excon 0.71.1 → 0.89.0

data/lib/excon/ssl_socket.rb

@@ -12,6 +12,11 @@ module Excon
       # create ssl context
       ssl_context = OpenSSL::SSL::SSLContext.new
 
+      # set the security level before setting other parameters affected by it
+      if @data[:ssl_security_level]
+        ssl_context.security_level = @data[:ssl_security_level]
+      end
+
       # disable less secure options, when supported
       ssl_context_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]
       if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
@@ -39,13 +44,13 @@ module Excon
         # turn verification on
         ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
 
-        if ca_file = @data[:ssl_ca_file] || ENV['SSL_CERT_FILE']
+        if (ca_file = @data[:ssl_ca_file] || ENV['SSL_CERT_FILE'])
           ssl_context.ca_file = ca_file
         end
-        if ca_path = @data[:ssl_ca_path] || ENV['SSL_CERT_DIR']
+        if (ca_path = @data[:ssl_ca_path] || ENV['SSL_CERT_DIR'])
           ssl_context.ca_path = ca_path
         end
-        if cert_store = @data[:ssl_cert_store]
+        if (cert_store = @data[:ssl_cert_store])
           ssl_context.cert_store = cert_store
         end
 
@@ -65,7 +70,7 @@ module Excon
           end
         end
 
-        if verify_callback = @data[:ssl_verify_callback]
+        if (verify_callback = @data[:ssl_verify_callback])
           ssl_context.verify_callback = verify_callback
         end
       else
@@ -73,6 +78,9 @@ module Excon
         ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
 
+      # Verify certificate hostname if supported (ruby >= 2.4.0)
+      ssl_context.verify_hostname = @data[:ssl_verify_hostname] if ssl_context.respond_to?(:verify_hostname=)
+
       if client_cert_data && client_key_data
         ssl_context.cert = OpenSSL::X509::Certificate.new client_cert_data
         if OpenSSL::PKey.respond_to? :read
@@ -101,6 +109,10 @@ module Excon
 
         request += "Proxy-Connection: Keep-Alive#{Excon::CR_NL}"
 
+        if @data[:ssl_proxy_headers]
+          request << Utils.headers_hash_to_s(@data[:ssl_proxy_headers])
+        end
+
         request += Excon::CR_NL
 
         # write out the proxy setup request
@@ -109,7 +121,7 @@ module Excon
         # eat the proxy's connection response
         response = Excon::Response.parse(self,  :expects => 200, :method => 'CONNECT')
         if response[:response][:status] != 200
-          raise(Excon::Errors::ProxyConnectionError.new("proxy connection is not exstablished"))
+          raise(Excon::Errors::ProxyConnectionError.new("proxy connection could not be established", request, response))
         end
       end
 
@@ -142,18 +154,16 @@ module Excon
       if @data[:ssl_verify_peer]
         @socket.post_connection_check(@data[:ssl_verify_peer_host] || @data[:host])
       end
-
-      @socket
     end
 
     private
 
     def client_cert_data
-      @client_cert_data ||= if ccd = @data[:client_cert_data]
+      @client_cert_data ||= if (ccd = @data[:client_cert_data])
                               ccd
-                            elsif path = @data[:client_cert]
+                            elsif (path = @data[:client_cert])
                               File.read path
-                            elsif path = @data[:certificate_path]
+                            elsif (path = @data[:certificate_path])
                               warn ":certificate_path is no longer supported and will be deprecated. Please use :client_cert or :client_cert_data"
                               File.read path
                             end
@@ -166,11 +176,11 @@ module Excon
     end
 
     def client_key_data
-      @client_key_data ||= if ckd = @data[:client_key_data]
+      @client_key_data ||= if (ckd = @data[:client_key_data])
                              ckd
-                           elsif path = @data[:client_key]
+                           elsif (path = @data[:client_key])
                              File.read path
-                           elsif path = @data[:private_key_path]
+                           elsif (path = @data[:private_key_path])
                              warn ":private_key_path is no longer supported and will be deprecated. Please use :client_key or :client_key_data"
                              File.read path
                            end

