rack 2.2.23 → 3.0.0.beta1

data/lib/rack/mock_response.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+require 'cgi/cookie'
+require 'time'
+
+require_relative 'response'
+
+module Rack
+  # Rack::MockResponse provides useful helpers for testing your apps.
+  # Usually, you don't create the MockResponse on your own, but use
+  # MockRequest.
+
+  class MockResponse < Rack::Response
+    class << self
+      alias [] new
+    end
+
+    # Headers
+    attr_reader :original_headers, :cookies
+
+    # Errors
+    attr_accessor :errors
+
+    def initialize(status, headers, body, errors = nil)
+      @original_headers = headers
+
+      if errors
+        @errors = errors.string if errors.respond_to?(:string)
+      else
+        @errors = ""
+      end
+
+      super(body, status, headers)
+
+      @cookies = parse_cookies_from_header
+      buffered_body!
+    end
+
+    def =~(other)
+      body =~ other
+    end
+
+    def match(other)
+      body.match other
+    end
+
+    def body
+      # FIXME: apparently users of MockResponse expect the return value of
+      # MockResponse#body to be a string.  However, the real response object
+      # returns the body as a list.
+      #
+      # See spec_showstatus.rb:
+      #
+      #   should "not replace existing messages" do
+      #     ...
+      #     res.body.should == "foo!"
+      #   end
+      buffer = String.new
+
+      super.each do |chunk|
+        buffer << chunk
+      end
+
+      return buffer
+    end
+
+    def empty?
+      [201, 204, 304].include? status
+    end
+
+    def cookie(name)
+      cookies.fetch(name, nil)
+    end
+
+    private
+
+    def parse_cookies_from_header
+      cookies = Hash.new
+      if headers.has_key? 'set-cookie'
+        set_cookie_header = headers.fetch('set-cookie')
+        Array(set_cookie_header).each do |header_value|
+          header_value.split("\n").each do |cookie|
+            cookie_name, cookie_filling = cookie.split('=', 2)
+            cookie_attributes = identify_cookie_attributes cookie_filling
+            parsed_cookie = CGI::Cookie.new(
+              'name' => cookie_name.strip,
+              'value' => cookie_attributes.fetch('value'),
+              'path' => cookie_attributes.fetch('path', nil),
+              'domain' => cookie_attributes.fetch('domain', nil),
+              'expires' => cookie_attributes.fetch('expires', nil),
+              'secure' => cookie_attributes.fetch('secure', false)
+            )
+            cookies.store(cookie_name, parsed_cookie)
+          end
+        end
+      end
+      cookies
+    end
+
+    def identify_cookie_attributes(cookie_filling)
+      cookie_bits = cookie_filling.split(';')
+      cookie_attributes = Hash.new
+      cookie_attributes.store('value', cookie_bits[0].strip)
+      cookie_bits.drop(1).each do |bit|
+        if bit.include? '='
+          cookie_attribute, attribute_value = bit.split('=', 2)
+          cookie_attributes.store(cookie_attribute.strip.downcase, attribute_value.strip)
+        end
+        if bit.include? 'secure'
+          cookie_attributes.store('secure', true)
+        end
+      end
+
+      if cookie_attributes.key? 'max-age'
+        cookie_attributes.store('expires', Time.now + cookie_attributes['max-age'].to_i)
+      elsif cookie_attributes.key? 'expires'
+        cookie_attributes.store('expires', Time.httpdate(cookie_attributes['expires']))
+      end
+
+      cookie_attributes
+    end
+
+  end
+end

data/lib/rack/multipart/generator.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'uploaded_file'
+
 module Rack
   module Multipart
     class Generator
@@ -74,12 +76,12 @@ module Rack
 
       def content_for_tempfile(io, file, name)
         length = ::File.stat(file.path).size if file.path
-        filename = "; filename=\"#{Utils.escape(file.original_filename)}\"" if file.original_filename
+        filename = "; filename=\"#{Utils.escape_path(file.original_filename)}\""
 <<-EOF
 --#{MULTIPART_BOUNDARY}\r
-Content-Disposition: form-data; name="#{name}"#{filename}\r
-Content-Type: #{file.content_type}\r
-#{"Content-Length: #{length}\r\n" if length}\r
+content-disposition: form-data; name="#{name}"#{filename}\r
+content-type: #{file.content_type}\r
+#{"content-length: #{length}\r\n" if length}\r
 #{io.read}\r
 EOF
       end
@@ -87,7 +89,7 @@ EOF
       def content_for_other(file, name)
 <<-EOF
 --#{MULTIPART_BOUNDARY}\r
-Content-Disposition: form-data; name="#{name}"\r
+content-disposition: form-data; name="#{name}"\r
 \r
 #{file}\r
 EOF

data/lib/rack/multipart/parser.rb

@@ -2,49 +2,52 @@
 
 require 'strscan'
 
