RubyGems - rack - Versions diffs - 2.0.8 → 2.1.2 - Mend

rack 2.0.8 → 2.1.2

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (188) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +69 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.rdoc +77 -117
data/Rakefile +25 -18
data/SPEC +3 -4
data/bin/rackup +1 -0
data/example/lobster.ru +2 -0
data/example/protectedlobster.rb +3 -1
data/example/protectedlobster.ru +2 -0
data/lib/rack.rb +63 -60
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +2 -0
data/lib/rack/auth/basic.rb +4 -1
data/lib/rack/auth/digest/md5.rb +9 -7
data/lib/rack/auth/digest/nonce.rb +6 -3
data/lib/rack/auth/digest/params.rb +4 -2
data/lib/rack/auth/digest/request.rb +2 -0
data/lib/rack/body_proxy.rb +3 -6
data/lib/rack/builder.rb +39 -15
data/lib/rack/cascade.rb +6 -5
data/lib/rack/chunked.rb +29 -6
data/lib/rack/common_logger.rb +9 -8
data/lib/rack/conditional_get.rb +3 -1
data/lib/rack/config.rb +2 -0
data/lib/rack/content_length.rb +3 -1
data/lib/rack/content_type.rb +3 -1
data/lib/rack/core_ext/regexp.rb +14 -0
data/lib/rack/deflater.rb +32 -17
data/lib/rack/directory.rb +17 -14
data/lib/rack/etag.rb +3 -1
data/lib/rack/events.rb +5 -3
data/lib/rack/file.rb +4 -173
data/lib/rack/files.rb +178 -0
data/lib/rack/handler.rb +7 -2
data/lib/rack/handler/cgi.rb +3 -1
data/lib/rack/handler/fastcgi.rb +4 -2
data/lib/rack/handler/lsws.rb +3 -1
data/lib/rack/handler/scgi.rb +9 -6
data/lib/rack/handler/thin.rb +3 -1
data/lib/rack/handler/webrick.rb +4 -2
data/lib/rack/head.rb +2 -0
data/lib/rack/lint.rb +14 -11
data/lib/rack/lobster.rb +7 -5
data/lib/rack/lock.rb +2 -0
data/lib/rack/logger.rb +2 -0
data/lib/rack/media_type.rb +10 -5
data/lib/rack/method_override.rb +4 -2
data/lib/rack/mime.rb +9 -1
data/lib/rack/mock.rb +74 -15
data/lib/rack/multipart.rb +5 -3
data/lib/rack/multipart/generator.rb +6 -7
data/lib/rack/multipart/parser.rb +51 -45
data/lib/rack/multipart/uploaded_file.rb +2 -0
data/lib/rack/null_logger.rb +2 -0
data/lib/rack/query_parser.rb +51 -25
data/lib/rack/recursive.rb +7 -5
data/lib/rack/reloader.rb +10 -4
data/lib/rack/request.rb +79 -26
data/lib/rack/response.rb +71 -31
data/lib/rack/rewindable_input.rb +4 -2
data/lib/rack/runtime.rb +4 -2
data/lib/rack/sendfile.rb +15 -8
data/lib/rack/server.rb +88 -18
data/lib/rack/session/abstract/id.rb +32 -22
data/lib/rack/session/cookie.rb +10 -9
data/lib/rack/session/memcache.rb +4 -93
data/lib/rack/session/pool.rb +4 -2
data/lib/rack/show_exceptions.rb +15 -9
data/lib/rack/show_status.rb +4 -2
data/lib/rack/static.rb +15 -10
data/lib/rack/tempfile_reaper.rb +2 -0
data/lib/rack/urlmap.rb +11 -2
data/lib/rack/utils.rb +55 -70
data/rack.gemspec +17 -7
metadata +29 -169
data/HISTORY.md +0 -505
data/test/builder/an_underscore_app.rb +0 -5
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -9
data/test/cgi/test.gz +0 -0
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/helper.rb +0 -34
