ruby_memcheck_config[:filter_all_errors] = true
   if RubyMemcheck::Configuration.instance_method(:initialize).parameters.any? { |type, name|
@@ -183,7 +184,11 @@ end
 # RDoc Tasks ---------------------------------------------------------
 desc "Create the RDOC documentation"
 task :doc do
-  ruby "doc.rb #{ENV['DOC_OPTS']}"
+  doc_opts = Shellwords.split(ENV.fetch('DOC_OPTS', ''))
+  unsupported_opts = doc_opts - ['--cpp']
+  fail "Unsupported DOC_OPTS: #{unsupported_opts.join(' ')}" unless unsupported_opts.empty?
+
+  ruby 'doc.rb', *doc_opts
 end
 
 desc "Publish the RDoc documentation to project web site"

data/doc.rb

@@ -1,10 +1,35 @@
 require 'fileutils'
+require 'open3'
+require 'shellwords'
 include FileUtils
 
-begin
-  incflags = File.read('ext/Makefile')[/INCFLAGS\s*=\s*(.*)$/,1]
+def makefile_variables(path)
+  variables = {}
+
+  File.foreach(path) do |line|
+    line = line.chomp
+    variables[$1] = $2.strip if line =~ /\A([A-Za-z_]\w*)\s*=\s*(.*)\z/
+  end
+
+  variables
+end
+
+def expand_make_variables(value, variables, seen = [])
+  value.gsub(/\$\(([^)]+)\)/) do
+    key = Regexp.last_match(1)
+    raise ArgumentError, "unsupported Makefile variable in INCFLAGS: #{key}" unless variables.key?(key)
+    raise ArgumentError, "recursive Makefile variable in INCFLAGS: #{key}" if seen.include?(key)
+
+    expand_make_variables(variables[key], variables, seen + [key])
+  end
+end
+
+def makefile_incflags
+  variables = makefile_variables('ext/Makefile')
+  Shellwords.split(expand_make_variables(variables.fetch('INCFLAGS', ''), variables))
 rescue Errno::ENOENT
   $stderr.puts("No makefile found; run `rake ext/Makefile' first.")
+  []
 end
 
 pp_srcdir = 'ext'
@@ -15,26 +40,41 @@ mkdir(tmpdir)
 begin
   if ARGV.include?('--cpp') 
     begin
-      if `cpp --version` =~ /\(GCC\)/
+      cpp_version, status = Open3.capture2e('cpp', '--version')
+
+      if status.success? && cpp_version =~ /\(GCC\)/
         # gnu cpp
         $stderr.puts "Running GNU cpp over source"
+        incflags = makefile_incflags
         
-        Dir['ext/*.c'].each do |fn|
-          system("cpp -DRDOC_NEVER_DEFINED -C #{incflags} -o " +
-                 "#{File.join(tmpdir, File.basename(fn))} #{fn}")
+        Dir['ext/*.c'].sort.each do |fn|
+          out = File.join(tmpdir, File.basename(fn))
+          abort "cpp failed for #{fn}" unless system('cpp', '-DRDOC_NEVER_DEFINED', '-C', *incflags, '-o', out, fn)
         end
         
         pp_srcdir = tmpdir
       else
         $stderr.puts "Not running cpp (non-GNU)"
       end
-    rescue
+    rescue Errno::ENOENT
       # no cpp          
       $stderr.puts "No cpp found"
+    rescue ArgumentError => e
+      abort e.message
     end
   end
  
-  system("rdoc --title='Curb - libcurl bindings for ruby' --main=README #{pp_srcdir}/*.c README LICENSE lib/curb.rb")
+  main = File.exist?('README.md') ? 'README.md' : 'README'
+  sources = Dir[File.join(pp_srcdir, '*.c')].sort
+  abort 'rdoc failed' unless system(
+    'rdoc',
+    '--title', 'Curb - libcurl bindings for ruby',
+    '--main', main,
+    *sources,
+    main,
+    'LICENSE',
+    'lib/curb.rb'
+  )
 ensure
   rm_rf(tmpdir)
 end

data/ext/curb.c

@@ -457,6 +457,12 @@ void Init_curb_core() {
 #endif
 #ifdef HAVE_CURLOPT_OPENSOCKETDATA
   CURB_DEFINE(CURLOPT_OPENSOCKETDATA);
+#endif
+#ifdef HAVE_CURLOPT_PREREQFUNCTION
+  CURB_DEFINE(CURLOPT_PREREQFUNCTION);
+#endif
+#ifdef HAVE_CURLOPT_PREREQDATA
+  CURB_DEFINE(CURLOPT_PREREQDATA);
 #endif
   /* CURLOPT_PROGRESSFUNCTION deprecated since 7.32.0, use XFERINFOFUNCTION */
 #ifdef HAVE_CURLOPT_PROGRESSFUNCTION
@@ -557,6 +563,9 @@ void Init_curb_core() {
   CURB_DEFINE(CURLOPT_LOCALPORT);
 #endif
   CURB_DEFINE(CURLOPT_DNS_CACHE_TIMEOUT);
+#ifdef HAVE_CURLOPT_DNS_SERVERS
+  CURB_DEFINE(CURLOPT_DNS_SERVERS);
+#endif
   /* CURLOPT_DNS_USE_GLOBAL_CACHE deprecated since 7.11.1, does nothing since 7.62.0 */
 #ifdef HAVE_CURLOPT_DNS_USE_GLOBAL_CACHE
   CURB_DEFINE(CURLOPT_DNS_USE_GLOBAL_CACHE);
@@ -955,6 +964,9 @@ void Init_curb_core() {
 #ifdef HAVE_CURLUSESSL_ALL
   CURB_DEFINE(CURLUSESSL_ALL);
 #endif
+#ifdef HAVE_CURLOPT_CONNECT_TO
+  CURB_DEFINE(CURLOPT_CONNECT_TO);
+#endif
 #ifdef HAVE_CURLOPT_RESOLVE
   CURB_DEFINE(CURLOPT_RESOLVE);
 #endif
@@ -1011,6 +1023,18 @@ void Init_curb_core() {
 #ifdef HAVE_CURLOPT_SSL_VERIFYPEER
   CURB_DEFINE(CURLOPT_SSL_VERIFYPEER);
 #endif
+#ifdef HAVE_CURLOPT_DOH_URL
+  CURB_DEFINE(CURLOPT_DOH_URL);
+#endif
+#ifdef HAVE_CURLOPT_DOH_SSL_VERIFYPEER
+  CURB_DEFINE(CURLOPT_DOH_SSL_VERIFYPEER);
+#endif
+#ifdef HAVE_CURLOPT_DOH_SSL_VERIFYHOST
+  CURB_DEFINE(CURLOPT_DOH_SSL_VERIFYHOST);
+#endif
+#ifdef HAVE_CURLOPT_DOH_SSL_VERIFYSTATUS
+  CURB_DEFINE(CURLOPT_DOH_SSL_VERIFYSTATUS);
+#endif
 #ifdef HAVE_CURLOPT_CAINFO
   CURB_DEFINE(CURLOPT_CAINFO);
 #endif

data/ext/curb.h

@@ -28,11 +28,11 @@
 #include "curb_macros.h"
 
 // These should be managed from the Rake 'release' task.
-#define CURB_VERSION   "1.3.5"
-#define CURB_VER_NUM   1035
+#define CURB_VERSION   "1.3.6"
+#define CURB_VER_NUM   1036
 #define CURB_VER_MAJ   1
 #define CURB_VER_MIN   3
-#define CURB_VER_MIC   5
+#define CURB_VER_MIC   6
 #define CURB_VER_PATCH 0