RubyGems - rack - Versions diffs - 1.6.8 → 1.6.13 - Mend

rack 1.6.8 → 1.6.13

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (18) hide show

checksums.yaml +5 -5
data/lib/rack/methodoverride.rb +8 -1
data/lib/rack/request.rb +17 -4
data/lib/rack/session/abstract/id.rb +79 -3
data/lib/rack/session/cookie.rb +11 -2
data/lib/rack/session/memcache.rb +12 -6
data/lib/rack/session/pool.rb +13 -6
data/lib/rack/showexceptions.rb +1 -1
data/lib/rack.rb +1 -1
data/rack.gemspec +1 -1
data/test/spec_methodoverride.rb +34 -5
data/test/spec_request.rb +5 -0
data/test/spec_session_abstract_id.rb +1 -1
data/test/spec_session_memcache.rb +40 -3
data/test/spec_session_persisted_secure_secure_session_hash.rb +73 -0
data/test/spec_session_pool.rb +40 -3
data/test/spec_showexceptions.rb +13 -0
metadata +51 -51

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b2092f4e0636aec14fec649deaef4dbfb68361c1
-  data.tar.gz: b2954fc517f0c648aae2332778c34c7464ecac8d
+SHA256:
+  metadata.gz: 1284c246863ad0e0c1472c12dc028993a5c84223a53deb943183f396c21f05ec
+  data.tar.gz: 6aba4634a7f953dff80b391f999eae11404516f22158d6b2931f8fc7d65aa02b
 SHA512:
-  metadata.gz: ab7e0851574c85179644c886a1b57ca2c28c97825e41e2ffb303cb648e0d6bf93fb903002a2ff4f5585ab656c9914e9a28aefc5f4b093b248c6151ef9f0d5dbc
-  data.tar.gz: d1532e066641f8bfa48a6f635935a00cc6fdb2e22668ee41c68bfced203a174c433f11e322b9fc19be5135832eadbba9b6a1d653debf58911c32761396198630
+  metadata.gz: 81f24112cf528aa9f672dede1598fe9527a7d3aa5578e11fe6d6064a96d3091f0afae7f9d4bf453f1eff8c9a3d2ce4bb57991e5a45d41abfdc1948a62c8f65e2
+  data.tar.gz: bfde816a21a1293b1b8be7e7f3fd583887e854c57c96afc2d9b823cf16eb40938ef563294bb323389ab241322cfd3add5503e69e3e0ce8678739988d4990e43d

data/lib/rack/methodoverride.rb CHANGED Viewed

@@ -26,7 +26,11 @@ module Rack
       req = Request.new(env)
       method = method_override_param(req) ||
         env[HTTP_METHOD_OVERRIDE_HEADER]
-      method.to_s.upcase
+      begin
+        method.to_s.upcase
+      rescue ArgumentError
+        env["rack.errors"].puts "Invalid string for method"
+      end
     end
     private
@@ -38,6 +42,9 @@ module Rack
     def method_override_param(req)
       req.POST[METHOD_OVERRIDE_PARAM_KEY]
     rescue Utils::InvalidParameterError, Utils::ParameterTypeError
+      req.env["rack.errors"].puts "Invalid or incomplete POST params"
+    rescue EOFError
+      req.env["rack.errors"].puts "Bad request content body"
     end
   end
 end

data/lib/rack/request.rb CHANGED Viewed

@@ -13,6 +13,8 @@ module Rack
     # The environment of the request.
     attr_reader :env
+    SCHEME_WHITELIST = %w(https http).freeze
     def initialize(env)
       @env = env
     end
@@ -68,10 +70,8 @@ module Rack
         'https'
       elsif @env['HTTP_X_FORWARDED_SSL'] == 'on'
         'https'
-      elsif @env['HTTP_X_FORWARDED_SCHEME']
-        @env['HTTP_X_FORWARDED_SCHEME']
-      elsif @env['HTTP_X_FORWARDED_PROTO']
-        @env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+      elsif forwarded_scheme
+        forwarded_scheme
       else
         @env["rack.url_scheme"]
       end
@@ -394,5 +394,18 @@ module Rack
         s
       end
     end
+    def forwarded_scheme
+      scheme_headers = [
+        @env['HTTP_X_FORWARDED_SCHEME'],
+        @env['HTTP_X_FORWARDED_PROTO'].to_s.split(',')[0]
+      ]
+      scheme_headers.each do |header|
+        return header if SCHEME_WHITELIST.include?(header)
+      end
+      nil
+    end
   end
 end

