gitlab-puma 4.3.1.gitlab.2

data/lib/puma/minissl.rb

@@ -0,0 +1,278 @@
+# frozen_string_literal: true
+
+begin
+  require 'io/wait'
+rescue LoadError
+end
+
+module Puma
+  module MiniSSL
+    class Socket
+      def initialize(socket, engine)
+        @socket = socket
+        @engine = engine
+        @peercert = nil
+      end
+
+      def to_io
+        @socket
+      end
+
+      def closed?
+        @socket.closed?
+      end
+
+      def readpartial(size)
+        while true
+          output = @engine.read
+          return output if output
+
+          data = @socket.readpartial(size)
+          @engine.inject(data)
+          output = @engine.read
+
+          return output if output
+
+          while neg_data = @engine.extract
+            @socket.write neg_data
+          end
+        end
+      end
+
+      def engine_read_all
+        output = @engine.read
+        while output and additional_output = @engine.read
+          output << additional_output
+        end
+        output
+      end
+
+      def read_nonblock(size, *_)
+        # *_ is to deal with keyword args that were added
+        # at some point (and being used in the wild)
+        while true
+          output = engine_read_all
+          return output if output
+
+          data = @socket.read_nonblock(size, exception: false)
+          if data == :wait_readable || data == :wait_writable
+            # It would make more sense to let @socket.read_nonblock raise
+            # EAGAIN if necessary but it seems like it'll misbehave on Windows.
+            # I don't have a Windows machine to debug this so I can't explain
+            # exactly whats happening in that OS. Please let me know if you
+            # find out!
+            #
+            # In the meantime, we can emulate the correct behavior by
+            # capturing :wait_readable & :wait_writable and raising EAGAIN
+            # ourselves.
+            raise IO::EAGAINWaitReadable
+          elsif data.nil?
+            return nil
+          end
+
+          @engine.inject(data)
+          output = engine_read_all
+
+          return output if output
+
+          while neg_data = @engine.extract
+            @socket.write neg_data
+          end
+        end
+      end
+
+      def write(data)
+        return 0 if data.empty?
+
+        need = data.bytesize
+
+        while true
+          wrote = @engine.write data
+          enc = @engine.extract
+
+          while enc
+            @socket.write enc
+            enc = @engine.extract
+          end
+
+          need -= wrote
+
+          return data.bytesize if need == 0
+
+          data = data[wrote..-1]
+        end
+      end
+
+      alias_method :syswrite, :write
+      alias_method :<<, :write
+
+      # This is a temporary fix to deal with websockets code using
+      # write_nonblock. The problem with implementing it properly
+      # is that it means we'd have to have the ability to rewind
+      # an engine because after we write+extract, the socket
+      # write_nonblock call might raise an exception and later
+      # code would pass the same data in, but the engine would think
+      # it had already written the data in. So for the time being
+      # (and since write blocking is quite rare), go ahead and actually
+      # block in write_nonblock.
+      def write_nonblock(data, *_)
+        write data
+      end
+
+      def flush
+        @socket.flush
+      end
+
+      def read_and_drop(timeout = 1)
+        return :timeout unless IO.select([@socket], nil, nil, timeout)
+        return :eof unless read_nonblock(1024)
+        :drop
+      rescue Errno::EAGAIN
+        # do nothing
+        :eagain
+      end
+
+      def should_drop_bytes?
+        @engine.init? || !@engine.shutdown
+      end
+
+      def close
+        begin
+          # Read any drop any partially initialized sockets and any received bytes during shutdown.
+          # Don't let this socket hold this loop forever.
+          # If it can't send more packets within 1s, then give up.
+          while should_drop_bytes?
+            return if [:timeout, :eof].include?(read_and_drop(1))
+          end
+        rescue IOError, SystemCallError
+          Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
+          # nothing
+        ensure
+          @socket.close
+        end
+      end
+
+      def peeraddr
+        @socket.peeraddr
+      end
+
+      def peercert
+        return @peercert if @peercert
+
+        raw = @engine.peercert
+        return nil unless raw
+
+        @peercert = OpenSSL::X509::Certificate.new raw
+      end
+    end
+
+    if defined?(JRUBY_VERSION)
+      class SSLError < StandardError
+        # Define this for jruby even though it isn't used.
+      end
+
+      def self.check; end
+    end
+
+    class Context
+      attr_accessor :verify_mode
+      attr_reader :no_tlsv1, :no_tlsv1_1
+
+      def initialize
+        @no_tlsv1   = false
+        @no_tlsv1_1 = false
+      end
+
+      if defined?(JRUBY_VERSION)
+        # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
+        attr_reader :keystore
+        attr_accessor :keystore_pass
+        attr_accessor :ssl_cipher_list
+
+        def keystore=(keystore)
+          raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore
+          @keystore = keystore
+        end
+
+        def check
+          raise "Keystore not configured" unless @keystore
+        end
+
+      else
+        # non-jruby Context properties
+        attr_reader :key
+        attr_reader :cert
+        attr_reader :ca
+        attr_accessor :ssl_cipher_filter
+
+        def key=(key)
+          raise ArgumentError, "No such key file '#{key}'" unless File.exist? key
+          @key = key
+        end
+
+        def cert=(cert)
+          raise ArgumentError, "No such cert file '#{cert}'" unless File.exist? cert
+          @cert = cert
+        end
+
+        def ca=(ca)
+          raise ArgumentError, "No such ca file '#{ca}'" unless File.exist? ca
+          @ca = ca
+        end
+
+        def check
+          raise "Key not configured" unless @key
+          raise "Cert not configured" unless @cert
+        end
+      end
+
+      # disables TLSv1
+      def no_tlsv1=(tlsv1)
+        raise ArgumentError, "Invalid value of no_tlsv1" unless ['true', 'false', true, false].include?(tlsv1)
+        @no_tlsv1 = tlsv1
+      end
+
+      # disables TLSv1 and TLSv1.1.  Overrides `#no_tlsv1=`
+      def no_tlsv1_1=(tlsv1_1)
+        raise ArgumentError, "Invalid value of no_tlsv1" unless ['true', 'false', true, false].include?(tlsv1_1)
+        @no_tlsv1_1 = tlsv1_1
+      end
+
+    end
+
+    VERIFY_NONE = 0
+    VERIFY_PEER = 1
+    VERIFY_FAIL_IF_NO_PEER_CERT = 2
+
+    class Server
+      def initialize(socket, ctx)
+        @socket = socket
+        @ctx = ctx
+      end
+
+      def to_io
+        @socket
+      end
+
+      def accept
+        @ctx.check
+        io = @socket.accept
+        engine = Engine.server @ctx
+
+        Socket.new io, engine
+      end
+
+      def accept_nonblock
+        @ctx.check
+        io = @socket.accept_nonblock
+        engine = Engine.server @ctx
+
+        Socket.new io, engine
+      end
+
+      def close
+        @socket.close unless @socket.closed?       # closed? call is for Windows
+      end
+    end
+  end
+end

