http 5.3.1 → 6.0.0

data/test/support/http_handling_shared/timeout_tests.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+module TimeoutTests
+  # Including class must provide:
+  #   - server: a DummyServer instance
+  #   - build_client(**options): builds an HTTP::Client with given options
+
+  def test_timeout_without_timeouts_works
+    client = build_client(timeout_class: HTTP::Timeout::Null, timeout_options: {})
+
+    assert_equal "<!doctype html>", client.get(server.endpoint).body.to_s
+  end
+
+  def test_timeout_per_operation_works
+    client = build_client(
+      timeout_class:   HTTP::Timeout::PerOperation,
+      timeout_options: {
+        connect_timeout: 0.5,
+        read_timeout:    0.1,
+        write_timeout:   0.5
+      }
+    )
+
+    assert_equal "<!doctype html>", client.get(server.endpoint).body.to_s
+  end
+
+  def test_timeout_per_operation_connection_of_half_second_does_not_time_out
+    client = build_client(
+      timeout_class:   HTTP::Timeout::PerOperation,
+      timeout_options: {
+        connect_timeout: 0.5,
+        read_timeout:    0.1,
+        write_timeout:   0.5
+      }
+    )
+
+    client.get(server.endpoint).body.to_s
+  end
+
+  def test_timeout_per_operation_read_of_zero_times_out
+    client = build_client(
+      timeout_class:   HTTP::Timeout::PerOperation,
+      timeout_options: {
+        connect_timeout: 0.5,
+        read_timeout:    0,
+        write_timeout:   0.5
+      }
+    )
+
+    err = assert_raises(HTTP::TimeoutError) do
+      client.get("#{server.endpoint}/sleep").body.to_s
+    end
+    assert_match(/Read/i, err.message)
+  end
+
+  def test_timeout_per_operation_read_of_tenth_does_not_time_out
+    client = build_client(
+      timeout_class:   HTTP::Timeout::PerOperation,
+      timeout_options: {
+        connect_timeout: 0.5,
+        read_timeout:    0.1,
+        write_timeout:   0.5
+      }
+    )
+
+    client.get("#{server.endpoint}/sleep").body.to_s
+  end
+
+  def test_timeout_global_errors_if_connecting_takes_too_long
+    client = build_client(
+      timeout_class:   HTTP::Timeout::Global,
+      timeout_options: { global_timeout: 0.01 }
+    )
+
+    TCPSocket.stub(:open, ->(*) { sleep 0.025 }) do
+      err = assert_raises(HTTP::ConnectTimeoutError) { client.get(server.endpoint).body.to_s }
+      assert_match(/execution/, err.message)
+    end
+  end
+
+  def test_timeout_global_errors_if_reading_takes_too_long
+    client = build_client(
+      timeout_class:   HTTP::Timeout::Global,
+      timeout_options: { global_timeout: 0.01 }
+    )
+
+    err = assert_raises(HTTP::TimeoutError) do
+      client.get("#{server.endpoint}/sleep").body.to_s
+    end
+    assert_match(/Timed out|execution expired/, err.message)
+  end
+
+  def test_timeout_global_resets_state_when_reusing_connections
+    client = build_client(
+      timeout_class:   HTTP::Timeout::Global,
+      timeout_options: { global_timeout: 0.5 },
+      persistent:      server.endpoint
+    )
+
+    client.get("#{server.endpoint}/sleep").body.to_s
+    client.get("#{server.endpoint}/sleep").body.to_s
+  end
+
+  def test_timeout_combined_global_and_per_operation_works
+    client = build_client(
+      timeout_class:   HTTP::Timeout::Global,
+      timeout_options: {
+        global_timeout:  0.5,
+        connect_timeout: 0.25,
+        read_timeout:    0.25,
+        write_timeout:   0.25
+      }
+    )
+
+    assert_equal "<!doctype html>", client.get(server.endpoint).body.to_s
+  end
+
+  def test_timeout_combined_per_op_read_of_zero_times_out
+    client = build_client(
+      timeout_class:   HTTP::Timeout::Global,
+      timeout_options: {
+        global_timeout:  0.5,
+        connect_timeout: 0.25,
+        read_timeout:    0,
+        write_timeout:   0.25
+      }
+    )
+
+    err = assert_raises(HTTP::TimeoutError) do
+      client.get("#{server.endpoint}/sleep").body.to_s
+    end
+    assert_match(/Read timed out/, err.message)
+  end
+end