data/lib/rack/session/abstract/id.rb CHANGED Viewed

@@ -9,11 +9,38 @@ begin
 rescue LoadError
   # We just won't get securerandom
 end
+require "digest/sha2"
 module Rack
   module Session
+    class SessionId
+      ID_VERSION = 2
+      attr_reader :public_id
+      def initialize(public_id)
+        @public_id = public_id
+      end
+      def private_id
+        "#{ID_VERSION}::#{hash_sid(public_id)}"
+      end
+      alias :cookie_value :public_id
+      alias :to_s :public_id
+      def empty?; false; end
+      def inspect; public_id.inspect; end
+      private
+      def hash_sid(sid)
+        Digest::SHA256.hexdigest(sid)
+      end
+    end
     module Abstract
       ENV_SESSION_KEY = 'rack.session'.freeze
       ENV_SESSION_OPTIONS_KEY = 'rack.session.options'.freeze
@@ -191,7 +218,7 @@ module Rack
       # Not included by default; you must require 'rack/session/abstract/id'
       # to use.
-      class ID
+      class Persisted
         DEFAULT_OPTIONS = {
           :key =>           'rack.session',
           :path =>          '/',
@@ -342,10 +369,10 @@ module Rack
           if not data = set_session(env, session_id, session_data, options)
             env["rack.errors"].puts("Warning! #{self.class.name} failed to save session. Content dropped.")
           elsif options[:defer] and not options[:renew]
-            env["rack.errors"].puts("Deferring cookie for #{session_id}") if $VERBOSE
+            env["rack.errors"].puts("Deferring cookie for #{session_id.public_id}") if $VERBOSE
           else
             cookie = Hash.new
-            cookie[:value] = data
+            cookie[:value] = cookie_value(data)
             cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after]
             cookie[:expires] = Time.now + options[:max_age] if options[:max_age]
             set_cookie(env, headers, cookie.merge!(options))
@@ -354,6 +381,10 @@ module Rack
           [status, headers, body]
         end
+        def cookie_value(data)
+          data
+        end
         # Sets the cookie back to the client with session id. We skip the cookie
         # setting if the value didn't change (sid is the same) or expires was given.
@@ -394,6 +425,51 @@ module Rack
           raise '#destroy_session not implemented'
         end
       end
+      class PersistedSecure < Persisted
+        class SecureSessionHash < SessionHash
+          def [](key)
+            if key == "session_id"
+              load_for_read!
+              id.public_id if id
+            else
+              super
+            end
+          end
+        end
+        def generate_sid(*)
+          public_id = super
+          SessionId.new(public_id)
+        end
+        def extract_session_id(*)
+          public_id = super
+          public_id && SessionId.new(public_id)
+        end
+        private
+        def session_class
+          SecureSessionHash
+        end
+        def cookie_value(data)
+          data.cookie_value
+        end
+      end
+      class ID < Persisted
+        def self.inherited(klass)
+          k = klass.ancestors.find { |kl| kl.respond_to?(:superclass) && kl.superclass == ID }
+          unless k.instance_variable_defined?(:"@_rack_warned")
+            warn "#{klass} is inheriting from #{ID}.  Inheriting from #{ID} is deprecated, please inherit from #{Persisted} instead" if $VERBOSE
+            k.instance_variable_set(:"@_rack_warned", true)
+          end
+          super
+        end
+      end
     end
   end
 end

