RubyGems - mechanize - Versions diffs - 2.7.6 → 2.12.2 - Mend

mechanize 2.7.6 → 2.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

checksums.yaml +5 -5
data/.github/dependabot.yml +11 -0
data/.github/workflows/ci.yml +43 -0
data/.github/workflows/upstream.yml +51 -0
data/.yardopts +8 -0
data/{CHANGELOG.rdoc → CHANGELOG.md} +221 -96
data/EXAMPLES.rdoc +1 -24
data/Gemfile +10 -4
data/{LICENSE.rdoc → LICENSE.txt} +4 -0
data/README.md +77 -0
data/Rakefile +18 -3
data/examples/latest_user_agents.rb +100 -0
data/examples/rubygems.rb +2 -2
data/examples/wikipedia_links_to_philosophy.rb +5 -6
data/lib/mechanize/chunked_termination_error.rb +1 -0
data/lib/mechanize/content_type_error.rb +1 -0
data/lib/mechanize/cookie.rb +3 -15
data/lib/mechanize/cookie_jar.rb +13 -9
data/lib/mechanize/directory_saver.rb +1 -0
data/lib/mechanize/download.rb +2 -1
data/lib/mechanize/element_matcher.rb +1 -0
data/lib/mechanize/element_not_found_error.rb +1 -0
data/lib/mechanize/file.rb +2 -1
data/lib/mechanize/file_connection.rb +5 -3
data/lib/mechanize/file_request.rb +1 -0
data/lib/mechanize/file_response.rb +4 -1
data/lib/mechanize/file_saver.rb +1 -0
data/lib/mechanize/form/button.rb +1 -0
data/lib/mechanize/form/check_box.rb +1 -0
data/lib/mechanize/form/field.rb +1 -0
data/lib/mechanize/form/file_upload.rb +1 -0
data/lib/mechanize/form/hidden.rb +1 -0
data/lib/mechanize/form/image_button.rb +1 -0
data/lib/mechanize/form/keygen.rb +1 -0
data/lib/mechanize/form/multi_select_list.rb +2 -1
data/lib/mechanize/form/option.rb +1 -0
data/lib/mechanize/form/radio_button.rb +1 -0
data/lib/mechanize/form/reset.rb +1 -0
data/lib/mechanize/form/select_list.rb +1 -0
data/lib/mechanize/form/submit.rb +1 -0
data/lib/mechanize/form/text.rb +1 -0
data/lib/mechanize/form/textarea.rb +1 -0
data/lib/mechanize/form.rb +5 -13
data/lib/mechanize/headers.rb +1 -0
data/lib/mechanize/history.rb +1 -0
data/lib/mechanize/http/agent.rb +83 -10
data/lib/mechanize/http/auth_challenge.rb +1 -0
data/lib/mechanize/http/auth_realm.rb +1 -0
data/lib/mechanize/http/auth_store.rb +1 -0
data/lib/mechanize/http/content_disposition_parser.rb +15 -4
data/lib/mechanize/http/www_authenticate_parser.rb +3 -3
data/lib/mechanize/http.rb +1 -0
data/lib/mechanize/image.rb +1 -0
data/lib/mechanize/page/base.rb +1 -0
data/lib/mechanize/page/frame.rb +1 -0
data/lib/mechanize/page/image.rb +1 -0
data/lib/mechanize/page/label.rb +1 -0
data/lib/mechanize/page/link.rb +8 -1
data/lib/mechanize/page/meta_refresh.rb +1 -0
data/lib/mechanize/page.rb +6 -8
data/lib/mechanize/parser.rb +1 -0
data/lib/mechanize/pluggable_parsers.rb +2 -1
data/lib/mechanize/prependable.rb +1 -0
data/lib/mechanize/redirect_limit_reached_error.rb +1 -0
data/lib/mechanize/redirect_not_get_or_head_error.rb +1 -0
data/lib/mechanize/response_code_error.rb +2 -1
data/lib/mechanize/response_read_error.rb +1 -0
data/lib/mechanize/robots_disallowed_error.rb +1 -0
data/lib/mechanize/test_case/bad_chunking_servlet.rb +1 -0
data/lib/mechanize/test_case/basic_auth_servlet.rb +1 -0
data/lib/mechanize/test_case/content_type_servlet.rb +1 -0
data/lib/mechanize/test_case/digest_auth_servlet.rb +1 -0
data/lib/mechanize/test_case/file_upload_servlet.rb +1 -0
data/lib/mechanize/test_case/form_servlet.rb +1 -0
data/lib/mechanize/test_case/gzip_servlet.rb +4 -3
data/lib/mechanize/test_case/header_servlet.rb +1 -0
data/lib/mechanize/test_case/http_refresh_servlet.rb +1 -0
data/lib/mechanize/test_case/infinite_redirect_servlet.rb +1 -0
data/lib/mechanize/test_case/infinite_refresh_servlet.rb +1 -0
data/lib/mechanize/test_case/many_cookies_as_string_servlet.rb +1 -0
data/lib/mechanize/test_case/many_cookies_servlet.rb +1 -0
data/lib/mechanize/test_case/modified_since_servlet.rb +1 -0
data/lib/mechanize/test_case/ntlm_servlet.rb +1 -0
data/lib/mechanize/test_case/one_cookie_no_spaces_servlet.rb +1 -0
data/lib/mechanize/test_case/one_cookie_servlet.rb +1 -0
