rack 3.1.15 → 3.2.0

data/lib/rack/media_type.rb

@@ -14,12 +14,11 @@ module Rack
       # For more information on the use of media types in HTTP, see:
       # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
       def type(content_type)
-        return nil unless content_type
-        if type = content_type.split(SPLIT_PATTERN, 2).first
-          type.rstrip!
-          type.downcase!
-          type
-        end
+        return nil unless content_type && !content_type.empty?
+        type = content_type.split(SPLIT_PATTERN, 2).first
+        type.rstrip!
+        type.downcase!
+        type
       end
 
       # The media type parameters provided in CONTENT_TYPE as a Hash, or
@@ -33,7 +32,7 @@ module Rack
       # and "text/plain;charset" will return { 'charset' => '' }, similarly to 
       # the query params parser (barring the latter case, which returns nil instead)).
       def params(content_type)
-        return {} if content_type.nil?
+        return {} if content_type.nil? || content_type.empty?
 
         content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh|
           s.strip!

data/lib/rack/mock_response.rb

@@ -10,33 +10,27 @@ module Rack
   # MockRequest.
 
   class MockResponse < Rack::Response
-    begin
-      # Recent versions of the CGI gem may not provide `CGI::Cookie`.
-      require 'cgi/cookie'
-      Cookie = CGI::Cookie
-    rescue LoadError
-      class Cookie
-        attr_reader :name, :value, :path, :domain, :expires, :secure
-
-        def initialize(args)
-          @name = args["name"]
-          @value = args["value"]
-          @path = args["path"]
-          @domain = args["domain"]
-          @expires = args["expires"]
-          @secure = args["secure"]
-        end
+    class Cookie
+      attr_reader :name, :value, :path, :domain, :expires, :secure
+
+      def initialize(args)
+        @name = args["name"]
+        @value = args["value"]
+        @path = args["path"]
+        @domain = args["domain"]
+        @expires = args["expires"]
+        @secure = args["secure"]
+      end
 
-        def method_missing(method_name, *args, &block)
-          @value.send(method_name, *args, &block)
-        end
-        # :nocov:
-        ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
-        # :nocov:
+      def method_missing(method_name, *args, &block)
+        @value.send(method_name, *args, &block)
+      end
+      # :nocov:
+      ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
+      # :nocov:
 
-        def respond_to_missing?(method_name, include_all = false)
-          @value.respond_to?(method_name, include_all) || super
-        end
+      def respond_to_missing?(method_name, include_all = false)
+        @value.respond_to?(method_name, include_all) || super
       end
     end
 

data/lib/rack/multipart/parser.rb

@@ -31,11 +31,25 @@ module Rack
     Error = BoundaryTooLongError
 
     EOL = "\r\n"
+    FWS = /[ \t]+(?:\r\n[ \t]+)?/ # whitespace with optional folding
+    HEADER_VALUE = "(?:[^\r\n]|\r\n[ \t])*" # anything but a non-folding CRLF
     MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
-    MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:(.*)(?=#{EOL}(\S|\z))/ni
-    MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
-
+    MULTIPART_CONTENT_TYPE = /^Content-Type:#{FWS}?(#{HEADER_VALUE})/ni
+    MULTIPART_CONTENT_DISPOSITION = /^Content-Disposition:#{FWS}?(#{HEADER_VALUE})/ni
+    MULTIPART_CONTENT_ID = /^Content-ID:#{FWS}?(#{HEADER_VALUE})/ni
+
+    # Rack::Multipart::Parser handles parsing of multipart/form-data requests.
+    #
+    # File Parameter Contents
+    #
+    # When processing file uploads, the parser returns a hash containing
+    # information about uploaded files. For +file+ parameters, the hash includes:
+    #
+    # * +:filename+ - The original filename, already URL decoded by the parser
+    # * +:type+ - The content type of the uploaded file  
+    # * +:name+ - The parameter name from the form
+    # * +:tempfile+ - A Tempfile object containing the uploaded data
+    # * +:head+ - The raw header content for this part
     class Parser
       BUFSIZE = 1_048_576
       TEXT_PLAIN = "text/plain"
@@ -241,7 +255,8 @@ module Rack
         @collector.each do |part|
           part.get_data do |data|
             tag_multipart_encoding(part.filename, part.content_type, part.name, data)
-            @query_parser.normalize_params(@params, part.name, data)
+            name, data = handle_dummy_encoding(part.name, data)
+            @query_parser.normalize_params(@params, name, data)
           end
         end
         MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
@@ -249,12 +264,6 @@ module Rack
 
       private
 
-      def dequote(str) # From WEBrick::HTTPUtils
-        ret = (/\A"(.*)"\Z/ =~ str) ? $1 : str.dup
-        ret.gsub!(/\\(.)/, "\\1")
-        ret
-      end
-
       def read_data(io, outbuf)
         content = io.read(@bufsize, outbuf)
         handle_empty_content!(content)
@@ -492,6 +501,25 @@ module Rack
         Encoding::BINARY
       end
 
