rack-logs 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e0a1cdc66577d3ba82418770cc9ca462b3f81581
-  data.tar.gz: a9c6ce4f050fac22cff08d242acb0e1c553b3173
+  metadata.gz: 38f658a84c8b8956be836e3812a3a8362ee03f7d
+  data.tar.gz: c0e31cdcd0de005e773eb4aeaa00f6eb276f0e44
 SHA512:
-  metadata.gz: a3a948077177fc75c6bda202e718d534331637175f6ab55395b68a6835d2f2fa393c2a20f93ed167bb296411692d6f8479d381fda172eb418f40949786e7bc98
-  data.tar.gz: e373503195bfcb176e4039c416f38f308604c771d32197d0805624cd9b386c6793d27ab2a1849e76224950b60eaf0b6383f13072d17423b595c59fc691220173
+  metadata.gz: 7a952da98a94f7af5c0a2fd66483d60d0684e33d9c3bef6519c96eba97749afaa9b11b6824aa8fba194358f864d774db0b8dbcee261af6fc35afaf1374df47e9
+  data.tar.gz: 72b85e5be9e67ebd24e42b44726886236721816b46e7e0073992d1339ff9452b3fd5dacd8ddc1fff14b0656494c471b64adc7ac5f540ec7690778c6caba06afe

data/.gitignore

@@ -1,3 +1,3 @@
 Gemfile.lock
 pkg
-tmp
+/tmp

data/lib/rack/logs/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module Logs
-    VERSION = "0.0.3"
+    VERSION = "0.0.4"
   end
 end

data/lib/rack/logs/viewer.rb

@@ -8,7 +8,12 @@ module Rack
       attr_reader :config
 
       def call env
-        [200, headers, joined_logs]
+        contents = joined_logs(env.fetch('PATH_INFO','/'))
+        if contents.empty?
+          [404, headers, ['No Such File']]
+        else
+          [200, headers, contents]
+        end
       end
 
     private
@@ -27,6 +32,10 @@ module Rack
           @lines = lines
         end
 
+        def empty?
+          @filenames.empty?
+        end
+
         def each &block
           @filenames.each do |filename|
             block.call "## #{filename}\n\n"
@@ -46,8 +55,8 @@ module Rack
         end
       end
 
-      def joined_logs
-        JoinedFiles.new files, @config.lines
+      def joined_logs path
+        JoinedFiles.new files(path), @config.lines
       end
 
       def logs
@@ -57,8 +66,10 @@ module Rack
         end
       end
 
-      def files
-        Dir[@config.log_dir+'/'+@config.pattern]
+      def files path
+        Dir[@config.log_dir+'/'+@config.pattern].select do |filename|
+          filename =~ Regexp.new( @config.log_dir + path )
+        end
       end
 
     end

data/rack-logs.gemspec

@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "rack", "~> 1.5.2"
 
   spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "fakefs"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rack-test"
   spec.add_development_dependency "rspec",   "~> 3.0.0.beta1"

data/spec/integration/accessing_an_individual_log_spec.rb

@@ -0,0 +1,39 @@
+require 'rack/test'
+require 'rack/logs'
+
+describe 'accessing an individual log', type: :integration do
+  include Rack::Test::Methods
+
+  let(:app) do
+    Rack::Builder.app do
+      logs = Rack::Logs.configure do |config|
+        config.log_dir = './tmp'
+      end
+      run logs
+    end
+  end
+
+  before do
+    File.open('./tmp/my_log_file.log','w') do |f|
+      f.write "LOG ENTRY 1234"
+    end
+    File.open('./tmp/other_file.log','w') do |f|
+      f.write "LOG ENTRY 5678"
+    end
+    get '/my_log_file.log'
+  end
+
+  example 'returns a 200 response code' do
+    expect(last_response).to be_ok
+  end
+
+  example 'accessing the log returns only the specific log contents' do
+    expect(last_response.body).to     match 'LOG ENTRY 1234'
+    expect(last_response.body).to_not match 'LOG ENTRY 5678'
+  end
+
+  example 'cross path traversal is prevented' do
+    get "/../tmp/secret_file.txt"
+    expect(last_response.status).to be 404
+  end
+end

data/spec/integration/running_rack_logs_via_rack_spec.rb

@@ -9,11 +9,8 @@ describe 'running `Rack::Logs` via `Rack::Builder`', type: :integration do
 
     before { get '/' }
 
-    example 'returns a 200 response code' do
-      expect(last_response).to be_ok
-    end
-    example 'returns no logs because there are no files' do
-      expect(last_response.body).to eq ''
+    example 'returns a 404 response code because there are no files' do
+      expect(last_response.status).to eq 404
     end
   end
 

data/spec/spec_helper.rb

@@ -1 +1,11 @@
 # required by .rspec
+
+module Support
+  def support_path path
+    File.join File.expand_path('../support', __FILE__), path
+  end
+end
+
+RSpec.configure do |c|
+  c.include Support
+end

data/spec/support/fixtures/log/my_log.doge

@@ -0,0 +1,6 @@
+Ignored
+
+
+
+
+Much log, such information

data/spec/support/fixtures/log/not_log.txt

@@ -0,0 +1 @@
+Nothing to see here

data/spec/support/fixtures/log/other_log.doge

@@ -0,0 +1,6 @@
+Ignored
+
+
+
+
+Other log, such information

data/spec/support/fixtures/tmp/secret_file.txt

@@ -0,0 +1 @@
+S3kr1t!

