rack 2.0.8 → 2.2.2

data/lib/rack/method_override.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 module Rack
   class MethodOverride
     HTTP_METHODS = %w[GET HEAD PUT POST DELETE OPTIONS PATCH LINK UNLINK]
 
-    METHOD_OVERRIDE_PARAM_KEY = "_method".freeze
-    HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE".freeze
+    METHOD_OVERRIDE_PARAM_KEY = "_method"
+    HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE"
     ALLOWED_METHODS = %w[POST]
 
     def initialize(app)

data/lib/rack/mime.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Mime
     # Returns String with mime type if found, otherwise use +fallback+.
@@ -13,7 +15,7 @@ module Rack
     # This is a shortcut for:
     #     Rack::Mime::MIME_TYPES.fetch('.foo', 'application/octet-stream')
 
-    def mime_type(ext, fallback='application/octet-stream')
+    def mime_type(ext, fallback = 'application/octet-stream')
       MIME_TYPES.fetch(ext.to_s.downcase, fallback)
     end
     module_function :mime_type
@@ -306,6 +308,7 @@ module Rack
       ".lvp"       => "audio/vnd.lucent.voice",
       ".lwp"       => "application/vnd.lotus-wordpro",
       ".m3u"       => "audio/x-mpegurl",
+      ".m3u8"      => "application/x-mpegurl",
       ".m4a"       => "audio/mp4a-latm",
       ".m4v"       => "video/mp4",
       ".ma"        => "application/mathematica",
@@ -343,6 +346,7 @@ module Rack
       ".mp4s"      => "application/mp4",
       ".mp4v"      => "video/mp4",
       ".mpc"       => "application/vnd.mophun.certificate",
+      ".mpd"       => "application/dash+xml",
       ".mpeg"      => "video/mpeg",
       ".mpg"       => "video/mpeg",
       ".mpga"      => "audio/mpeg",
@@ -542,6 +546,7 @@ module Rack
       ".spp"       => "application/scvp-vp-response",
       ".spq"       => "application/scvp-vp-request",
       ".src"       => "application/x-wais-source",
+      ".srt"       => "text/srt",
       ".srx"       => "application/sparql-results+xml",
       ".sse"       => "application/vnd.kodak-descriptor",
       ".ssf"       => "application/vnd.epson.ssf",
@@ -576,6 +581,7 @@ module Rack
       ".tr"        => "text/troff",
       ".tra"       => "application/vnd.trueapp",
       ".trm"       => "application/x-msterminal",
+      ".ts"        => "video/mp2t",
       ".tsv"       => "text/tab-separated-values",
       ".ttf"       => "application/octet-stream",
       ".twd"       => "application/vnd.simtech-mindmapper",
@@ -600,9 +606,11 @@ module Rack
       ".vrml"      => "model/vrml",
       ".vsd"       => "application/vnd.visio",
       ".vsf"       => "application/vnd.vsf",
+      ".vtt"       => "text/vtt",
       ".vtu"       => "model/vnd.vtu",
       ".vxml"      => "application/voicexml+xml",
       ".war"       => "application/java-archive",
+      ".wasm"      => "application/wasm",
       ".wav"       => "audio/x-wav",
       ".wax"       => "audio/x-ms-wax",
       ".wbmp"      => "image/vnd.wap.wbmp",

data/lib/rack/mock.rb

@@ -1,9 +1,9 @@
+# frozen_string_literal: true
+
 require 'uri'
 require 'stringio'
-require 'rack'
-require 'rack/lint'
-require 'rack/utils'
-require 'rack/response'
+require_relative '../rack'
+require 'cgi/cookie'
 
 module Rack
   # Rack::MockRequest helps testing your Rack application without
@@ -53,16 +53,26 @@ module Rack
       @app = app
     end
 
