dangerous_open_uri 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 55d6a0a2ef4c8959b3e1df3366fd8354b924119e
4
- data.tar.gz: 77d4e14de2d2467bd2ee883544894f970b200c30
3
+ metadata.gz: 96cdce9d0358d8066a0f0e8b3611871f48b9c5c5
4
+ data.tar.gz: 1a26ebb5c237195b637d6d43215ff4ff30a1a835
5
5
  SHA512:
6
- metadata.gz: cc1f3c388f2fa84e241514b86c892e5089d94e5c1149c441bae58c570f8fb291ca170cb941043407b7b942115fb9d9a7e8bff95037d7fe3774b2781ebab5550e
7
- data.tar.gz: bd0b86b39218709f98f10d2fa2e8dc3bb3c10a389d0afd9dddbc11bbeb4e2a41067e3f4618c15ea4848e0609a3d57ddf8b98229ed02765b91e27ff85b6ec46bc
6
+ metadata.gz: 73ad28a9db52241a31499b745c2f46645120e85fb82bf72058fc94f6117495441cc49ce7937f5eb177b579906d28c97c516e90456ceedbf98681a88e8b2474aa
7
+ data.tar.gz: 10a0ac994c377000cbed6a35d647117861be3dc089343ab34a3b1e4a76e2b733ffd7d54cac8758b4515dd43b730e5f52a07a56a31136756eaad5eb99ab14f096
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --color
2
+ --format documentation
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ language: ruby
2
+ rvm:
3
+ - 1.9.3
4
+ - 2.0.0
5
+ - 2.1.1
data/README.md CHANGED
@@ -1,10 +1,14 @@
1
+ [![Gem Version](https://badge.fury.io/rb/dangerous_open_uri.svg)](http://badge.fury.io/rb/dangerous_open_uri)
2
+ [![Build Status](https://travis-ci.org/mgi166/dangerous_open_uri.svg?branch=master)](https://travis-ci.org/mgi166/dangerous_open_uri)
3
+ [![Code Climate](https://codeclimate.com/github/mgi166/dangerous_open_uri/badges/gpa.svg)](https://codeclimate.com/github/mgi166/dangerous_open_uri)
4
+
1
5
  # DangerousOpenUri
2
6
 
3
7
  Force open dangerous uri.
4
8
 
5
9
  ## Detail
6
10
 
7
- Conclusion, Be using This gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous.
11
+ Conclusion, Be using this gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous.
8
12
  So that open-uri will not support it.
9
13
 
10
14
  But if you want to open-uri such dangerous uri absolutely, it is preferable to use this gem.
@@ -31,6 +35,12 @@ Or install it yourself as:
31
35
 
32
36
  ```ruby
33
37
  require 'dangerous_open_uri'
38
+
39
+ open('http://user:pass@example.co.jp/secret/page').read
40
+ #=> Enable to read `http://user:pass@example.co.jp/secret/page` sources
41
+
42
+ open('http://example.co.jp/index.html, proxy: 'http://user:pass@proxy.example.com')
43
+ #=> Proxy basic authentication uses `user` and `pass`
34
44
  ```
35
45
 
36
46
  ## Contributing
data/Rakefile CHANGED
@@ -1,2 +1,5 @@
1
1
  require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
2
3
 
4
+ RSpec::Core::RakeTask.new(:spec)
5
+ task :default => :spec
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
9
9
  spec.authors = ["mgi166"]
10
10
  spec.email = ["skskoari@gmail.com"]
11
11
  spec.summary = %q{Force open dangerous uri.}
12
- spec.description = %q{Conclusion, Be using This gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous. But if you want to open-uri such dangerous uri absolutely, it is preferable to use this gem.}
12
+ spec.description = %q{Conclusion, Be using this gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous. But if you want to open-uri such dangerous uri absolutely, it is preferable to use this gem.}
13
13
  spec.homepage = "https://github.com/mgi166/dangerous_open_uri"
14
14
  spec.license = "MIT"
15
15
 
