rest-client 1.6.14

data/bin/restclient

@@ -0,0 +1,93 @@
+#!/usr/bin/env ruby
+
+$:.unshift File.dirname(__FILE__) + "/../lib"
+
+require 'rubygems'
+require 'restclient'
+require 'yaml'
+
+def usage(why = nil)
+  puts "failed for reason: #{why}" if why
+  puts "usage: restclient [get|put|post|delete] url|name [username] [password]"
+  puts "  The verb is optional, if you leave it off you'll get an interactive shell."
+  puts "  put and post both take the input body on stdin."
+  exit(1)
+end
+
+POSSIBLE_VERBS = ['get', 'put', 'post', 'delete']
+
+if POSSIBLE_VERBS.include? ARGV.first
+  @verb = ARGV.shift
+else
+  @verb = nil
+end
+
+@url = ARGV.shift || 'http://localhost:4567'
+
+config = YAML.load(File.read(ENV['HOME'] + "/.restclient")) rescue {}
+
+@url, @username, @password = if c = config[@url]
+  [c['url'], c['username'], c['password']]
+else
+  [@url, * ARGV]
+end
+
+usage("invalid url '#{@url}") unless @url =~ /^https?/
+usage("too few args") unless ARGV.size < 3
+
+def r
+  @r ||= RestClient::Resource.new(@url, @username, @password)
+end
+
+r # force rc to load
+
+if @verb
+  begin
+    if %w( put post ).include? @verb
+      puts r.send(@verb, STDIN.read)
+    else
+      puts r.send(@verb)
+    end
+    exit 0
+  rescue RestClient::Exception => e
+    puts e.response.body if e.respond_to? :response
+    raise
+  end
+end
+
+POSSIBLE_VERBS.each do |m|
+  eval <<-end_eval
+def  #{m}(path, *args, &b)
+	r[path].#{m}(*args, &b)
+end
+  end_eval
+end
+
+def method_missing(s, * args, & b)
+  if POSSIBLE_VERBS.include? s
+    begin
+      r.send(s, *args, & b)
+    rescue RestClient::RequestFailed => e
+      print STDERR, e.response.body
+      raise e
+    end
+  else
+    super
+  end
+end
+
+require 'irb'
+require 'irb/completion'
+
+if File.exists? ".irbrc"
+  ENV['IRBRC'] = ".irbrc"
+end
+
+if File.exists?(File.expand_path(rcfile = "~/.restclientrc"))
+  load(rcfile)
+end
+
+ARGV.clear
+
+IRB.start
+exit!