+require_relative '../utils'
+
 module Rack
   module Multipart
     class MultipartPartLimitError < Errno::EMFILE; end
-    class MultipartTotalPartLimitError < StandardError; end
 
-    class Parser
-      (require_relative '../core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
+    # Use specific error class when parsing multipart request
+    # that ends early.
+    class EmptyContentError < ::EOFError; end
+
+    # Base class for multipart exceptions that do not subclass from
+    # other exception classes for backwards compatibility.
+    class Error < StandardError; end
+
+    EOL = "\r\n"
+    MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
+    TOKEN = /[^\s()<>,;:\\"\/\[\]?=]+/
+    CONDISP = /Content-Disposition:\s*#{TOKEN}\s*/i
+    VALUE = /"(?:\\"|[^"])*"|#{TOKEN}/
+    BROKEN = /^#{CONDISP}.*;\s*filename=(#{VALUE})/i
+    MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
+    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:.*;\s*name=(#{VALUE})/ni
+    MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
+    # Updated definitions from RFC 2231
+    ATTRIBUTE_CHAR = %r{[^ \t\v\n\r)(><@,;:\\"/\[\]?='*%]}
+    ATTRIBUTE = /#{ATTRIBUTE_CHAR}+/
+    SECTION = /\*[0-9]+/
+    REGULAR_PARAMETER_NAME = /#{ATTRIBUTE}#{SECTION}?/
+    REGULAR_PARAMETER = /(#{REGULAR_PARAMETER_NAME})=(#{VALUE})/
+    EXTENDED_OTHER_NAME = /#{ATTRIBUTE}\*[1-9][0-9]*\*/
+    EXTENDED_OTHER_VALUE = /%[0-9a-fA-F]{2}|#{ATTRIBUTE_CHAR}/
+    EXTENDED_OTHER_PARAMETER = /(#{EXTENDED_OTHER_NAME})=(#{EXTENDED_OTHER_VALUE}*)/
+    EXTENDED_INITIAL_NAME = /#{ATTRIBUTE}(?:\*0)?\*/
+    EXTENDED_INITIAL_VALUE = /[a-zA-Z0-9\-]*'[a-zA-Z0-9\-]*'#{EXTENDED_OTHER_VALUE}*/
+    EXTENDED_INITIAL_PARAMETER = /(#{EXTENDED_INITIAL_NAME})=(#{EXTENDED_INITIAL_VALUE})/
+    EXTENDED_PARAMETER = /#{EXTENDED_INITIAL_PARAMETER}|#{EXTENDED_OTHER_PARAMETER}/
+    DISPPARM = /;\s*(?:#{REGULAR_PARAMETER}|#{EXTENDED_PARAMETER})\s*/
+    RFC2183 = /^#{CONDISP}(#{DISPPARM})+$/i
 
+    class Parser
       BUFSIZE = 1_048_576
       TEXT_PLAIN = "text/plain"
       TEMPFILE_FACTORY = lambda { |filename, content_type|
-        extension = ::File.extname(filename.gsub("\0", '%00'))[0, 129]
-
-        Tempfile.new(["RackMultipart", extension])
+        Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0", '%00'))])
       }
 
-      BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/
-
-      BOUNDARY_START_LIMIT = 16 * 1024
-      private_constant :BOUNDARY_START_LIMIT
-
-      MIME_HEADER_BYTESIZE_LIMIT = 64 * 1024
-      private_constant :MIME_HEADER_BYTESIZE_LIMIT
-
-      env_int = lambda do |key, val|
-        if str_val = ENV[key]
-          begin
-            val = Integer(str_val, 10)
-          rescue ArgumentError
-            raise ArgumentError, "non-integer value provided for environment variable #{key}"
-          end
-        end
-
-        val
-      end
-
-      BUFFERED_UPLOAD_BYTESIZE_LIMIT = env_int.call("RACK_MULTIPART_BUFFERED_UPLOAD_BYTESIZE_LIMIT", 16 * 1024 * 1024)
-      private_constant :BUFFERED_UPLOAD_BYTESIZE_LIMIT
-
-      bytesize_limit = env_int.call("RACK_MULTIPART_PARSER_BYTESIZE_LIMIT", 10 * 1024 * 1024 * 1024)
-      PARSER_BYTESIZE_LIMIT = bytesize_limit > 0 ? bytesize_limit : nil
-      private_constant :PARSER_BYTESIZE_LIMIT
-
       class BoundedIO # :nodoc:
         def initialize(io, content_length)
           @io             = io
@@ -66,16 +69,12 @@ module Rack
           if str
             @cursor += str.bytesize
           else
-            # Raise an error for mismatching Content-Length and actual contents
+            # Raise an error for mismatching content-length and actual contents
             raise EOFError, "bad content body"
           end
 
