rack 2.1.3 → 2.2.3

data/lib/rack/head.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'rack/body_proxy'
-
 module Rack
   # Rack::Head returns an empty body for all HEAD requests. It leaves
   # all other requests unchanged.

data/lib/rack/lint.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
 require 'forwardable'
 
 module Rack
@@ -48,13 +47,24 @@ module Rack
       env[RACK_ERRORS] = ErrorWrapper.new(env[RACK_ERRORS])
 
       ## and returns an Array of exactly three values:
-      status, headers, @body = @app.call(env)
+      ary = @app.call(env)
+      assert("response #{ary.inspect} is not an Array , but #{ary.class}") {
+        ary.kind_of? Array
+      }
+      assert("response array #{ary.inspect} has #{ary.size} elements instead of 3") {
+        ary.size == 3
+      }
+
+      status, headers, @body = ary
       ## The *status*,
       check_status status
       ## the *headers*,
       check_headers headers
 
-      check_hijack_response headers, env
+      hijack_proc = check_hijack_response headers, env
+      if hijack_proc && headers.is_a?(Hash)
+        headers[RACK_HIJACK] = hijack_proc
+      end
 
       ## and the *body*.
       check_content_type status, headers
@@ -65,12 +75,15 @@ module Rack
 
     ## == The Environment
     def check_env(env)
-      ## The environment must be an instance of Hash that includes
+      ## The environment must be an unfrozen instance of Hash that includes
       ## CGI-like headers.  The application is free to modify the
       ## environment.
       assert("env #{env.inspect} is not a Hash, but #{env.class}") {
         env.kind_of? Hash
       }
+      assert("env should not be frozen, but is") {
+        !env.frozen?
+      }
 
       ##
       ## The environment is required to include these variables
@@ -104,17 +117,19 @@ module Rack
       ##                         follows the <tt>?</tt>, if any. May be
       ##                         empty, but is always required!
 
-      ## <tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>::
-      ##                        When combined with <tt>SCRIPT_NAME</tt> and
+      ## <tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
       ##                        <tt>PATH_INFO</tt>, these variables can be
       ##                        used to complete the URL. Note, however,
       ##                        that <tt>HTTP_HOST</tt>, if present,
       ##                        should be used in preference to
       ##                        <tt>SERVER_NAME</tt> for reconstructing
       ##                        the request URL.
-      ##                        <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt>
-      ##                        can never be empty strings, and so
-      ##                        are always required.
+      ##                        <tt>SERVER_NAME</tt> can never be an empty
+      ##                        string, and so is always required.
+
+      ## <tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
+      ##                        server is running on. Should be specified if
+      ##                        the server is running on a non-standard port.
 
       ## <tt>HTTP_</tt> Variables:: Variables corresponding to the
       ##                            client-supplied HTTP request
@@ -198,6 +213,11 @@ module Rack
         assert("session #{session.inspect} must respond to clear") {
           session.respond_to?(:clear)
         }
+
+        ##                         to_hash (returning unfrozen Hash instance);
+        assert("session #{session.inspect} must respond to to_hash and return unfrozen Hash instance") {
+          session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash) && !session.to_hash.frozen?
+        }
       end
 
       ## <tt>rack.logger</tt>:: A common object interface for logging messages.
@@ -253,13 +273,28 @@ module Rack
       ## accepted specifications and must not be used otherwise.
       ##
 
-      %w[REQUEST_METHOD SERVER_NAME SERVER_PORT
-         QUERY_STRING
+      %w[REQUEST_METHOD SERVER_NAME QUERY_STRING
          rack.version rack.input rack.errors
          rack.multithread rack.multiprocess rack.run_once].each { |header|
         assert("env missing required key #{header}") { env.include? header }
       }
 
