RubyGems - rack - Versions diffs - 2.2.21 → 3.1.19 - Mend

rack 2.2.21 → 3.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +459 -73
data/CONTRIBUTING.md +63 -55
data/MIT-LICENSE +1 -1
data/README.md +363 -0
data/SPEC.rdoc +204 -131
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +3 -1
data/lib/rack/auth/basic.rb +1 -3
data/lib/rack/bad_request.rb +8 -0
data/lib/rack/body_proxy.rb +21 -3
data/lib/rack/builder.rb +102 -69
data/lib/rack/cascade.rb +2 -3
data/lib/rack/common_logger.rb +22 -17
data/lib/rack/conditional_get.rb +18 -15
data/lib/rack/constants.rb +67 -0
data/lib/rack/content_length.rb +12 -16
data/lib/rack/content_type.rb +8 -5
data/lib/rack/deflater.rb +40 -26
data/lib/rack/directory.rb +9 -3
data/lib/rack/etag.rb +17 -23
data/lib/rack/events.rb +4 -0
data/lib/rack/files.rb +15 -17
data/lib/rack/head.rb +9 -8
data/lib/rack/headers.rb +238 -0
data/lib/rack/lint.rb +840 -644
data/lib/rack/lock.rb +2 -5
data/lib/rack/logger.rb +3 -0
data/lib/rack/method_override.rb +5 -1
data/lib/rack/mime.rb +14 -5
data/lib/rack/mock.rb +1 -300
data/lib/rack/mock_request.rb +161 -0
data/lib/rack/mock_response.rb +153 -0
data/lib/rack/multipart/generator.rb +7 -5
data/lib/rack/multipart/parser.rb +216 -102
data/lib/rack/multipart/uploaded_file.rb +4 -0
data/lib/rack/multipart.rb +53 -40
data/lib/rack/null_logger.rb +9 -0
data/lib/rack/query_parser.rb +80 -102
data/lib/rack/recursive.rb +2 -0
data/lib/rack/reloader.rb +0 -2
data/lib/rack/request.rb +263 -126
data/lib/rack/response.rb +151 -66
data/lib/rack/rewindable_input.rb +24 -5
data/lib/rack/runtime.rb +7 -6
data/lib/rack/sendfile.rb +35 -30
data/lib/rack/show_exceptions.rb +21 -4
data/lib/rack/show_status.rb +17 -7
data/lib/rack/static.rb +8 -8
data/lib/rack/tempfile_reaper.rb +15 -4
data/lib/rack/urlmap.rb +3 -1
data/lib/rack/utils.rb +236 -237
data/lib/rack/version.rb +1 -9
data/lib/rack.rb +13 -89
metadata +13 -39
data/README.rdoc +0 -355
data/Rakefile +0 -130
data/bin/rackup +0 -5
data/contrib/rack.png +0 -0
data/contrib/rack.svg +0 -150
data/contrib/rack_logo.svg +0 -164
data/contrib/rdoc.css +0 -412
data/example/lobster.ru +0 -6
data/example/protectedlobster.rb +0 -16
data/example/protectedlobster.ru +0 -10
data/lib/rack/auth/digest/md5.rb +0 -131
data/lib/rack/auth/digest/nonce.rb +0 -53
data/lib/rack/auth/digest/params.rb +0 -54
data/lib/rack/auth/digest/request.rb +0 -43
data/lib/rack/chunked.rb +0 -117
data/lib/rack/core_ext/regexp.rb +0 -14
data/lib/rack/file.rb +0 -7
data/lib/rack/handler/cgi.rb +0 -59
data/lib/rack/handler/fastcgi.rb +0 -100
data/lib/rack/handler/lsws.rb +0 -61
data/lib/rack/handler/scgi.rb +0 -71
data/lib/rack/handler/thin.rb +0 -34
data/lib/rack/handler/webrick.rb +0 -129
data/lib/rack/handler.rb +0 -104
data/lib/rack/lobster.rb +0 -70
data/lib/rack/server.rb +0 -466
data/lib/rack/session/abstract/id.rb +0 -523
data/lib/rack/session/cookie.rb +0 -203
data/lib/rack/session/memcache.rb +0 -10
data/lib/rack/session/pool.rb +0 -90
data/rack.gemspec +0 -46

