RubyGems - mechanize - Versions diffs - 2.7.3 → 2.8.0 - Mend

mechanize 2.7.3 → 2.8.0

Potentially problematic release.

This version of mechanize might be problematic. Click here for more details.

Files changed (137) hide show

checksums.yaml +5 -5
data/.github/workflows/ci-test.yml +45 -0
data/.gitignore +15 -0
data/.yardopts +8 -0
data/{CHANGELOG.rdoc → CHANGELOG.md} +149 -62
data/EXAMPLES.rdoc +2 -25
data/Gemfile +3 -0
data/{LICENSE.rdoc → LICENSE.txt} +4 -0
data/README.md +79 -0
data/Rakefile +36 -37
data/examples/{rubyforge.rb → rubygems.rb} +7 -6
data/lib/mechanize.rb +75 -33
data/lib/mechanize/chunked_termination_error.rb +1 -0
data/lib/mechanize/content_type_error.rb +1 -0
data/lib/mechanize/cookie.rb +1 -13
data/lib/mechanize/cookie_jar.rb +4 -12
data/lib/mechanize/directory_saver.rb +15 -2
data/lib/mechanize/download.rb +2 -1
data/lib/mechanize/element_matcher.rb +29 -14
data/lib/mechanize/element_not_found_error.rb +1 -0
data/lib/mechanize/file.rb +2 -1
data/lib/mechanize/file_connection.rb +5 -3
data/lib/mechanize/file_request.rb +1 -0
data/lib/mechanize/file_response.rb +5 -4
data/lib/mechanize/file_saver.rb +1 -0
data/lib/mechanize/form.rb +119 -46
data/lib/mechanize/form/button.rb +1 -0
data/lib/mechanize/form/check_box.rb +1 -0
data/lib/mechanize/form/field.rb +47 -0
data/lib/mechanize/form/file_upload.rb +1 -0
data/lib/mechanize/form/hidden.rb +1 -0
data/lib/mechanize/form/image_button.rb +1 -0
data/lib/mechanize/form/keygen.rb +1 -0
data/lib/mechanize/form/multi_select_list.rb +8 -14
data/lib/mechanize/form/option.rb +3 -1
data/lib/mechanize/form/radio_button.rb +1 -0
data/lib/mechanize/form/reset.rb +1 -0
data/lib/mechanize/form/select_list.rb +1 -0
data/lib/mechanize/form/submit.rb +1 -0
data/lib/mechanize/form/text.rb +1 -0
data/lib/mechanize/form/textarea.rb +1 -0
data/lib/mechanize/headers.rb +1 -0
data/lib/mechanize/history.rb +2 -1
data/lib/mechanize/http.rb +1 -0
data/lib/mechanize/http/agent.rb +115 -64
data/lib/mechanize/http/auth_challenge.rb +1 -0
data/lib/mechanize/http/auth_realm.rb +2 -1
data/lib/mechanize/http/auth_store.rb +3 -0
data/lib/mechanize/http/content_disposition_parser.rb +18 -3
data/lib/mechanize/http/www_authenticate_parser.rb +5 -5
data/lib/mechanize/image.rb +1 -0
data/lib/mechanize/page.rb +166 -55
data/lib/mechanize/page/base.rb +1 -0
data/lib/mechanize/page/frame.rb +4 -1
data/lib/mechanize/page/image.rb +3 -0
data/lib/mechanize/page/label.rb +1 -0
data/lib/mechanize/page/link.rb +13 -1
data/lib/mechanize/page/meta_refresh.rb +1 -0
data/lib/mechanize/parser.rb +4 -3
data/lib/mechanize/pluggable_parsers.rb +14 -1
data/lib/mechanize/prependable.rb +1 -0
data/lib/mechanize/redirect_limit_reached_error.rb +1 -0
data/lib/mechanize/redirect_not_get_or_head_error.rb +1 -0
data/lib/mechanize/response_code_error.rb +2 -1
data/lib/mechanize/response_read_error.rb +1 -0
data/lib/mechanize/robots_disallowed_error.rb +1 -0
data/lib/mechanize/test_case.rb +39 -29
data/lib/mechanize/test_case/bad_chunking_servlet.rb +1 -0
data/lib/mechanize/test_case/basic_auth_servlet.rb +1 -0
data/lib/mechanize/test_case/content_type_servlet.rb +1 -0
data/lib/mechanize/test_case/digest_auth_servlet.rb +1 -0
data/lib/mechanize/test_case/file_upload_servlet.rb +1 -0
data/lib/mechanize/test_case/form_servlet.rb +1 -0
data/lib/mechanize/test_case/gzip_servlet.rb +4 -3