data/lib/rack/session/cookie.rb CHANGED Viewed

@@ -44,7 +44,7 @@ module Rack
     #   })
     #
-    class Cookie < Abstract::ID
+    class Cookie < Abstract::PersistedSecure
       # Encode session cookies as Base64
       class Base64
         def encode(str)
@@ -151,6 +151,15 @@ module Rack
         data
       end
+      class SessionId < DelegateClass(Session::SessionId)
+        attr_reader :cookie_value
+        def initialize(session_id, cookie_value)
+          super(session_id)
+          @cookie_value = cookie_value
+        end
+      end
       def set_session(env, session_id, session, options)
         session = session.merge("session_id" => session_id)
         session_data = coder.encode(session)
@@ -163,7 +172,7 @@ module Rack
           env["rack.errors"].puts("Warning! Rack::Session::Cookie data size exceeds 4K.")
           nil
         else
-          session_data
+          SessionId.new(session_id, session_data)
         end
       end

data/lib/rack/session/memcache.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Rack
     # Note that memcache does drop data before it may be listed to expire. For
     # a full description of behaviour, please see memcache's documentation.
-    class Memcache < Abstract::ID
+    class Memcache < Abstract::PersistedSecure
       attr_reader :mutex, :pool
       DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge \
@@ -42,15 +42,15 @@ module Rack
       def generate_sid
         loop do
           sid = super
-          break sid unless @pool.get(sid, true)
+          break sid unless @pool.get(sid.private_id, true)
         end
       end
       def get_session(env, sid)
         with_lock(env) do
-          unless sid and session = @pool.get(sid)
+          unless sid and session = get_session_with_fallback(sid)
             sid, session = generate_sid, {}
-            unless /^STORED/ =~ @pool.add(sid, session)
+            unless /^STORED/ =~ @pool.add(sid.private_id, session)
               raise "Session collision on '#{sid.inspect}'"
             end
           end
@@ -63,14 +63,15 @@ module Rack
         expiry = expiry.nil? ? 0 : expiry + 1
         with_lock(env) do
-          @pool.set session_id, new_session, expiry
+          @pool.set session_id.private_id, new_session, expiry
           session_id
         end
       end
       def destroy_session(env, session_id, options)
         with_lock(env) do
-          @pool.delete(session_id)
+          @pool.delete(session_id.public_id)
+          @pool.delete(session_id.private_id)
           generate_sid unless options[:drop]
         end
       end
@@ -88,6 +89,11 @@ module Rack
         @mutex.unlock if @mutex.locked?
       end
+      private
+      def get_session_with_fallback(sid)
+        @pool.get(sid.private_id) || @pool.get(sid.public_id)
+      end
     end
   end
 end

data/lib/rack/session/pool.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Rack
     #   )
     #   Rack::Handler::WEBrick.run sessioned
-    class Pool < Abstract::ID
+    class Pool < Abstract::PersistedSecure
       attr_reader :mutex, :pool
       DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge :drop => false
@@ -37,15 +37,15 @@ module Rack
       def generate_sid
         loop do
           sid = super
-          break sid unless @pool.key? sid
+          break sid unless @pool.key? sid.private_id
         end
       end
       def get_session(env, sid)
         with_lock(env) do
-          unless sid and session = @pool[sid]
+          unless sid and session = get_session_with_fallback(sid)
             sid, session = generate_sid, {}
-            @pool.store sid, session
+            @pool.store sid.private_id, session
           end
           [sid, session]
         end
@@ -53,14 +53,15 @@ module Rack
       def set_session(env, session_id, new_session, options)
         with_lock(env) do
-          @pool.store session_id, new_session
+          @pool.store session_id.private_id, new_session
           session_id
         end
       end
       def destroy_session(env, session_id, options)
         with_lock(env) do
-          @pool.delete(session_id)
+          @pool.delete(session_id.public_id)
+          @pool.delete(session_id.private_id)
           generate_sid unless options[:drop]
         end
       end
@@ -71,6 +72,12 @@ module Rack
       ensure
         @mutex.unlock if @mutex.locked?
       end
+      private
+      def get_session_with_fallback(sid)
+        @pool[sid.private_id] || @pool[sid.public_id]
+      end
     end
   end
 end

data/lib/rack/showexceptions.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module Rack
     end
     def prefers_plaintext?(env)
-      !accepts_html(env)
+      !accepts_html?(env)
     end
     def accepts_html?(env)