data/spec/unit/rack/logs/viewer_spec.rb

@@ -1,8 +1,10 @@
-require 'fakefs/safe'
 require 'rack/logs/viewer'
 
 describe 'Rack::Logs::Viewer' do
-  let(:config) { instance_double "Rack::Logs::Config", pattern: '*.doge', log_dir: './tmp', lines: 5 }
+  let(:config) do
+    instance_double "Rack::Logs::Config", lines: 5, pattern: '*.doge',
+      log_dir: support_path('fixtures/log')
+  end
 
   describe '#initialize' do
     it 'takes a configuration' do
@@ -12,37 +14,58 @@ describe 'Rack::Logs::Viewer' do
 
   describe '#call env' do
     let(:viewer)   { Rack::Logs::Viewer.new config }
-    let(:response) { viewer.call({}) }
     let(:contents) { response[2].inject("") { |contents, fragment| contents + fragment } }
 
-    before do
-      FakeFS.activate!
-      FileUtils.mkdir_p('./tmp')
-      File.open('./tmp/not_log.txt','w') { |file| file.write 'Nothing to see here' }
-      File.open('./tmp/my_log.doge','w') do |file|
-        file.write "Ignored"
-        4.times do
-          file.write $/
-        end
-        file.write "Much log, such information"
+    shared_examples_for "a rack logs response" do
+      it 'returns a rack response' do
+        expect(response[0]).to be_a Fixnum
+        expect(response[1]).to be_a Hash
+        expect(response[1].keys).to include 'Content-Type'
+        expect(response[2].respond_to? :each).to be true
+      end
+
+      it 'limits itself to the last n lines' do
+        expect(contents).to_not match "Ignored"
       end
-    end
-    after do
-      FakeFS.deactivate!
     end
 
-    it 'returns a rack response' do
-      expect(response[0]).to be_a Fixnum
-      expect(response[1]).to be_a Hash
-      expect(response[1].keys).to include 'Content-Type'
-      expect(response[2].respond_to? :each).to be true
+    context "for all files" do
+      let(:response) { viewer.call({}) }
+
+      it_should_behave_like "a rack logs response"
+
+      it 'returns the contents of all the logs' do
+        expect(contents).to match "log/my_log\.doge\n\n"
+        expect(contents).to match "Much log, such information"
+        expect(contents).to match "log/other_log\.doge\n\n"
+        expect(contents).to match "Other log, such information"
+      end
     end
-    it 'returns the contents of the logs' do
-      expect(contents).to match "## tmp/my_log\.doge\n\n"
-      expect(contents).to match "Much log, such information"
+
+    context "for a file" do
+      let(:response) { viewer.call({ 'PATH_INFO' => '/my_log.doge' }) }
+
+      it_should_behave_like "a rack logs response"
+
+      it 'returns the contents the specific log' do
+        expect(contents).to match "log/my_log\.doge\n\n"
+        expect(contents).to match "Much log, such information"
+      end
+      it 'ignores other contents' do
+        expect(contents).to_not match "log/other_log\.doge\n\n"
+        expect(contents).to_not match "Other log, such information"
+      end
     end
-    it 'limits itself to the last n lines' do
-      expect(contents).to_not match "Ignored"
+
+    context "for a forbidden file" do
+      let(:response) { viewer.call({ 'PATH_INFO' => '/../tmp/secret_file.txt' }) }
+
+      it 'returns a 404 rack response' do
+        expect(response[0]).to eq 404
+        expect(response[1]).to be_a Hash
+        expect(response[1].keys).to include 'Content-Type'
+        expect(response[2]).to eq ['No Such File']
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-logs
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Jon Rowe
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-03 00:00:00.000000000 Z
+date: 2014-01-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -38,20 +38,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
-- !ruby/object:Gem::Dependency
-  name: fakefs
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -114,8 +100,13 @@ files:
 - lib/rack/logs/version.rb
 - lib/rack/logs/viewer.rb
 - rack-logs.gemspec
+- spec/integration/accessing_an_individual_log_spec.rb
 - spec/integration/running_rack_logs_via_rack_spec.rb
 - spec/spec_helper.rb
+- spec/support/fixtures/log/my_log.doge
+- spec/support/fixtures/log/not_log.txt
+- spec/support/fixtures/log/other_log.doge
+- spec/support/fixtures/tmp/secret_file.txt
 - spec/unit/rack/logs/config_spec.rb
 - spec/unit/rack/logs/viewer_spec.rb
 - spec/unit/rack/logs_spec.rb
@@ -145,8 +136,13 @@ signing_key:
 specification_version: 4
 summary: Simple rack based log viewer
 test_files:
+- spec/integration/accessing_an_individual_log_spec.rb
 - spec/integration/running_rack_logs_via_rack_spec.rb
 - spec/spec_helper.rb
+- spec/support/fixtures/log/my_log.doge
+- spec/support/fixtures/log/not_log.txt
+- spec/support/fixtures/log/other_log.doge
+- spec/support/fixtures/tmp/secret_file.txt
 - spec/unit/rack/logs/config_spec.rb
 - spec/unit/rack/logs/viewer_spec.rb
 - spec/unit/rack/logs_spec.rb