+      REENCODE_DUMMY_ENCODINGS = {
+        # ISO-2022-JP is a legacy but still widely used encoding in Japan
+        # Here we convert ISO-2022-JP to UTF-8 so that it can be handled.
+        Encoding::ISO_2022_JP => true
+
+        # Other dummy encodings are rarely used and have not been supported yet.
+        # Adding support for them will require careful considerations.
+      }
+
+      def handle_dummy_encoding(name, body)
+        # A string object with a 'dummy' encoding does not have full functionality and can cause errors.
+        # So here we covert it to UTF-8 so that it can be handled properly.
+        if name.encoding.dummy? && REENCODE_DUMMY_ENCODINGS[name.encoding]
+          name = name.encode(Encoding::UTF_8)
+          body = body.encode(Encoding::UTF_8)
+        end
+        return name, body
+      end
+
       def handle_empty_content!(content)
         if content.nil? || content.empty?
           raise EmptyContentError

data/lib/rack/multipart/uploaded_file.rb

@@ -5,14 +5,47 @@ require 'fileutils'
 
 module Rack
   module Multipart
+    # Despite the misleading name, UploadedFile is designed for use for
+    # preparing multipart file upload bodies, generally for use in tests.
+    # It is not designed for and should not be used for handling uploaded
+    # files (there is no need for that, since Rack's multipart parser
+    # already creates Tempfiles for that). Using this with non-trusted
+    # filenames can create a security vulnerability.
+    #
+    # You should only use this class if you plan on passing the instances
+    # to Rack::MockRequest for use in creating multipart request bodies.
+    #
+    # UploadedFile delegates most methods to the tempfile it contains.
     class UploadedFile
-
-      # The filename, *not* including the path, of the "uploaded" file
+      # The provided name of the file. This generally is the basename of
+      # path provided during initialization, but it can contain slashes if they
+      # were present in the filename argument when the instance was created.
       attr_reader :original_filename
 
-      # The content type of the "uploaded" file
+      # The content type of the instance.
       attr_accessor :content_type
 
+      # Create a new UploadedFile.  For backwards compatibility, this accepts
+      # both positional and keyword versions of the same arguments:
+      #
+      # filepath/path :: The path to the file
+      # ct/content_type :: The content_type of the file
+      # bin/binary :: Whether to set binmode on the file before copying data into it.
+      #
+      # If both positional and keyword arguments are present, the keyword arguments
+      # take precedence.
+      #
+      # The following keyword-only arguments are also accepted:
+      #
+      # filename :: Override the filename to use for the file.  This is so the
+      #             filename for the upload does not need to match the basename of
+      #             the file path.  This should not contain slashes, unless you are
+      #             trying to test how an application handles invalid filenames in
+      #             multipart upload bodies.
+      # io :: Use the given IO-like instance as the tempfile, instead of creating
+      #       a Tempfile instance.  This is useful for building multipart file
+      #       upload bodies without a file being present on the filesystem. If you are
+      #       providing this, you should also provide the filename argument.
       def initialize(filepath = nil, ct = "text/plain", bin = false,
                      path: filepath, content_type: ct, binary: bin, filename: nil, io: nil)
         if io
@@ -28,15 +61,19 @@ module Rack
         @content_type = content_type
       end
 
+      # The path of the tempfile for the instance, if the tempfile has a path.
+      # nil if the tempfile does not have a path.
       def path
         @tempfile.path if @tempfile.respond_to?(:path)
       end
       alias_method :local_path, :path
 
-      def respond_to?(*args)
-        super or @tempfile.respond_to?(*args)
+      # Return true if the tempfile responds to the method.
+      def respond_to_missing?(*args)
+        @tempfile.respond_to?(*args)
       end
 
