dangerous_open_uri 1.0.3 → 1.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: abb4db861c1b5ab25d7f11bd1bb2f544b8e9bada
-  data.tar.gz: 4155750ebc90ebd926a93f3e5dff9d78b16b578a
+  metadata.gz: f1774c7f5e6349bfe47e3df9e9582a320c5211d3
+  data.tar.gz: ed993845fb4a3d7dcaaac9a98ead82a371a5422a
 SHA512:
-  metadata.gz: 4c65d12e43e7a4a88411a945f7bf506f0ee84ead54357fed556d16345538a8e782a88d25bd2a8807e11c5de4a2fe789501887d6fb2ab8999091c99157452dabc
-  data.tar.gz: ad36b7cc1d7bef21b6f9987a25f868b0227dcd9172e866c8f52e5ece16857cd0dcacfcd6bb1406f7e5b6e06fa58d38cc2db86ac944130994cd5605ffdafa1245
+  metadata.gz: 02aa3a06fdb61e911d36ce549ca89ba0c75396010c2b5809c09e03849b2ca65f93045e33439961a3039ba17be7239c56ed189d27be2ce7296fd55de51a5ef1c9
+  data.tar.gz: 0b6464fea953389b4d84d4a3720f4fdf4fdc11dfcb6445ed234dbc70d4a79e6d9c75c6a7c00513fd62f24c3897a1973ef3f1ba4ab32092b6f85e36e785cbd28e

data/dangerous_open_uri.gemspec

@@ -19,6 +19,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler"
+  spec.add_development_dependency "pry"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec"
   spec.add_development_dependency "webmock"

data/lib/dangerous_open_uri.rb

@@ -1,5 +1,6 @@
 require "dangerous_open_uri/version"
 require 'open-uri'
+require 'uri/ftp'
 
 module OpenURI
   instance_eval { alias :original_open_http :open_http }
@@ -26,3 +27,19 @@ module OpenURI
     original_open_http(buf, _target, proxy, options)
   end
 end
+
+module URI
+  class FTP
+    alias_method :original_userinfo, :userinfo
+
+    def userinfo
+      _userinfo = original_userinfo.dup
+      _userinfo.instance_variable_set(:@__user, user)
+      _userinfo.instance_variable_set(:@__password, password)
+      def _userinfo.split(*args)
+        [@__user, @__password]
+      end
+      _userinfo
+    end
+  end
+end

data/lib/dangerous_open_uri/version.rb

@@ -1,3 +1,3 @@
 module DangerousOpenUri
-  VERSION = "1.0.3"
+  VERSION = "1.0.4"
 end

data/spec/lib/dangerous_open_uri_spec.rb

@@ -1,3 +1,5 @@
+require 'net/ftp'
+
 describe OpenURI do
   describe '.open_http' do
     context 'when request with basic authentication' do
@@ -22,61 +24,82 @@ describe OpenURI do
         open('http://user:pass@www.example.com/secret/page.html')
       end
 
-      it 'given userinfo has two ":" opens dangerous uri' do
-        stub_request(:any, 'user:pass:broken@www.example.com/secret/page.html')
-          .to_return(body: 'aaa')
+      context 'given userinfo has two ":"' do
+        it 'opens with user and password(includes ":")' do
+          stub_request(:any, 'user:pass:broken@www.example.com/secret/page.html')
+            .to_return(body: 'aaa')
 
-        expect(
-          # user = "user", password = "pass:broken"
-          open('http://user:pass:broken@www.example.com/secret/page.html').read
-        ).to eq('aaa')
+          expect(
+            # user = "user", password = "pass:broken"
+            open('http://user:pass:broken@www.example.com/secret/page.html').read
+          ).to eq('aaa')
+        end
       end
 
-      it 'given has user but no password opens dangerous uri' do
-        stub_request(:any, 'user:@www.example.com/secret/page.html')
-          .to_return(body: 'aaa')
+      context 'given has user but no password' do
+        it 'opens with user only' do
+          stub_request(:any, 'user:@www.example.com/secret/page.html')
+            .to_return(body: 'aaa')
 
-        expect(
-          open('http://user:@www.example.com/secret/page.html').read
-        ).to eq('aaa')
+          expect(
+            open('http://user:@www.example.com/secret/page.html').read
+          ).to eq('aaa')
+        end
       end
 
-      it 'given no user but has password opens dangerous uri' do
-        stub_request(:any, ':pass@www.example.com/secret/page.html')
-          .to_return(body: 'aaa')
+      context 'given no user but has password' do
+        it 'opens with password only' do
+          stub_request(:any, ':pass@www.example.com/secret/page.html')
+            .to_return(body: 'aaa')
 
-        expect(
-          open('http://:pass@www.example.com/secret/page.html').read
-        ).to eq('aaa')
+          expect(
+            open('http://:pass@www.example.com/secret/page.html').read
+          ).to eq('aaa')
+        end
       end
 