data/test/support/http_handling_shared.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require "support/http_handling_shared/timeout_tests"
+require "support/http_handling_shared/connection_reuse_tests"
+
+module HTTPHandlingTests
+  def self.included(base)
+    base.include TimeoutTests
+    base.include ConnectionReuseTests
+  end
+end

data/test/support/proxy_server.rb

@@ -0,0 +1,207 @@
+# frozen_string_literal: true
+
+require "socket"
+require "uri"
+
+require "support/servers/runner"
+
+class ProxyServer
+  Target = Struct.new(:host, :port, :path, :query)
+
+  def initialize
+    @tcp_server     = TCPServer.new("127.0.0.1", 0)
+    @port           = @tcp_server.addr[1]
+    @ready          = Queue.new
+    @shutdown_read, @shutdown_write = IO.pipe
+  end
+
+  def addr
+    "127.0.0.1"
+  end
+
+  attr_reader :port
+
+  def wait_ready
+    @ready.pop
+  end
+
+  def start
+    @ready << true
+
+    loop do
+      readable, = IO.select([@tcp_server, @shutdown_read])
+      break unless readable
+      break if readable.include?(@shutdown_read)
+
+      client = @tcp_server.accept
+      Thread.new(client) do |c|
+        Thread.current.report_on_exception = false
+        handle_request(c)
+      end
+    end
+  rescue IOError, Errno::EBADF
+    # Server socket closed during shutdown
+  end
+
+  def shutdown
+    @shutdown_write.close
+    @tcp_server.close rescue nil
+    @shutdown_read.close rescue nil
+  rescue
+    nil
+  end
+
+  private
+
+  def handle_request(client)
+    method, target, version, headers, body = read_proxy_request(client)
+    return unless method && target
+
+    if (response = authenticate(headers))
+      client.write(response)
+      return
+    end
+
+    if method == "CONNECT"
+      tunnel_connection(client, target)
+    else
+      forward_and_respond(client, method, target, body, version)
+    end
+  rescue IOError, Errno::ECONNRESET, Errno::EPIPE, Errno::EBADF, URI::InvalidURIError
+    # Connection closed
+  ensure
+    client.close rescue nil
+  end
+
+  def read_proxy_request(client)
+    line = client.gets
+    return unless line
+
+    method, target, version = line.strip.split(" ", 3)
+    headers = read_headers(client)
+    body = headers["Content-Length"] ? client.read(headers["Content-Length"].to_i) : nil
+
+    [method, parse_target(method, target), version, headers, body]
+  end
+
+  def parse_target(method, target)
+    return parse_connect_target(target) if method == "CONNECT"
+
+    uri = URI.parse(target)
+    Target.new(host: uri.host, port: uri.port, path: uri.path, query: uri.query)
+  end
+
+  def parse_connect_target(target)
+    host, port = target.split(":", 2)
+    return unless host && port
+
+    Target.new(host: host, port: Integer(port))
+  rescue ArgumentError
+    nil
+  end
+
+  def read_headers(client)
+    headers = {}
+    while (header_line = client.gets)
+      break if header_line == "\r\n"
+
+      key, value = header_line.split(": ", 2)
+      headers[key] = value.strip
+    end
+    headers
+  end
+
+  def authenticate(_headers)
+    nil
+  end
+
+  def forward_and_respond(client, method, target, body, version)
+    target_socket = send_to_target(method, target, body, version)
+    relay_response(client, target_socket)
+  ensure
+    target_socket&.close rescue nil
+  end
+
+  def send_to_target(method, target, body, version)
+    socket = TCPSocket.new(target.host, target.port)
+    path = target.path.to_s.empty? ? "/" : target.path
+    path = "#{path}?#{target.query}" if target.query
+
+    socket.write("#{method} #{path} #{version}\r\n")
+    socket.write("Host: #{target.host}:#{target.port}\r\n")
+    socket.write("Content-Length: #{body.bytesize}\r\n") if body
+    socket.write("\r\n")
+    socket.write(body) if body
+    socket
+  end
+
+  def relay_response(client, target)
+    response_line = target.gets
+    return unless response_line
+
+    headers, content_length = read_response_headers(target)
+    body = content_length&.positive? ? target.read(content_length) : ""
+
+    client.write("#{response_line}X-PROXIED: true\r\n#{headers}\r\n#{body}")
+  rescue IOError, Errno::ECONNRESET
+    # Target connection error
+  end
+
+  def tunnel_connection(client, target)
+    target_socket = TCPSocket.new(target.host, target.port)
+
+    client.write("HTTP/1.1 200 Connection established\r\n\r\n")
+    relay_tunnel(client, target_socket)
+  ensure
+    target_socket&.close rescue nil
+  end
+
+  def relay_tunnel(client, target)
+    threads = [
+      Thread.new { copy_stream(client, target) },
+      Thread.new { copy_stream(target, client) }
+    ]
+    threads.each { |t| t.join(5) }
+  ensure
+    threads&.each { |t| t.kill if t.alive? }
+  end
+
+  def copy_stream(source, destination)
+    loop do
+      destination.write(source.readpartial(1024))
+    end
+  rescue IOError, Errno::ECONNRESET, Errno::EPIPE
+    nil
+  end
+
+  def read_response_headers(target)
+    headers = +""
+    content_length = nil
+    while (hl = target.gets)
+      break if hl == "\r\n"
+
+      content_length = ::Regexp.last_match(1).to_i if hl =~ /^Content-Length:\s*(\d+)/i
+      headers << hl
+    end
+    [headers, content_length]
+  end
+end
+
+class AuthProxyServer < ProxyServer
+  private
+
+  def authenticate(headers)
+    auth = headers["Proxy-Authorization"]
+
+    if auth
+      encoded = auth.sub(/^Basic\s+/, "")
+      user, pass = encoded.unpack1("m0").split(":", 2)
+      return if user == "username" && pass == "password"
+    end
+
+    "HTTP/1.1 407 Proxy Authentication Required\r\n" \
+      "Proxy-Authenticate: Basic realm=\"proxy\"\r\n" \
+      "Content-Length: 0\r\n" \
+      "\r\n"
+  end
+end

