faraday_middleware_safeyaml 0.12.pre.safeyaml

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 04a80694d12f2918e1c72b3a0acd35c7d977e464
4
+ data.tar.gz: 91aaab59bbfd43a81bb3b6360b9320ee28ecb599
5
+ SHA512:
6
+ metadata.gz: ae35f99be71edfe44af62c7c28efe10bfe7c4247997e4985b06315bf92ac6b48fca74190871b3659df06baca0c49d33ac6a2d501a1aa332b8ad7dc46fc62a612
7
+ data.tar.gz: 55566dce00faf1cde565cf3986bdb008f670219a935abf9d4afc0090621b935539b8ec8c5322f581396df00650a3e81a855026e5e4196d6e6ed08b7483e49b04
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2011 Erik Michaels-Ober, Wynn Netherland, et al.
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,58 @@
1
+ Faraday Middleware SafeYAML
2
+ ==================
3
+
4
+ Fork of Faraday Middleware with the `Yaml.load` vulnerability fixed.
5
+
6
+ Can switch back to upstream when https://github.com/lostisland/faraday_middleware/pull/157 merged.
7
+
8
+ A collection of useful [Faraday][] middleware. [See the documentation][docs].
9
+
10
+ gem install faraday_middleware_safeyaml
11
+
12
+ Dependencies
13
+ ------------
14
+
15
+ Some dependent libraries are needed only when using specific middleware:
16
+
17
+ * FaradayMiddleware::EncodeJson & FaradayMiddleware::ParseJson: "json"
18
+ for ruby older than 1.9
19
+ * FaradayMiddleware::ParseXml: "multi_xml"
20
+ * FaradayMiddleware::OAuth: "simple_oauth"
21
+ * FaradayMiddleware::Mashify: "hashie"
22
+ * FaradayMiddleware::Rashify: "rash"
23
+ * FaradayMiddleware::Instrumentation: "activesupport"
24
+
25
+ Examples
26
+ --------
27
+
28
+ ``` rb
29
+ require 'faraday_middleware'
30
+
31
+ ## in Faraday 0.8 or above:
32
+ connection = Faraday.new 'http://example.com/api' do |conn|
33
+ conn.request :oauth2, 'TOKEN'
34
+ conn.request :json
35
+
36
+ conn.response :xml, :content_type => /\bxml$/
37
+ conn.response :json, :content_type => /\bjson$/
38
+
39
+ conn.use :instrumentation
40
+ conn.adapter Faraday.default_adapter
41
+ end
42
+
43
+ ## with Faraday 0.7:
44
+ connection = Faraday.new 'http://example.com/api' do |builder|
45
+ builder.use FaradayMiddleware::OAuth2, 'TOKEN'
46
+ builder.use FaradayMiddleware::EncodeJson
47
+
48
+ builder.use FaradayMiddleware::ParseXml, :content_type => /\bxml$/
49
+ builder.use FaradayMiddleware::ParseJson, :content_type => /\bjson$/
50
+
51
+ builder.use FaradayMiddleware::Instrumentation
52
+ builder.adapter Faraday.default_adapter
53
+ end
54
+ ```
55
+
56
+
57
+ [faraday]: https://github.com/lostisland/faraday#readme
58
+ [docs]: https://github.com/lostisland/faraday_middleware/wiki
@@ -0,0 +1,48 @@
1
+ require 'faraday'
2
+
3
+ module FaradayMiddleware
4
+ autoload :OAuth, 'faraday_middleware/request/oauth'
5
+ autoload :OAuth2, 'faraday_middleware/request/oauth2'
6
+ autoload :EncodeJson, 'faraday_middleware/request/encode_json'
7
+ autoload :MethodOverride, 'faraday_middleware/request/method_override'
8
+ autoload :Mashify, 'faraday_middleware/response/mashify'
9
+ autoload :Rashify, 'faraday_middleware/response/rashify'
10
+ autoload :ParseJson, 'faraday_middleware/response/parse_json'
11
+ autoload :ParseXml, 'faraday_middleware/response/parse_xml'
12
+ autoload :ParseMarshal, 'faraday_middleware/response/parse_marshal'