data/lib/mechanize/test_case/header_servlet.rb +1 -0
data/lib/mechanize/test_case/http_refresh_servlet.rb +2 -2
data/lib/mechanize/test_case/infinite_redirect_servlet.rb +1 -0
data/lib/mechanize/test_case/infinite_refresh_servlet.rb +2 -2
data/lib/mechanize/test_case/many_cookies_as_string_servlet.rb +1 -0
data/lib/mechanize/test_case/many_cookies_servlet.rb +1 -0
data/lib/mechanize/test_case/modified_since_servlet.rb +1 -0
data/lib/mechanize/test_case/ntlm_servlet.rb +1 -0
data/lib/mechanize/test_case/one_cookie_no_spaces_servlet.rb +1 -0
data/lib/mechanize/test_case/one_cookie_servlet.rb +1 -0
data/lib/mechanize/test_case/quoted_value_cookie_servlet.rb +1 -0
data/lib/mechanize/test_case/redirect_servlet.rb +1 -0
data/lib/mechanize/test_case/referer_servlet.rb +1 -0
data/lib/mechanize/test_case/refresh_with_empty_url.rb +1 -0
data/lib/mechanize/test_case/refresh_without_url.rb +1 -0
data/lib/mechanize/test_case/response_code_servlet.rb +1 -0
data/lib/mechanize/test_case/robots_txt_servlet.rb +15 -0
data/lib/mechanize/test_case/send_cookies_servlet.rb +1 -0
data/lib/mechanize/test_case/server.rb +1 -0
data/lib/mechanize/test_case/servlets.rb +4 -0
data/lib/mechanize/test_case/verb_servlet.rb +5 -6
data/lib/mechanize/unauthorized_error.rb +2 -1
data/lib/mechanize/unsupported_scheme_error.rb +5 -2
data/lib/mechanize/util.rb +90 -43
data/lib/mechanize/version.rb +4 -0
data/lib/mechanize/xml_file.rb +1 -0
data/mechanize.gemspec +69 -0
data/test/htdocs/dir with spaces/foo.html +1 -0
data/test/htdocs/find_link.html +1 -4
data/test/htdocs/tc_links.html +1 -1
data/test/test_mechanize.rb +111 -55
data/test/test_mechanize_cookie.rb +75 -60
data/test/test_mechanize_cookie_jar.rb +112 -59
data/test/test_mechanize_download.rb +13 -1
data/test/test_mechanize_file.rb +10 -0
data/test/test_mechanize_file_connection.rb +21 -3
data/test/test_mechanize_file_response.rb +26 -2
data/test/test_mechanize_form.rb +46 -11
data/test/test_mechanize_form_check_box.rb +10 -0
data/test/test_mechanize_form_encoding.rb +3 -8
data/test/test_mechanize_form_keygen.rb +1 -0
data/test/test_mechanize_form_multi_select_list.rb +5 -1
data/test/test_mechanize_http_agent.rb +175 -18
data/test/test_mechanize_http_auth_challenge.rb +14 -0
data/test/test_mechanize_http_auth_realm.rb +7 -1
data/test/test_mechanize_http_auth_store.rb +37 -0
data/test/test_mechanize_http_content_disposition_parser.rb +35 -1
data/test/test_mechanize_http_www_authenticate_parser.rb +24 -0
data/test/test_mechanize_link.rb +60 -4
data/test/test_mechanize_page.rb +82 -7
data/test/test_mechanize_page_encoding.rb +2 -3
data/test/test_mechanize_page_image.rb +1 -1
data/test/test_mechanize_page_link.rb +20 -5
data/test/test_mechanize_page_meta_refresh.rb +1 -1
data/test/test_mechanize_parser.rb +12 -2
data/test/test_mechanize_util.rb +46 -11
metadata +198 -99
data/.gemtest +0 -0
data/.travis.yml +0 -26
data/Manifest.txt +0 -205
data/README.rdoc +0 -83
data/lib/mechanize/monkey_patch.rb +0 -17
data/test/htdocs/robots.txt +0 -2

data/test/test_mechanize_cookie.rb CHANGED Viewed

@@ -18,14 +18,21 @@ module Enumerable
 end
 class TestMechanizeCookie < Mechanize::TestCase
-  def silently
-    warn_level = $VERBOSE
-    $VERBOSE = false
-    res = yield
-    $VERBOSE = warn_level
-    res
+  def assert_cookie_parse url, cookie_text, &block
+    cookie = nil
+    block ||= proc { |p_cookie| cookie = p_cookie }