data/test/support/servers/runner.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module ServerRunner
+  @all_servers = []
+
+  def self.all_servers
+    @all_servers
+  end
+
+  def run_server(name)
+    defining_class = self
+
+    define_method(name) do
+      cache = defining_class.instance_variable_get(:@_server_cache) ||
+              defining_class.instance_variable_set(:@_server_cache, {})
+
+      cache[name] ||= begin
+        server = yield
+        Thread.new { server.start }
+        server.wait_ready
+        ServerRunner.all_servers << server
+        server
+      end
+    end
+
+    _run_servers << name
+  end
+
+  def _run_servers
+    @_run_servers ||= []
+  end
+end
+
+module ServerLifecycle
+  def setup
+    super
+    _all_run_servers.each do |s|
+      server = send(s)
+      server.reset if server.respond_to?(:reset)
+    end
+  end
+
+  private
+
+  def _all_run_servers
+    klass = self.class
+    servers = []
+
+    while klass.respond_to?(:_run_servers)
+      servers.concat(klass._run_servers)
+      klass = klass.superclass
+    end
+
+    servers.uniq
+  end
+end
+
+Minitest::Test.extend(ServerRunner)
+Minitest::Test.include(ServerLifecycle)
+
+Minitest.after_run do
+  ServerRunner.all_servers.each do |server|
+    server.shutdown
+  rescue
+    nil
+  end
+end

data/{spec → test}/support/simplecov.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+return if ENV["MUTANT"] || ENV["NOCOV"]
+
 require "simplecov"
 
 if ENV["CI"]
@@ -14,6 +16,13 @@ if ENV["CI"]
 end
 
 SimpleCov.start do
-  add_filter "/spec/"
-  minimum_coverage 80
+  add_filter "/test/"
+  add_filter "/minitest-memory/"
+
+  if RUBY_ENGINE == "ruby"
+    enable_coverage :branch
+    minimum_coverage line: 100, branch: 100
+  else
+    minimum_coverage line: 99
+  end
 end