data/lib/rack/multipart.rb CHANGED Viewed

@@ -1,64 +1,77 @@
 # frozen_string_literal: true
+require_relative 'constants'
+require_relative 'utils'
 require_relative 'multipart/parser'
+require_relative 'multipart/generator'
+require_relative 'bad_request'
 module Rack
   # A multipart form data parser, adapted from IOWA.
   #
   # Usually, Rack::Request#POST takes care of calling this.
   module Multipart
-    autoload :UploadedFile, 'rack/multipart/uploaded_file'
-    autoload :Generator, 'rack/multipart/generator'
-    EOL = "\r\n"
     MULTIPART_BOUNDARY = "AaB03x"
-    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
-    TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
-    CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
-    VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
-    BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
-    MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:[^:]*;\s*name=(#{VALUE})/ni
-    MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
-    # Updated definitions from RFC 2231
-    ATTRIBUTE_CHAR = %r{[^ \x00-\x1f\x7f)(><@,;:\\"/\[\]?='*%]}
-    ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/
-    SECTION = /\*[0-9]+/
-    REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/
-    REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/
-    EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/
-    EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/
-    EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/
-    EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/
-    EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/
-    EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/
-    EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/
-    DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/
-    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
+    class MissingInputError < StandardError
+      include BadRequest
+    end
+    # Accumulator for multipart form data, conforming to the QueryParser API.
+    # In future, the Parser could return the pair list directly, but that would
+    # change its API.
+    class ParamList # :nodoc:
+      def self.make_params
+        new
+      end
+      def self.normalize_params(params, key, value)
+        params << [key, value]
+      end
+      def initialize
+        @pairs = []
+      end
+      def <<(pair)
+        @pairs << pair
+      end
+      def to_params_hash
+        @pairs
+      end
+    end
     class << self
       def parse_multipart(env, params = Rack::Utils.default_query_parser)
-        extract_multipart Rack::Request.new(env), params
-      end
+        unless io = env[RACK_INPUT]
+          raise MissingInputError, "Missing input stream!"
+        end
-      def extract_multipart(req, params = Rack::Utils.default_query_parser)
-        io = req.get_header(RACK_INPUT)
-        io.rewind
-        content_length = req.content_length
-        content_length = content_length.to_i if content_length
+        if content_length = env['CONTENT_LENGTH']
+          content_length = content_length.to_i
+        end
-        tempfile = req.get_header(RACK_MULTIPART_TEMPFILE_FACTORY) || Parser::TEMPFILE_FACTORY
-        bufsize = req.get_header(RACK_MULTIPART_BUFFER_SIZE) || Parser::BUFSIZE
+        content_type = env['CONTENT_TYPE']
-        info = Parser.parse io, content_length, req.get_header('CONTENT_TYPE'), tempfile, bufsize, params
-        req.set_header(RACK_TEMPFILES, info.tmp_files)
-        info.params
+        tempfile = env[RACK_MULTIPART_TEMPFILE_FACTORY] || Parser::TEMPFILE_FACTORY
+        bufsize = env[RACK_MULTIPART_BUFFER_SIZE] || Parser::BUFSIZE
+        info = Parser.parse(io, content_length, content_type, tempfile, bufsize, params)
+        env[RACK_TEMPFILES] = info.tmp_files
+        return info.params
+      end
+      def extract_multipart(request, params = Rack::Utils.default_query_parser)
+        parse_multipart(request.env)
       end
       def build_multipart(params, first = true)
         Generator.new(params, first).dump
       end
     end
   end
 end

data/lib/rack/null_logger.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require_relative 'constants'
 module Rack
   class NullLogger
     def initialize(app)
@@ -22,6 +24,11 @@ module Rack
     def warn? ;  end
     def error? ; end
     def fatal? ; end
+    def debug! ; end
+    def error! ; end
+    def fatal! ; end
+    def info! ; end
+    def warn! ; end
     def level ; end
     def progname ; end
     def datetime_format ; end
@@ -34,6 +41,8 @@ module Rack
     def sev_threshold=(sev_threshold); end
     def close ; end
     def add(severity, message = nil, progname = nil, &block); end
+    def log(severity, message = nil, progname = nil, &block); end
     def <<(msg); end
+    def reopen(logdev = nil); end
   end
 end