+      ## The <tt>SERVER_PORT</tt> must be an Integer if set.
+      assert("env[SERVER_PORT] is not an Integer") do
+        server_port = env["SERVER_PORT"]
+        server_port.nil? || (Integer(server_port) rescue false)
+      end
+
+      ## The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
+      assert("#{env[SERVER_NAME]} must be a valid authority") do
+        URI.parse("http://#{env[SERVER_NAME]}/") rescue false
+      end
+
+      ## The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
+      assert("#{env[HTTP_HOST]} must be a valid authority") do
+        URI.parse("http://#{env[HTTP_HOST]}/") rescue false
+      end
+
       ## The environment must not contain the keys
       ## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
       ## (use the versions without <tt>HTTP_</tt>).
@@ -270,11 +305,17 @@ module Rack
       }
 
       ## The CGI keys (named without a period) must have String values.
+      ## If the string values for CGI keys contain non-ASCII characters,
+      ## they should use ASCII-8BIT encoding.
       env.each { |key, value|
         next  if key.include? "."   # Skip extensions
         assert("env variable #{key} has non-string value #{value.inspect}") {
           value.kind_of? String
         }
+        next if value.encoding == Encoding::ASCII_8BIT
+        assert("env variable #{key} has value containing non-ASCII characters and has non-ASCII-8BIT encoding #{value.inspect} encoding: #{value.encoding}") {
+          value.b !~ /[\x80-\xff]/n
+        }
       }
 
       ## There are the following restrictions:
@@ -337,7 +378,7 @@ module Rack
       ## When applicable, its external encoding must be "ASCII-8BIT" and it
       ## must be opened in binary mode, for Ruby 1.9 compatibility.
       assert("rack.input #{input} does not have ASCII-8BIT as its external encoding") {
-        input.external_encoding.name == "ASCII-8BIT"
+        input.external_encoding == Encoding::ASCII_8BIT
       } if input.respond_to?(:external_encoding)
       assert("rack.input #{input} is not opened in binary mode") {
         input.binmode?
@@ -569,7 +610,7 @@ module Rack
 
       # this check uses headers like a hash, but the spec only requires
       # headers respond to #each
-      headers = Rack::Utils::HeaderHash.new(headers)
+      headers = Rack::Utils::HeaderHash[headers]
 
       ## In order to do this, an application may set the special header
       ## <tt>rack.hijack</tt> to an object that responds to <tt>call</tt>
@@ -593,7 +634,7 @@ module Rack
           headers[RACK_HIJACK].respond_to? :call
         }
         original_hijack = headers[RACK_HIJACK]
-        headers[RACK_HIJACK] = proc do |io|
+        proc do |io|
           original_hijack.call HijackWrapper.new(io)
         end
       else
@@ -603,6 +644,8 @@ module Rack
         assert('rack.hijack header must not be present if server does not support hijacking') {
           headers[RACK_HIJACK].nil?
         }
+
+        nil
       end
     end
     ## ==== Conventions

data/lib/rack/lobster.rb

@@ -2,9 +2,6 @@
 
 require 'zlib'
 
-require 'rack/request'
-require 'rack/response'
-
 module Rack
   # Paste has a Pony, Rack has a Lobster!
   class Lobster
@@ -64,9 +61,10 @@ module Rack
 end
 
 if $0 == __FILE__
-  require 'rack'
-  require 'rack/show_exceptions'
+  # :nocov:
+  require_relative '../rack'
   Rack::Server.start(
     app: Rack::ShowExceptions.new(Rack::Lint.new(Rack::Lobster.new)), Port: 9292
   )
+  # :nocov:
 end

data/lib/rack/lock.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'thread'
-require 'rack/body_proxy'
 
 module Rack
   # Rack::Lock locks every request inside a mutex, so that every request

data/lib/rack/mock.rb

@@ -2,10 +2,7 @@
 
 require 'uri'
 require 'stringio'
-require 'rack'
-require 'rack/lint'
-require 'rack/utils'
-require 'rack/response'
+require_relative '../rack'
 require 'cgi/cookie'
 