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_and_no_name +0 -6
data/test/multipart/filename_with_encoded_words +0 -7
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_null_byte +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_single_quote +0 -7
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/invalid_character +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/quoted +0 -15
data/test/multipart/rack-logo.png +0 -0
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/unity3d_wwwform +0 -11
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth_basic.rb +0 -89
data/test/spec_auth_digest.rb +0 -260
data/test/spec_body_proxy.rb +0 -85
data/test/spec_builder.rb +0 -233
data/test/spec_cascade.rb +0 -63
data/test/spec_cgi.rb +0 -84
data/test/spec_chunked.rb +0 -103
data/test/spec_common_logger.rb +0 -95
data/test/spec_conditional_get.rb +0 -103
data/test/spec_config.rb +0 -23
data/test/spec_content_length.rb +0 -86
data/test/spec_content_type.rb +0 -46
data/test/spec_deflater.rb +0 -375
data/test/spec_directory.rb +0 -148
data/test/spec_etag.rb +0 -108
data/test/spec_events.rb +0 -133
data/test/spec_fastcgi.rb +0 -85
data/test/spec_file.rb +0 -264
data/test/spec_handler.rb +0 -57
data/test/spec_head.rb +0 -46
data/test/spec_lint.rb +0 -515
data/test/spec_lobster.rb +0 -59
data/test/spec_lock.rb +0 -204
data/test/spec_logger.rb +0 -24
data/test/spec_media_type.rb +0 -42
data/test/spec_method_override.rb +0 -110
data/test/spec_mime.rb +0 -51
data/test/spec_mock.rb +0 -359
data/test/spec_multipart.rb +0 -722
data/test/spec_null_logger.rb +0 -21
data/test/spec_recursive.rb +0 -75
data/test/spec_request.rb +0 -1407
data/test/spec_response.rb +0 -510
data/test/spec_rewindable_input.rb +0 -128
data/test/spec_runtime.rb +0 -50
data/test/spec_sendfile.rb +0 -125
data/test/spec_server.rb +0 -193
data/test/spec_session_abstract_id.rb +0 -31
data/test/spec_session_abstract_session_hash.rb +0 -45
data/test/spec_session_cookie.rb +0 -442
data/test/spec_session_memcache.rb +0 -357
data/test/spec_session_pool.rb +0 -247
data/test/spec_show_exceptions.rb +0 -93
data/test/spec_show_status.rb +0 -104
data/test/spec_static.rb +0 -184
data/test/spec_tempfile_reaper.rb +0 -64
data/test/spec_thin.rb +0 -96
data/test/spec_urlmap.rb +0 -237
data/test/spec_utils.rb +0 -742
data/test/spec_version.rb +0 -11
data/test/spec_webrick.rb +0 -206
data/test/static/another/index.html +0 -1
data/test/static/foo.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rack/utils'
 module Rack
@@ -8,8 +10,8 @@ module Rack
   # time, or before all the other middlewares to include time for them,
   # too.
   class Runtime
-    FORMAT_STRING = "%0.6f".freeze # :nodoc:
-    HEADER_NAME = "X-Runtime".freeze # :nodoc:
+    FORMAT_STRING = "%0.6f" # :nodoc:
+    HEADER_NAME = "X-Runtime" # :nodoc:
     def initialize(app, name = nil)
       @app = app

