dangerous_open_uri 1.0.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 55d6a0a2ef4c8959b3e1df3366fd8354b924119e
-  data.tar.gz: 77d4e14de2d2467bd2ee883544894f970b200c30
+  metadata.gz: 96cdce9d0358d8066a0f0e8b3611871f48b9c5c5
+  data.tar.gz: 1a26ebb5c237195b637d6d43215ff4ff30a1a835
 SHA512:
-  metadata.gz: cc1f3c388f2fa84e241514b86c892e5089d94e5c1149c441bae58c570f8fb291ca170cb941043407b7b942115fb9d9a7e8bff95037d7fe3774b2781ebab5550e
-  data.tar.gz: bd0b86b39218709f98f10d2fa2e8dc3bb3c10a389d0afd9dddbc11bbeb4e2a41067e3f4618c15ea4848e0609a3d57ddf8b98229ed02765b91e27ff85b6ec46bc
+  metadata.gz: 73ad28a9db52241a31499b745c2f46645120e85fb82bf72058fc94f6117495441cc49ce7937f5eb177b579906d28c97c516e90456ceedbf98681a88e8b2474aa
+  data.tar.gz: 10a0ac994c377000cbed6a35d647117861be3dc089343ab34a3b1e4a76e2b733ffd7d54cac8758b4515dd43b730e5f52a07a56a31136756eaad5eb99ab14f096

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--format documentation
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.1

data/README.md

@@ -1,10 +1,14 @@
+[![Gem Version](https://badge.fury.io/rb/dangerous_open_uri.svg)](http://badge.fury.io/rb/dangerous_open_uri)
+[![Build Status](https://travis-ci.org/mgi166/dangerous_open_uri.svg?branch=master)](https://travis-ci.org/mgi166/dangerous_open_uri)
+[![Code Climate](https://codeclimate.com/github/mgi166/dangerous_open_uri/badges/gpa.svg)](https://codeclimate.com/github/mgi166/dangerous_open_uri)
+
 # DangerousOpenUri
 
 Force open dangerous uri.
 
 ## Detail
 
-Conclusion, Be using This gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous.  
+Conclusion, Be using this gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous.  
 So that open-uri will not support it.  
 
 But if you want to open-uri such dangerous uri absolutely, it is preferable to use this gem.  
@@ -31,6 +35,12 @@ Or install it yourself as:
 
 ```ruby
 require 'dangerous_open_uri'
+
+open('http://user:pass@example.co.jp/secret/page').read
+#=> Enable to read `http://user:pass@example.co.jp/secret/page` sources
+
+open('http://example.co.jp/index.html, proxy: 'http://user:pass@proxy.example.com')
+#=> Proxy basic authentication uses `user` and `pass`
 ```
 
 ## Contributing

data/Rakefile

@@ -1,2 +1,5 @@
 require "bundler/gem_tasks"
+require "rspec/core/rake_task"
 
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/dangerous_open_uri.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.authors       = ["mgi166"]
   spec.email         = ["skskoari@gmail.com"]
   spec.summary       = %q{Force open dangerous uri.}
-  spec.description   = %q{Conclusion, Be using This gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous. But if you want to open-uri such dangerous uri absolutely, it is preferable to use this gem.}
+  spec.description   = %q{Conclusion, Be using this gem is STRONGLY **deprecated**. Because RFC3986 says userinfo in URI is dangerous. But if you want to open-uri such dangerous uri absolutely, it is preferable to use this gem.}
   spec.homepage      = "https://github.com/mgi166/dangerous_open_uri"
   spec.license       = "MIT"
 
@@ -18,6 +18,9 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.7"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "webmock"
+  spec.add_development_dependency "coveralls"
 end

data/lib/dangerous_open_uri.rb

@@ -1,14 +1,23 @@
 require "dangerous_open_uri/version"
 require 'open-uri'
 
-OpenURI.module_eval do
+module OpenURI
   instance_eval { alias :original_open_http :open_http }
 
   def self.open_http(buf, target, proxy, options)
+    if proxy
+      proxy_uri, proxy_user, proxy_pass = proxy
+
+      if proxy_uri.userinfo
+        proxy_user = proxy_uri.user
+        proxy_pass = proxy_uri.password
+        proxy_uri.userinfo = ""
+        proxy = [proxy_uri, proxy_user, proxy_pass]
+      end
+    end
+
     if target.userinfo
-      userinfo = target.userinfo
-      user, pass = userinfo.to_s.split(':', -1)
-      options[:http_basic_authentication] = [user, pass]
+      options[:http_basic_authentication] = [target.user, target.password]
       target.userinfo = ""
     end
 

data/lib/dangerous_open_uri/version.rb

@@ -1,3 +1,3 @@
 module DangerousOpenUri
-  VERSION = "1.0.1"
+  VERSION = "1.0.2"
 end