+    exp_re = /The call of Mechanize::Cookie.parse/
+    assert_output "", exp_re do
+      Mechanize::Cookie.parse(url, cookie_text, &block)
+    end
+    cookie
   end
+  alias silently capture_io
   def test_parse_dates
     url = URI.parse('http://localhost/')
@@ -64,7 +71,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     uri = URI.parse 'http://example'
-    Mechanize::Cookie.parse uri, cookie_str do |cookie|
+    assert_cookie_parse uri, cookie_str do |cookie|
       assert_equal 'a', cookie.name
       assert_equal 'b', cookie.value
     end
@@ -75,7 +82,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     uri = URI.parse 'http://example'
-    Mechanize::Cookie.parse uri, cookie_str do |cookie|
+    assert_cookie_parse uri, cookie_str do |cookie|
       assert_equal 'foo',               cookie.name
       assert_equal 'bar',               cookie.value
       assert_equal '/',                 cookie.path
@@ -89,7 +96,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     uri = URI.parse 'http://example'
-    Mechanize::Cookie.parse uri, cookie_str do |cookie|
+    assert_cookie_parse uri, cookie_str do |cookie|
       assert_equal 'quoted', cookie.name
       assert_equal 'value', cookie.value
     end
@@ -98,41 +105,43 @@ class TestMechanizeCookie < Mechanize::TestCase
   def test_parse_weird_cookie
     cookie = 'n/a, ASPSESSIONIDCSRRQDQR=FBLDGHPBNDJCPCGNCPAENELB; path=/'
     url = URI.parse('http://www.searchinnovation.com/')
-    Mechanize::Cookie.parse(url, cookie) { |c|
+    assert_cookie_parse url, cookie do |c|
       assert_equal('ASPSESSIONIDCSRRQDQR', c.name)
       assert_equal('FBLDGHPBNDJCPCGNCPAENELB', c.value)
-    }
+    end
   end
   def test_double_semicolon
     double_semi = 'WSIDC=WEST;; domain=.williams-sonoma.com; path=/'
     url = URI.parse('http://williams-sonoma.com/')
-    Mechanize::Cookie.parse(url, double_semi) { |cookie|
+    assert_cookie_parse url, double_semi do |cookie|
       assert_equal('WSIDC', cookie.name)
       assert_equal('WEST', cookie.value)
-    }
+    end
   end
   def test_parse_bad_version
     bad_cookie = 'PRETANET=TGIAqbFXtt; Name=/PRETANET; Path=/; Version=1.2; Content-type=text/html; Domain=192.168.6.196; expires=Friday, 13-November-2026  23:01:46 GMT;'
     url = URI.parse('http://localhost/')
-    Mechanize::Cookie.parse(url, bad_cookie) { |cookie|
+    assert_cookie_parse url, bad_cookie do |cookie|
       assert_nil(cookie.version)
-    }
+    end
   end
   def test_parse_bad_max_age
     bad_cookie = 'PRETANET=TGIAqbFXtt; Name=/PRETANET; Path=/; Max-Age=1.2; Content-type=text/html; Domain=192.168.6.196; expires=Friday, 13-November-2026  23:01:46 GMT;'
     url = URI.parse('http://localhost/')
-    Mechanize::Cookie.parse(url, bad_cookie) { |cookie|
+    assert_cookie_parse url, bad_cookie do |cookie|
       assert_nil(cookie.max_age)
-    }
+    end
   end
   def test_parse_date_fail
     url = URI.parse('http://localhost/')
-    dates = [
+    dates = [
               "20/06/95 21:07",
     ]
@@ -151,7 +160,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     cookie_str = 'a=b; domain=.example.com'
-    cookie = Mechanize::Cookie.parse(url, cookie_str).first
+    cookie = assert_cookie_parse url, cookie_str
     assert_equal 'example.com', cookie.domain
     assert cookie.for_domain?