data/lib/rack/sendfile.rb CHANGED

@@ -1,4 +1,6 @@
-require 'rack/file'
+# frozen_string_literal: true
+require 'rack/files'
 require 'rack/body_proxy'
 module Rack
@@ -14,7 +16,7 @@ module Rack
   #
   # In order to take advantage of this middleware, the response body must
   # respond to +to_path+ and the request must include an X-Sendfile-Type
-  # header. Rack::File and other components implement +to_path+ so there's
+  # header. Rack::Files and other components implement +to_path+ so there's
   # rarely anything you need to do in your application. The X-Sendfile-Type
   # header is typically set in your web servers configuration. The following
   # sections attempt to document
@@ -53,7 +55,7 @@ module Rack
   # that it maps to. The middleware performs a simple substitution on the
   # resulting path.
   #
-  # See Also: http://wiki.codemongers.com/NginxXSendfile
+  # See Also: https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile
   #
   # === lighttpd
   #
@@ -99,7 +101,7 @@ module Rack
   # will be matched with case indifference.
   class Sendfile
-    def initialize(app, variation=nil, mappings=[])
+    def initialize(app, variation = nil, mappings = [])
       @app = app
       @variation = variation
       @mappings = mappings.map do |internal, external|
@@ -115,7 +117,8 @@ module Rack
           path = ::File.expand_path(body.to_path)
           if url = map_accel_path(env, path)
             headers[CONTENT_LENGTH] = '0'
-            headers[type] = url
+            # '?' must be percent-encoded because it is not query string but a part of path
+            headers[type] = ::Rack::Utils.escape_path(url).gsub('?', '%3F')
             obody = body
             body = Rack::BodyProxy.new([]) do
               obody.close if obody.respond_to?(:close)
@@ -147,11 +150,15 @@ module Rack
     end
     def map_accel_path(env, path)
-      if mapping = @mappings.find { |internal,_| internal =~ path }
+      if mapping = @mappings.find { |internal, _| internal =~ path }
         path.sub(*mapping)
       elsif mapping = env['HTTP_X_ACCEL_MAPPING']
-        internal, external = mapping.split('=', 2).map(&:strip)
-        path.sub(/^#{internal}/i, external)
+        mapping.split(',').map(&:strip).each do |m|
+          internal, external = m.split('=', 2).map(&:strip)
+          new_path = path.sub(/^#{internal}/i, external)
+          return new_path unless path == new_path
+        end
+        path
       end
     end
   end