data/history.md

@@ -0,0 +1,160 @@
+# 1.6.14
+
+- This release is unchanged from 1.6.9. It was published in order to supersede
+  the malicious 1.6.10-13 versions, even for users who are still pinning to the
+  legacy 1.6.x series. All users are encouraged to upgrade to rest-client 2.x.
+
+# 1.6.10, 1.6.11, 1.6.12, 1.6.13 (CVE-2019-15224)
+
+- These versions were pushed by a malicious actor and included a backdoor permitting
+  remote code execution in Rails environments.
+- They were live for about five days before being yanked.
+  https://github.com/rest-client/rest-client/issues/713
+
+# 1.6.9
+
+- Move rdoc to a development dependency
+
+# 1.6.8
+
+- The 1.6.x series will be the last to support Ruby 1.8.7
+- Pin mime-types to < 2.0 to maintain Ruby 1.8.7 support
+- Add Gemfile, AUTHORS, add license to gemspec
+- Point homepage at https://github.com/rest-client/rest-client
+- Clean up and fix various tests and ruby warnings
+- Backport `ssl_verify_callback` functionality from 1.7.0
+
+# 1.6.7
+
+- rebuild with 1.8.7 to avoid https://github.com/rubygems/rubygems/pull/57
+
+# 1.6.6
+
+- 1.6.5 was yanked
+
+# 1.6.5
+
+- RFC6265 requires single SP after ';' for separating parameters pairs in the 'Cookie:' header (patch provided by Hiroshi Nakamura)
+- enable url parameters for all actions
+- detect file parameters in arrays
+- allow disabling the timeouts by passing -1 (patch provided by Sven Böhm)
+
+# 1.6.4
+
+- fix restclient script compatibility with 1.9.2
+- fix unlinking temp file (patch provided by Evan Smith)
+- monkeypatching ruby for http patch method (patch provided by Syl Turner)
+
+# 1.6.3
+
+- 1.6.2 was yanked
+
+# 1.6.2
+
+- add support for HEAD in resources (patch provided by tpresa)
+- fix shell for 1.9.2
+- workaround when some gem monkeypatch net/http (patch provided by Ian Warshak)
+- DELETE requests should process parameters just like GET and HEAD
+- adding :block_response parameter for manual processing
+- limit number of redirections (patch provided by Chris Dinn)
+- close and unlink the temp file created by playload (patch provided by Chris Green)
+- make gemspec Rubygems 1.8 compatible (patch provided by David Backeus)
+- added RestClient.reset_before_execution_procs (patch provided by Cloudify)
+- added PATCH method (patch provided by Jeff Remer)
+- hack for HTTP servers that use raw DEFLATE compression, see http://www.ruby-forum.com/topic/136825 (path provided by James Reeves)
+
+# 1.6.1
+
+- add response body in Exception#inspect
+- add support for RestClient.options
+- fix tests for 1.9.2 (patch provided by Niko Dittmann)
+- block passing in Resource#[] (patch provided by Niko Dittmann)
+- cookies set in a response should be kept in a redirect
+- HEAD requests should process parameters just like GET (patch provided by Rob Eanes)
+- exception message should never be nil (patch provided by Michael Klett)
+
+# 1.6.0
+
+- forgot to include rest-client.rb in the gem
+- user, password and user-defined headers should survive a redirect
+- added all missing status codes
+- added parameter passing for get request using the :param key in header
+- the warning about the logger when using a string was a bad idea
+- multipart parameters names should not be escaped
+- remove the cookie escaping introduced by migrating to CGI cookie parsing in 1.5.1
+- add a streamed payload type (patch provided by Caleb Land)
+- Exception#http_body works even when no response
+
+# 1.5.1
+
+- only converts headers keys which are Symbols
+- use CGI for cookie parsing instead of custom code
+- unescape user and password before using them (patch provided by Lars Gierth)
+- expand ~ in ~/.restclientrc (patch provided by Mike Fletcher)
+- ssl verification raise an exception when the ca certificate is incorrect (patch provided by Braintree)
+
+# 1.5.0
+
+- the response is now a String with the Response module a.k.a. the change in 1.4.0 was a mistake (Response.body is returning self for compatability)
+- added AbstractResponse.to_i to improve semantic
+- multipart Payloads ignores the name attribute if it's not set (patch provided by Tekin Suleyman)
+- correctly takes into account user headers whose keys are strings (path provided by Cyril Rohr)
+- use binary mode for payload temp file
+- concatenate cookies with ';'
+- fixed deeper parameter handling
+- do not quote the boundary in the Content-Type header (patch provided by W. Andrew Loe III)
+
+# 1.4.2
+
+- fixed RestClient.add_before_execution_proc (patch provided by Nicholas Wieland)
+- fixed error when an exception is raised without a response (patch provided by Caleb Land)
+
+# 1.4.1
+
+- fixed parameters managment when using hash
+
+# 1.4.0
+
+- Response is no more a String, and the mixin is replaced by an abstract_response, existing calls are redirected to response body with a warning.
+- enable repeated parameters  RestClient.post 'http://example.com/resource', :param1 => ['one', 'two', 'three'], => :param2 => 'foo' (patch provided by Rodrigo Panachi)
+- fixed the redirect code concerning relative path and query string combination (patch provided by Kevin Read)
+- redirection code moved to Response so redirection can be customized using the block syntax
+- only get and head redirections are now followed by default, as stated in the specification
+- added RestClient.add_before_execution_proc to hack the http request, like for oauth
+
+The response change may be breaking in rare cases.
+
+# 1.3.1
+
+- added compatibility to enable responses in exception to act like Net::HTTPResponse
+
+# 1.3.0
+
+- a block can be used to process a request's result, this enable to handle custom error codes or paththrought (design by Cyril Rohr)
+- cleaner log API, add a warning for some cases but should be compatible
+- accept multiple "Set-Cookie" headers, see http://www.ietf.org/rfc/rfc2109.txt (patch provided by Cyril Rohr)
+- remove "Content-Length" and "Content-Type" headers when following a redirection (patch provided by haarts)
+- all http error codes have now a corresponding exception class and all of them contain the Reponse -> this means that the raised exception can be different
+- changed "Content-Disposition: multipart/form-data" to "Content-Disposition: form-data" per RFC 2388 (patch provided by Kyle Crawford)
+
+The only breaking change should be the exception classes, but as the new classes inherits from the existing ones, the breaking cases should be rare.
+
+# 1.2.0
+
+- formatting changed from tabs to spaces
+- logged requests now include generated headers
+- accept and content-type headers can now be specified using extentions: RestClient.post "http://example.com/resource", { 'x' => 1 }.to_json, :content_type => :json, :accept => :json
+- should be 1.1.1 but renamed to 1.2.0 because 1.1.X versions has already been packaged on Debian
+
+# 1.1.0
+
+- new maintainer: Archiloque, the working repo is now at http://github.com/archiloque/rest-client
+- a mailing list has been created at rest.client@librelist.com and an freenode irc channel #rest-client
+- François Beausoleil' multipart code from http://github.com/francois/rest-client has been merged
+- ability to use hash in hash as payload
+- the mime-type code now rely on the mime-types gem http://mime-types.rubyforge.org/ instead of an internal partial list
+- 204 response returns a Response instead of nil (patch provided by Elliott Draper)
+
+All changes exept the last one should be fully compatible with the previous version.
+
+NOTE: due to a dependency problem and to the last change, heroku users should update their heroku gem to >= 1.5.3 to be able to use this version.