data/lib/rack.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Rack
   # Return the Rack release as a dotted string.
   def self.release
-    "1.6.8"
+    "1.6.13"
   end
   PATH_INFO      = 'PATH_INFO'.freeze
   REQUEST_METHOD = 'REQUEST_METHOD'.freeze

data/rack.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = "rack"
-  s.version         = "1.6.8"
+  s.version         = "1.6.13"
   s.platform        = Gem::Platform::RUBY
   s.summary         = "a modular Ruby webserver interface"
   s.license         = "MIT"

data/test/spec_methodoverride.rb CHANGED Viewed

@@ -8,7 +8,7 @@ describe Rack::MethodOverride do
       [200, {"Content-Type" => "text/plain"}, []]
     }))
   end
   should "not affect GET requests" do
     env = Rack::MockRequest.env_for("/?_method=delete", :method => "GET")
     app.call env
@@ -23,6 +23,22 @@ describe Rack::MethodOverride do
     env["REQUEST_METHOD"].should.equal "PUT"
   end
+  if RUBY_VERSION >= "1.9"
+    should "set rack.errors for invalid UTF8 _method values" do
+      errors = StringIO.new
+      env = Rack::MockRequest.env_for("/",
+        :method => "POST",
+        :input => "_method=\xBF".force_encoding("ASCII-8BIT"),
+        "rack.errors" => errors)
+      app.call env
+      errors.rewind
+      errors.read.should.equal "Invalid string for method\n"
+      env["REQUEST_METHOD"].should.equal "POST"
+    end
+  end
   should "modify REQUEST_METHOD for POST requests when X-HTTP-Method-Override is set" do
     env = Rack::MockRequest.env_for("/",
             :method => "POST",
@@ -65,14 +81,27 @@ EOF
                       "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
                       "CONTENT_LENGTH" => input.size.to_s,
                       :method => "POST", :input => input)
-    begin
-      app.call env
-    rescue EOFError
-    end
+    app.call env
     env["REQUEST_METHOD"].should.equal "POST"
   end
+  should "write error to RACK_ERRORS when given invalid multipart form data" do
+    input = <<EOF
+--AaB03x\r
+content-disposition: form-data; name="huge"; filename="huge"\r
+EOF
+    env = Rack::MockRequest.env_for("/",
+                      "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
+                      "CONTENT_LENGTH" => input.size.to_s,
+                      "rack.errors" => StringIO.new,
+                      :method => "POST", :input => input)
+    Rack::MethodOverride.new(proc { [200, {"Content-Type" => "text/plain"}, []] }).call env
+    env["rack.errors"].rewind
+    env["rack.errors"].read.should =~ /Bad request content body/
+  end
   should "not modify REQUEST_METHOD for POST requests when the params are unparseable" do
     env = Rack::MockRequest.env_for("/", :method => "POST", :input => "(%bad-params%)")
     app.call env

data/test/spec_request.rb CHANGED Viewed

@@ -425,6 +425,11 @@ describe Rack::Request do
     request.should.be.ssl?
   end
+  should "prevent scheme abuse" do
+    request = Rack::Request.new(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_SCHEME' => 'a."><script>alert(1)</script>'))
+    request.scheme.should.not.equal 'a."><script>alert(1)</script>'
+  end
   should "parse cookies" do
     req = Rack::Request.new \
       Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar;quux=h&m")

data/test/spec_session_abstract_id.rb CHANGED Viewed

@@ -47,7 +47,7 @@ describe Rack::Session::Abstract::ID do
       end
     end
     id = Rack::Session::Abstract::ID.new nil, :secure_random => secure_random.new
-    id.send(:generate_sid).should.eql 'fake_hex'
+    id.send(:generate_sid).should.equal 'fake_hex'
   end
 end