-    def get(uri, opts={})     request(GET, uri, opts)     end
-    def post(uri, opts={})    request(POST, uri, opts)    end
-    def put(uri, opts={})     request(PUT, uri, opts)     end
-    def patch(uri, opts={})   request(PATCH, uri, opts)   end
-    def delete(uri, opts={})  request(DELETE, uri, opts)  end
-    def head(uri, opts={})    request(HEAD, uri, opts)    end
-    def options(uri, opts={}) request(OPTIONS, uri, opts) end
-
-    def request(method=GET, uri="", opts={})
-      env = self.class.env_for(uri, opts.merge(:method => method))
+    # Make a GET request and return a MockResponse. See #request.
+    def get(uri, opts = {})     request(GET, uri, opts)     end
+    # Make a POST request and return a MockResponse. See #request.
+    def post(uri, opts = {})    request(POST, uri, opts)    end
+    # Make a PUT request and return a MockResponse. See #request.
+    def put(uri, opts = {})     request(PUT, uri, opts)     end
+    # Make a PATCH request and return a MockResponse. See #request.
+    def patch(uri, opts = {})   request(PATCH, uri, opts)   end
+    # Make a DELETE request and return a MockResponse. See #request.
+    def delete(uri, opts = {})  request(DELETE, uri, opts)  end
+    # Make a HEAD request and return a MockResponse. See #request.
+    def head(uri, opts = {})    request(HEAD, uri, opts)    end
+    # Make an OPTIONS request and return a MockResponse. See #request.
+    def options(uri, opts = {}) request(OPTIONS, uri, opts) end
+
+    # Make a request using the given request method for the given
+    # uri to the rack application and return a MockResponse.
+    # Options given are passed to MockRequest.env_for.
+    def request(method = GET, uri = "", opts = {})
+      env = self.class.env_for(uri, opts.merge(method: method))
 
       if opts[:lint]
         app = Rack::Lint.new(@app)
@@ -71,7 +81,7 @@ module Rack
       end
 
       errors = env[RACK_ERRORS]
-      status, headers, body  = app.call(env)
+      status, headers, body = app.call(env)
       MockResponse.new(status, headers, body, errors)
     ensure
       body.close if body.respond_to?(:close)
@@ -85,7 +95,14 @@ module Rack
     end
 
     # Return the Rack environment used for a request to +uri+.
-    def self.env_for(uri="", opts={})
+    # All options that are strings are added to the returned environment.
+    # Options:
+    # :fatal :: Whether to raise an exception if request outputs to rack.errors
+    # :input :: The rack.input to set
+    # :method :: The HTTP request method to use
+    # :params :: The params to use
+    # :script_name :: The SCRIPT_NAME to set
+    def self.env_for(uri = "", opts = {})
       uri = parse_uri_rfc2396(uri)
       uri.path = "/#{uri.path}" unless uri.path[0] == ?/
 
@@ -139,7 +156,7 @@ module Rack
       rack_input.set_encoding(Encoding::BINARY)
       env[RACK_INPUT] = rack_input
 
-      env["CONTENT_LENGTH"] ||= env[RACK_INPUT].length.to_s
+      env["CONTENT_LENGTH"] ||= env[RACK_INPUT].size.to_s if env[RACK_INPUT].respond_to?(:size)
 
       opts.each { |field, value|
         env[field] = value  if String === field
@@ -154,17 +171,24 @@ module Rack
   # MockRequest.
 
   class MockResponse < Rack::Response
+    class << self
+      alias [] new
+    end
+
     # Headers
-    attr_reader :original_headers
+    attr_reader :original_headers, :cookies
 
     # Errors
     attr_accessor :errors
 
-    def initialize(status, headers, body, errors=StringIO.new(""))
+    def initialize(status, headers, body, errors = StringIO.new(""))
       @original_headers = headers
       @errors           = errors.string if errors.respond_to?(:string)
+      @cookies = parse_cookies_from_header
 
       super(body, status, headers)
+
+      buffered_body!
     end
 
     def =~(other)
@@ -186,11 +210,64 @@ module Rack
       #     ...
       #     res.body.should == "foo!"
       #   end
-      super.join
+      buffer = String.new
+
+      super.each do |chunk|
+        buffer << chunk
+      end
+
+      return buffer
     end
 