+      # Delegate method missing calls to the tempfile.
       def method_missing(method_name, *args, &block) #:nodoc:
         @tempfile.__send__(method_name, *args, &block)
       end

data/lib/rack/query_parser.rb

@@ -69,14 +69,9 @@ module Rack
     # to parse cookies by changing the characters used in the second parameter
     # (which defaults to '&').
     def parse_query(qs, separator = nil, &unescaper)
-      unescaper ||= method(:unescape)
-
       params = make_params
 
-      check_query_string(qs, separator).split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
-        next if p.empty?
-        k, v = p.split('=', 2).map!(&unescaper)
-
+      each_query_pair(qs, separator, unescaper) do |k, v|
         if cur = params[k]
           if cur.class == Array
             params[k] << v
@@ -91,6 +86,19 @@ module Rack
       return params.to_h
     end
 
+    # Parses a query string by breaking it up at the '&', returning all key-value
+    # pairs as an array of [key, value] arrays. Unlike parse_query, this preserves
+    # all duplicate keys rather than collapsing them.
+    def parse_query_pairs(qs, separator = nil)
+      pairs = []
+
+      each_query_pair(qs, separator) do |k, v|
+        pairs << [k, v]
+      end
+
+      pairs
+    end
+
     # parse_nested_query expands a query string into structural types. Supported
     # types are Arrays, Hashes and basic value types. It is possible to supply
     # query strings with parameters of conflicting types, in this case a
@@ -99,17 +107,11 @@ module Rack
     def parse_nested_query(qs, separator = nil)
       params = make_params
 
-      unless qs.nil? || qs.empty?
-        check_query_string(qs, separator).split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
-          k, v = p.split('=', 2).map! { |s| unescape(s) }
-
-          _normalize_params(params, k, v, 0)
-        end
+      each_query_pair(qs, separator) do |k, v|
+        _normalize_params(params, k, v, 0)
       end
 
       return params.to_h
-    rescue ArgumentError => e
-      raise InvalidParameterError, e.message, e.backtrace
     end
 
     # normalize_params recursively expands parameters into structural types. If
@@ -215,20 +217,35 @@ module Rack
       true
     end
 
-    def check_query_string(qs, sep)
-      if qs
-        if qs.bytesize > @bytesize_limit
-          raise QueryLimitError, "total query size (#{qs.bytesize}) exceeds limit (#{@bytesize_limit})"
-        end
+    def each_query_pair(qs, separator, unescaper = nil)
+      return if !qs || qs.empty?
 
-        if (param_count = qs.count(sep.is_a?(String) ? sep : '&')) >= @params_limit
-          raise QueryLimitError, "total number of query parameters (#{param_count+1}) exceeds limit (#{@params_limit})"
-        end
+      if qs.bytesize > @bytesize_limit
+        raise QueryLimitError, "total query size (#{qs.bytesize}) exceeds limit (#{@bytesize_limit})"
+      end
+
+      pairs = qs.split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP, @params_limit + 1)
+
+      if pairs.size > @params_limit
+        param_count = pairs.size + pairs.last.count(separator || "&")
+        raise QueryLimitError, "total number of query parameters (#{param_count}) exceeds limit (#{@params_limit})"
+      end
 
-        qs
+      if unescaper
+        pairs.each do |p|
+          next if p.empty?
+          k, v = p.split('=', 2).map!(&unescaper)
+          yield k, v
+        end
       else
-        ''
+        pairs.each do |p|
+          next if p.empty?
+          k, v = p.split('=', 2).map! { |s| unescape(s) }
+          yield k, v
+        end
       end
+    rescue ArgumentError => e
+      raise InvalidParameterError, e.message, e.backtrace
     end
 
     def unescape(string, encoding = Encoding::UTF_8)

data/lib/rack/request.rb

@@ -61,9 +61,14 @@ module Rack
 
     def initialize(env)
       @env = env
+      @ip = nil
       @params = nil
     end
 
+    def ip
+      @ip ||= super
+    end
+
     def params
       @params ||= super
     end
@@ -398,8 +403,8 @@ module Rack
               return forwarded.last
             end
           when :x_forwarded
-            if value = get_header(HTTP_X_FORWARDED_HOST)
-              return wrap_ipv6(split_header(value).last)
+            if (value = get_header(HTTP_X_FORWARDED_HOST)) && (x_forwarded_host = split_header(value).last)
+              return wrap_ipv6(x_forwarded_host)
             end
           end
         end
@@ -413,10 +418,9 @@ module Rack
 
       def ip
         remote_addresses = split_header(get_header('REMOTE_ADDR'))
-        external_addresses = reject_trusted_ip_addresses(remote_addresses)
 