data/test/spec_session_memcache.rb CHANGED Viewed

@@ -225,15 +225,52 @@ begin
       req = Rack::MockRequest.new(pool)
       res0 = req.get("/")
-      session_id = (cookie = res0["Set-Cookie"])[session_match, 1]
-      ses0 = pool.pool.get(session_id, true)
+      session_id = Rack::Session::SessionId.new (cookie = res0["Set-Cookie"])[session_match, 1]
+      ses0 = pool.pool.get(session_id.private_id, true)
       req.get("/", "HTTP_COOKIE" => cookie)
-      ses1 = pool.pool.get(session_id, true)
+      ses1 = pool.pool.get(session_id.private_id, true)
       ses1.should.not.equal ses0
     end
+    it "can read the session with the legacy id" do
+      pool = Rack::Session::Memcache.new(incrementor)
+      req = Rack::MockRequest.new(pool)
+      res0 = req.get("/")
+      cookie = res0["Set-Cookie"]
+      session_id = Rack::Session::SessionId.new cookie[session_match, 1]
+      ses0 = pool.pool.get(session_id.private_id, true)
+      pool.pool.set(session_id.public_id, ses0, 0, true)
+      pool.pool.delete(session_id.private_id)
+      res1 = req.get("/", "HTTP_COOKIE" => cookie)
+      res1["Set-Cookie"].should.be.nil
+      res1.body.should.equal '{"counter"=>2}'
+      pool.pool.get(session_id.private_id, true).should.not.be.nil
+    end
+    it "drops the session in the legacy id as well" do
+      pool = Rack::Session::Memcache.new(incrementor)
+      req = Rack::MockRequest.new(pool)
+      drop = Rack::Utils::Context.new(pool, drop_session)
+      dreq = Rack::MockRequest.new(drop)
+      res0 = req.get("/")
+      cookie = res0["Set-Cookie"]
+      session_id = Rack::Session::SessionId.new cookie[session_match, 1]
+      ses0 = pool.pool.get(session_id.private_id, true)
+      pool.pool.set(session_id.public_id, ses0, 0, true)
+      pool.pool.delete(session_id.private_id)
+      res2 = dreq.get("/", "HTTP_COOKIE" => cookie)
+      res2["Set-Cookie"].should.be.nil
+      res2.body.should.equal '{"counter"=>2}'
+      pool.pool.get(session_id.private_id, true).should.be.nil
+      pool.pool.get(session_id.public_id, true).should.be.nil
+    end
     # anyone know how to do this better?
     it "cleanly merges sessions when multithreaded" do
       unless $DEBUG

data/test/spec_session_persisted_secure_secure_session_hash.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+require 'minitest/global_expectations/autorun'
+require 'rack/session/abstract/id'
+describe Rack::Session::Abstract::PersistedSecure::SecureSessionHash do
+  attr_reader :hash
+  def setup
+    super
+    @store = Class.new do
+      def load_session(req)
+        [Rack::Session::SessionId.new("id"), { foo: :bar, baz: :qux }]
+      end
+      def session_exists?(req)
+        true
+      end
+    end
+    @hash = Rack::Session::Abstract::PersistedSecure::SecureSessionHash.new(@store.new, nil)
+  end
+  it "returns keys" do
+    assert_equal ["foo", "baz"], hash.keys
+  end
+  it "returns values" do
+    assert_equal [:bar, :qux], hash.values
+  end
+  describe "#[]" do
+    it "returns value for a matching key" do
+      assert_equal :bar, hash[:foo]
+    end
+    it "returns value for a 'session_id' key" do
+      assert_equal "id", hash['session_id']
+    end
+    it "returns nil value for missing 'session_id' key" do
+      store = @store.new
+      def store.load_session(req)
+        [nil, {}]
+      end
+      @hash = Rack::Session::Abstract::PersistedSecure::SecureSessionHash.new(store, nil)
+      assert_nil hash['session_id']
+    end
+  end
+  describe "#fetch" do
+    it "returns value for a matching key" do
+      assert_equal :bar, hash.fetch(:foo)
+    end
+    it "works with a default value" do
+      assert_equal :default, hash.fetch(:unknown, :default)
+    end
+    it "works with a block" do
+      assert_equal :default, hash.fetch(:unkown) { :default }
+    end
+    it "it raises when fetching unknown keys without defaults" do
+      lambda { hash.fetch(:unknown) }.must_raise KeyError
+    end
+  end
+  describe "#stringify_keys" do
+    it "returns hash or session hash with keys stringified" do
+      assert_equal({ "foo" => :bar, "baz" => :qux }, hash.send(:stringify_keys, hash).to_h)
+    end
+  end
+end