@@ -162,7 +171,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     cookie_str = 'a=b; domain=example.com'
-    cookie = Mechanize::Cookie.parse(url, cookie_str).first
+    cookie = assert_cookie_parse url, cookie_str
     assert_equal 'example.com', cookie.domain
     assert cookie.for_domain?
@@ -173,7 +182,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     cookie_str = 'a=b;'
-    cookie = Mechanize::Cookie.parse(url, cookie_str).first
+    cookie = assert_cookie_parse url, cookie_str
     assert_equal 'example.com', cookie.domain
     assert !cookie.for_domain?
@@ -184,17 +193,23 @@ class TestMechanizeCookie < Mechanize::TestCase
     date = 'Mon, 19 Feb 2012 19:26:04 GMT'
-    cookie = Mechanize::Cookie.parse(url, "name=Akinori; expires=#{date}").first
+    cookie_text = "name=Akinori; expires=#{date}"
+    cookie = assert_cookie_parse url, cookie_text
     assert_equal Time.at(1329679564), cookie.expires
-    cookie = Mechanize::Cookie.parse(url, 'name=Akinori; max-age=3600').first
+    cookie_text = 'name=Akinori; max-age=3600'
+    cookie = assert_cookie_parse url, cookie_text
     assert_in_delta Time.now + 3600, cookie.expires, 1
     # Max-Age has precedence over Expires
-    cookie = Mechanize::Cookie.parse(url, "name=Akinori; max-age=3600; expires=#{date}").first
+    cookie_text = "name=Akinori; max-age=3600; expires=#{date}"
+    cookie = assert_cookie_parse url, cookie_text
     assert_in_delta Time.now + 3600, cookie.expires, 1
-    cookie = Mechanize::Cookie.parse(url, "name=Akinori; expires=#{date}; max-age=3600").first
+    cookie_text = "name=Akinori; expires=#{date}; max-age=3600"
+    cookie = assert_cookie_parse url, cookie_text
     assert_in_delta Time.now + 3600, cookie.expires, 1
   end
@@ -208,7 +223,7 @@ class TestMechanizeCookie < Mechanize::TestCase
       'name=Akinori; expires=',
       'name=Akinori; max-age=',
     ].each { |str|
-      cookie = Mechanize::Cookie.parse(url, str).first
+      cookie = assert_cookie_parse url, str
       assert cookie.session, str
     }
@@ -216,7 +231,7 @@ class TestMechanizeCookie < Mechanize::TestCase
       'name=Akinori; expires=Mon, 19 Feb 2012 19:26:04 GMT',
       'name=Akinori; max-age=3600',
     ].each { |str|
-      cookie = Mechanize::Cookie.parse(url, str).first
+      cookie = assert_cookie_parse url, str
       assert !cookie.session, str
     }
   end
@@ -237,7 +252,8 @@ class TestMechanizeCookie < Mechanize::TestCase
       "no_domain2=no_domain; Expires=Sun, 06 Nov 2011 00:29:53 GMT; no_expires=nope; Domain, " \
       "no_domain3=no_domain; Expires=Sun, 06 Nov 2011 00:29:53 GMT; no_expires=nope; Domain="
-    cookies = Mechanize::Cookie.parse url, cookie_str
+    cookies = nil
+    silently { cookies = Mechanize::Cookie.parse url, cookie_str }
     assert_equal 13, cookies.length
     name = cookies.find { |c| c.name == 'name' }
@@ -274,16 +290,16 @@ class TestMechanizeCookie < Mechanize::TestCase
   end
   def test_parse_valid_cookie
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       cookie_text = "#{cookie_value}; "
       c.each_with_index do |key, idx|
@@ -293,8 +309,8 @@ class TestMechanizeCookie < Mechanize::TestCase
           cookie_text << "#{cookie_params[key]}; "
         end
       end
-      cookie = nil
-      Mechanize::Cookie.parse(url, cookie_text) { |p_cookie| cookie = p_cookie }
+      cookie = assert_cookie_parse url, cookie_text
       assert_equal('12345%7D=ASDFWEE345%3DASda', cookie.to_s)
       assert_equal('/', cookie.path)
@@ -309,16 +325,16 @@ class TestMechanizeCookie < Mechanize::TestCase
   end
   def test_parse_valid_cookie_empty_value
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D='
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       cookie_text = "#{cookie_value}; "
       c.each_with_index do |key, idx|
@@ -328,8 +344,7 @@ class TestMechanizeCookie < Mechanize::TestCase
           cookie_text << "#{cookie_params[key]}; "
         end
       end
-      cookie = nil
-      Mechanize::Cookie.parse(url, cookie_text) { |p_cookie| cookie = p_cookie }
+      cookie = assert_cookie_parse url, cookie_text
       assert_equal('12345%7D=', cookie.to_s)
       assert_equal('', cookie.value)
@@ -346,16 +361,16 @@ class TestMechanizeCookie < Mechanize::TestCase
   # If no path was given, use the one from the URL
   def test_cookie_using_url_path
-    url = URI.parse('http://rubyforge.org/login.php')
+    url = URI.parse('http://rubygems.org/login.php')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       next if c.find { |k| k == 'path' }