data/lib/rack/query_parser.rb CHANGED Viewed

@@ -1,24 +1,30 @@
 # frozen_string_literal: true
+require_relative 'bad_request'
+require 'uri'
 module Rack
   class QueryParser
-    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
-    DEFAULT_SEP = /[&;] */n
-    COMMON_SEP = { ";" => /[;] */n, ";," => /[;,] */n, "&" => /[&] */n }
+    DEFAULT_SEP = /& */n
+    COMMON_SEP = { ";" => /; */n, ";," => /[;,] */n, "&" => /& */n }
     # ParameterTypeError is the error that is raised when incoming structural
     # parameters (parsed by parse_nested_query) contain conflicting types.
-    class ParameterTypeError < TypeError; end
+    class ParameterTypeError < TypeError
+      include BadRequest
+    end
     # InvalidParameterError is the error that is raised when incoming structural
     # parameters (parsed by parse_nested_query) contain invalid format or byte
     # sequence.
-    class InvalidParameterError < ArgumentError; end
+    class InvalidParameterError < ArgumentError
+      include BadRequest
+    end
     # QueryLimitError is for errors raised when the query provided exceeds one
     # of the query parser limits.
     class QueryLimitError < RangeError
+      include BadRequest
     end
     # ParamsTooDeepError is the old name for the error that is raised when params
@@ -27,11 +33,11 @@ module Rack
     # to handle bad query strings also now handles other limits.
     ParamsTooDeepError = QueryLimitError
-    def self.make_default(key_space_limit, param_depth_limit, **options)
-      new(Params, key_space_limit, param_depth_limit, **options)
+    def self.make_default(param_depth_limit, **options)
+      new(Params, param_depth_limit, **options)
     end
-    attr_reader :key_space_limit, :param_depth_limit
+    attr_reader :param_depth_limit
     env_int = lambda do |key, val|
       if str_val = ENV[key]
@@ -53,25 +59,23 @@ module Rack
     attr_reader :bytesize_limit
-    def initialize(params_class, key_space_limit, param_depth_limit, bytesize_limit: BYTESIZE_LIMIT, params_limit: PARAMS_LIMIT)
+    def initialize(params_class, param_depth_limit, bytesize_limit: BYTESIZE_LIMIT, params_limit: PARAMS_LIMIT)
       @params_class = params_class
-      @key_space_limit = key_space_limit
       @param_depth_limit = param_depth_limit
       @bytesize_limit = bytesize_limit
       @params_limit = params_limit
     end
     # Stolen from Mongrel, with some small modifications:
-    # Parses a query string by breaking it up at the '&'
-    # and ';' characters.  You can also use this to parse
-    # cookies by changing the characters used in the second
-    # parameter (which defaults to '&;').
-    def parse_query(qs, d = nil, &unescaper)
+    # Parses a query string by breaking it up at the '&'.  You can also use this
+    # to parse cookies by changing the characters used in the second parameter
+    # (which defaults to '&').
+    def parse_query(qs, separator = nil, &unescaper)
       unescaper ||= method(:unescape)
       params = make_params
-      check_query_string(qs, d).split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+      check_query_string(qs, separator).split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
         next if p.empty?
         k, v = p.split('=', 2).map!(&unescaper)
@@ -94,14 +98,14 @@ module Rack
     # query strings with parameters of conflicting types, in this case a
     # ParameterTypeError is raised. Users are encouraged to return a 400 in this
     # case.
-    def parse_nested_query(qs, d = nil)
+    def parse_nested_query(qs, separator = nil)
       params = make_params
       unless qs.nil? || qs.empty?
-        check_query_string(qs, d).split(d ? (COMMON_SEP[d] || /[#{d}] */n) : DEFAULT_SEP).each do |p|
+        check_query_string(qs, separator).split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
           k, v = p.split('=', 2).map! { |s| unescape(s) }
-          normalize_params(params, k, v, param_depth_limit)
+          _normalize_params(params, k, v, 0)
         end
       end
@@ -112,58 +116,87 @@ module Rack
     # normalize_params recursively expands parameters into structural types. If
     # the structural types represented by two different parameter names are in
-    # conflict, a ParameterTypeError is raised.
-    def normalize_params(params, name, v, depth)
-      raise ParamsTooDeepError if depth <= 0
-      name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
-      k = $1 || ''
-      after = $' || ''
+    # conflict, a ParameterTypeError is raised.  The depth argument is deprecated
+    # and should no longer be used, it is kept for backwards compatibility with
+    # earlier versions of rack.
+    def normalize_params(params, name, v, _depth=nil)
+      _normalize_params(params, name, v, 0)
+    end
-      if k.empty?
-        if !v.nil? && name == "[]"
-          return Array(v)
+    private def _normalize_params(params, name, v, depth)
+      raise ParamsTooDeepError if depth >= param_depth_limit
+      if !name
+        # nil name, treat same as empty string (required by tests)
+        k = after = ''
+      elsif depth == 0
+        # Start of parsing, don't treat [] or [ at start of string specially
+        if start = name.index('[', 1)
+          # Start of parameter nesting, use part before brackets as key
+          k = name[0, start]
+          after = name[start, name.length]
         else
-          return
+          # Plain parameter with no nesting
+          k = name
+          after = ''
         end
+      elsif name.start_with?('[]')
+        # Array nesting
+        k = '[]'
+        after = name[2, name.length]
+      elsif name.start_with?('[') && (start = name.index(']', 1))