data/test/support/ssl_helper.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require "openssl"
+require "pathname"
+
+module SSLHelper
+  CERTS_PATH = Pathname.new File.expand_path("../../tmp/certs", __dir__)
+
+  class << self
+    def server_context
+      context = OpenSSL::SSL::SSLContext.new
+
+      context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      context.key         = server_cert_key
+      context.cert        = server_cert_cert
+      context.ca_file     = ca_file
+
+      context
+    end
+
+    def client_context
+      # Ensure server cert is generated (triggers CA generation too)
+      server_cert_cert
+      context = OpenSSL::SSL::SSLContext.new
+
+      context.options     = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]
+      context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      context.verify_hostname = true if context.respond_to?(:verify_hostname=)
+      context.ca_file = ca_file
+
+      context
+    end
+
+    def client_params
+      server_cert_cert
+      {
+        ca_file: ca_file
+      }
+    end
+
+    private
+
+    def ca_key
+      @ca_key ||= OpenSSL::PKey::RSA.new(2048)
+    end
+
+    def ca_cert
+      @ca_cert ||= begin
+        cert = OpenSSL::X509::Certificate.new
+        cert.version    = 2
+        cert.serial     = 1
+        cert.subject    = OpenSSL::X509::Name.parse("/CN=honestachmed.com")
+        cert.issuer     = cert.subject
+        cert.public_key = ca_key.public_key
+        cert.not_before = Time.now - 60
+        cert.not_after  = Time.now + (365 * 24 * 60 * 60)
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate  = cert
+
+        cert.add_extension(ef.create_extension("basicConstraints", "CA:TRUE", true))
+        cert.add_extension(ef.create_extension("keyUsage", "keyCertSign,cRLSign", true))
+
+        cert.sign(ca_key, OpenSSL::Digest.new("SHA256"))
+        cert
+      end
+    end
+
+    def ca_file
+      return @ca_file if defined?(@ca_file)
+
+      CERTS_PATH.mkpath
+      cert_file = CERTS_PATH.join("ca.crt")
+      cert_file.open("w") { |io| io << ca_cert.to_pem }
+      @ca_file = cert_file.to_s
+    end
+
+    def server_cert_key
+      @server_cert_key ||= OpenSSL::PKey::RSA.new(2048)
+    end
+
+    def server_cert_cert
+      @server_cert_cert ||= begin
+        cert = OpenSSL::X509::Certificate.new
+        cert.version    = 2
+        cert.serial     = 2
+        cert.subject    = OpenSSL::X509::Name.parse("/CN=127.0.0.1")
+        cert.issuer     = ca_cert.subject
+        cert.public_key = server_cert_key.public_key
+        cert.not_before = Time.now - 60
+        cert.not_after  = Time.now + (365 * 24 * 60 * 60)
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate  = ca_cert
+
+        cert.add_extension(ef.create_extension("basicConstraints", "CA:FALSE"))
+        cert.add_extension(ef.create_extension("keyUsage", "digitalSignature,keyEncipherment", true))
+        cert.add_extension(ef.create_extension("extendedKeyUsage", "serverAuth"))
+        cert.add_extension(ef.create_extension("subjectAltName", "IP:127.0.0.1"))
+
+        cert.sign(ca_key, OpenSSL::Digest.new("SHA256"))
+        cert
+      end
+    end
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require_relative "support/simplecov"
+
+require "minitest/autorun"
+require "minitest/mock"
+require "minitest/memory" if RUBY_ENGINE == "ruby"
+require "minitest/strict"
+
+require "http"
+
+# No-op for mutant cover declarations when mutant is not loaded
+Minitest::Test.extend(Module.new { def cover(*); end }) unless Minitest::Test.respond_to?(:cover)
+
+require "support/capture_warning"
+require "support/fakeio"
+
+# Helper for creating fake objects with predefined method responses
+module FakeHelper
+  def fake(**methods)
+    obj = Object.new
+    methods.each do |name, value|
+      if value.is_a?(Proc)
+        obj.define_singleton_method(name) { |*args, **kwargs, &blk| value.call(*args, **kwargs, &blk) }
+      else
+        obj.define_singleton_method(name) { |*| value }
+      end
+    end
+    obj
+  end
+end
+
+module Minitest
+  class Test
+    include FakeHelper
+    include Minitest::Memory if RUBY_ENGINE == "ruby"
+  end
+end