     def empty?
       [201, 204, 304].include? status
     end
+
+    def cookie(name)
+      cookies.fetch(name, nil)
+    end
+
+    private
+
+    def parse_cookies_from_header
+      cookies = Hash.new
+      if original_headers.has_key? 'Set-Cookie'
+        set_cookie_header = original_headers.fetch('Set-Cookie')
+        set_cookie_header.split("\n").each do |cookie|
+          cookie_name, cookie_filling = cookie.split('=', 2)
+          cookie_attributes = identify_cookie_attributes cookie_filling
+          parsed_cookie = CGI::Cookie.new(
+            'name' => cookie_name.strip,
+            'value' => cookie_attributes.fetch('value'),
+            'path' => cookie_attributes.fetch('path', nil),
+            'domain' => cookie_attributes.fetch('domain', nil),
+            'expires' => cookie_attributes.fetch('expires', nil),
+            'secure' => cookie_attributes.fetch('secure', false)
+          )
+          cookies.store(cookie_name, parsed_cookie)
+        end
+      end
+      cookies
+    end
+
+    def identify_cookie_attributes(cookie_filling)
+      cookie_bits = cookie_filling.split(';')
+      cookie_attributes = Hash.new
+      cookie_attributes.store('value', cookie_bits[0].strip)
+      cookie_bits.each do |bit|
+        if bit.include? '='
+          cookie_attribute, attribute_value = bit.split('=')
+          cookie_attributes.store(cookie_attribute.strip, attribute_value.strip)
+          if cookie_attribute.include? 'max-age'
+            cookie_attributes.store('expires', Time.now + attribute_value.strip.to_i)
+          end
+        end
+        if bit.include? 'secure'
+          cookie_attributes.store('secure', true)
+        end
+      end
+      cookie_attributes
+    end
+
   end
 end

data/lib/rack/multipart.rb

@@ -1,4 +1,6 @@
-require 'rack/multipart/parser'
+# frozen_string_literal: true
+
+require_relative 'multipart/parser'
 
 module Rack
   # A multipart form data parser, adapted from IOWA.
@@ -14,10 +16,10 @@ module Rack
     TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
     CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
     VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
-    BROKEN_QUOTED = /^#{CONDISP}.*;\sfilename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
-    BROKEN_UNQUOTED = /^#{CONDISP}.*;\sfilename=(#{TOKEN})/i
+    BROKEN_QUOTED = /^#{CONDISP}.*;\s*filename="(.*?)"(?:\s*$|\s*;\s*#{TOKEN}=)/i
+    BROKEN_UNQUOTED = /^#{CONDISP}.*;\s*filename=(#{TOKEN})/i
     MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*\s+name=(#{VALUE})/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
     MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
     # Updated definitions from RFC 2231
     ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]}

data/lib/rack/multipart/generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Multipart
     class Generator
@@ -15,9 +17,13 @@ module Rack
 
         flattened_params.map do |name, file|
           if file.respond_to?(:original_filename)
-            ::File.open(file.path, 'rb') do |f|
-              f.set_encoding(Encoding::BINARY)
-              content_for_tempfile(f, file, name)
+            if file.path
+              ::File.open(file.path, 'rb') do |f|
+                f.set_encoding(Encoding::BINARY)
+                content_for_tempfile(f, file, name)
+              end
+            else
+              content_for_tempfile(file, file, name)
             end
           else
             content_for_other(file, name)
@@ -27,21 +33,18 @@ module Rack
 
       private
       def multipart?
-        multipart = false
-
         query = lambda { |value|
           case value
           when Array
-            value.each(&query)
+            value.any?(&query)
           when Hash
-            value.values.each(&query)
+            value.values.any?(&query)
           when Rack::Multipart::UploadedFile
-            multipart = true
+            true
           end
         }
-        @params.values.each(&query)
 
-        multipart
+        @params.values.any?(&query)
       end
 
       def flattened_params
@@ -70,12 +73,13 @@ module Rack
       end
 
       def content_for_tempfile(io, file, name)
+        length = ::File.stat(file.path).size if file.path
+        filename = "; filename=\"#{Utils.escape(file.original_filename)}\"" if file.original_filename
 <<-EOF
 --#{MULTIPART_BOUNDARY}\r
-Content-Disposition: form-data; name="#{name}"; filename="#{Utils.escape(file.original_filename)}"\r
+Content-Disposition: form-data; name="#{name}"#{filename}\r
 Content-Type: #{file.content_type}\r
-Content-Length: #{::File.stat(file.path).size}\r
-\r
+#{"Content-Length: #{length}\r\n" if length}\r
 #{io.read}\r
 EOF
       end

data/lib/rack/multipart/parser.rb

@@ -1,16 +1,22 @@
-require 'rack/utils'
+# frozen_string_literal: true
+
+require 'strscan'
 
 module Rack
   module Multipart
     class MultipartPartLimitError < Errno::EMFILE; end
 
     class Parser
-      BUFSIZE = 16384
+      (require_relative '../core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
+
+      BUFSIZE = 1_048_576
       TEXT_PLAIN = "text/plain"
       TEMPFILE_FACTORY = lambda { |filename, content_type|
-        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))])
+        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))])
       }
 