@@ -18,6 +18,9 @@ Gem::Specification.new do |spec|
18
18
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
19
  spec.require_paths = ["lib"]
20
20
 
21
- spec.add_development_dependency "bundler", "~> 1.7"
22
- spec.add_development_dependency "rake", "~> 10.0"
21
+ spec.add_development_dependency "bundler"
22
+ spec.add_development_dependency "rake"
23
+ spec.add_development_dependency "rspec"
24
+ spec.add_development_dependency "webmock"
25
+ spec.add_development_dependency "coveralls"
23
26
  end
@@ -1,14 +1,23 @@
1
1
  require "dangerous_open_uri/version"
2
2
  require 'open-uri'
3
3
 
4
- OpenURI.module_eval do
4
+ module OpenURI
5
5
  instance_eval { alias :original_open_http :open_http }
6
6
 
7
7
  def self.open_http(buf, target, proxy, options)
8
+ if proxy
9
+ proxy_uri, proxy_user, proxy_pass = proxy
10
+
11
+ if proxy_uri.userinfo
12
+ proxy_user = proxy_uri.user
13
+ proxy_pass = proxy_uri.password
14
+ proxy_uri.userinfo = ""
15
+ proxy = [proxy_uri, proxy_user, proxy_pass]
16
+ end
17
+ end
18
+
8
19
  if target.userinfo
9
- userinfo = target.userinfo
10
- user, pass = userinfo.to_s.split(':', -1)
11
- options[:http_basic_authentication] = [user, pass]
20
+ options[:http_basic_authentication] = [target.user, target.password]
12
21
  target.userinfo = ""
13
22
  end
14
23
 