13
+ autoload :ParseYaml, 'faraday_middleware/response/parse_yaml'
14
+ autoload :ParseDates, 'faraday_middleware/response/parse_dates'
15
+ autoload :Caching, 'faraday_middleware/response/caching'
16
+ autoload :Chunked, 'faraday_middleware/response/chunked'
17
+ autoload :RackCompatible, 'faraday_middleware/rack_compatible'
18
+ autoload :FollowRedirects, 'faraday_middleware/response/follow_redirects'
19
+ autoload :Instrumentation, 'faraday_middleware/instrumentation'
20
+ autoload :Gzip, 'faraday_middleware/gzip'
21
+
22
+ if Faraday::Middleware.respond_to? :register_middleware
23
+ Faraday::Request.register_middleware \
24
+ :oauth => lambda { OAuth },
25
+ :oauth2 => lambda { OAuth2 },
26
+ :json => lambda { EncodeJson },
27
+ :method_override => lambda { MethodOverride }
28
+
29
+ Faraday::Response.register_middleware \
30
+ :mashify => lambda { Mashify },
31
+ :rashify => lambda { Rashify },
32
+ :json => lambda { ParseJson },
33
+ :json_fix => lambda { ParseJson::MimeTypeFix },
34
+ :xml => lambda { ParseXml },
35
+ :marshal => lambda { ParseMarshal },
36
+ :yaml => lambda { ParseYaml },
37
+ :dates => lambda { ParseDates },
38
+ :caching => lambda { Caching },
39
+ :follow_redirects => lambda { FollowRedirects },
40
+ :chunked => lambda { Chunked }
41
+
42
+ Faraday::Middleware.register_middleware \
43
+ :instrumentation => lambda { Instrumentation },
44
+ :gzip => lambda { Gzip }
45
+ end
46
+ end
47
+
48
+ require 'faraday_middleware/backwards_compatibility'
@@ -0,0 +1,20 @@
1
+ require 'addressable/uri'
2
+
3
+ # feature-detect the bug
4
+ unless Addressable::URI.parse('/?a=1&b=2') === '/?b=2&a=1'
5
+ # fix `normalized_query` by sorting query key-value pairs
6
+ # (rejected: https://github.com/sporkmonger/addressable/issues/28)
7
+ class Addressable::URI
8
+ alias normalized_query_without_ordering_fix normalized_query
9
+
10
+ def normalized_query
11
+ fresh = @normalized_query.nil?
12
+ query = normalized_query_without_ordering_fix
13
+ if query && fresh
14
+ @normalized_query = query.split('&', -1).sort_by {|q| q[0..(q.index('=')||-1)] }.join('&')
15
+ else
16
+ query
17
+ end
18
+ end
19
+ end
20
+ end
@@ -0,0 +1,15 @@
1
+ # deprecated constants
2
+
3
+ Faraday::Request.class_eval do
4
+ autoload :OAuth, 'faraday_middleware/request/oauth'
5
+ autoload :OAuth2, 'faraday_middleware/request/oauth2'
6
+ end
7
+
8
+ Faraday::Response.class_eval do
9
+ autoload :Mashify, 'faraday_middleware/response/mashify'
10
+ autoload :Rashify, 'faraday_middleware/response/rashify'
11
+ autoload :ParseJson, 'faraday_middleware/response/parse_json'
12
+ autoload :ParseXml, 'faraday_middleware/response/parse_xml'
13
+ autoload :ParseMarshal, 'faraday_middleware/response/parse_marshal'
14
+ autoload :ParseYaml, 'faraday_middleware/response/parse_yaml'
15
+ end
@@ -0,0 +1,64 @@
1
+ require 'faraday'
2
+
3
+ module FaradayMiddleware
4
+ # Middleware to automatically decompress response bodies. If the
5
+ # "Accept-Encoding" header wasn't set in the request, this sets it to
6
+ # "gzip,deflate" and appropriately handles the compressed response from the
7
+ # server. This resembles what Ruby 1.9+ does internally in Net::HTTP#get.