           str
         end
-
-        def rewind
-          @io.rewind
-        end
       end
 
       MultipartInfo = Struct.new :params, :tmp_files
@@ -85,15 +84,7 @@ module Rack
         return unless content_type
         data = content_type.match(MULTIPART)
         return unless data
-
-        unless data[1].empty?
-          raise EOFError, "whitespace between boundary parameter name and equal sign"
-        end
-        if data.post_match =~ /boundary\s*=/i
-          raise EOFError, "multiple boundary parameters found in multipart content type"
-        end
-
-        data[2]
+        data[1]
       end
 
       def self.parse(io, content_length, content_type, tmpfile, bufsize, qp)
@@ -102,22 +93,17 @@ module Rack
         boundary = parse_boundary content_type
         return EMPTY unless boundary
 
-        if PARSER_BYTESIZE_LIMIT && content_length && content_length > PARSER_BYTESIZE_LIMIT
-          raise EOFError, "multipart Content-Length #{content_length} exceeds limit of #{PARSER_BYTESIZE_LIMIT} bytes"
+        if boundary.length > 70
+          # RFC 1521 Section 7.2.1 imposes a 70 character maximum for the boundary.
+          # Most clients use no more than 55 characters.
+          raise Error, "multipart boundary size too large (#{boundary.length} characters)"
         end
 
         io = BoundedIO.new(io, content_length) if content_length
-        outbuf = String.new
 
         parser = new(boundary, tmpfile, bufsize, qp)
-        parser.on_read io.read(bufsize, outbuf)
-
-        loop do
-          break if parser.state == :DONE
-          parser.on_read io.read(bufsize, outbuf)
-        end
+        parser.parse(io)
 
-        io.rewind
         parser.result
       end
 
@@ -180,7 +166,7 @@ module Rack
 
           @mime_parts[mime_index] = klass.new(body, head, filename, content_type, name)
 
-          check_part_limits
+          check_open_files
         end
 
         def on_mime_body(mime_index, content)
@@ -192,23 +178,13 @@ module Rack
 
         private
 
-        def check_part_limits
-          file_limit = Utils.multipart_file_limit
-          part_limit = Utils.multipart_total_part_limit
-
-          if file_limit && file_limit > 0
-            if @open_files >= file_limit
+        def check_open_files
+          if Utils.multipart_part_limit > 0
+            if @open_files >= Utils.multipart_part_limit
               @mime_parts.each(&:close)
               raise MultipartPartLimitError, 'Maximum file multiparts in content reached'
             end
           end
-
-          if part_limit && part_limit > 0
-            if @mime_parts.size >= part_limit
-              @mime_parts.each(&:close)
-              raise MultipartTotalPartLimitError, 'Maximum total multiparts in content reached'
-            end
-          end
         end
       end
 
@@ -217,42 +193,46 @@ module Rack
       def initialize(boundary, tempfile, bufsize, query_parser)
         @query_parser   = query_parser
         @params         = query_parser.make_params
-        @boundary       = "--#{boundary}"
         @bufsize        = bufsize
 
-        @full_boundary = @boundary
-        @end_boundary = @boundary + '--'
         @state = :FAST_FORWARD
         @mime_index = 0
-        @body_retained = nil
-        @retained_size = 0
-        @total_bytes_read = (0 if PARSER_BYTESIZE_LIMIT)
         @collector = Collector.new tempfile
 
         @sbuf = StringScanner.new("".dup)
-        @body_regex = /(?:#{EOL})?#{Regexp.quote(@boundary)}(?:#{EOL}|--)/m
-        @end_boundary_size = boundary.bytesize + 6 # (-- at start, -- at finish, EOL at end)
-        @rx_max_size = EOL.size + @boundary.bytesize + [EOL.size, '--'.size].max
+        @body_regex = /(?:#{EOL}|\A)--#{Regexp.quote(boundary)}(?:#{EOL}|--)/m
+        @rx_max_size = boundary.bytesize + 6 # (\r\n-- at start, either \r\n or -- at finish)
         @head_regex = /(.*?#{EOL})#{EOL}/m
       end
 