data/lib/mechanize/test_case/quoted_value_cookie_servlet.rb +1 -0
data/lib/mechanize/test_case/redirect_servlet.rb +1 -0
data/lib/mechanize/test_case/referer_servlet.rb +1 -0
data/lib/mechanize/test_case/refresh_with_empty_url.rb +1 -0
data/lib/mechanize/test_case/refresh_without_url.rb +1 -0
data/lib/mechanize/test_case/response_code_servlet.rb +1 -0
data/lib/mechanize/test_case/robots_txt_servlet.rb +1 -0
data/lib/mechanize/test_case/send_cookies_servlet.rb +1 -0
data/lib/mechanize/test_case/server.rb +1 -0
data/lib/mechanize/test_case/servlets.rb +1 -0
data/lib/mechanize/test_case/verb_servlet.rb +5 -6
data/lib/mechanize/test_case.rb +34 -34
data/lib/mechanize/unauthorized_error.rb +1 -0
data/lib/mechanize/unsupported_scheme_error.rb +1 -0
data/lib/mechanize/util.rb +2 -1
data/lib/mechanize/version.rb +2 -1
data/lib/mechanize/xml_file.rb +1 -0
data/lib/mechanize.rb +56 -37
data/mechanize.gemspec +43 -35
data/test/htdocs/dir with spaces/foo.html +1 -0
data/test/htdocs/tc_links.html +1 -1
data/test/test_mechanize.rb +21 -8
data/test/test_mechanize_cookie.rb +38 -26
data/test/test_mechanize_cookie_jar.rb +87 -54
data/test/test_mechanize_directory_saver.rb +1 -0
data/test/test_mechanize_download.rb +14 -1
data/test/test_mechanize_element_not_found_error.rb +1 -0
data/test/test_mechanize_file.rb +11 -0
data/test/test_mechanize_file_connection.rb +23 -4
data/test/test_mechanize_file_request.rb +1 -0
data/test/test_mechanize_file_response.rb +26 -1
data/test/test_mechanize_file_saver.rb +1 -0
data/test/test_mechanize_form.rb +14 -1
data/test/test_mechanize_form_check_box.rb +1 -0
data/test/test_mechanize_form_encoding.rb +2 -1
data/test/test_mechanize_form_field.rb +1 -0
data/test/test_mechanize_form_file_upload.rb +1 -0
data/test/test_mechanize_form_image_button.rb +1 -0
data/test/test_mechanize_form_keygen.rb +2 -0
data/test/test_mechanize_form_multi_select_list.rb +1 -0
data/test/test_mechanize_form_option.rb +1 -0
data/test/test_mechanize_form_radio_button.rb +1 -0
data/test/test_mechanize_form_select_list.rb +1 -0
data/test/test_mechanize_form_textarea.rb +1 -0
data/test/test_mechanize_headers.rb +1 -0
data/test/test_mechanize_history.rb +1 -0
data/test/test_mechanize_http_agent.rb +187 -26
data/test/test_mechanize_http_auth_challenge.rb +1 -0
data/test/test_mechanize_http_auth_realm.rb +1 -0
data/test/test_mechanize_http_auth_store.rb +1 -0
data/test/test_mechanize_http_content_disposition_parser.rb +28 -0
data/test/test_mechanize_http_www_authenticate_parser.rb +1 -0
data/test/test_mechanize_image.rb +1 -0
data/test/test_mechanize_link.rb +25 -0
data/test/test_mechanize_page.rb +15 -0
data/test/test_mechanize_page_encoding.rb +33 -5
data/test/test_mechanize_page_frame.rb +1 -0
data/test/test_mechanize_page_image.rb +1 -0
data/test/test_mechanize_page_link.rb +27 -23
data/test/test_mechanize_page_meta_refresh.rb +1 -0
data/test/test_mechanize_parser.rb +1 -0
data/test/test_mechanize_pluggable_parser.rb +1 -0
data/test/test_mechanize_redirect_limit_reached_error.rb +1 -0
data/test/test_mechanize_redirect_not_get_or_head_error.rb +1 -0
data/test/test_mechanize_response_read_error.rb +1 -0
data/test/test_mechanize_subclass.rb +1 -0
data/test/test_mechanize_util.rb +4 -3
data/test/test_mechanize_xml_file.rb +1 -0
data/test/test_multi_select.rb +1 -0
metadata +106 -86
data/.travis.yml +0 -36
data/README.rdoc +0 -77

data/test/test_mechanize_cookie.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 module Enumerable
@@ -141,7 +142,7 @@ class TestMechanizeCookie < Mechanize::TestCase
   def test_parse_date_fail
     url = URI.parse('http://localhost/')
-    dates = [
+    dates = [
               "20/06/95 21:07",
     ]
@@ -290,18 +291,18 @@ class TestMechanizeCookie < Mechanize::TestCase
   end
   def test_parse_valid_cookie
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