+      BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/
+
       class BoundedIO # :nodoc:
         def initialize(io, content_length)
           @io             = io
@@ -18,15 +24,15 @@ module Rack
           @cursor = 0
         end
 
-        def read(size)
+        def read(size, outbuf = nil)
           return if @cursor >= @content_length
 
           left = @content_length - @cursor
 
           str = if left < size
-                  @io.read left
+                  @io.read left, outbuf
                 else
-                  @io.read size
+                  @io.read size, outbuf
                 end
 
           if str
@@ -61,13 +67,14 @@ module Rack
         return EMPTY unless boundary
 
         io = BoundedIO.new(io, content_length) if content_length
+        outbuf = String.new
 
         parser = new(boundary, tmpfile, bufsize, qp)
-        parser.on_read io.read(bufsize)
+        parser.on_read io.read(bufsize, outbuf)
 
         loop do
           break if parser.state == :DONE
-          parser.on_read io.read(bufsize)
+          parser.on_read io.read(bufsize, outbuf)
         end
 
         io.rewind
@@ -90,14 +97,8 @@ module Rack
               # those which give the lone filename.
               fn = filename.split(/[\/\\]/).last
 
-              data = {:filename => fn, :type => content_type,
-                      :name => name, :tempfile => body, :head => head}
-            elsif !filename && content_type && body.is_a?(IO)
-              body.rewind
-
-              # Generic multipart cases, not coming from a form
-              data = {:type => content_type,
-                      :name => name, :tempfile => body, :head => head}
+              data = { filename: fn, type: content_type,
+                      name: name, tempfile: body, head: head }
             end
 
             yield data
@@ -116,7 +117,7 @@ module Rack
 
         include Enumerable
 
-        def initialize tempfile
+        def initialize(tempfile)
           @tempfile = tempfile
           @mime_parts = []
           @open_files = 0
@@ -126,7 +127,7 @@ module Rack
           @mime_parts.each { |part| yield part }
         end
 
-        def on_mime_head mime_index, head, filename, content_type, name
+        def on_mime_head(mime_index, head, filename, content_type, name)
           if filename
             body = @tempfile.call(filename, content_type)
             body.binmode if body.respond_to?(:binmode)
@@ -138,14 +139,15 @@ module Rack
           end
 
           @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name)
+
           check_open_files
         end
 
-        def on_mime_body mime_index, content
+        def on_mime_body(mime_index, content)
           @mime_parts[mime_index].body << content
         end
 
-        def on_mime_finish mime_index
+        def on_mime_finish(mime_index)
         end
 
         private
@@ -163,25 +165,26 @@ module Rack
       attr_reader :state
 
       def initialize(boundary, tempfile, bufsize, query_parser)
-        @buf            = String.new
-
         @query_parser   = query_parser
         @params         = query_parser.make_params
         @boundary       = "--#{boundary}"
         @bufsize        = bufsize
 
-        @rx = /(?:#{EOL})?#{Regexp.quote(@boundary)}(#{EOL}|--)/n
-        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
         @full_boundary = @boundary
         @end_boundary = @boundary + '--'
         @state = :FAST_FORWARD
         @mime_index = 0
         @collector = Collector.new tempfile
+
+        @sbuf = StringScanner.new("".dup)
+        @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
+        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
+        @head_regex = /(.*?#{EOL})#{EOL}/m
       end
 
-      def on_read content
+      def on_read(content)
         handle_empty_content!(content)
-        @buf << content
+        @sbuf.concat content
         run_parser
       end
 
@@ -192,7 +195,6 @@ module Rack
             @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit)
           end
         end
-
         MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
       end
 