data/lib/rack/server.rb CHANGED

@@ -1,10 +1,14 @@
+# frozen_string_literal: true
 require 'optparse'
 require 'fileutils'
+require_relative 'core_ext/regexp'
 module Rack
   class Server
+    using ::Rack::RegexpExtensions
     class Options
       def parse!(args)
@@ -21,10 +25,6 @@ module Rack
             lineno += 1
           }
-          opts.on("-b", "--builder BUILDER_LINE", "evaluate a BUILDER_LINE of code as a builder script") { |line|
-            options[:builder] = line
-          }
           opts.on("-d", "--debug", "set debugging flags (set $DEBUG to true)") {
             options[:debug] = true
           }
@@ -47,7 +47,11 @@ module Rack
           opts.separator ""
           opts.separator "Rack options:"
-          opts.on("-s", "--server SERVER", "serve using SERVER (thin/puma/webrick/mongrel)") { |s|
+          opts.on("-b", "--builder BUILDER_LINE", "evaluate a BUILDER_LINE of code as a builder script") { |line|
+            options[:builder] = line
+          }
+          opts.on("-s", "--server SERVER", "serve using SERVER (thin/puma/webrick)") { |s|
             options[:server] = s
           }
@@ -77,6 +81,24 @@ module Rack
             options[:pid] = ::File.expand_path(f)
           }
+          opts.separator ""
+          opts.separator "Profiling options:"
+          opts.on("--heap HEAPFILE", "Build the application, then dump the heap to HEAPFILE") do |e|
+            options[:heapfile] = e
+          end
+          opts.on("--profile PROFILE", "Dump CPU or Memory profile to PROFILE (defaults to a tempfile)") do |e|
+            options[:profile_file] = e
+          end
+          opts.on("--profile-mode MODE", "Profile mode (cpu|wall|object)") do |e|
+            { cpu: true, wall: true, object: true }.fetch(e.to_sym) do
+              raise OptionParser::InvalidOption, "unknown profile mode: #{e}"
+            end
+            options[:profile_mode] = e.to_sym
+          end
           opts.separator ""
           opts.separator "Common options:"
@@ -114,7 +136,7 @@ module Rack
             has_options = false
             server.valid_options.each do |name, description|
-              next if name.to_s.match(/^(Host|Port)[^a-zA-Z]/) # ignore handler's host and port options, we do our own.
+              next if /^(Host|Port)[^a-zA-Z]/.match?(name.to_s) # ignore handler's host and port options, we do our own.
               info << "  -O %-21s %s" % [name, description]
               has_options = true
             end
@@ -152,7 +174,9 @@ module Rack
     # Options may include:
     # * :app
-    #     a rack application to run (overrides :config)
+    #     a rack application to run (overrides :config and :builder)
+    # * :builder
+    #     a string to evaluate a Rack::Builder from
     # * :config
     #     a rackup configuration file path to load (.ru)
     # * :environment
@@ -182,6 +206,14 @@ module Rack
     #     add given paths to $LOAD_PATH
     # * :require
     #     require the given libraries
+    #
+    # Additional options for profiling app initialization include:
+    # * :heapfile
+    #     location for ObjectSpace.dump_all to write the output to
+    # * :profile_file
+    #     location for CPU/Memory (StackProf) profile output (defaults to a tempfile)
+    # * :profile_mode
+    #     StackProf profile mode (cpu|wall|object)
     def initialize(options = nil)
       @ignore_options = []
@@ -206,12 +238,12 @@ module Rack
       default_host = environment == 'development' ? 'localhost' : '0.0.0.0'
       {
-        :environment => environment,
-        :pid         => nil,
-        :Port        => 9292,
-        :Host        => default_host,
-        :AccessLog   => [],
-        :config      => "config.ru"
+        environment: environment,
+        pid: nil,
+        Port: 9292,
+        Host: default_host,
+        AccessLog: [],
+        config: "config.ru"
       }
     end
@@ -222,21 +254,19 @@ module Rack
     class << self
       def logging_middleware
         lambda { |server|
-          server.server.name =~ /CGI/ || server.options[:quiet] ? nil : [Rack::CommonLogger, $stderr]
+          /CGI/.match?(server.server.name) || server.options[:quiet] ? nil : [Rack::CommonLogger, $stderr]
         }
       end
       def default_middleware_by_environment
-        m = Hash.new {|h,k| h[k] = []}
+        m = Hash.new {|h, k| h[k] = []}
         m["deployment"] = [
           [Rack::ContentLength],
-          [Rack::Chunked],
           logging_middleware,
           [Rack::TempfileReaper]
         ]
         m["development"] = [
           [Rack::ContentLength],
-          [Rack::Chunked],
           logging_middleware,
           [Rack::ShowExceptions],
           [Rack::Lint],
@@ -280,7 +310,9 @@ module Rack
       # Touch the wrapped app, so that the config.ru is loaded before
       # daemonization (i.e. before chdir, etc).
-      wrapped_app
+      handle_profiling(options[:heapfile], options[:profile_mode], options[:profile_file]) do
+        wrapped_app
+      end
       daemonize_app if options[:daemonize]
@@ -321,6 +353,44 @@ module Rack
         app
       end
+      def handle_profiling(heapfile, profile_mode, filename)
+        if heapfile
+          require "objspace"
+          ObjectSpace.trace_object_allocations_start
+          yield
+          GC.start
+          ::File.open(heapfile, "w") { |f| ObjectSpace.dump_all(output: f) }
+          exit
+        end
+        if profile_mode
+          require "stackprof"
+          require "tempfile"
+          make_profile_name(filename) do |filename|
+            ::File.open(filename, "w") do |f|
+              StackProf.run(mode: profile_mode, out: f) do
+                yield
+              end
+              puts "Profile written to: #{filename}"
+            end
+          end
+          exit
+        end
+        yield
+      end
+      def make_profile_name(filename)
+        if filename
+          yield filename
+        else
+          ::Dir::Tmpname.create("profile.dump") do |tmpname, _, _|
+            yield tmpname
+          end
+        end
+      end
       def build_app_from_string
         Rack::Builder.new_from_string(self.options[:builder])
       end