-      cookie_text = "#{cookie_value}; "
+      cookie_text = +"#{cookie_value}; "
       c.each_with_index do |key, idx|
         if idx == (c.length - 1)
           cookie_text << "#{cookie_params[key]}"
@@ -325,18 +326,18 @@ class TestMechanizeCookie < Mechanize::TestCase
   end
   def test_parse_valid_cookie_empty_value
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D='
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
-      cookie_text = "#{cookie_value}; "
+      cookie_text = +"#{cookie_value}; "
       c.each_with_index do |key, idx|
         if idx == (c.length - 1)
           cookie_text << "#{cookie_params[key]}"
@@ -361,19 +362,19 @@ class TestMechanizeCookie < Mechanize::TestCase
   # If no path was given, use the one from the URL
   def test_cookie_using_url_path
-    url = URI.parse('http://rubyforge.org/login.php')
+    url = URI.parse('http://rubygems.org/login.php')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       next if c.find { |k| k == 'path' }
-      cookie_text = "#{cookie_value}; "
+      cookie_text = +"#{cookie_value}; "
       c.each_with_index do |key, idx|
         if idx == (c.length - 1)
           cookie_text << "#{cookie_params[key]}"
@@ -398,19 +399,19 @@ class TestMechanizeCookie < Mechanize::TestCase
   # Test using secure cookies
   def test_cookie_with_secure
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['secure']    = 'secure'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
       next unless c.find { |k| k == 'secure' }
-      cookie_text = "#{cookie_value}; "
+      cookie_text = +"#{cookie_value}; "
       c.each_with_index do |key, idx|
         if idx == (c.length - 1)
           cookie_text << "#{cookie_params[key]}"
@@ -435,18 +436,18 @@ class TestMechanizeCookie < Mechanize::TestCase
   end
   def test_parse_cookie_no_spaces
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['expires']   = 'expires=Sun, 27-Sep-2037 00:00:00 GMT'
     cookie_params['path']      = 'path=/'
-    cookie_params['domain']    = 'domain=.rubyforge.org'
+    cookie_params['domain']    = 'domain=.rubygems.org'
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
-      cookie_text = "#{cookie_value};"
+      cookie_text = +"#{cookie_value};"
       c.each_with_index do |key, idx|
         if idx == (c.length - 1)
           cookie_text << "#{cookie_params[key]}"
@@ -502,24 +503,35 @@ class TestMechanizeCookie < Mechanize::TestCase
     cookie.domain = 'Dom.example.com'
     assert 'dom.example.com', cookie.domain
-    cookie.domain = Object.new.tap { |o|
+    new_domain = Object.new.tap { |o|
       def o.to_str
         'Example.com'
       end
     }
+    cookie.domain = new_domain
     assert 'example.com', cookie.domain
+    new_domain = Object.new.tap { |o|
+      def o.to_str
+        'Example2.com'
+      end
+    }
+    assert_output nil, /The call of Mechanize::Cookie#set_domain/ do
+      cookie.set_domain(new_domain)
+    end
+    assert 'example2.com', cookie.domain
   end
   def test_cookie_httponly
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     cookie_params = {}
     cookie_params['httponly']  = 'HttpOnly'
     cookie_value = '12345%7D=ASDFWEE345%3DASda'
     expires = Time.parse('Sun, 27-Sep-2037 00:00:00 GMT')
     cookie_params.keys.combine.each do |c|
-      cookie_text = "#{cookie_value}; "
+      cookie_text = +"#{cookie_value}; "
       c.each_with_index do |key, idx|
         if idx == (c.length - 1)
           cookie_text << "#{cookie_params[key]}"
@@ -532,7 +544,7 @@ class TestMechanizeCookie < Mechanize::TestCase
       assert_equal(true, cookie.httponly)
       # if expires was set, make sure we parsed it
       if c.find { |k| k == 'expires' }
         assert_equal(expires, cookie.expires)

data/test/test_mechanize_cookie_jar.rb CHANGED Viewed

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
+require 'fileutils'