data/test/spec_session_pool.rb CHANGED Viewed

@@ -5,7 +5,7 @@ require 'rack/session/pool'
 describe Rack::Session::Pool do
   session_key = Rack::Session::Pool::DEFAULT_OPTIONS[:key]
-  session_match = /#{session_key}=[0-9a-fA-F]+;/
+  session_match = /#{session_key}=([0-9a-fA-F]+);/
   incrementor = lambda do |env|
     env["rack.session"]["counter"] ||= 0
@@ -13,7 +13,7 @@ describe Rack::Session::Pool do
     Rack::Response.new(env["rack.session"].inspect).to_a
   end
-  session_id = Rack::Lint.new(lambda do |env|
+  get_session_id = Rack::Lint.new(lambda do |env|
     Rack::Response.new(env["rack.session"].inspect).to_a
   end)
@@ -142,6 +142,43 @@ describe Rack::Session::Pool do
     pool.pool.size.should.equal 1
   end
+  it "can read the session with the legacy id" do
+    pool = Rack::Session::Pool.new(incrementor)
+    req = Rack::MockRequest.new(pool)
+    res0 = req.get("/")
+    cookie = res0["Set-Cookie"]
+    session_id = Rack::Session::SessionId.new cookie[session_match, 1]
+    ses0 = pool.pool[session_id.private_id]
+    pool.pool[session_id.public_id] = ses0
+    pool.pool.delete(session_id.private_id)
+    res1 = req.get("/", "HTTP_COOKIE" => cookie)
+    res1["Set-Cookie"].should.be.nil
+    res1.body.should.equal '{"counter"=>2}'
+    pool.pool[session_id.private_id].should.not.be.nil
+  end
+  it "drops the session in the legacy id as well" do
+    pool = Rack::Session::Pool.new(incrementor)
+    req = Rack::MockRequest.new(pool)
+    drop = Rack::Utils::Context.new(pool, drop_session)
+    dreq = Rack::MockRequest.new(drop)
+    res0 = req.get("/")
+    cookie = res0["Set-Cookie"]
+    session_id = Rack::Session::SessionId.new cookie[session_match, 1]
+    ses0 = pool.pool[session_id.private_id]
+    pool.pool[session_id.public_id] = ses0
+    pool.pool.delete(session_id.private_id)
+    res2 = dreq.get("/", "HTTP_COOKIE" => cookie)
+    res2["Set-Cookie"].should.be.nil
+    res2.body.should.equal '{"counter"=>2}'
+    pool.pool[session_id.private_id].should.be.nil
+    pool.pool[session_id.public_id].should.be.nil
+  end
   # anyone know how to do this better?
   it "should merge sessions when multithreaded" do
     unless $DEBUG
@@ -190,7 +227,7 @@ describe Rack::Session::Pool do
   end
   it "does not return a cookie if cookie was not written (only read)" do
-    app = Rack::Session::Pool.new(session_id)
+    app = Rack::Session::Pool.new(get_session_id)
     res = Rack::MockRequest.new(app).get("/")
     res["Set-Cookie"].should.be.nil
   end