-      def on_read(content)
-        handle_empty_content!(content)
-        if @total_bytes_read
-          @total_bytes_read += content.bytesize
-          if @total_bytes_read > PARSER_BYTESIZE_LIMIT
-            raise EOFError, "multipart upload exceeds limit of #{PARSER_BYTESIZE_LIMIT} bytes"
-          end
+      def parse(io)
+        outbuf = String.new
+        read_data(io, outbuf)
+
+        loop do
+          status =
+            case @state
+            when :FAST_FORWARD
+              handle_fast_forward
+            when :CONSUME_TOKEN
+              handle_consume_token
+            when :MIME_HEAD
+              handle_mime_head
+            when :MIME_BODY
+              handle_mime_body
+            else # when :DONE
+              return
+            end
+
+          read_data(io, outbuf) if status == :want_read
         end
-        @sbuf.concat content
-        run_parser
       end
 
       def result
         @collector.each do |part|
           part.get_data do |data|
             tag_multipart_encoding(part.filename, part.content_type, part.name, data)
-            @query_parser.normalize_params(@params, part.name, data, @query_parser.param_depth_limit)
+            @query_parser.normalize_params(@params, part.name, data)
           end
         end
         MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
@@ -260,40 +240,38 @@ module Rack
 
       private
 
-      def run_parser
-        loop do
-          case @state
-          when :FAST_FORWARD
-            break if handle_fast_forward == :want_read
-          when :CONSUME_TOKEN
-            break if handle_consume_token == :want_read
-          when :MIME_HEAD
-            break if handle_mime_head == :want_read
-          when :MIME_BODY
-            break if handle_mime_body == :want_read
-          when :DONE
-            break
-          end
-        end
+      def dequote(str) # From WEBrick::HTTPUtils
+        ret = (/\A"(.*)"\Z/ =~ str) ? $1 : str.dup
+        ret.gsub!(/\\(.)/, "\\1")
+        ret
       end
 
-      def handle_fast_forward
-        tok = consume_boundary
-
-        if tok == :END_BOUNDARY && @sbuf.pos == @end_boundary_size && @sbuf.eos?
-          # stop parsing a buffer if a buffer is only an end boundary.
-          @state = :DONE
-        elsif tok
-          @state = :MIME_HEAD
-        else
-          raise EOFError, "bad content body" if @sbuf.rest_size >= @bufsize
-
-          # We raise if we don't find the multipart boundary, to avoid unbounded memory
-          # buffering. Note that the actual limit is the higher of 16KB and the buffer size (1MB by default)
-          raise EOFError, "multipart boundary not found within limit" if @sbuf.string.bytesize > BOUNDARY_START_LIMIT
+      def read_data(io, outbuf)
+        content = io.read(@bufsize, outbuf)
+        handle_empty_content!(content)
+        @sbuf.concat(content)
+      end
 
-          # no boundary found, keep reading data
-          return :want_read
+      # This handles the initial parser state.  We read until we find the starting
+      # boundary, then we can transition to the next state. If we find the ending
+      # boundary, this is an invalid multipart upload, but keep scanning for opening
+      # boundary in that case. If no boundary found, we need to keep reading data
+      # and retry. It's highly unlikely the initial read will not consume the
+      # boundary.  The client would have to deliberately craft a response
+      # with the opening boundary beyond the buffer size for that to happen.
+      def handle_fast_forward
+        while true
+          case consume_boundary
+          when :BOUNDARY
+            # found opening boundary, transition to next state
+            @state = :MIME_HEAD
+            return
+          when :END_BOUNDARY
+            # invalid multipart upload, but retry for opening boundary
+          else
+            # no boundary found, keep reading data
+            return :want_read
+          end
         end
       end
 
@@ -312,7 +290,7 @@ module Rack
           head = @sbuf[1]
           content_type = head[MULTIPART_CONTENT_TYPE, 1]
           if name = head[MULTIPART_CONTENT_DISPOSITION, 1]
-            name = Rack::Auth::Digest::Params::dequote(name)
+            name = dequote(name)
           else
             name = head[MULTIPART_CONTENT_ID, 1]
           end
@@ -323,30 +301,16 @@ module Rack
             name = filename || "#{content_type || TEXT_PLAIN}[]".dup
           end
 