 class TestMechanizeCookieJar < Mechanize::TestCase
@@ -39,23 +41,23 @@ class TestMechanizeCookieJar < Mechanize::TestCase
       :path     => '/',
       :expires  => Time.now + (10 * 86400),
       :for_domain => true,
-      :domain   => 'rubyforge.org'
+      :domain   => 'rubygems.org'
    }.merge(options)
   end
   def test_two_cookies_same_domain_and_name_different_paths
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     cookie = Mechanize::Cookie.new(cookie_values)
     @jar.add(url, cookie)
     @jar.add(url, Mechanize::Cookie.new(cookie_values(:path => '/onetwo')))
     assert_equal(1, @jar.cookies(url).length)
-    assert_equal 2, @jar.cookies(URI('http://rubyforge.org/onetwo')).length
+    assert_equal 2, @jar.cookies(URI('http://rubygems.org/onetwo')).length
   end
   def test_domain_case
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -63,49 +65,49 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(1, @jar.cookies(url).length)
     @jar.add(url, Mechanize::Cookie.new(
-        cookie_values(:domain => 'RuByForge.Org', :name   => 'aaron')))
+        cookie_values(:domain => 'rubygems.Org', :name   => 'aaron')))
     assert_equal(2, @jar.cookies(url).length)
-    url2 = URI 'http://RuByFoRgE.oRg/'
+    url2 = URI 'http://rubygems.oRg/'
     assert_equal(2, @jar.cookies(url2).length)
   end
   def test_host_only
-    url = URI.parse('http://rubyforge.org/')
+    url = URI.parse('http://rubygems.org/')
     @jar.add(url, Mechanize::Cookie.new(
-        cookie_values(:domain => 'rubyforge.org', :for_domain => false)))
+        cookie_values(:domain => 'rubygems.org', :for_domain => false)))
     assert_equal(1, @jar.cookies(url).length)
-    assert_equal(1, @jar.cookies(URI('http://RubyForge.org/')).length)
+    assert_equal(1, @jar.cookies(URI('http://rubygems.org/')).length)
-    assert_equal(1, @jar.cookies(URI('https://RubyForge.org/')).length)
+    assert_equal(1, @jar.cookies(URI('https://rubygems.org/')).length)
-    assert_equal(0, @jar.cookies(URI('http://www.rubyforge.org/')).length)
+    assert_equal(0, @jar.cookies(URI('http://www.rubygems.org/')).length)
   end
   def test_empty_value
     values = cookie_values(:value => "")
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(values)
     @jar.add(url, cookie)
     assert_equal(1, @jar.cookies(url).length)
-    @jar.add url, Mechanize::Cookie.new(values.merge(:domain => 'RuByForge.Org',
+    @jar.add url, Mechanize::Cookie.new(values.merge(:domain => 'rubygems.Org',
                                                      :name   => 'aaron'))
     assert_equal(2, @jar.cookies(url).length)
-    url2 = URI 'http://RuByFoRgE.oRg/'
+    url2 = URI 'http://rubygems.oRg/'
     assert_equal(2, @jar.cookies(url2).length)
   end
   def test_add_future_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -117,14 +119,14 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(1, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(1, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(1, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Make sure we can't get the cookie from different domains
     assert_equal(0, @jar.cookies(URI('http://google.com/')).length)
   end
   def test_add_multiple_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -136,14 +138,14 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(2, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(2, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Make sure we can't get the cookie from different domains
     assert_equal(0, @jar.cookies(URI('http://google.com/')).length)
   end
   def test_add_rejects_cookies_that_do_not_contain_an_embedded_dot
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     tld_cookie = Mechanize::Cookie.new(cookie_values(:domain => '.org'))
     @jar.add(url, tld_cookie)