8
+ #
9
+ # This middleware is NOT necessary when these adapters are used:
10
+ # - net_http on Ruby 1.9+
11
+ # - net_http_persistent on Ruby 2.0+
12
+ # - em_http
13
+ class Gzip < Faraday::Middleware
14
+ dependency 'zlib'
15
+
16
+ ACCEPT_ENCODING = 'Accept-Encoding'.freeze
17
+ CONTENT_ENCODING = 'Content-Encoding'.freeze
18
+ CONTENT_LENGTH = 'Content-Length'.freeze
19
+ SUPPORTED_ENCODINGS = 'gzip,deflate'.freeze
20
+ RUBY_ENCODING = '1.9'.respond_to?(:force_encoding)
21
+
22
+ def call(env)
23
+ env[:request_headers][ACCEPT_ENCODING] ||= SUPPORTED_ENCODINGS
24
+ @app.call(env).on_complete do |response_env|
25
+ case response_env[:response_headers][CONTENT_ENCODING]
26
+ when 'gzip'
27
+ reset_body(response_env, &method(:uncompress_gzip))
28
+ when 'deflate'
29
+ reset_body(response_env, &method(:inflate))
30
+ end
31
+ end
32
+ end
33
+
34
+ def reset_body(env)
35
+ env[:body] = yield(env[:body])
36
+ env[:response_headers].delete(CONTENT_ENCODING)
37
+ env[:response_headers][CONTENT_LENGTH] = env[:body].length
38
+ end
39
+
40
+ def uncompress_gzip(body)
41
+ io = StringIO.new(body)
42
+ gzip_reader = if RUBY_ENCODING
43
+ Zlib::GzipReader.new(io, :encoding => 'ASCII-8BIT')
44
+ else
45
+ Zlib::GzipReader.new(io)
46
+ end
47
+ gzip_reader.read
48
+ end
49
+
50
+ def inflate(body)
51
+ # Inflate as a DEFLATE (RFC 1950+RFC 1951) stream
52
+ Zlib::Inflate.inflate(body)
53
+ rescue Zlib::DataError
54
+ # Fall back to inflating as a "raw" deflate stream which
55
+ # Microsoft servers return
56
+ inflate = Zlib::Inflate.new(-Zlib::MAX_WBITS)
57
+ begin
58
+ inflate.inflate(body)
59
+ ensure
60
+ inflate.close
61
+ end
62
+ end
63
+ end
64
+ end
@@ -0,0 +1,30 @@
1
+ require 'faraday'
2
+
3
+ module FaradayMiddleware
4
+ # Public: Instruments requests using Active Support.
5
+ #
6
+ # Measures time spent only for synchronous requests.
7
+ #
8
+ # Examples
9
+ #
10
+ # ActiveSupport::Notifications.subscribe('request.faraday') do |name, starts, ends, _, env|
11
+ # url = env[:url]
12
+ # http_method = env[:method].to_s.upcase
13
+ # duration = ends - starts
14
+ # $stderr.puts '[%s] %s %s (%.3f s)' % [url.host, http_method, url.request_uri, duration]
15
+ # end
16
+ class Instrumentation < Faraday::Middleware
17
+ dependency 'active_support/notifications'
18
+
19
+ def initialize(app, options = {})
20
+ super(app)
21
+ @name = options.fetch(:name, 'request.faraday')
22
+ end
23
+
24
+ def call(env)
25
+ ::ActiveSupport::Notifications.instrument(@name, env) do
26
+ @app.call(env)
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,86 @@
1
+ require 'stringio'
2
+
3
+ module FaradayMiddleware
4
+ # Wraps a handler originally written for Rack to make it compatible with Faraday.
5
+ #
6
+ # Experimental. Only handles changes in request headers.
7
+ class RackCompatible
8
+ def initialize(app, rack_handler, *args)
9
+ # tiny middleware that decomposes a Faraday::Response to standard Rack
10
+ # array: [status, headers, body]
11
+ compatible_app = lambda do |rack_env|
12
+ env = restore_env(rack_env)
13
+ response = app.call(env)
14
+ [response.status, response.headers, Array(response.body)]
15
+ end
16
+ @rack = rack_handler.new(compatible_app, *args)
17
+ end
18
+
19
+ def call(env)
20
+ rack_env = prepare_env(env)
21
+ rack_response = @rack.call(rack_env)
22
+ finalize_response(env, rack_response)
23
+ end
24
+
25
+ NonPrefixedHeaders = %w[CONTENT_LENGTH CONTENT_TYPE]
26
+
27
+ # faraday to rack-compatible
28
+ def prepare_env(faraday_env)
29
+ env = headers_to_rack(faraday_env)
30
+
31
+ url = faraday_env[:url]
32
+ env['rack.url_scheme'] = url.scheme
33
+ env['PATH_INFO'] = url.path
34
+ env['SERVER_PORT'] = url.respond_to?(:inferred_port) ? url.inferred_port : url.port
35
+ env['QUERY_STRING'] = url.query
36
+ env['REQUEST_METHOD'] = faraday_env[:method].to_s.upcase
37
+
38
+ env['rack.errors'] ||= StringIO.new
39
+ env['faraday'] = faraday_env
40
+
41
+ env
42
+ end
43
+
44
+ def headers_to_rack(env)
45
+ rack_env = {}
46
+ env[:request_headers].each do |name, value|
47
+ name = name.upcase.tr('-', '_')
48
+ name = "HTTP_#{name}" unless NonPrefixedHeaders.include? name
49
+ rack_env[name] = value
50
+ end
51
+ rack_env
52
+ end
53
+
54
+ # rack to faraday-compatible
55
+ def restore_env(rack_env)
56
+ env = rack_env.fetch('faraday')
57
+ headers = env[:request_headers]
58
+ headers.clear
59
+
60
+ rack_env.each do |name, value|
61
+ next unless String === name && String === value
62
+ if NonPrefixedHeaders.include? name or name.index('HTTP_') == 0
63
+ name = name.sub(/^HTTP_/, '').downcase.tr('_', '-')
64
+ headers[name] = value
65
+ end
66
+ end
67
+
68
+ env[:method] = rack_env['REQUEST_METHOD'].downcase.to_sym
69
+ env[:rack_errors] = rack_env['rack.errors']
70
+ env
71
+ end
72
+
73
+ def finalize_response(env, rack_response)
74
+ status, headers, body = rack_response
75
+ body = body.inject() { |str, part| str << part }
76
+ headers = Faraday::Utils::Headers.new(headers) unless Faraday::Utils::Headers === headers
77
+
78
+ env.update :status => status.to_i,
79
+ :body => body,
80
+ :response_headers => headers
81
+
82
+ env[:response] ||= Faraday::Response.new(env)
83
+ env[:response]
84
+ end
85
+ end
86
+ end
@@ -0,0 +1,53 @@
1
+ require 'faraday'
2
+
3
+ module FaradayMiddleware
4
+ # Request middleware that encodes the body as JSON.