       cookie_text = "#{cookie_value}; "
@@ -366,8 +381,8 @@ class TestMechanizeCookie < Mechanize::TestCase
           cookie_text << "#{cookie_params[key]}; "
         end
       end
-      cookie = nil
-      Mechanize::Cookie.parse(url, cookie_text) { |p_cookie| cookie = p_cookie }
+      cookie = assert_cookie_parse url, cookie_text
       assert_equal('12345%7D=ASDFWEE345%3DASda', cookie.to_s)
       assert_equal('/', cookie.path)
@@ -383,16 +398,16 @@ class TestMechanizeCookie < Mechanize::TestCase
   # Test using secure cookies
   def test_cookie_with_secure
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['secure']    = 'secure'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       next unless c.find { |k| k == 'secure' }
       cookie_text = "#{cookie_value}; "
@@ -403,8 +418,8 @@ class TestMechanizeCookie < Mechanize::TestCase
           cookie_text << "#{cookie_params[key]}; "
         end
       end
-      cookie = nil
-      Mechanize::Cookie.parse(url, cookie_text) { |p_cookie| cookie = p_cookie }
+      cookie = assert_cookie_parse url, cookie_text
       assert_equal('12345%7D=ASDFWEE345%3DASda', cookie.to_s)
       assert_equal('/', cookie.path)
@@ -420,16 +435,16 @@ class TestMechanizeCookie < Mechanize::TestCase
   end
   def test_parse_cookie_no_spaces
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       cookie_text = "#{cookie_value};"
       c.each_with_index do |key, idx|
@@ -439,8 +454,8 @@ class TestMechanizeCookie < Mechanize::TestCase
           cookie_text << "#{cookie_params[key]};"
         end
       end
-      cookie = nil
-      Mechanize::Cookie.parse(url, cookie_text) { |p_cookie| cookie = p_cookie }
+      cookie = assert_cookie_parse url, cookie_text
       assert_equal('12345%7D=ASDFWEE345%3DASda', cookie.to_s)
       assert_equal('/', cookie.path)
@@ -458,7 +473,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     cookie = Mechanize::Cookie.new('key', 'value')
     assert_equal 'key', cookie.name
     assert_equal 'value', cookie.value
-    assert_equal nil, cookie.expires
+    assert_nil cookie.expires
     # Minimum unit for the expires attribute is second
     expires = Time.at((Time.now + 3600).to_i)
@@ -478,7 +493,7 @@ class TestMechanizeCookie < Mechanize::TestCase
     url = URI.parse('http://host.dom.example.com:8080/')
     cookie_str = 'a=b; domain=Example.Com'
-    cookie = Mechanize::Cookie.parse(url, cookie_str).first
+    cookie = assert_cookie_parse url, cookie_str
     assert 'example.com', cookie.domain
     cookie.domain = DomainName(url.host)
@@ -496,13 +511,13 @@ class TestMechanizeCookie < Mechanize::TestCase
   end
   def test_cookie_httponly
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       cookie_text = "#{cookie_value}; "
       c.each_with_index do |key, idx|
@@ -512,12 +527,12 @@ class TestMechanizeCookie < Mechanize::TestCase
           cookie_text << "#{cookie_params[key]}; "
         end
       end
-      cookie = nil
-      Mechanize::Cookie.parse(url, cookie_text) { |p_cookie| cookie = p_cookie; }
+      cookie = assert_cookie_parse url, cookie_text
       assert_equal(true, cookie.httponly)
       # if expires was set, make sure we parsed it
       if c.find { |k| k == 'expires' }
         assert_equal(expires, cookie.expires)

data/test/test_mechanize_cookie_jar.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'mechanize/test_case'
+require 'fileutils'
 class TestMechanizeCookieJar < Mechanize::TestCase
@@ -6,6 +7,30 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     super
     @jar = Mechanize::CookieJar.new
+    @jar.extend Minitest::Assertions
+    def @jar.add(*args)
+      capture_io { super }
+    end
+    def @jar.jar(*args)
+      result = nil
+      capture_io { result = super }
+      result
+    end
+    def @jar.save_as(*args)
+      result = nil
+      capture_io { result = super }
+      result
+    end
+    def @jar.clear!(*args)
+      result = nil
+      capture_io { result = super }
+      result
+    end
   end
   def cookie_values(options = {})
@@ -15,23 +40,23 @@ class TestMechanizeCookieJar < Mechanize::TestCase
       :path     => '/',
       :expires  => Time.now + (10 * 86400),
       :for_domain => true,
-      :domain   => 'rubyforge.org'
+      :domain   => 'rubygems.org'
    }.merge(options)
   end
   def test_two_cookies_same_domain_and_name_different_paths
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     cookie = Mechanize::Cookie.new(cookie_values)
     @jar.add(url, cookie)
     @jar.add(url, Mechanize::Cookie.new(cookie_values(:path => '/onetwo')))