-          # Mime part head data is retained for both TempfilePart and BufferPart
-          # for the entireity of the parse, even though it isn't used for BufferPart.
-          update_retained_size(head.bytesize)
-
-          # If a filename is given, a TempfilePart will be used, so the body will
-          # not be buffered in memory. However, if a filename is not given, a BufferPart
-          # will be used, and the body will be buffered in memory.
-          @body_retained = !filename
-
           @collector.on_mime_head @mime_index, head, filename, content_type, name
           @state = :MIME_BODY
         else
-          # We raise if the mime part header is too large, to avoid unbounded memory
-          # buffering. Note that the actual limit is the higher of 64KB and the buffer size (1MB by default)
-          raise EOFError, "multipart mime part header too large" if @sbuf.rest.bytesize > MIME_HEADER_BYTESIZE_LIMIT
-
-          return :want_read
+          :want_read
         end
       end
 
       def handle_mime_body
         if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
           body = body_with_boundary.sub(/#{@body_regex}\z/m, '') # remove the boundary from the string
-          update_retained_size(body.bytesize) if @body_retained
           @collector.on_mime_body @mime_index, body
           @sbuf.pos += body.length + 2 # skip \r\n after the content
           @state = :CONSUME_TOKEN
@@ -355,9 +319,7 @@ module Rack
           # Save what we have so far
           if @rx_max_size < @sbuf.rest_size
             delta = @sbuf.rest_size - @rx_max_size
-            body = @sbuf.peek(delta)
-            update_retained_size(body.bytesize) if @body_retained
-            @collector.on_mime_body @mime_index, body
+            @collector.on_mime_body @mime_index, @sbuf.peek(delta)
             @sbuf.pos += delta
             @sbuf.string = @sbuf.rest
           end
@@ -365,26 +327,16 @@ module Rack
         end
       end
 
-      def full_boundary; @full_boundary; end
-
-      def update_retained_size(size)
-        @retained_size += size
-        if @retained_size > BUFFERED_UPLOAD_BYTESIZE_LIMIT
-          raise EOFError, "multipart data over retained size limit"
-        end
-      end
-
       # Scan until the we find the start or end of the boundary.
       # If we find it, return the appropriate symbol for the start or
       # end of the boundary.  If we don't find the start or end of the
       # boundary, clear the buffer and return nil.
       def consume_boundary
-        while read_buffer = @sbuf.scan_until(BOUNDARY_REGEX)
-          case read_buffer.strip
-          when full_boundary then return :BOUNDARY
-          when @end_boundary then return :END_BOUNDARY
-          end
-          return if @sbuf.eos?
+        if read_buffer = @sbuf.scan_until(@body_regex)
+          read_buffer.end_with?(EOL) ? :BOUNDARY : :END_BOUNDARY
+        else
+          @sbuf.terminate
+          nil
         end
       end
 
@@ -394,10 +346,10 @@ module Rack
         when RFC2183
           params = Hash[*head.scan(DISPPARM).flat_map(&:compact)]
 
-          if filename = params['filename']
-            filename = $1 if filename =~ /^"(.*)"$/
-          elsif filename = params['filename*']
+          if filename = params['filename*']
             encoding, _, filename = filename.split("'", 3)
+          elsif filename = params['filename']
+            filename = $1 if filename =~ /^"(.*)"$/
           end
         when BROKEN
           filename = $1
@@ -424,6 +376,7 @@ module Rack
       end
 
       CHARSET = "charset"
+      deprecate_constant :CHARSET
 
       def tag_multipart_encoding(filename, content_type, name, body)
         name = name.to_s
@@ -444,7 +397,13 @@ module Rack
               k.strip!
               v.strip!
               v = v[1..-2] if v.start_with?('"') && v.end_with?('"')
-              encoding = Encoding.find v if k == CHARSET
+              if k == "charset"
+                encoding = begin
+                  Encoding.find v
+                rescue ArgumentError
+                  Encoding::BINARY
+                end
+              end
             end
           end
         end
@@ -455,7 +414,7 @@ module Rack
 
       def handle_empty_content!(content)
         if content.nil? || content.empty?
-          raise EOFError
+          raise EmptyContentError
         end
       end
     end

data/lib/rack/multipart/uploaded_file.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
+require 'tempfile'
+require 'fileutils'
+
 module Rack
   module Multipart
     class UploadedFile
+
       # The filename, *not* including the path, of the "uploaded" file
       attr_reader :original_filename