5
+ #
6
+ # Processes only requests with matching Content-type or those without a type.
7
+ # If a request doesn't have a type but has a body, it sets the Content-type
8
+ # to JSON MIME-type.
9
+ #
10
+ # Doesn't try to encode bodies that already are in string form.
11
+ class EncodeJson < Faraday::Middleware
12
+ CONTENT_TYPE = 'Content-Type'.freeze
13
+ MIME_TYPE = 'application/json'.freeze
14
+ MIME_TYPE_REGEX = /^application\/(vnd\..+\+)?json$/
15
+
16
+ dependency do
17
+ require 'json' unless defined?(::JSON)
18
+ end
19
+
20
+ def call(env)
21
+ match_content_type(env) do |data|
22
+ env[:body] = encode data
23
+ end
24
+ @app.call env
25
+ end
26
+
27
+ def encode(data)
28
+ ::JSON.dump data
29
+ end
30
+
31
+ def match_content_type(env)
32
+ if process_request?(env)
33
+ env[:request_headers][CONTENT_TYPE] ||= MIME_TYPE
34
+ yield env[:body] unless env[:body].respond_to?(:to_str)
35
+ end
36
+ end
37
+
38
+ def process_request?(env)
39
+ type = request_type(env)
40
+ has_body?(env) and (type.empty? or MIME_TYPE_REGEX =~ type)
41
+ end
42
+
43
+ def has_body?(env)
44
+ body = env[:body] and !(body.respond_to?(:to_str) and body.empty?)
45
+ end
46
+
47
+ def request_type(env)
48
+ type = env[:request_headers][CONTENT_TYPE].to_s
49
+ type = type.split(';', 2).first if type.index(';')
50
+ type
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,51 @@
1
+ require 'faraday'
2
+
3
+ module FaradayMiddleware
4
+ # Public: Writes the original HTTP method to "X-Http-Method-Override" header
5
+ # and sends the request as POST.
6
+ #
7
+ # This can be used to work around technical issues with making non-POST
8
+ # requests, e.g. faulty HTTP client or server router.
9
+ #
10
+ # This header is recognized in Rack apps by default, courtesy of the
11
+ # Rack::MethodOverride module. See
12
+ # http://rack.rubyforge.org/doc/classes/Rack/MethodOverride.html
13
+ class MethodOverride < Faraday::Middleware
14
+
15
+ HEADER = "X-Http-Method-Override".freeze
16
+
17
+ # Public: Initialize the middleware.
18
+ #
19
+ # app - the Faraday app to wrap
20
+ # options - (optional)
21
+ # :rewrite - Array of HTTP methods to rewrite
22
+ # (default: all but GET and POST)
23
+ def initialize(app, options = nil)
24
+ super(app)
25
+ @methods = options && options.fetch(:rewrite).map { |method|
26
+ method = method.downcase if method.respond_to? :downcase
27
+ method.to_sym
28
+ }
29
+ end
30
+
31
+ def call(env)
32
+ method = env[:method]
33
+ rewrite_request(env, method) if rewrite_request?(method)
34
+ @app.call(env)
35
+ end
36
+
37
+ def rewrite_request?(method)
38
+ if @methods.nil? or @methods.empty?
39
+ method != :get and method != :post
40
+ else
41
+ @methods.include? method
42
+ end
43
+ end
44
+
45
+ # Internal: Write the original HTTP method to header, change method to POST.
46
+ def rewrite_request(env, original_method)
47
+ env[:request_headers][HEADER] = original_method.to_s.upcase
48
+ env[:method] = :post
49
+ end
50
+ end
51
+ end