data/lib/puma/minissl/context_builder.rb

@@ -0,0 +1,76 @@
+module Puma
+  module MiniSSL
+    class ContextBuilder
+      def initialize(params, events)
+        require 'puma/minissl'
+        MiniSSL.check
+
+        @params = params
+        @events = events
+      end
+
+      def context
+        ctx = MiniSSL::Context.new
+
+        if defined?(JRUBY_VERSION)
+          unless params['keystore']
+            events.error "Please specify the Java keystore via 'keystore='"
+          end
+
+          ctx.keystore = params['keystore']
+
+          unless params['keystore-pass']
+            events.error "Please specify the Java keystore password  via 'keystore-pass='"
+          end
+
+          ctx.keystore_pass = params['keystore-pass']
+          ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list']
+        else
+          unless params['key']
+            events.error "Please specify the SSL key via 'key='"
+          end
+
+          ctx.key = params['key']
+
+          unless params['cert']
+            events.error "Please specify the SSL cert via 'cert='"
+          end
+
+          ctx.cert = params['cert']
+
+          if ['peer', 'force_peer'].include?(params['verify_mode'])
+            unless params['ca']
+              events.error "Please specify the SSL ca via 'ca='"
+            end
+          end
+
+          ctx.ca = params['ca'] if params['ca']
+          ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter']
+        end
+
+        ctx.no_tlsv1 = true if params['no_tlsv1'] == 'true'
+        ctx.no_tlsv1_1 = true if params['no_tlsv1_1'] == 'true'
+
+        if params['verify_mode']
+          ctx.verify_mode = case params['verify_mode']
+                            when "peer"
+                              MiniSSL::VERIFY_PEER
+                            when "force_peer"
+                              MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
+                            when "none"
+                              MiniSSL::VERIFY_NONE
+                            else
+                              events.error "Please specify a valid verify_mode="
+                              MiniSSL::VERIFY_NONE
+                            end
+        end
+
+        ctx
+      end
+
+      private
+
+      attr_reader :params, :events
+    end
+  end
+end