-        unless external_addresses.empty?
-          return external_addresses.last
+        remote_addresses.reverse_each do |ip|
+          return ip unless trusted_proxy?(ip)
         end
 
         if (forwarded_for = self.forwarded_for) && !forwarded_for.empty?
@@ -424,7 +428,10 @@ module Rack
           # So we reject all the trusted addresses (proxy*) and return the
           # last client. Or if we trust everyone, we just return the first
           # address.
-          return reject_trusted_ip_addresses(forwarded_for).last || forwarded_for.first
+          forwarded_for.reverse_each do |ip|
+            return ip unless trusted_proxy?(ip)
+          end
+          return forwarded_for.first
         end
 
         # If all the addresses are trusted, and we aren't forwarded, just return
@@ -482,51 +489,29 @@ module Rack
 
       # Returns the data received in the query string.
       def GET
-        rr_query_string = get_header(RACK_REQUEST_QUERY_STRING)
-        query_string = self.query_string
-        if rr_query_string == query_string
-          get_header(RACK_REQUEST_QUERY_HASH)
-        else
-          if rr_query_string
-            warn "query string used for GET parsing different from current query string. Starting in Rack 3.2, Rack will used the cached GET value instead of parsing the current query string.", uplevel: 1
-          end
-          query_hash = parse_query(query_string, '&')
-          set_header(RACK_REQUEST_QUERY_STRING, query_string)
-          set_header(RACK_REQUEST_QUERY_HASH, query_hash)
-        end
+        get_header(RACK_REQUEST_QUERY_HASH) || set_header(RACK_REQUEST_QUERY_HASH, parse_query(query_string, '&'))
       end
 
-      # Returns the data received in the request body.
+      # Returns the form data pairs received in the request body.
       #
       # This method support both application/x-www-form-urlencoded and
       # multipart/form-data.
-      def POST
-        if error = get_header(RACK_REQUEST_FORM_ERROR)
+      def form_pairs
+        if pairs = get_header(RACK_REQUEST_FORM_PAIRS)
+          return pairs
+        elsif error = get_header(RACK_REQUEST_FORM_ERROR)
           raise error.class, error.message, cause: error.cause
         end
 
         begin
           rack_input = get_header(RACK_INPUT)
 
-          # If the form hash was already memoized:
-          if form_hash = get_header(RACK_REQUEST_FORM_HASH)
-            form_input = get_header(RACK_REQUEST_FORM_INPUT)
-            # And it was memoized from the same input:
-            if form_input.equal?(rack_input)
-              return form_hash
-            elsif form_input
-              warn "input stream used for POST parsing different from current input stream. Starting in Rack 3.2, Rack will used the cached POST value instead of parsing the current input stream.", uplevel: 1
-            end
-          end
-
           # Otherwise, figure out how to parse the input:
           if rack_input.nil?
-            set_header RACK_REQUEST_FORM_INPUT, nil
-            set_header(RACK_REQUEST_FORM_HASH, {})
+            set_header(RACK_REQUEST_FORM_PAIRS, [])
           elsif form_data? || parseable_data?
             if pairs = Rack::Multipart.parse_multipart(env, Rack::Multipart::ParamList)
               set_header RACK_REQUEST_FORM_PAIRS, pairs
-              set_header RACK_REQUEST_FORM_HASH, expand_param_pairs(pairs)
             else
               form_vars = get_header(RACK_INPUT).read
 
@@ -535,14 +520,11 @@ module Rack
               form_vars.slice!(-1) if form_vars.end_with?("\0")
 
               set_header RACK_REQUEST_FORM_VARS, form_vars
-              set_header RACK_REQUEST_FORM_HASH, parse_query(form_vars, '&')
+              pairs = query_parser.parse_query_pairs(form_vars, '&')
+              set_header(RACK_REQUEST_FORM_PAIRS, pairs)
             end
-
-            set_header RACK_REQUEST_FORM_INPUT, get_header(RACK_INPUT)
-            get_header RACK_REQUEST_FORM_HASH
           else
-            set_header RACK_REQUEST_FORM_INPUT, get_header(RACK_INPUT)
-            set_header(RACK_REQUEST_FORM_HASH, {})
+            set_header(RACK_REQUEST_FORM_PAIRS, [])
           end
         rescue => error
           set_header(RACK_REQUEST_FORM_ERROR, error)
@@ -550,6 +532,21 @@ module Rack
         end
       end
 