@@ -1,3 +1,3 @@
1
1
  module DangerousOpenUri
2
- VERSION = "1.0.1"
2
+ VERSION = "1.0.2"
3
3
  end
@@ -0,0 +1,105 @@
1
+ describe OpenURI do
2
+ describe '.open_http' do
3
+ context 'when request with basic authentication' do
4
+ it 'opens dangerous uri' do
5
+ stub_request(:any, 'user:pass@www.example.com/secret/page.html')
6
+ .to_return(body: 'aaa')
7
+
8
+ expect(
9
+ open('http://user:pass@www.example.com/secret/page.html').read
10
+ ).to eq('aaa')
11
+ end
12
+
13
+ it 'receives the option[:http_basic_authentication] from the uri of argument' do
14
+ expect(OpenURI).to receive(:original_open_http)
15
+ .with(
16
+ kind_of(OpenURI::Buffer),
17
+ URI.parse('http://www.example.com/secret/page.html'),
18
+ nil,
19
+ http_basic_authentication: ['user', 'pass']
20
+ )
21
+
22
+ open('http://user:pass@www.example.com/secret/page.html')
23
+ end
24
+
25
+ it 'given userinfo has two ":" opens dangerous uri' do
26
+ stub_request(:any, 'user:pass:broken@www.example.com/secret/page.html')
27
+ .to_return(body: 'aaa')
28
+
29
+ expect(
30
+ # user = "user", password = "pass:broken"
31
+ open('http://user:pass:broken@www.example.com/secret/page.html').read
32
+ ).to eq('aaa')
33
+ end
34
+
35
+ it 'given has user but no password opens dangerous uri' do
36
+ stub_request(:any, 'user:@www.example.com/secret/page.html')
37
+ .to_return(body: 'aaa')
38
+
39
+ expect(
40
+ open('http://user:@www.example.com/secret/page.html').read
41
+ ).to eq('aaa')
42
+ end
43
+
44
+ it 'given no user but has password opens dangerous uri' do
45
+ stub_request(:any, ':pass@www.example.com/secret/page.html')
46
+ .to_return(body: 'aaa')
47
+
48
+ expect(
49
+ open('http://:pass@www.example.com/secret/page.html').read
50
+ ).to eq('aaa')
51
+ end
52
+
53
+ it 'given userinfo == ":" opens dangerous uri' do
54
+ stub_request(:any, 'www.example.com/secret/page.html')
55
+ .to_return(body: 'aaa')
56
+
57
+ expect(
58
+ open('http://:@www.example.com/secret/page.html').read
59
+ ).to eq('aaa')
60
+ end
61
+
62
+ it 'given userinfo not include ":" opens dangerous uri' do
63
+ stub_request(:any, 'baduserinfo:@www.example.com/secret/page.html')
64
+ .to_return(body: 'aaa')
65
+
66
+ expect(
67
+ open('http://baduserinfo@www.example.com/secret/page.html').read
68
+ ).to eq('aaa')
69
+ end
70
+
71
+ describe 'given proxy' do
72
+ it 'original_open_http receives the correct proxy arguments' do
73
+ uri = URI.parse('http://www.example.com/secret/page.html')
74
+ proxy_uri = URI.parse('http://proxy.example.com')
75
+ proxy = [proxy_uri, 'user', 'pass']
76
+
77
+ expect(OpenURI).to receive(:original_open_http)
78
+ .with(
79
+ kind_of(OpenURI::Buffer),
80
+ uri,
81
+ proxy,
82
+ proxy: 'http://user:pass@proxy.example.com'
83
+ )
84
+
85
+ open('http://www.example.com/secret/page.html', proxy: 'http://user:pass@proxy.example.com')
86
+ end
87
+ end
88
+ end
89
+
90
+ context 'when request no basic authentication' do
91
+ it 'opens nomal url' do
92
+ stub_request(:any, 'www.example.com/index.html').to_return(body: 'aaa')
93
+ expect(
94
+ open('http://www.example.com/index.html').read
95
+ ).to eq('aaa')
96
+ end
97
+
98
+ it 'given bad uri raises error' do
99
+ expect do
100
+ open('http://@@www.example.com/secret/page.html').read
101
+ end.to raise_error URI::InvalidURIError
102
+ end
103
+ end
104
+ end
105
+ end
@@ -0,0 +1,95 @@
1
+ # This file was generated by the `rspec --init` command. Conventionally, all
2
+ # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
3
+ # The generated `.rspec` file contains `--require spec_helper` which will cause this
4
+ # file to always be loaded, without a need to explicitly require it in any files.
5
+ #
6
+ # Given that it is always loaded, you are encouraged to keep this file as
7
+ # light-weight as possible. Requiring heavyweight dependencies from this file
8
+ # will add to the boot time of your test suite on EVERY test run, even for an
9
+ # individual file that may not need all of that loaded. Instead, consider making
10
+ # a separate helper file that requires the additional dependencies and performs
11
+ # the additional setup, and require it from the spec files that actually need it.
12
+ #
13
+ # The `.rspec` file also contains a few flags that are not defaults but that
14
+ # users commonly want.
15
+ #
16
+ # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
17
+ require 'dangerous_open_uri'
18
+ require 'webmock/rspec'
19
+
20
+ require 'coveralls'
21
+ Coveralls.wear!
22
+
23
+ RSpec.configure do |config|
24
+ # rspec-expectations config goes here. You can use an alternate
25
+ # assertion/expectation library such as wrong or the stdlib/minitest
26
+ # assertions if you prefer.
27
+ config.expect_with :rspec do |expectations|
28
+ # This option will default to `true` in RSpec 4. It makes the `description`
29