data/lib/excon/test/plugin/server/exec.rb

@@ -4,13 +4,16 @@ module Excon
       module Server
         module Exec
           def start(app_str = app)
+            open_process(app_str)
+            process_stderr = ""
             line = ''
-            open_process(app)
             until line =~ /\Aready\Z/
               line = error.gets
+              raise process_stderr if line.nil?
+              process_stderr << line
               fatal_time = elapsed_time > timeout
               if fatal_time
-                msg = "executable #{app} has taken too long to start"
+                msg = "executable #{app_str} has taken too long to start"
                 raise msg
               end
             end

data/lib/excon/test/plugin/server/puma.rb

@@ -4,10 +4,13 @@ module Excon
       module Server
         module Puma
           def start(app_str = app, bind_uri = bind)
-            open_process('puma', '-b', bind_uri.to_s, app_str)
+            open_process(RbConfig.ruby, '-S', 'puma', '-b', bind_uri.to_s, app_str)
+            process_stderr = ""
             line = ''
             until line =~ /Use Ctrl-C to stop/
               line = read.gets
+              raise process_stderr if line.nil?
+              process_stderr << line
               fatal_time = elapsed_time > timeout
               raise 'puma server has taken too long to start' if fatal_time
             end

data/lib/excon/test/plugin/server/unicorn.rb

@@ -13,6 +13,8 @@ module Excon
               bind_str = "#{host}:#{bind_uri.port}"
             end
             args = [ 
+              RbConfig.ruby,
+              '-S',
               'unicorn', 
               '--no-default-middleware', 
               '-l',
@@ -20,9 +22,12 @@ module Excon
               app_str
             ]
             open_process(*args)
+            process_stderr = ''
             line = ''
             until line =~ /worker\=0 ready/
               line = error.gets
+              raise process_stderr if line.nil?
+              process_stderr << line
               fatal_time = elapsed_time > timeout
               raise 'unicorn server has taken too long to start' if fatal_time
             end

data/lib/excon/test/plugin/server/webrick.rb

@@ -7,10 +7,13 @@ module Excon
             bind_uri = URI.parse(bind_uri) unless bind_uri.is_a? URI::Generic
             host = bind_uri.host.gsub(/[\[\]]/, '')
             port = bind_uri.port.to_s
-            open_process('rackup', '-s', 'webrick', '--host', host, '--port', port, app_str)
+            open_process(RbConfig.ruby, '-S', 'rackup', '-s', 'webrick', '--host', host, '--port', port, app_str)
+            process_stderr = ""
             line = ''
             until line =~ /HTTPServer#start/
               line = error.gets
+              raise process_stderr if line.nil?
+              process_stderr << line
               fatal_time = elapsed_time > timeout
               raise 'webrick server has taken too long to start' if fatal_time
             end

data/lib/excon/test/server.rb

@@ -72,7 +72,7 @@ module Excon
       end
       def dump_errors
         lines = error.read.split($/)
-        while line = lines.shift
+        while (line = lines.shift)
           case line
             when /(ERROR|Error)/
               unless line =~ /(null cert chain|did not return a certificate|SSL_read:: internal error)/

data/lib/excon/unix_socket.rb

@@ -20,6 +20,7 @@ module Excon
           begin
             @socket.connect_nonblock(sockaddr)
           rescue Errno::EISCONN
+            0 # same return as connect_nonblock success
           end
         end
       else

data/lib/excon/utils.rb

@@ -50,7 +50,7 @@ module Excon
       if datum.has_key?(:password)
         datum[:password] = REDACTED
       end
-      if datum.has_key?(:proxy) && datum[:proxy].has_key?(:password)
+      if datum.has_key?(:proxy) && datum[:proxy] && datum[:proxy].has_key?(:password)
         datum[:proxy] = datum[:proxy].dup
         datum[:proxy][:password] = REDACTED
       end
@@ -96,7 +96,7 @@ module Excon
       return [] if str.nil?
       str = str.dup.strip
       str = binary_encode(str)
-      str.scan(%r'\G((?:"(?:\\.|[^"])+?"|[^",]+)+)
+      str.scan(%r'\G((?:"(?:\\.|[^"])+?"|[^",])+)
                     (?:,\s*|\Z)'xn).flatten
     end
 