@@ -219,7 +221,7 @@ module Rack
         if consume_boundary
           @state = :MIME_HEAD
         else
-          raise EOFError, "bad content body" if @buf.bytesize >= @bufsize
+          raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize
           :want_read
         end
       end
@@ -227,19 +229,16 @@ module Rack
       def handle_consume_token
         tok = consume_boundary
         # break if we're at the end of a buffer, but not if it is the end of a field
-        if tok == :END_BOUNDARY || (@buf.empty? && tok != :BOUNDARY)
-          @state = :DONE
+        @state = if tok == :END_BOUNDARY || (@sbuf.eos? && tok != :BOUNDARY)
+          :DONE
         else
-          @state = :MIME_HEAD
+          :MIME_HEAD
         end
       end
 
       def handle_mime_head
-        if @buf.index(EOL + EOL)
-          i = @buf.index(EOL+EOL)
-          head = @buf.slice!(0, i+2) # First \r\n
-          @buf.slice!(0, 2)          # Second \r\n
-
+        if @sbuf.scan_until(@head_regex)
+          head = @sbuf[1]
           content_type = head[MULTIPART_CONTENT_TYPE, 1]
           if name = head[MULTIPART_CONTENT_DISPOSITION, 1]
             name = Rack::Auth::Digest::Params::dequote(name)
@@ -250,7 +249,7 @@ module Rack
           filename = get_filename(head)
 
           if name.nil? || name.empty?
-            name = filename || "#{content_type || TEXT_PLAIN}[]"
+            name = filename || "#{content_type || TEXT_PLAIN}[]".dup
           end
 
           @collector.on_mime_head @mime_index, head, filename, content_type, name
@@ -261,16 +260,19 @@ module Rack
       end
 
       def handle_mime_body
-        if i = @buf.index(rx)
-          # Save the rest.
-          @collector.on_mime_body @mime_index, @buf.slice!(0, i)
-          @buf.slice!(0, 2) # Remove \r\n after the content
+        if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
+          body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string
+          @collector.on_mime_body @mime_index, body
+          @sbuf.pos += body.length + 2 # skip \r\n after the content
           @state = :CONSUME_TOKEN
           @mime_index += 1
         else
-          # Save the read body part.
-          if @rx_max_size < @buf.size
-            @collector.on_mime_body @mime_index, @buf.slice!(0, @buf.size - @rx_max_size)
+          # Save what we have so far
+          if @rx_max_size < @sbuf.rest_size
+            delta = @sbuf.rest_size - @rx_max_size
+            @collector.on_mime_body @mime_index, @sbuf.peek(delta)
+            @sbuf.pos += delta
+            @sbuf.string = @sbuf.rest
           end
           :want_read
         end
@@ -278,16 +280,13 @@ module Rack
 
       def full_boundary; @full_boundary; end
 
-      def rx; @rx; end
-
       def consume_boundary
-        while @buf.gsub!(/\A([^\n]*(?:\n|\Z))/, '')
-          read_buffer = $1
+        while read_buffer = @sbuf.scan_until(BOUNDARY_REGEX)
           case read_buffer.strip
           when full_boundary then return :BOUNDARY
           when @end_boundary then return :END_BOUNDARY
           end
-          return if @buf.empty?
+          return if @sbuf.eos?
         end
       end
 
@@ -308,8 +307,8 @@ module Rack
 
         return unless filename
 
-        if filename.scan(/%.?.?/).all? { |s| s =~ /%[0-9a-fA-F]{2}/ }
-          filename = Utils.unescape(filename)
+        if filename.scan(/%.?.?/).all? { |s| /%[0-9a-fA-F]{2}/.match?(s) }
+          filename = Utils.unescape_path(filename)
         end
 
         filename.scrub!
@@ -325,7 +324,7 @@ module Rack
         filename
       end
 
-      CHARSET   = "charset"
+      CHARSET = "charset"
 
       def tag_multipart_encoding(filename, content_type, name, body)
         name = name.to_s
@@ -340,12 +339,12 @@ module Rack
           type_subtype = list.first
           type_subtype.strip!
           if TEXT_PLAIN == type_subtype
-            rest         = list.drop 1
+            rest = list.drop 1
             rest.each do |param|
-              k,v = param.split('=', 2)
+              k, v = param.split('=', 2)
               k.strip!
               v.strip!
-              v = v[1..-2] if v[0] == '"' && v[-1] == '"'
+              v = v[1..-2] if v.start_with?('"') && v.end_with?('"')
               encoding = Encoding.find v if k == CHARSET
             end
           end
@@ -355,7 +354,6 @@ module Rack
         body.force_encoding(encoding)
       end
 
-
       def handle_empty_content!(content)
         if content.nil? || content.empty?
           raise EOFError