 module Rack
@@ -56,14 +53,24 @@ module Rack
       @app = app
     end
 
+    # Make a GET request and return a MockResponse. See #request.
     def get(uri, opts = {})     request(GET, uri, opts)     end
+    # Make a POST request and return a MockResponse. See #request.
     def post(uri, opts = {})    request(POST, uri, opts)    end
+    # Make a PUT request and return a MockResponse. See #request.
     def put(uri, opts = {})     request(PUT, uri, opts)     end
+    # Make a PATCH request and return a MockResponse. See #request.
     def patch(uri, opts = {})   request(PATCH, uri, opts)   end
+    # Make a DELETE request and return a MockResponse. See #request.
     def delete(uri, opts = {})  request(DELETE, uri, opts)  end
+    # Make a HEAD request and return a MockResponse. See #request.
     def head(uri, opts = {})    request(HEAD, uri, opts)    end
+    # Make an OPTIONS request and return a MockResponse. See #request.
     def options(uri, opts = {}) request(OPTIONS, uri, opts) end
 
+    # Make a request using the given request method for the given
+    # uri to the rack application and return a MockResponse.
+    # Options given are passed to MockRequest.env_for.
     def request(method = GET, uri = "", opts = {})
       env = self.class.env_for(uri, opts.merge(method: method))
 
@@ -88,6 +95,13 @@ module Rack
     end
 
     # Return the Rack environment used for a request to +uri+.
+    # All options that are strings are added to the returned environment.
+    # Options:
+    # :fatal :: Whether to raise an exception if request outputs to rack.errors
+    # :input :: The rack.input to set
+    # :method :: The HTTP request method to use
+    # :params :: The params to use
+    # :script_name :: The SCRIPT_NAME to set
     def self.env_for(uri = "", opts = {})
       uri = parse_uri_rfc2396(uri)
       uri.path = "/#{uri.path}" unless uri.path[0] == ?/
@@ -157,6 +171,10 @@ module Rack
   # MockRequest.
 
   class MockResponse < Rack::Response
+    class << self
+      alias [] new
+    end
+
     # Headers
     attr_reader :original_headers, :cookies
 

data/lib/rack/multipart.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'rack/multipart/parser'
+require_relative 'multipart/parser'
 
 module Rack
   # A multipart form data parser, adapted from IOWA.

data/lib/rack/multipart/generator.rb

@@ -17,9 +17,13 @@ module Rack
 
         flattened_params.map do |name, file|
           if file.respond_to?(:original_filename)
-            ::File.open(file.path, 'rb') do |f|
-              f.set_encoding(Encoding::BINARY)
-              content_for_tempfile(f, file, name)
+            if file.path
+              ::File.open(file.path, 'rb') do |f|
+                f.set_encoding(Encoding::BINARY)
+                content_for_tempfile(f, file, name)
+              end
+            else
+              content_for_tempfile(file, file, name)
             end
           else
             content_for_other(file, name)
@@ -69,12 +73,13 @@ module Rack
       end
 
       def content_for_tempfile(io, file, name)
+        length = ::File.stat(file.path).size if file.path
+        filename = "; filename=\"#{Utils.escape(file.original_filename)}\"" if file.original_filename
 <<-EOF
 --#{MULTIPART_BOUNDARY}\r
-Content-Disposition: form-data; name="#{name}"; filename="#{Utils.escape(file.original_filename)}"\r
+Content-Disposition: form-data; name="#{name}"#{filename}\r
 Content-Type: #{file.content_type}\r
-Content-Length: #{::File.stat(file.path).size}\r
-\r
+#{"Content-Length: #{length}\r\n" if length}\r
 #{io.read}\r
 EOF
       end

data/lib/rack/multipart/parser.rb

@@ -1,15 +1,13 @@
 # frozen_string_literal: true
 
-require 'rack/utils'
 require 'strscan'
-require 'rack/core_ext/regexp'
 
 module Rack
   module Multipart
     class MultipartPartLimitError < Errno::EMFILE; end
 
     class Parser
-      using ::Rack::RegexpExtensions
+      (require_relative '../core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
 