@@ -196,43 +198,43 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_cookie_without_leading_dot_does_not_cause_substring_match
-    url = URI 'http://arubyforge.org/'
+    url = URI 'http://arubygems.org/'
-    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubyforge.org'))
+    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubygems.org'))
     @jar.add(url, cookie)
     assert_equal(0, @jar.cookies(url).length)
   end
   def test_cookie_without_leading_dot_matches_subdomains
-    url = URI 'http://admin.rubyforge.org/'
+    url = URI 'http://admin.rubygems.org/'
-    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubyforge.org'))
+    cookie = Mechanize::Cookie.new(cookie_values(:domain => 'rubygems.org'))
     @jar.add(url, cookie)
     assert_equal(1, @jar.cookies(url).length)
   end
   def test_cookies_with_leading_dot_match_subdomains
-    url = URI 'http://admin.rubyforge.org/'
+    url = URI 'http://admin.rubygems.org/'
-    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubyforge.org')))
+    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubygems.org')))
     assert_equal(1, @jar.cookies(url).length)
   end
   def test_cookies_with_leading_dot_match_parent_domains
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
-    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubyforge.org')))
+    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubygems.org')))
     assert_equal(1, @jar.cookies(url).length)
   end
   def test_cookies_with_leading_dot_match_parent_domains_exactly
-    url = URI 'http://arubyforge.org/'
+    url = URI 'http://arubygems.org/'
-    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubyforge.org')))
+    @jar.add(url, Mechanize::Cookie.new(cookie_values(:domain => '.rubygems.org')))
     assert_equal(0, @jar.cookies(url).length)
   end
@@ -275,7 +277,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_clear_bang
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -289,7 +291,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_cookies_yaml
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -315,7 +317,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_session_cookies_yaml
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -341,7 +343,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   def test_save_cookies_cookiestxt
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -378,7 +380,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_expire_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -390,7 +392,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(2, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(2, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Expire the first cookie
     @jar.add(url, Mechanize::Cookie.new(
@@ -405,7 +407,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   def test_session_cookies
     values = cookie_values(:expires => nil)
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(values)
@@ -417,7 +419,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we can get the cookie from different paths
-    assert_equal(2, @jar.cookies(URI('http://rubyforge.org/login')).length)
+    assert_equal(2, @jar.cookies(URI('http://rubygems.org/login')).length)
     # Expire the first cookie
     @jar.add(url, Mechanize::Cookie.new(values.merge(:expires => Time.now - (10 * 86400))))
@@ -430,7 +432,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     # When given a URI with a blank path, CookieJar#cookies should return
     # cookies with the path '/':
-    url = URI 'http://rubyforge.org'
+    url = URI 'http://rubygems.org'
     assert_equal '', url.path
     assert_equal(0, @jar.cookies(url).length)
     # Now add a cookie with the path set to '/':
@@ -441,7 +443,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   def test_paths
     values = cookie_values(:path => "/login", :expires => nil)
-    url = URI 'http://rubyforge.org/login'