+      # Returns the data received in the request body.
+      #
+      # This method support both application/x-www-form-urlencoded and
+      # multipart/form-data.
+      def POST
+        if form_hash = get_header(RACK_REQUEST_FORM_HASH)
+          return form_hash
+        elsif error = get_header(RACK_REQUEST_FORM_ERROR)
+          raise error.class, error.message, cause: error.cause
+        end
+
+        pairs = form_pairs
+        set_header RACK_REQUEST_FORM_HASH, expand_param_pairs(pairs)
+      end
+
       # The union of GET and POST data.
       #
       # Note that modifications will not be persisted in the env. Use update_param or delete_param if you want to destructively modify params.
@@ -557,6 +554,10 @@ module Rack
         self.GET.merge(self.POST)
       end
 
+      # Allow overriding the query parser that the receiver will use.
+      # By default Rack::Utils.default_query_parser is used.
+      attr_writer :query_parser
+
       # Destructively update a parameter, whether it's in GET and/or POST. Returns nil.
       #
       # The parameter is updated wherever it was previous defined, so GET, POST, or both. If it wasn't previously defined, it's inserted into GET.
@@ -616,13 +617,6 @@ module Rack
         Rack::Request.ip_filter.call(ip)
       end
 
-      # like Hash#values_at
-      def values_at(*keys)
-        warn("Request#values_at is deprecated and will be removed in a future version of Rack. Please use request.params.values_at instead", uplevel: 1)
-        
-        keys.map { |key| params[key] }
-      end
-
       private
 
       def default_session; {}; end
@@ -670,7 +664,7 @@ module Rack
       end
 
       def query_parser
-        Utils.default_query_parser
+        @query_parser || Utils.default_query_parser
       end
 
       def parse_query(qs, d = '&')
@@ -678,6 +672,7 @@ module Rack
       end
 
       def parse_multipart
+        warn "Rack::Request#parse_multipart is deprecated and will be removed in a future version of Rack.", uplevel: 1
         Rack::Multipart.extract_multipart(self, query_parser)
       end
 
@@ -692,7 +687,7 @@ module Rack
       end
 
       def split_header(value)
-        value ? value.strip.split(/[,\s]+/) : []
+        value ? value.strip.split(/[, \t]+/) : []
       end
 
       # ipv6 extracted from resolv stdlib, simplified
@@ -740,10 +735,6 @@ module Rack
         return match[:host], match[:address], match[:port]&.to_i
       end
 
-      def reject_trusted_ip_addresses(ip_addresses)
-        ip_addresses.reject { |ip| trusted_proxy?(ip) }
-      end
-
       FORWARDED_SCHEME_HEADERS = {
         proto: HTTP_X_FORWARDED_PROTO,
         scheme: HTTP_X_FORWARDED_SCHEME

data/lib/rack/rewindable_input.rb

@@ -21,7 +21,10 @@ module Rack
       end
 
       def call(env)
-        env[RACK_INPUT] = RewindableInput.new(env[RACK_INPUT])
+        if (input = env[RACK_INPUT])
+          env[RACK_INPUT] = RewindableInput.new(input)
+        end
+
         @app.call(env)
       end
     end

data/lib/rack/show_exceptions.rb

@@ -65,8 +65,12 @@ module Rack
     def dump_exception(exception)
       if exception.respond_to?(:detailed_message)
         message = exception.detailed_message(highlight: false)
+      # :nocov:
+      # Ruby 3.2 added Exception#detailed_message, so the else
+      # branch cannot be hit on the current Ruby version.
       else
         message = exception.message
+      # :nocov:
       end
       string = "#{exception.class}: #{message}\n".dup
       string << exception.backtrace.map { |l| "\t#{l}" }.join("\n")
@@ -401,7 +405,5 @@ module Rack
       </body>
       </html>
     HTML
-
-    # :startdoc:
   end
 end

data/lib/rack/show_status.rb

@@ -117,7 +117,5 @@ TEMPLATE = <<'HTML'
 </body>
 </html>
 HTML
-
-    # :startdoc:
   end
 end