     assert_equal(1, @jar.cookies(url).length)
-    assert_equal 2, @jar.cookies(URI('http://rubyforge.org/onetwo')).length
+    assert_equal 2, @jar.cookies(URI('http://rubygems.org/onetwo')).length
   end
   def test_domain_case
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -39,49 +64,49 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(1, @jar.cookies(url).length)
     @jar.add(url, Mechanize::Cookie.new(
-        cookie_values(:domain => 'RuByForge.Org', :name   => 'aaron')))
+        cookie_values(:domain => 'rubygems.Org', :name   => 'aaron')))
     assert_equal(2, @jar.cookies(url).length)
-    url2 = URI 'http://RuByFoRgE.oRg/'
+    url2 = URI 'http://rubygems.oRg/'
     assert_equal(2, @jar.cookies(url2).length)
   end
   def test_host_only
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     @jar.add(url, Mechanize::Cookie.new(
-        cookie_values(:domain => 'rubyforge.org', :for_domain => false)))
+        cookie_values(:domain => 'rubygems.org', :for_domain => false)))
     assert_equal(1, @jar.cookies(url).length)
-    assert_equal(1, @jar.cookies(URI('http://RubyForge.org/')).length)
+    assert_equal(1, @jar.cookies(URI('http://rubygems.org/')).length)
-    assert_equal(1, @jar.cookies(URI('https://RubyForge.org/')).length)
+    assert_equal(1, @jar.cookies(URI('https://rubygems.org/')).length)
-    assert_equal(0, @jar.cookies(URI('http://www.rubyforge.org/')).length)
+    assert_equal(0, @jar.cookies(URI('http://www.rubygems.org/')).length)
   end
   def test_empty_value
     values = cookie_values(:value => "")
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(values)
     @jar.add(url, cookie)
     assert_equal(1, @jar.cookies(url).length)
-    @jar.add url, Mechanize::Cookie.new(values.merge(:domain => 'RuByForge.Org',
+    @jar.add url, Mechanize::Cookie.new(values.merge(:domain => 'rubygems.Org',
                                                      :name   => 'aaron'))
     assert_equal(2, @jar.cookies(url).length)
-    url2 = URI 'http://RuByFoRgE.oRg/'
+    url2 = URI 'http://rubygems.oRg/'
     assert_equal(2, @jar.cookies(url2).length)
   end
   def test_add_future_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -93,14 +118,14 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(1, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(1, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(1, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Make sure we can't get the cookie from different domains
     assert_equal(0, @jar.cookies(URI('http://google.com/')).length)
   end
   def test_add_multiple_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -112,14 +137,14 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(2, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(2, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Make sure we can't get the cookie from different domains
     assert_equal(0, @jar.cookies(URI('http://google.com/')).length)
   end
   def test_add_rejects_cookies_that_do_not_contain_an_embedded_dot
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     tld_cookie = Mechanize::Cookie.new(cookie_values(:domain => '.org'))
     @jar.add(url, tld_cookie)
@@ -172,43 +197,43 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_cookie_without_leading_dot_does_not_cause_substring_match
-    url = URI 'http://arubyforge.org/'
+    url = URI 'http://arubygems.org/'
-    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubyforge.org'))
+    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubygems.org'))
     @jar.add(url, cookie)
     assert_equal(0, @jar.cookies(url).length)
   end
   def test_cookie_without_leading_dot_matches_subdomains
-    url = URI 'http://admin.rubyforge.org/'
+    url = URI 'http://admin.rubygems.org/'
-    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubyforge.org'))
+    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubygems.org'))
     @jar.add(url, cookie)
     assert_equal(1, @jar.cookies(url).length)
   end
   def test_cookies_with_leading_dot_match_subdomains
-    url = URI 'http://admin.rubyforge.org/'
+    url = URI 'http://admin.rubygems.org/'
-    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubyforge.org')))
+    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubygems.org')))
     assert_equal(1, @jar.cookies(url).length)
   end
   def test_cookies_with_leading_dot_match_parent_domains
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
-    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubyforge.org')))
+    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubygems.org')))