-      it 'given userinfo == ":" opens dangerous uri' do
-        stub_request(:any, 'www.example.com/secret/page.html')
-          .to_return(body: 'aaa')
+      context 'given userinfo == ":"' do
+        it 'opens with no user and password' do
+          stub_request(:any, 'www.example.com/secret/page.html')
+            .to_return(body: 'aaa')
 
-        expect(
-          open('http://:@www.example.com/secret/page.html').read
-        ).to eq('aaa')
+          expect(
+            open('http://:@www.example.com/secret/page.html').read
+          ).to eq('aaa')
+        end
       end
 
-      it 'given userinfo not include ":" opens dangerous uri' do
-        stub_request(:any, 'baduserinfo:@www.example.com/secret/page.html')
-          .to_return(body: 'aaa')
+      context 'given userinfo not include ":"' do
+        it 'opens with only user' do
+          stub_request(:any, 'baduserinfo:@www.example.com/secret/page.html')
+            .to_return(body: 'aaa')
 
-        expect(
-          open('http://baduserinfo@www.example.com/secret/page.html').read
-        ).to eq('aaa')
+          expect(
+            open('http://baduserinfo@www.example.com/secret/page.html').read
+          ).to eq('aaa')
+        end
       end
 
-      it 'given URI::Generic does not change the argument object' do
-        uri = URI.parse('http://user:pass@www.example.com/secret/page.html')
+      describe 'given URI::Generic object' do
+        it ' does not change the argument object' do
+          stub_request(:any, 'http://user:pass@www.example.com/secret/page.html')
+            .to_return(body: 'aaa')
 
-        stub_request(:any, 'http://user:pass@www.example.com/secret/page.html')
-          .to_return(body: 'aaa')
+          uri = URI.parse('http://user:pass@www.example.com/secret/page.html')
 
-        open(uri)
+          open(uri)
+          expect(uri).to eq(uri)
+        end
+
+        context 'when password includes ":"' do
+          it 'opens with user and password(includes ":")' do
+            stub_request(:any, 'http://user:pass:word@www.example.com/secret/page.html')
+              .to_return(body: 'aaa')
 
-        expect(uri).to eq(URI.parse('http://user:pass@www.example.com/secret/page.html'))
+            uri = URI.parse('http://user:pass:word@www.example.com/secret/page.html')
+            expect(open(uri).read).to eq('aaa')
+          end
+        end
       end
 
       describe 'given proxy' do
@@ -114,3 +137,63 @@ describe OpenURI do
     end
   end
 end
+
+describe URI::FTP do
+  let(:ftp) { double(:ftp) }
+
+  describe 'password includes ":"' do
+    context 'when the arguments is String(likely URI)' do
+      it 'logins with user and password' do
+        allow(Net::FTP).to receive(:new).and_return(ftp)
+        expect(ftp).to receive(:connect).with('ftp.example.com', 21)
+        expect(ftp).to receive(:passive=).with(true)
+        expect(ftp).to receive(:login).with('user', 'pass:word')
+        expect(ftp).to receive(:retrbinary).with("RETR test.txt", 4096)
+        expect(ftp).to receive(:close)
+        open('ftp://user:pass:word@ftp.example.com/test.txt')
+      end
+    end
+
+    context 'when the arguments is URI::FTP' do
+      it 'logins with user and password' do
+        allow(Net::FTP).to receive(:new).and_return(ftp)
+        expect(ftp).to receive(:connect).with('ftp.example.com', 21)
+        expect(ftp).to receive(:passive=).with(true)
+        expect(ftp).to receive(:login).with('user', 'pa:ss:wo:rd')
+        expect(ftp).to receive(:retrbinary).with("RETR test.txt", 4096)
+        expect(ftp).to receive(:close)
+
+        uri = URI.parse('ftp://user:pa:ss:wo:rd@ftp.example.com/test.txt')
+        open(uri)
+      end
+    end
+  end
+
+  describe 'password does not include ":"' do
+    context 'when the arguments is String(likely URI)' do
+      it 'logins with user and password' do
+        allow(Net::FTP).to receive(:new).and_return(ftp)
+        expect(ftp).to receive(:connect).with('ftp.example.com', 21)
+        expect(ftp).to receive(:passive=).with(true)
+        expect(ftp).to receive(:login).with('user', 'password')
+        expect(ftp).to receive(:retrbinary).with("RETR test.txt", 4096)
+        expect(ftp).to receive(:close)
+        open('ftp://user:password@ftp.example.com/test.txt')
+      end
+    end
+
+    context 'when the arguments is URI::FTP' do
+      it 'logins with user and password' do
+        allow(Net::FTP).to receive(:new).and_return(ftp)
+        expect(ftp).to receive(:connect).with('ftp.example.com', 21)
+        expect(ftp).to receive(:passive=).with(true)
+        expect(ftp).to receive(:login).with('user', 'password')
+        expect(ftp).to receive(:retrbinary).with("RETR test.txt", 4096)
+        expect(ftp).to receive(:close)
+
+        uri = URI.parse('ftp://user:password@ftp.example.com/test.txt')
+        open(uri)
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dangerous_open_uri
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
 - mgi166
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-09 00:00:00.000000000 Z
+date: 2014-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement