faraday_middleware_safeyaml 0.12.pre.safeyaml

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 04a80694d12f2918e1c72b3a0acd35c7d977e464
+  data.tar.gz: 91aaab59bbfd43a81bb3b6360b9320ee28ecb599
+SHA512:
+  metadata.gz: ae35f99be71edfe44af62c7c28efe10bfe7c4247997e4985b06315bf92ac6b48fca74190871b3659df06baca0c49d33ac6a2d501a1aa332b8ad7dc46fc62a612
+  data.tar.gz: 55566dce00faf1cde565cf3986bdb008f670219a935abf9d4afc0090621b935539b8ec8c5322f581396df00650a3e81a855026e5e4196d6e6ed08b7483e49b04

data/LICENSE.md

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Erik Michaels-Ober, Wynn Netherland, et al.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,58 @@
+Faraday Middleware SafeYAML
+==================
+
+Fork of Faraday Middleware with the `Yaml.load` vulnerability fixed.
+
+Can switch back to upstream when https://github.com/lostisland/faraday_middleware/pull/157 merged.
+
+A collection of useful [Faraday][] middleware. [See the documentation][docs].
+
+    gem install faraday_middleware_safeyaml
+
+Dependencies
+------------
+
+Some dependent libraries are needed only when using specific middleware:
+
+* FaradayMiddleware::EncodeJson & FaradayMiddleware::ParseJson: "json"
+  for ruby older than 1.9
+* FaradayMiddleware::ParseXml: "multi_xml"
+* FaradayMiddleware::OAuth: "simple_oauth"
+* FaradayMiddleware::Mashify: "hashie"
+* FaradayMiddleware::Rashify: "rash"
+* FaradayMiddleware::Instrumentation: "activesupport"
+
+Examples
+--------
+
+``` rb
+require 'faraday_middleware'
+
+## in Faraday 0.8 or above:
+connection = Faraday.new 'http://example.com/api' do |conn|
+  conn.request :oauth2, 'TOKEN'
+  conn.request :json
+
+  conn.response :xml,  :content_type => /\bxml$/
+  conn.response :json, :content_type => /\bjson$/
+
+  conn.use :instrumentation
+  conn.adapter Faraday.default_adapter
+end
+
+## with Faraday 0.7:
+connection = Faraday.new 'http://example.com/api' do |builder|
+  builder.use FaradayMiddleware::OAuth2, 'TOKEN'
+  builder.use FaradayMiddleware::EncodeJson
+
+  builder.use FaradayMiddleware::ParseXml,  :content_type => /\bxml$/
+  builder.use FaradayMiddleware::ParseJson, :content_type => /\bjson$/
+
+  builder.use FaradayMiddleware::Instrumentation
+  builder.adapter Faraday.default_adapter
+end
+```
+
+
+  [faraday]: https://github.com/lostisland/faraday#readme
+  [docs]: https://github.com/lostisland/faraday_middleware/wiki

data/lib/faraday_middleware.rb

@@ -0,0 +1,48 @@
+require 'faraday'
+
+module FaradayMiddleware
+  autoload :OAuth,           'faraday_middleware/request/oauth'
+  autoload :OAuth2,          'faraday_middleware/request/oauth2'
+  autoload :EncodeJson,      'faraday_middleware/request/encode_json'
+  autoload :MethodOverride,  'faraday_middleware/request/method_override'
+  autoload :Mashify,         'faraday_middleware/response/mashify'
+  autoload :Rashify,         'faraday_middleware/response/rashify'
+  autoload :ParseJson,       'faraday_middleware/response/parse_json'
+  autoload :ParseXml,        'faraday_middleware/response/parse_xml'
+  autoload :ParseMarshal,    'faraday_middleware/response/parse_marshal'
+  autoload :ParseYaml,       'faraday_middleware/response/parse_yaml'
+  autoload :ParseDates,      'faraday_middleware/response/parse_dates'
+  autoload :Caching,         'faraday_middleware/response/caching'
+  autoload :Chunked,         'faraday_middleware/response/chunked'
+  autoload :RackCompatible,  'faraday_middleware/rack_compatible'
+  autoload :FollowRedirects, 'faraday_middleware/response/follow_redirects'
+  autoload :Instrumentation, 'faraday_middleware/instrumentation'
+  autoload :Gzip, 'faraday_middleware/gzip'
+
+  if Faraday::Middleware.respond_to? :register_middleware
+    Faraday::Request.register_middleware \
+      :oauth    => lambda { OAuth },
+      :oauth2   => lambda { OAuth2 },
+      :json     => lambda { EncodeJson },
+      :method_override => lambda { MethodOverride }
+
+    Faraday::Response.register_middleware \
+      :mashify  => lambda { Mashify },
+      :rashify  => lambda { Rashify },
+      :json     => lambda { ParseJson },
+      :json_fix => lambda { ParseJson::MimeTypeFix },
+      :xml      => lambda { ParseXml },
+      :marshal  => lambda { ParseMarshal },
+      :yaml     => lambda { ParseYaml },
+      :dates    => lambda { ParseDates },
+      :caching  => lambda { Caching },
+      :follow_redirects => lambda { FollowRedirects },
+      :chunked => lambda { Chunked }
+
+    Faraday::Middleware.register_middleware \
+      :instrumentation  => lambda { Instrumentation },
+      :gzip => lambda { Gzip }
+  end
+end
+
+require 'faraday_middleware/backwards_compatibility'

data/lib/faraday_middleware/addressable_patch.rb

@@ -0,0 +1,20 @@
+require 'addressable/uri'
+
+# feature-detect the bug
+unless Addressable::URI.parse('/?a=1&b=2') === '/?b=2&a=1'
+  # fix `normalized_query` by sorting query key-value pairs
+  # (rejected: https://github.com/sporkmonger/addressable/issues/28)
+  class Addressable::URI
+    alias normalized_query_without_ordering_fix normalized_query
+
+    def normalized_query
+      fresh = @normalized_query.nil?
+      query = normalized_query_without_ordering_fix
+      if query && fresh
+        @normalized_query = query.split('&', -1).sort_by {|q| q[0..(q.index('=')||-1)] }.join('&')
+      else
+        query
+      end
+    end
+  end
+end

data/lib/faraday_middleware/backwards_compatibility.rb

@@ -0,0 +1,15 @@
+# deprecated constants
+
+Faraday::Request.class_eval do
+  autoload :OAuth,        'faraday_middleware/request/oauth'
+  autoload :OAuth2,       'faraday_middleware/request/oauth2'
+end
+
+Faraday::Response.class_eval do
+  autoload :Mashify,      'faraday_middleware/response/mashify'
+  autoload :Rashify,      'faraday_middleware/response/rashify'
+  autoload :ParseJson,    'faraday_middleware/response/parse_json'
+  autoload :ParseXml,     'faraday_middleware/response/parse_xml'
+  autoload :ParseMarshal, 'faraday_middleware/response/parse_marshal'
+  autoload :ParseYaml,    'faraday_middleware/response/parse_yaml'
+end

data/lib/faraday_middleware/gzip.rb

@@ -0,0 +1,64 @@
+require 'faraday'
+
+module FaradayMiddleware
+  # Middleware to automatically decompress response bodies. If the
+  # "Accept-Encoding" header wasn't set in the request, this sets it to
+  # "gzip,deflate" and appropriately handles the compressed response from the
+  # server. This resembles what Ruby 1.9+ does internally in Net::HTTP#get.
+  #
+  # This middleware is NOT necessary when these adapters are used:
+  # - net_http on Ruby 1.9+
+  # - net_http_persistent on Ruby 2.0+
+  # - em_http
+  class Gzip < Faraday::Middleware
+    dependency 'zlib'
+
+    ACCEPT_ENCODING = 'Accept-Encoding'.freeze
+    CONTENT_ENCODING = 'Content-Encoding'.freeze
+    CONTENT_LENGTH = 'Content-Length'.freeze
+    SUPPORTED_ENCODINGS = 'gzip,deflate'.freeze
+    RUBY_ENCODING = '1.9'.respond_to?(:force_encoding)
+
+    def call(env)
+      env[:request_headers][ACCEPT_ENCODING] ||= SUPPORTED_ENCODINGS
+      @app.call(env).on_complete do |response_env|
+        case response_env[:response_headers][CONTENT_ENCODING]
+        when 'gzip'
+          reset_body(response_env, &method(:uncompress_gzip))
+        when 'deflate'
+          reset_body(response_env, &method(:inflate))
+        end
+      end
+    end
+
+    def reset_body(env)
+      env[:body] = yield(env[:body])
+      env[:response_headers].delete(CONTENT_ENCODING)
+      env[:response_headers][CONTENT_LENGTH] = env[:body].length
+    end
+
+    def uncompress_gzip(body)
+      io = StringIO.new(body)
+      gzip_reader = if RUBY_ENCODING
+        Zlib::GzipReader.new(io, :encoding => 'ASCII-8BIT')
+      else
+        Zlib::GzipReader.new(io)
+      end
+      gzip_reader.read
+    end
+
+    def inflate(body)
+      # Inflate as a DEFLATE (RFC 1950+RFC 1951) stream
+      Zlib::Inflate.inflate(body)
+    rescue Zlib::DataError
+      # Fall back to inflating as a "raw" deflate stream which
+      # Microsoft servers return
+      inflate = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      begin
+        inflate.inflate(body)
+      ensure
+        inflate.close
+      end
+    end
+  end
+end

data/lib/faraday_middleware/instrumentation.rb

@@ -0,0 +1,30 @@
+require 'faraday'
+
+module FaradayMiddleware
+  # Public: Instruments requests using Active Support.
+  #
+  # Measures time spent only for synchronous requests.
+  #
+  # Examples
+  #
+  #   ActiveSupport::Notifications.subscribe('request.faraday') do |name, starts, ends, _, env|
+  #     url = env[:url]
+  #     http_method = env[:method].to_s.upcase
+  #     duration = ends - starts
+  #     $stderr.puts '[%s] %s %s (%.3f s)' % [url.host, http_method, url.request_uri, duration]
+  #   end
+  class Instrumentation < Faraday::Middleware
+    dependency 'active_support/notifications'
+
+    def initialize(app, options = {})
+      super(app)
+      @name = options.fetch(:name, 'request.faraday')
+    end
+
+    def call(env)
+      ::ActiveSupport::Notifications.instrument(@name, env) do
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/faraday_middleware/rack_compatible.rb

@@ -0,0 +1,86 @@
+require 'stringio'
+
+module FaradayMiddleware
+  # Wraps a handler originally written for Rack to make it compatible with Faraday.
+  #
+  # Experimental. Only handles changes in request headers.
+  class RackCompatible
+    def initialize(app, rack_handler, *args)
+      # tiny middleware that decomposes a Faraday::Response to standard Rack
+      # array: [status, headers, body]
+      compatible_app = lambda do |rack_env|
+        env = restore_env(rack_env)
+        response = app.call(env)
+        [response.status, response.headers, Array(response.body)]
+      end
+      @rack = rack_handler.new(compatible_app, *args)
+    end
+
+    def call(env)
+      rack_env = prepare_env(env)
+      rack_response = @rack.call(rack_env)
+      finalize_response(env, rack_response)
+    end
+
+    NonPrefixedHeaders = %w[CONTENT_LENGTH CONTENT_TYPE]
+
+    # faraday to rack-compatible
+    def prepare_env(faraday_env)
+      env = headers_to_rack(faraday_env)
+
+      url = faraday_env[:url]
+      env['rack.url_scheme'] = url.scheme
+      env['PATH_INFO'] = url.path
+      env['SERVER_PORT'] = url.respond_to?(:inferred_port) ? url.inferred_port : url.port
+      env['QUERY_STRING'] = url.query
+      env['REQUEST_METHOD'] = faraday_env[:method].to_s.upcase
+
+      env['rack.errors'] ||= StringIO.new
+      env['faraday'] = faraday_env
+
+      env
+    end
+
+    def headers_to_rack(env)
+      rack_env = {}
+      env[:request_headers].each do |name, value|
+        name = name.upcase.tr('-', '_')
+        name = "HTTP_#{name}" unless NonPrefixedHeaders.include? name
+        rack_env[name] = value
+      end
+      rack_env
+    end
+
+    # rack to faraday-compatible
+    def restore_env(rack_env)
+      env = rack_env.fetch('faraday')
+      headers = env[:request_headers]
+      headers.clear
+
+      rack_env.each do |name, value|
+        next unless String === name && String === value
+        if NonPrefixedHeaders.include? name or name.index('HTTP_') == 0
+          name = name.sub(/^HTTP_/, '').downcase.tr('_', '-')
+          headers[name] = value
+        end
+      end
+
+      env[:method] = rack_env['REQUEST_METHOD'].downcase.to_sym
+      env[:rack_errors] = rack_env['rack.errors']
+      env
+    end
+
+    def finalize_response(env, rack_response)
+      status, headers, body = rack_response
+      body = body.inject() { |str, part| str << part }
+      headers = Faraday::Utils::Headers.new(headers) unless Faraday::Utils::Headers === headers
+
+      env.update :status => status.to_i,
+                 :body => body,
+                 :response_headers => headers
+
+      env[:response] ||= Faraday::Response.new(env)
+      env[:response]
+    end
+  end
+end

data/lib/faraday_middleware/request/encode_json.rb

@@ -0,0 +1,53 @@
+require 'faraday'
+
+module FaradayMiddleware
+  # Request middleware that encodes the body as JSON.
+  #
+  # Processes only requests with matching Content-type or those without a type.
+  # If a request doesn't have a type but has a body, it sets the Content-type
+  # to JSON MIME-type.
+  #
+  # Doesn't try to encode bodies that already are in string form.
+  class EncodeJson < Faraday::Middleware
+    CONTENT_TYPE    = 'Content-Type'.freeze
+    MIME_TYPE       = 'application/json'.freeze
+    MIME_TYPE_REGEX = /^application\/(vnd\..+\+)?json$/
+
+    dependency do
+      require 'json' unless defined?(::JSON)
+    end
+
+    def call(env)
+      match_content_type(env) do |data|
+        env[:body] = encode data
+      end
+      @app.call env
+    end
+
+    def encode(data)
+      ::JSON.dump data
+    end
+
+    def match_content_type(env)
+      if process_request?(env)
+        env[:request_headers][CONTENT_TYPE] ||= MIME_TYPE
+        yield env[:body] unless env[:body].respond_to?(:to_str)
+      end
+    end
+
+    def process_request?(env)
+      type = request_type(env)
+      has_body?(env) and (type.empty? or MIME_TYPE_REGEX =~ type)
+    end
+
+    def has_body?(env)
+      body = env[:body] and !(body.respond_to?(:to_str) and body.empty?)
+    end
+
+    def request_type(env)
+      type = env[:request_headers][CONTENT_TYPE].to_s
+      type = type.split(';', 2).first if type.index(';')
+      type
+    end
+  end
+end

data/lib/faraday_middleware/request/method_override.rb

@@ -0,0 +1,51 @@
+require 'faraday'
+
+module FaradayMiddleware
+  # Public: Writes the original HTTP method to "X-Http-Method-Override" header
+  # and sends the request as POST.
+  #
+  # This can be used to work around technical issues with making non-POST
+  # requests, e.g. faulty HTTP client or server router.
+  #
+  # This header is recognized in Rack apps by default, courtesy of the
+  # Rack::MethodOverride module. See
+  # http://rack.rubyforge.org/doc/classes/Rack/MethodOverride.html
+  class MethodOverride < Faraday::Middleware
+
+    HEADER = "X-Http-Method-Override".freeze
+
+    # Public: Initialize the middleware.
+    #
+    # app     - the Faraday app to wrap
+    # options - (optional)
+    #           :rewrite - Array of HTTP methods to rewrite
+    #                      (default: all but GET and POST)
+    def initialize(app, options = nil)
+      super(app)
+      @methods = options && options.fetch(:rewrite).map { |method|
+        method = method.downcase if method.respond_to? :downcase
+        method.to_sym
+      }
+    end
+
+    def call(env)
+      method = env[:method]
+      rewrite_request(env, method) if rewrite_request?(method)
+      @app.call(env)
+    end
+
+    def rewrite_request?(method)
+      if @methods.nil? or @methods.empty?
+        method != :get and method != :post
+      else
+        @methods.include? method
+      end
+    end
+
+    # Internal: Write the original HTTP method to header, change method to POST.
+    def rewrite_request(env, original_method)
+      env[:request_headers][HEADER] = original_method.to_s.upcase
+      env[:method] = :post
+    end
+  end
+end