       BUFSIZE = 1_048_576
       TEXT_PLAIN = "text/plain"
@@ -101,12 +99,6 @@ module Rack
 
               data = { filename: fn, type: content_type,
                       name: name, tempfile: body, head: head }
-            elsif !filename && content_type && body.is_a?(IO)
-              body.rewind
-
-              # Generic multipart cases, not coming from a form
-              data = { type: content_type,
-                      name: name, tempfile: body, head: head }
             end
 
             yield data
@@ -125,7 +117,7 @@ module Rack
 
         include Enumerable
 
-        def initialize tempfile
+        def initialize(tempfile)
           @tempfile = tempfile
           @mime_parts = []
           @open_files = 0
@@ -135,7 +127,7 @@ module Rack
           @mime_parts.each { |part| yield part }
         end
 
-        def on_mime_head mime_index, head, filename, content_type, name
+        def on_mime_head(mime_index, head, filename, content_type, name)
           if filename
             body = @tempfile.call(filename, content_type)
             body.binmode if body.respond_to?(:binmode)
@@ -151,11 +143,11 @@ module Rack
           check_open_files
         end
 
-        def on_mime_body mime_index, content
+        def on_mime_body(mime_index, content)
           @mime_parts[mime_index].body << content
         end
 
-        def on_mime_finish mime_index
+        def on_mime_finish(mime_index)
         end
 
         private
@@ -190,7 +182,7 @@ module Rack
         @head_regex = /(.*?#{EOL})#{EOL}/m
       end
 
-      def on_read content
+      def on_read(content)
         handle_empty_content!(content)
         @sbuf.concat content
         run_parser
@@ -347,7 +339,7 @@ module Rack
           type_subtype = list.first
           type_subtype.strip!
           if TEXT_PLAIN == type_subtype
-            rest         = list.drop 1
+            rest = list.drop 1
             rest.each do |param|
               k, v = param.split('=', 2)
               k.strip!

data/lib/rack/multipart/uploaded_file.rb

@@ -9,17 +9,23 @@ module Rack
       # The content type of the "uploaded" file
       attr_accessor :content_type
 
-      def initialize(path, content_type = "text/plain", binary = false)
-        raise "#{path} file does not exist" unless ::File.exist?(path)
+      def initialize(filepath = nil, ct = "text/plain", bin = false,
+                     path: filepath, content_type: ct, binary: bin, filename: nil, io: nil)
+        if io
+          @tempfile = io
+          @original_filename = filename
+        else
+          raise "#{path} file does not exist" unless ::File.exist?(path)
+          @original_filename = filename || ::File.basename(path)
+          @tempfile = Tempfile.new([@original_filename, ::File.extname(path)], encoding: Encoding::BINARY)
+          @tempfile.binmode if binary
+          FileUtils.copy_file(path, @tempfile.path)
+        end
         @content_type = content_type
-        @original_filename = ::File.basename(path)
-        @tempfile = Tempfile.new([@original_filename, ::File.extname(path)], encoding: Encoding::BINARY)
-        @tempfile.binmode if binary
-        FileUtils.copy_file(path, @tempfile.path)
       end
 
       def path
-        @tempfile.path
+        @tempfile.path if @tempfile.respond_to?(:path)
       end
       alias_method :local_path, :path
 

data/lib/rack/query_parser.rb

@@ -1,10 +1,8 @@
 # frozen_string_literal: true
 
-require_relative 'core_ext/regexp'
-
 module Rack
   class QueryParser
-    using ::Rack::RegexpExtensions
+    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
 
     DEFAULT_SEP = /[&;] */n
     COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n }
@@ -64,18 +62,19 @@ module Rack
     # ParameterTypeError is raised. Users are encouraged to return a 400 in this
     # case.
     def parse_nested_query(qs, d = nil)
-      return {} if qs.nil? || qs.empty?
       params = make_params
 
-      qs.split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
-        k, v = p.split('=', 2).map! { |s| unescape(s) }
+      unless qs.nil? || qs.empty?
+        (qs || '').split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+          k, v = p.split('=', 2).map! { |s| unescape(s) }
 
-        normalize_params(params, k, v, param_depth_limit)
+          normalize_params(params, k, v, param_depth_limit)
+        end
       end
 
       return params.to_h
     rescue ArgumentError => e
-      raise InvalidParameterError, e.message
+      raise InvalidParameterError, e.message, e.backtrace
     end
 
     # normalize_params recursively expands parameters into structural types. If