+        # Hash nesting, use the part inside brackets as the key
+        k = name[1, start-1]
+        after = name[start+1, name.length]
+      else
+        # Probably malformed input, nested but not starting with [
+        # treat full name as key for backwards compatibility.
+        k = name
+        after = ''
       end
+      return if k.empty?
       if after == ''
-        params[k] = v
+        if k == '[]' && depth != 0
+          return [v]
+        else
+          params[k] = v
+        end
       elsif after == "["
         params[name] = v
       elsif after == "[]"
         params[k] ||= []
         raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
         params[k] << v
-      elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
-        child_key = $1
+      elsif after.start_with?('[]')
+        # Recognize x[][y] (hash inside array) parameters
+        unless after[2] == '[' && after.end_with?(']') && (child_key = after[3, after.length-4]) && !child_key.empty? && !child_key.index('[') && !child_key.index(']')
+          # Handle other nested array parameters
+          child_key = after[2, after.length]
+        end
         params[k] ||= []
         raise ParameterTypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
         if params_hash_type?(params[k].last) && !params_hash_has_key?(params[k].last, child_key)
-          normalize_params(params[k].last, child_key, v, depth - 1)
+          _normalize_params(params[k].last, child_key, v, depth + 1)
         else
-          params[k] << normalize_params(make_params, child_key, v, depth - 1)
+          params[k] << _normalize_params(make_params, child_key, v, depth + 1)
         end
       else
         params[k] ||= make_params
         raise ParameterTypeError, "expected Hash (got #{params[k].class.name}) for param `#{k}'" unless params_hash_type?(params[k])
-        params[k] = normalize_params(params[k], after, v, depth - 1)
+        params[k] = _normalize_params(params[k], after, v, depth + 1)
       end
       params
     end
     def make_params
-      @params_class.new @key_space_limit
-    end
-    def new_space_limit(key_space_limit)
-      self.class.new @params_class, key_space_limit, param_depth_limit
+      @params_class.new
     end
     def new_depth_limit(param_depth_limit)
-      self.class.new @params_class, key_space_limit, param_depth_limit
+      self.class.new @params_class, param_depth_limit
     end
     private
@@ -190,7 +223,7 @@ module Rack
           raise QueryLimitError, "total query size exceeds limit (#{@bytesize_limit})"
         end
-        if (param_count = qs.count(sep.is_a?(String) ? sep : '&;')) >= @params_limit
+        if (param_count = qs.count(sep.is_a?(String) ? sep : '&')) >= @params_limit
           raise QueryLimitError, "total number of query parameters (#{param_count+1}) exceeds limit (#{@params_limit})"
         end
@@ -200,66 +233,11 @@ module Rack
       end
     end
-    def unescape(string)
-      Utils.unescape(string)
+    def unescape(string, encoding = Encoding::UTF_8)
+      URI.decode_www_form_component(string, encoding)
     end
-    class Params
-      def initialize(limit)
-        @limit  = limit
-        @size   = 0
-        @params = {}
-      end
-      def [](key)
-        @params[key]
-      end
-      def []=(key, value)
-        @size += key.size if key && !@params.key?(key)
-        raise ParamsTooDeepError, 'exceeded available parameter key space' if @size > @limit
-        @params[key] = value
-      end
-      def key?(key)
-        @params.key?(key)
-      end
-      # Recursively unwraps nested `Params` objects and constructs an object
-      # of the same shape, but using the objects' internal representations
-      # (Ruby hashes) in place of the objects. The result is a hash consisting
-      # purely of Ruby primitives.
-      #
-      #   Mutation warning!
-      #
-      #   1. This method mutates the internal representation of the `Params`
-      #      objects in order to save object allocations.
-      #
-      #   2. The value you get back is a reference to the internal hash
-      #      representation, not a copy.
-      #
-      #   3. Because the `Params` object's internal representation is mutable
-      #      through the `#[]=` method, it is not thread safe. The result of
-      #      getting the hash representation while another thread is adding a
-      #      key to it is non-deterministic.
-      #
-      def to_h
-        @params.each do |key, value|
-          case value
-          when self
-            # Handle circular references gracefully.
-            @params[key] = @params
-          when Params
-            @params[key] = value.to_h
-          when Array
-            value.map! { |v| v.kind_of?(Params) ? v.to_h : v }
-          else
-            # Ignore anything that is not a `Params` object or
-            # a collection that can contain one.
-          end
-        end
-        @params
-      end
+    class Params < Hash
       alias_method :to_params_hash, :to_h
     end
   end

data/lib/rack/recursive.rb CHANGED Viewed

@@ -2,6 +2,8 @@
 require 'uri'
+require_relative 'constants'
 module Rack
   # Rack::ForwardRequest gets caught by Rack::Recursive and redirects
   # the current request to the app at +url+.

data/lib/rack/reloader.rb CHANGED Viewed

@@ -22,8 +22,6 @@ module Rack
   # It is performing a check/reload cycle at the start of every request, but
   # also respects a cool down time, during which nothing will be done.
   class Reloader
-    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
     def initialize(app, cooldown = 10, backend = Stat)
       @app = app
       @cooldown = cooldown