data/lib/rack/session/abstract/id.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
 # bugrep: Andreas Zehnder
@@ -26,9 +28,9 @@ module Rack
       end
       alias :cookie_value :public_id
+      alias :to_s :public_id
       def empty?; false; end
-      def to_s; raise; end
       def inspect; public_id.inspect; end
       private
@@ -42,6 +44,18 @@ module Rack
       # SessionHash is responsible to lazily load the session from store.
       class SessionHash
+        using Module.new {
+          refine Hash do
+            def transform_keys(&block)
+              hash = {}
+              each do |key, value|
+                hash[block.call(key)] = value
+              end
+              hash
+            end
+          end
+        } unless {}.respond_to?(:transform_keys)
         include Enumerable
         attr_writer :id
@@ -84,7 +98,7 @@ module Rack
           @data[key.to_s]
         end
-        def fetch(key, default=Unspecified, &block)
+        def fetch(key, default = Unspecified, &block)
           load_for_read!
           if default == Unspecified
             @data.fetch(key.to_s, &block)
@@ -187,11 +201,7 @@ module Rack
         end
         def stringify_keys(other)
-          hash = {}
-          other.each do |key, value|
-            hash[key.to_s] = value
-          end
-          hash
+          other.to_hash.transform_keys(&:to_s)
         end
       end
@@ -226,22 +236,22 @@ module Rack
       class Persisted
         DEFAULT_OPTIONS = {
-          :key =>           RACK_SESSION,
-          :path =>          '/',
-          :domain =>        nil,
-          :expire_after =>  nil,
-          :secure =>        false,
-          :httponly =>      true,
-          :defer =>         false,
-          :renew =>         false,
-          :sidbits =>       128,
-          :cookie_only =>   true,
-          :secure_random => ::SecureRandom
+          key: RACK_SESSION,
+          path: '/',
+          domain: nil,
+          expire_after: nil,
+          secure: false,
+          httponly: true,
+          defer: false,
+          renew: false,
+          sidbits: 128,
+          cookie_only: true,
+          secure_random: ::SecureRandom
         }.freeze
         attr_reader :key, :default_options, :sid_secure
-        def initialize(app, options={})
+        def initialize(app, options = {})
           @app = app
           @default_options = self.class::DEFAULT_OPTIONS.merge(options)
           @key = @default_options.delete(:key)
@@ -253,7 +263,7 @@ module Rack
           context(env)
         end
-        def context(env, app=@app)
+        def context(env, app = @app)
           req = make_request env
           prepare_session(req)
           status, headers, body = app.call(req.env)
@@ -376,7 +386,7 @@ module Rack
           session.send(:load!) unless loaded_session?(session)
           session_id ||= session.id
-          session_data = session.to_hash.delete_if { |k,v| v.nil? }
+          session_data = session.to_hash.delete_if { |k, v| v.nil? }
           if not data = write_session(req, session_id, session_data, options)
             req.get_header(RACK_ERRORS).puts("Warning! #{self.class.name} failed to save session. Content dropped.")
@@ -442,7 +452,7 @@ module Rack
           def [](key)
             if key == "session_id"
               load_for_read!
-              id.public_id
+              id.public_id if id
             else
               super
             end

data/lib/rack/session/cookie.rb CHANGED

@@ -1,9 +1,12 @@
+# frozen_string_literal: true
 require 'openssl'
 require 'zlib'
 require 'rack/request'
 require 'rack/response'
 require 'rack/session/abstract/id'
 require 'json'
+require 'base64'
 module Rack
@@ -49,11 +52,11 @@ module Rack
       # Encode session cookies as Base64
       class Base64
         def encode(str)
-          [str].pack('m')
+          ::Base64.strict_encode64(str)
         end
         def decode(str)
-          str.unpack('m').first
+          ::Base64.decode64(str)
         end
         # Encode session cookies as Marshaled Base64 data
@@ -103,7 +106,7 @@ module Rack
       attr_reader :coder
-      def initialize(app, options={})
+      def initialize(app, options = {})
         @secrets = options.values_at(:secret, :old_secret).compact
         @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1)
@@ -116,8 +119,8 @@ module Rack
         Called from: #{caller[0]}.
         MSG
-        @coder  = options[:coder] ||= Base64::Marshal.new
-        super(app, options.merge!(:cookie_only => true))
+        @coder = options[:coder] ||= Base64::Marshal.new
+        super(app, options.merge!(cookie_only: true))
       end
       private
@@ -137,9 +140,7 @@ module Rack
           session_data = request.cookies[@key]
           if @secrets.size > 0 && session_data
-            digest, session_data = session_data.reverse.split("--", 2)
-            digest.reverse! if digest
-            session_data.reverse! if session_data
+            session_data, _, digest = session_data.rpartition('--')
             session_data = nil unless digest_match?(session_data, digest)
           end
@@ -147,7 +148,7 @@ module Rack
         end
       end
-      def persistent_session_id!(data, sid=nil)
+      def persistent_session_id!(data, sid = nil)
         data ||= {}
         data["session_id"] ||= sid || generate_sid
         data