+    url = URI 'http://rubygems.org/login'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(values)
@@ -453,8 +455,8 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(2, @jar.cookies(url).length)
     # Make sure we don't get the cookie in a different path
-    assert_equal(0, @jar.cookies(URI('http://rubyforge.org/hello')).length)
-    assert_equal(0, @jar.cookies(URI('http://rubyforge.org/')).length)
+    assert_equal(0, @jar.cookies(URI('http://rubygems.org/hello')).length)
+    assert_equal(0, @jar.cookies(URI('http://rubygems.org/')).length)
     # Expire the first cookie
     @jar.add(url, Mechanize::Cookie.new(values.merge( :expires => Time.now - (10 * 86400))))
@@ -467,7 +469,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_and_read_cookiestxt
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     # Add one cookie with an expiration date in the future
     cookie = Mechanize::Cookie.new(cookie_values)
@@ -486,7 +488,7 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_and_read_cookiestxt_with_session_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
     @jar.add(url, Mechanize::Cookie.new(cookie_values(:expires => nil)))
@@ -500,22 +502,53 @@ class TestMechanizeCookieJar < Mechanize::TestCase
     assert_equal(0, @jar.cookies(url).length)
   end
+  def test_prevent_command_injection_when_saving
+    skip if windows?
+    url = URI 'http://rubygems.org/'
+    path = '| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\''
+    @jar.add(url, Mechanize::Cookie.new(cookie_values))
+    in_tmpdir do
+      @jar.save_as(path, :cookiestxt)
+      assert_equal(false, File.exist?('vul.txt'))
+    end
+  end
+  def test_prevent_command_injection_when_loading
+    skip if windows?
+    url = URI 'http://rubygems.org/'
+    path = '| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\''
+    @jar.add(url, Mechanize::Cookie.new(cookie_values))
+    in_tmpdir do
+      @jar.save_as("cookies.txt", :cookiestxt)
+      @jar.clear!
+      assert_raises Errno::ENOENT do
+        @jar.load(path, :cookiestxt)
+      end
+      assert_equal(false, File.exist?('vul.txt'))
+    end
+  end
   def test_save_and_read_expired_cookies
-    url = URI 'http://rubyforge.org/'
+    url = URI 'http://rubygems.org/'
-    @jar.jar['rubyforge.org'] = {}
+    @jar.jar['rubygems.org'] = {}
     @jar.add url, Mechanize::Cookie.new(cookie_values)
-    # HACK no asertion
+    # HACK no assertion
   end
   def test_ssl_cookies
     # thanks to michal "ocher" ochman for reporting the bug responsible for this test.
     values = cookie_values(:expires => nil)
     values_ssl = values.merge(:name => 'Baz', :domain => "#{values[:domain]}:443")
-    url = URI 'https://rubyforge.org/login'
+    url = URI 'https://rubygems.org/login'
     cookie = Mechanize::Cookie.new(values)
     @jar.add(url, cookie)
@@ -527,8 +560,8 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_secure_cookie
-    nurl = URI 'http://rubyforge.org/login'
-    surl = URI 'https://rubyforge.org/login'
+    nurl = URI 'http://rubygems.org/login'
+    surl = URI 'https://rubygems.org/login'
     ncookie = Mechanize::Cookie.new(cookie_values(:name => 'Foo1'))
     scookie = Mechanize::Cookie.new(cookie_values(:name => 'Foo2', :secure => true))
@@ -543,10 +576,10 @@ class TestMechanizeCookieJar < Mechanize::TestCase
   end
   def test_save_cookies_cookiestxt_subdomain
-    top_url = URI 'http://rubyforge.org/'
-    subdomain_url = URI 'http://admin.rubyforge.org/'
+    top_url = URI 'http://rubygems.org/'
+    subdomain_url = URI 'http://admin.rubygems.org/'
-    # cookie1 is for *.rubyforge.org; cookie2 is only for rubyforge.org, no subdomains
+    # cookie1 is for *.rubygems.org; cookie2 is only for rubygems.org, no subdomains
     cookie1 = Mechanize::Cookie.new(cookie_values)
     cookie2 = Mechanize::Cookie.new(cookie_values(:name => 'Boo', :for_domain => false))