data/lib/puma/null_io.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Puma
+  # Provides an IO-like object that always appears to contain no data.
+  # Used as the value for rack.input when the request has no body.
+  #
+  class NullIO
+    def gets
+      nil
+    end
+
+    def each
+    end
+
+    # Mimics IO#read with no data.
+    #
+    def read(count = nil, _buffer = nil)
+      (count && count > 0) ? nil : ""
+    end
+
+    def rewind
+    end
+
+    def close
+    end
+
+    def size
+      0
+    end
+
+    def eof?
+      true
+    end
+
+    def sync=(v)
+    end
+
+    def puts(*ary)
+    end
+
+    def write(*ary)
+    end
+  end
+end

data/lib/puma/plugin.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+module Puma
+  class UnknownPlugin < RuntimeError; end
+
+  class PluginLoader
+    def initialize
+      @instances = []
+    end
+
+    def create(name)
+      if cls = Plugins.find(name)
+        plugin = cls.new(Plugin)
+        @instances << plugin
+        return plugin
+      end
+
+      raise UnknownPlugin, "File failed to register properly named plugin"
+    end
+
+    def fire_starts(launcher)
+      @instances.each do |i|
+        if i.respond_to? :start
+          i.start(launcher)
+        end
+      end
+    end
+  end
+
+  class PluginRegistry
+    def initialize
+      @plugins = {}
+      @background = []
+    end
+
+    def register(name, cls)
+      @plugins[name] = cls
+    end
+
+    def find(name)
+      name = name.to_s
+
+      if cls = @plugins[name]
+        return cls
+      end
+
+      begin
+        require "puma/plugin/#{name}"
+      rescue LoadError
+        raise UnknownPlugin, "Unable to find plugin: #{name}"
+      end
+
+      if cls = @plugins[name]
+        return cls
+      end
+
+      raise UnknownPlugin, "file failed to register a plugin"
+    end
+
+    def add_background(blk)
+      @background << blk
+    end
+
+    def fire_background
+      @background.each_with_index do |b, i|
+        Thread.new do
+          Puma.set_thread_name "plugin background #{i}"
+          b.call
+        end
+      end
+    end
+  end
+
+  Plugins = PluginRegistry.new
+
+  class Plugin
+    # Matches
+    #  "C:/Ruby22/lib/ruby/gems/2.2.0/gems/puma-3.0.1/lib/puma/plugin/tmp_restart.rb:3:in `<top (required)>'"
+    #  AS
+    #  C:/Ruby22/lib/ruby/gems/2.2.0/gems/puma-3.0.1/lib/puma/plugin/tmp_restart.rb
+    CALLER_FILE = /
+      \A       # start of string
+      .+       # file path (one or more characters)
+      (?=      # stop previous match when
+        :\d+     # a colon is followed by one or more digits
+        :in      # followed by a colon followed by in
+      )
+    /x
+
+    def self.extract_name(ary)
+      path = ary.first[CALLER_FILE]
+
+      m = %r!puma/plugin/([^/]*)\.rb$!.match(path)
+      return m[1]
+    end
+
+    def self.create(&blk)
+      name = extract_name(caller)
+
+      cls = Class.new(self)
+
+      cls.class_eval(&blk)
+
+      Plugins.register name, cls
+    end
+
+    def initialize(loader)
+      @loader = loader
+    end
+
+    def in_background(&blk)
+      Plugins.add_background blk
+    end
+
+    def workers_supported?
+      return false if Puma.jruby? || Puma.windows?
+      true
+    end
+  end
+end