     assert_equal(1, @jar.cookies(url).length)
   end
   def test_cookies_with_leading_dot_match_parent_domains_exactly
-    url = URI 'http://arubyforge.org/'
+    url = URI 'http://arubygems.org/'
-    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubyforge.org')))
+    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubygems.org')))
     assert_equal(0, @jar.cookies(url).length)
   end
@@ -251,7 +276,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_clear_bang
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -265,13 +290,12 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_cookies_yaml
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
     s_cookie = Mechanize::Cookie.new(cookie_values(:name => 'Bar',
-                                              :expires => nil,
-                                              :session => true))
+                                              :expires => nil))
     @jar.add(url, cookie)
     @jar.add(url, s_cookie)
@@ -292,13 +316,12 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_session_cookies_yaml
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
     s_cookie = Mechanize::Cookie.new(cookie_values(:name => 'Bar',
-                                              :expires => nil,
-                                              :session => true))
+                                              :expires => nil))
     @jar.add(url, cookie)
     @jar.add(url, s_cookie)
@@ -319,13 +342,12 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   def test_save_cookies_cookiestxt
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
     s_cookie = Mechanize::Cookie.new(cookie_values(:name => 'Bar',
-                                              :expires => nil,
-                                              :session => true))
+                                              :expires => nil))
     @jar.add(url, cookie)
     @jar.add(url, s_cookie)
@@ -357,7 +379,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_expire_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -369,7 +391,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(2, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(2, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Expire the first cookie
     @jar.add(url, Mechanize::Cookie.new(
@@ -384,7 +406,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   def test_session_cookies
     values = cookie_values(:expires => nil)
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(values)
@@ -396,7 +418,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(2, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(2, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Expire the first cookie
     @jar.add(url, Mechanize::Cookie.new(values.merge(:expires => Time.now - (10 * 86400))))
@@ -409,7 +431,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     # When given a URI with a blank path, CookieJar#cookies should return
     # cookies with the path '/':
-    url = URI 'http://rubyforge.org'
+    url = URI 'http://rubygems.org'
     assert_equal '', url.path
     assert_equal(0, @jar.cookies(url).length)
     # Now add a cookie with the path set to '/':
@@ -420,7 +442,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   def test_paths
     values = cookie_values(:path => "/login", :expires => nil)
-    url = URI 'http://rubyforge.org/login'
+    url = URI 'http://rubygems.org/login'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(values)
@@ -432,8 +454,8 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we don't get the cookie in a different path
-    assert_equal(0, @jar.cookies(URI('http://rubyforge.org/hello')).length)
-    assert_equal(0, @jar.cookies(URI('http://rubyforge.org/')).length)
+    assert_equal(0, @jar.cookies(URI('http://rubygems.org/hello')).length)
+    assert_equal(0, @jar.cookies(URI('http://rubygems.org/')).length)
     # Expire the first cookie
     @jar.add(url, Mechanize::Cookie.new(values.merge( :expires => Time.now - (10 * 86400))))
@@ -446,7 +468,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_and_read_cookiestxt
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -465,7 +487,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_and_read_cookiestxt_with_session_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     @jar.add(url, Mechanize::Cookie.new(cookie_values(:expires => nil)))
@@ -479,10 +501,41 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(0, @jar.cookies(url).length)
   end
+  def test_prevent_command_injection_when_saving
+    skip if windows?