@@ -572,8 +605,8 @@ class TestMechanizeCookieJar < Mechanize::TestCase
       # * Cookies that match subdomains may have a leading dot, and must have
       #   TRUE as the second field.
       cookies_txt = File.readlines("cookies.txt")
-      assert_equal(1, cookies_txt.grep( /^rubyforge\.org\tFALSE/ ).length)
-      assert_equal(1, cookies_txt.grep( /^\.rubyforge\.org\tTRUE/ ).length)
+      assert_equal(1, cookies_txt.grep( /^rubygems\.org\tFALSE/ ).length)
+      assert_equal(1, cookies_txt.grep( /^\.rubygems\.org\tTRUE/ ).length)
     end
     assert_equal(2, @jar.cookies(top_url).length)

data/test/test_mechanize_directory_saver.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 class TestMechanizeDirectorySaver < Mechanize::TestCase

data/test/test_mechanize_download.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 class TestMechanizeDownload < Mechanize::TestCase
@@ -46,6 +47,19 @@ class TestMechanizeDownload < Mechanize::TestCase
     end
   end
+  def test_save_bang_does_not_allow_command_injection
+    skip if windows?
+    uri = URI.parse 'http://example/foo.html'
+    body_io = StringIO.new '0123456789'
+    download = @parser.new uri, nil, body_io
+    in_tmpdir do
+      download.save!('| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\'')
+      refute_operator(File, :exist?, "vul.txt")
+    end
+  end
   def test_save_tempfile
     uri = URI.parse 'http://example/foo.html'
     Tempfile.open @NAME do |body_io|
@@ -84,6 +98,5 @@ class TestMechanizeDownload < Mechanize::TestCase
     assert_equal "foo.html", download.filename
   end
 end

data/test/test_mechanize_element_not_found_error.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 class TestMechanizeRedirectLimitReachedError < Mechanize::TestCase

data/test/test_mechanize_file.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 class TestMechanizeFile < Mechanize::TestCase
@@ -103,5 +104,15 @@ class TestMechanizeFile < Mechanize::TestCase
     end
   end
+  def test_save_bang_does_not_allow_command_injection
+    skip if windows?
+    uri = URI 'http://example/test.html'
+    page = Mechanize::File.new uri, nil, ''
+    in_tmpdir do
+      page.save!('| ruby -rfileutils -e \'FileUtils.touch("vul.txt")\'')
+      refute_operator(File, :exist?, "vul.txt")
+    end
+  end
 end

data/test/test_mechanize_file_connection.rb CHANGED Viewed

@@ -1,21 +1,40 @@
+# frozen_string_literal: true
 require 'mechanize/test_case'
 class TestMechanizeFileConnection < Mechanize::TestCase
   def test_request
-    uri = URI.parse "file://#{File.expand_path __FILE__}"
+    file_path = File.expand_path(__FILE__)
+    uri = URI.parse "file://#{file_path}"
     conn = Mechanize::FileConnection.new
-    body = ''
+    body = +''
     conn.request uri, nil do |response|
+      assert_equal(file_path, response.file_path)
       response.read_body do |part|
         body << part
       end
     end
-    assert_equal File.read(__FILE__), body
+    assert_equal File.read(__FILE__), body.gsub(/\r\n/, "\n")
   end
-end
+  def test_request_on_uri_with_windows_drive
+    uri_string = "file://C:/path/to/file.html"
+    expected_file_path = "C:/path/to/file.html"
+    uri = URI.parse(uri_string)
+    conn = Mechanize::FileConnection.new
+    called = false
+    yielded_file_path = nil
+    conn.request(uri, nil) do |response|
+      called = true
+      yielded_file_path = response.file_path
+    end
+    assert(called)
+    assert_equal(expected_file_path, yielded_file_path)
+  end
+end