@@ -121,5 +121,23 @@ module Excon
       str.gsub!(/\+/, ' ')
       str.gsub(ESCAPED) { $1.hex.chr }
     end
+
+    # Performs validation on the passed header hash and returns a string representation of the headers
+    def headers_hash_to_s(headers)
+      headers_str = String.new
+      headers.each do |key, values|
+        if key.to_s.match(/[\r\n]/)
+          raise Excon::Errors::InvalidHeaderKey.new(key.to_s.inspect + ' contains forbidden "\r" or "\n"')
+        end
+        [values].flatten.each do |value|
+          if value.to_s.match(/[\r\n]/)
+            # Don't include the potentially sensitive header value (i.e. authorization token) in the message
+            raise Excon::Errors::InvalidHeaderValue.new(key.to_s + ' header value contains forbidden "\r" or "\n"')
+          end
+          headers_str << key.to_s << ': ' << value.to_s << CR_NL
+        end
+      end
+      headers_str
+    end
   end
 end

data/lib/excon/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Excon
-  VERSION = '0.71.1'
+  VERSION = '0.89.0'
 end

data/lib/excon.rb

@@ -146,10 +146,10 @@ module Excon
     # @param request_params [Hash<Symbol, >] request params to match against, omitted params match all
     # @param response_params [Hash<Symbol, >] response params to return from matched request or block to call with params
     def stub(request_params = {}, response_params = nil, &block)
-      if method = request_params.delete(:method)
+      if (method = request_params.delete(:method))
         request_params[:method] = method.to_s.downcase.to_sym
       end
-      if url = request_params.delete(:url)
+      if (url = request_params.delete(:url))
         uri = URI.parse(url)
         request_params = {
           :host              => uri.host,
@@ -190,7 +190,7 @@ module Excon
     # @param request_params [Hash<Symbol, >] request params to match against, omitted params match all
     # @return [Hash<Symbol, >] response params to return from matched request or block to call with params
     def stub_for(request_params={})
-      if method = request_params.delete(:method)
+      if (method = request_params.delete(:method))
         request_params[:method] = method.to_s.downcase.to_sym
       end
       Excon.stubs.each do |stub, response_params|
@@ -198,7 +198,7 @@ module Excon
         headers_match = !stub.has_key?(:headers) || stub[:headers].keys.all? do |key|
           case value = stub[:headers][key]
           when Regexp
-            if match = value.match(request_params[:headers][key])
+            if (match = value.match(request_params[:headers][key]))
               captures[:headers][key] = match.captures
             end
             match
@@ -209,7 +209,7 @@ module Excon
         non_headers_match = (stub.keys - [:headers]).all? do |key|
           case value = stub[key]
           when Regexp
-            if match = value.match(request_params[key])
+            if (match = value.match(request_params[key]))
               captures[key] = match.captures
             end
             match

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: excon
 version: !ruby/object:Gem::Version
-  version: 0.71.1
+  version: 0.89.0
 platform: ruby
 authors:
 - dpiddy (Dan Peterson)
 - geemus (Wesley Beary)
 - nextmat (Matt Sanders)
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-12-18 00:00:00.000000000 Z
+date: 2021-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -180,6 +180,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: EXtended http(s) CONnections
 email: geemus@gmail.com
 executables: []
@@ -235,7 +249,7 @@ metadata:
   documentation_uri: https://github.com/excon/excon/blob/master/README.md
   source_code_uri: https://github.com/excon/excon
   wiki_uri: https://github.com/excon/excon/wiki
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -251,8 +265,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.2.15
+signing_key:
 specification_version: 4
 summary: speed, persistence, http(s)
 test_files: []