+    url = URI 'http://rubygems.org/'
+    path = '| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\''
+    @jar.add(url, Mechanize::Cookie.new(cookie_values))
+    in_tmpdir do
+      @jar.save_as(path, :cookiestxt)
+      assert_equal(false, File.exist?('vul.txt'))
+    end
+  end
+  def test_prevent_command_injection_when_loading
+    skip if windows?
+    url = URI 'http://rubygems.org/'
+    path = '| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\''
+    @jar.add(url, Mechanize::Cookie.new(cookie_values))
+    in_tmpdir do
+      @jar.save_as("cookies.txt", :cookiestxt)
+      @jar.clear!
+      assert_raises Errno::ENOENT do
+        @jar.load(path, :cookiestxt)
+      end
+      assert_equal(false, File.exist?('vul.txt'))
+    end
+  end
   def test_save_and_read_expired_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
-    @jar.jar['rubyforge.org'] = {}
+    @jar.jar['rubygems.org'] = {}
     @jar.add url, Mechanize::Cookie.new(cookie_values)
@@ -494,7 +547,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     # thanks to michal "ocher" ochman for reporting the bug responsible for this test.
     values = cookie_values(:expires => nil)
     values_ssl = values.merge(:name => 'Baz', :domain => "#{values[:domain]}:443")
-    url = URI 'https://rubyforge.org/login'
+    url = URI 'https://rubygems.org/login'
     cookie = Mechanize::Cookie.new(values)
     @jar.add(url, cookie)
@@ -506,8 +559,8 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_secure_cookie
-    nurl = URI 'http://rubyforge.org/login'
-    surl = URI 'https://rubyforge.org/login'
+    nurl = URI 'http://rubygems.org/login'
+    surl = URI 'https://rubygems.org/login'
     ncookie = Mechanize::Cookie.new(cookie_values(:name => 'Foo1'))
     scookie = Mechanize::Cookie.new(cookie_values(:name => 'Foo2', :secure => true))
@@ -522,10 +575,10 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_cookies_cookiestxt_subdomain
-    top_url = URI 'http://rubyforge.org/'
-    subdomain_url = URI 'http://admin.rubyforge.org/'
+    top_url = URI 'http://rubygems.org/'
+    subdomain_url = URI 'http://admin.rubygems.org/'
-    # cookie1 is for *.rubyforge.org; cookie2 is only for rubyforge.org, no subdomains
+    # cookie1 is for *.rubygems.org; cookie2 is only for rubygems.org, no subdomains
     cookie1 = Mechanize::Cookie.new(cookie_values)
     cookie2 = Mechanize::Cookie.new(cookie_values(:name => 'Boo', :for_domain => false))
@@ -551,8 +604,8 @@ class TestMechanizeCookieJar < Mechanize::TestCase
       # * Cookies that match subdomains may have a leading dot, and must have
       #   TRUE as the second field.
       cookies_txt = File.readlines("cookies.txt")
-      assert_equal(1, cookies_txt.grep( /^rubyforge\.org\tFALSE/ ).length)
-      assert_equal(1, cookies_txt.grep( /^\.rubyforge\.org\tTRUE/ ).length)
+      assert_equal(1, cookies_txt.grep( /^rubygems\.org\tFALSE/ ).length)
+      assert_equal(1, cookies_txt.grep( /^\.rubygems\.org\tTRUE/ ).length)
     end
     assert_equal(2, @jar.cookies(top_url).length)