+ # and `failure_message` of custom matchers include text for helper methods
30
+ # defined using `chain`, e.g.:
31
+ # be_bigger_than(2).and_smaller_than(4).description
32
+ # # => "be bigger than 2 and smaller than 4"
33
+ # ...rather than:
34
+ # # => "be bigger than 2"
35
+ expectations.include_chain_clauses_in_custom_matcher_descriptions = true
36
+ end
37
+
38
+ # rspec-mocks config goes here. You can use an alternate test double
39
+ # library (such as bogus or mocha) by changing the `mock_with` option here.
40
+ config.mock_with :rspec do |mocks|
41
+ # Prevents you from mocking or stubbing a method that does not exist on
42
+ # a real object. This is generally recommended, and will default to
43
+ # `true` in RSpec 4.
44
+ mocks.verify_partial_doubles = true
45
+ end
46
+
47
+ # The settings below are suggested to provide a good initial experience
48
+ # with RSpec, but feel free to customize to your heart's content.
49
+ =begin
50
+ # These two settings work together to allow you to limit a spec run
51
+ # to individual examples or groups you care about by tagging them with
52
+ # `:focus` metadata. When nothing is tagged with `:focus`, all examples
53
+ # get run.
54
+ config.filter_run :focus
55
+ config.run_all_when_everything_filtered = true
56
+
57
+ # Limits the available syntax to the non-monkey patched syntax that is recommended.
58
+ # For more details, see:
59
+ # - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
60
+ # - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
61
+ # - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
62
+ config.disable_monkey_patching!
63
+
64
+ # This setting enables warnings. It's recommended, but in some cases may
65
+ # be too noisy due to issues in dependencies.
66
+ config.warnings = true
67
+
68
+ # Many RSpec users commonly either run the entire suite or an individual
69
+ # file, and it's useful to allow more verbose output when running an
70
+ # individual spec file.
71
+ if config.files_to_run.one?
72
+ # Use the documentation formatter for detailed output,
73
+ # unless a formatter has already been configured
74
+ # (e.g. via a command-line flag).
75
+ config.default_formatter = 'doc'
76
+ end
77
+
78
+ # Print the 10 slowest examples and example groups at the
79
+ # end of the spec run, to help surface which specs are running
80
+ # particularly slow.
81
+ config.profile_examples = 10
82
+
83
+ # Run specs in random order to surface order dependencies. If you find an
84
+ # order dependency and want to debug it, you can fix the order by providing
85
+ # the seed, which is printed after each run.
86
+ # --seed 1234
87
+ config.order = :random
88
+
89
+ # Seed global randomization in this process using the `--seed` CLI option.
90
+ # Setting this allows you to use `--seed` to deterministically reproduce
91
+ # test failures related to randomization by passing the same `--seed` value
92
+ # as the one that triggered the failure.
93
+ Kernel.srand config.seed
94
+ =end
95
+ end
metadata CHANGED
@@ -1,44 +1,86 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dangerous_open_uri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - mgi166
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-10-16 00:00:00.000000000 Z
11
+ date: 2014-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '1.7'
19
+ version: '0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '1.7'
26
+ version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '10.0'
33
+ version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '10.0'
41
- description: Conclusion, Be using This gem is STRONGLY **deprecated**. Because RFC3986
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: webmock
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: coveralls
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ description: Conclusion, Be using this gem is STRONGLY **deprecated**. Because RFC3986
42
84
  says userinfo in URI is dangerous. But if you want to open-uri such dangerous uri
43
85
  absolutely, it is preferable to use this gem.
44
86
  email:
@@ -48,6 +90,8 @@ extensions: []
48
90
  extra_rdoc_files: []
49
91
  files:
50
92
  - ".gitignore"
93
+ - ".rspec"
94
+ - ".travis.yml"
51
95
  - Gemfile
52
96
  - LICENSE.txt
53
97
  - README.md
@@ -55,6 +99,8 @@ files:
55
99
  - dangerous_open_uri.gemspec
56
100
  - lib/dangerous_open_uri.rb
57
101
  - lib/dangerous_open_uri/version.rb
102
+ - spec/lib/dangerous_open_uri_spec.rb
103
+ - spec/spec_helper.rb
58
104
  homepage: https://github.com/mgi166/dangerous_open_uri
59
105
  licenses:
60
106
  - MIT
@@ -79,4 +125,6 @@ rubygems_version: 2.2.2
79
125
  signing_key:
80
126
  specification_version: 4
81
127
  summary: Force open dangerous uri.
82
- test_files: []
128
+ test_files:
129
+ - spec/lib/dangerous_open_uri_spec.rb
130
+ - spec/spec_helper.rb