data/test/spec_showexceptions.rb CHANGED Viewed

@@ -82,4 +82,17 @@ describe Rack::ShowExceptions do
     res.should =~ /ShowExceptions/
     res.should =~ /unknown location/
   end
+  it "knows to prefer plaintext for non-html" do
+    # We don't need an app for this
+    exc = Rack::ShowExceptions.new(nil)
+    [
+      [{ "HTTP_ACCEPT" => "text/plain" }, true],
+      [{ "HTTP_ACCEPT" => "text/foo" }, true],
+      [{ "HTTP_ACCEPT" => "text/html" }, false]
+    ].each do |env, expected|
+      expected.should.equal exc.prefers_plaintext?(env)
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,38 +1,38 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 1.6.8
+  version: 1.6.13
 platform: ruby
 authors:
 - Christian Neukirchen
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-05-16 00:00:00.000000000 Z
+date: 2020-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: bacon
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: bacon
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: rake
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -221,6 +221,7 @@ files:
 - test/spec_session_abstract_id.rb
 - test/spec_session_cookie.rb
 - test/spec_session_memcache.rb
+- test/spec_session_persisted_secure_secure_session_hash.rb
 - test/spec_session_pool.rb
 - test/spec_showexceptions.rb
 - test/spec_showstatus.rb
@@ -240,7 +241,7 @@ homepage: http://rack.github.io/
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -255,59 +256,58 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: rack
-rubygems_version: 2.6.8
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: a modular Ruby webserver interface
 test_files:
-- test/spec_auth_basic.rb
-- test/spec_auth_digest.rb
-- test/spec_body_proxy.rb
-- test/spec_builder.rb
-- test/spec_cascade.rb
-- test/spec_cgi.rb
-- test/spec_chunked.rb
-- test/spec_commonlogger.rb
-- test/spec_conditionalget.rb
-- test/spec_config.rb
-- test/spec_content_length.rb
-- test/spec_content_type.rb
+- test/spec_multipart.rb
 - test/spec_deflater.rb
-- test/spec_directory.rb
+- test/spec_static.rb
+- test/spec_session_cookie.rb
+- test/spec_commonlogger.rb
+- test/spec_session_pool.rb
+- test/spec_methodoverride.rb
 - test/spec_etag.rb
-- test/spec_fastcgi.rb
-- test/spec_file.rb
+- test/spec_version.rb
 - test/spec_handler.rb
-- test/spec_head.rb
-- test/spec_lint.rb
-- test/spec_lobster.rb
-- test/spec_lock.rb
-- test/spec_logger.rb
-- test/spec_methodoverride.rb
+- test/spec_thin.rb
+- test/spec_showexceptions.rb
+- test/spec_session_abstract_id.rb
 - test/spec_mime.rb
-- test/spec_mock.rb
-- test/spec_mongrel.rb
-- test/spec_multipart.rb
-- test/spec_nulllogger.rb
 - test/spec_recursive.rb
+- test/spec_cgi.rb
+- test/spec_content_type.rb
 - test/spec_request.rb
-- test/spec_response.rb
-- test/spec_rewindable_input.rb
+- test/spec_showstatus.rb
+- test/spec_chunked.rb
 - test/spec_runtime.rb
+- test/spec_session_persisted_secure_secure_session_hash.rb
+- test/spec_fastcgi.rb
+- test/spec_builder.rb
+- test/spec_config.rb
+- test/spec_mongrel.rb
+- test/spec_utils.rb
 - test/spec_sendfile.rb
-- test/spec_server.rb
-- test/spec_session_abstract_id.rb
-- test/spec_session_cookie.rb
-- test/spec_session_memcache.rb
-- test/spec_session_pool.rb
-- test/spec_showexceptions.rb
-- test/spec_showstatus.rb
-- test/spec_static.rb
+- test/spec_lobster.rb
+- test/spec_lint.rb
 - test/spec_tempfile_reaper.rb
-- test/spec_thin.rb
-- test/spec_urlmap.rb
-- test/spec_utils.rb
-- test/spec_version.rb
+- test/spec_mock.rb
+- test/spec_conditionalget.rb
+- test/spec_server.rb
+- test/spec_directory.rb
 - test/spec_webrick.rb
-has_rdoc:
+- test/spec_response.rb
+- test/spec_file.rb
+- test/spec_body_proxy.rb
+- test/spec_logger.rb
+- test/spec_auth_digest.rb
+- test/spec_urlmap.rb
+- test/spec_nulllogger.rb
+- test/spec_cascade.rb
+- test/spec_auth_basic.rb
+- test/spec_head.rb
+- test/spec_lock.rb
+- test/spec_rewindable_input.rb
+- test/spec_session_memcache.rb
+- test/spec_content_length.rb