data/spec/lib/dangerous_open_uri_spec.rb

@@ -0,0 +1,105 @@
+describe OpenURI do
+  describe '.open_http' do
+    context 'when request with basic authentication' do
+      it 'opens dangerous uri' do
+        stub_request(:any, 'user:pass@www.example.com/secret/page.html')
+          .to_return(body: 'aaa')
+
+        expect(
+          open('http://user:pass@www.example.com/secret/page.html').read
+        ).to eq('aaa')
+      end
+
+      it 'receives the option[:http_basic_authentication] from the uri of argument' do
+        expect(OpenURI).to receive(:original_open_http)
+          .with(
+            kind_of(OpenURI::Buffer),
+            URI.parse('http://www.example.com/secret/page.html'),
+            nil,
+            http_basic_authentication: ['user', 'pass']
+          )
+
+        open('http://user:pass@www.example.com/secret/page.html')
+      end
+
+      it 'given userinfo has two ":" opens dangerous uri' do
+        stub_request(:any, 'user:pass:broken@www.example.com/secret/page.html')
+          .to_return(body: 'aaa')
+
+        expect(
+          # user = "user", password = "pass:broken"
+          open('http://user:pass:broken@www.example.com/secret/page.html').read
+        ).to eq('aaa')
+      end
+
+      it 'given has user but no password opens dangerous uri' do
+        stub_request(:any, 'user:@www.example.com/secret/page.html')
+          .to_return(body: 'aaa')
+
+        expect(
+          open('http://user:@www.example.com/secret/page.html').read
+        ).to eq('aaa')
+      end
+
+      it 'given no user but has password opens dangerous uri' do
+        stub_request(:any, ':pass@www.example.com/secret/page.html')
+          .to_return(body: 'aaa')
+
+        expect(
+          open('http://:pass@www.example.com/secret/page.html').read
+        ).to eq('aaa')
+      end
+
+      it 'given userinfo == ":" opens dangerous uri' do
+        stub_request(:any, 'www.example.com/secret/page.html')
+          .to_return(body: 'aaa')
+
+        expect(
+          open('http://:@www.example.com/secret/page.html').read
+        ).to eq('aaa')
+      end
+
+      it 'given userinfo not include ":" opens dangerous uri' do
+        stub_request(:any, 'baduserinfo:@www.example.com/secret/page.html')
+          .to_return(body: 'aaa')
+
+        expect(
+          open('http://baduserinfo@www.example.com/secret/page.html').read
+        ).to eq('aaa')
+      end
+
+      describe 'given proxy' do
+        it 'original_open_http receives the correct proxy arguments' do
+          uri       = URI.parse('http://www.example.com/secret/page.html')
+          proxy_uri = URI.parse('http://proxy.example.com')
+          proxy     = [proxy_uri, 'user', 'pass']
+
+          expect(OpenURI).to receive(:original_open_http)
+            .with(
+              kind_of(OpenURI::Buffer),
+              uri,
+              proxy,
+              proxy: 'http://user:pass@proxy.example.com'
+            )
+
+          open('http://www.example.com/secret/page.html', proxy: 'http://user:pass@proxy.example.com')
+        end
+      end
+    end
+
+    context 'when request no basic authentication' do
+      it 'opens nomal url' do
+        stub_request(:any, 'www.example.com/index.html').to_return(body: 'aaa')
+        expect(
+          open('http://www.example.com/index.html').read
+        ).to eq('aaa')
+      end
+
+      it 'given bad uri raises error' do
+        expect do
+          open('http://@@www.example.com/secret/page.html').read
+        end.to raise_error URI::InvalidURIError
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,95 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause this
+# file to always be loaded, without a need to explicitly require it in any files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+require 'dangerous_open_uri'
+require 'webmock/rspec'
+
+require 'coveralls'
+Coveralls.wear!
+
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    # be_bigger_than(2).and_smaller_than(4).description
+    #   # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #   # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  # Limits the available syntax to the non-monkey patched syntax that is recommended.
+  # For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

metadata

@@ -1,44 +1,86 @@
 --- !ruby/object:Gem::Specification
 name: dangerous_open_uri
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - mgi166
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-16 00:00:00.000000000 Z
+date: 2014-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
-description: Conclusion, Be using This gem is STRONGLY **deprecated**. Because RFC3986
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Conclusion, Be using this gem is STRONGLY **deprecated**. Because RFC3986
   says userinfo in URI is dangerous. But if you want to open-uri such dangerous uri
   absolutely, it is preferable to use this gem.
 email:
@@ -48,6 +90,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -55,6 +99,8 @@ files:
 - dangerous_open_uri.gemspec
 - lib/dangerous_open_uri.rb
 - lib/dangerous_open_uri/version.rb
+- spec/lib/dangerous_open_uri_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/mgi166/dangerous_open_uri
 licenses:
 - MIT
@@ -79,4 +125,6 @@ rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Force open dangerous uri.
-test_files: []
+test_files:
+- spec/lib/dangerous_open_uri_spec.rb
+- spec/spec_helper.rb