data/lib/rest-client.rb

@@ -0,0 +1,2 @@
+# More logical way to require 'rest-client'
+require File.dirname(__FILE__) + '/restclient'

data/lib/rest_client.rb

@@ -0,0 +1,2 @@
+# This file exists for backward compatbility with require 'rest_client'
+require File.dirname(__FILE__) + '/restclient'

data/lib/restclient.rb

@@ -0,0 +1,170 @@
+require 'uri'
+require 'zlib'
+require 'stringio'
+
+begin
+  require 'net/https'
+rescue LoadError => e
+  raise e unless RUBY_PLATFORM =~ /linux/
+  raise LoadError, "no such file to load -- net/https. Try running apt-get install libopenssl-ruby"
+end
+
+require File.dirname(__FILE__) + '/restclient/version'
+require File.dirname(__FILE__) + '/restclient/platform'
+require File.dirname(__FILE__) + '/restclient/exceptions'
+require File.dirname(__FILE__) + '/restclient/request'
+require File.dirname(__FILE__) + '/restclient/abstract_response'
+require File.dirname(__FILE__) + '/restclient/response'
+require File.dirname(__FILE__) + '/restclient/raw_response'
+require File.dirname(__FILE__) + '/restclient/resource'
+require File.dirname(__FILE__) + '/restclient/payload'
+require File.dirname(__FILE__) + '/restclient/net_http_ext'
+
+# This module's static methods are the entry point for using the REST client.
+#
+#   # GET
+#   xml = RestClient.get 'http://example.com/resource'
+#   jpg = RestClient.get 'http://example.com/resource', :accept => 'image/jpg'
+#
+#   # authentication and SSL
+#   RestClient.get 'https://user:password@example.com/private/resource'
+#
+#   # POST or PUT with a hash sends parameters as a urlencoded form body
+#   RestClient.post 'http://example.com/resource', :param1 => 'one'
+#
+#   # nest hash parameters
+#   RestClient.post 'http://example.com/resource', :nested => { :param1 => 'one' }
+#
+#   # POST and PUT with raw payloads
+#   RestClient.post 'http://example.com/resource', 'the post body', :content_type => 'text/plain'
+#   RestClient.post 'http://example.com/resource.xml', xml_doc
+#   RestClient.put 'http://example.com/resource.pdf', File.read('my.pdf'), :content_type => 'application/pdf'
+#
+#   # DELETE
+#   RestClient.delete 'http://example.com/resource'
+#
+#   # retreive the response http code and headers
+#   res = RestClient.get 'http://example.com/some.jpg'
+#   res.code                    # => 200
+#   res.headers[:content_type]  # => 'image/jpg'
+#
+#   # HEAD
+#   RestClient.head('http://example.com').headers
+#
+# To use with a proxy, just set RestClient.proxy to the proper http proxy:
+#
+#   RestClient.proxy = "http://proxy.example.com/"
+#
+# Or inherit the proxy from the environment:
+#
+#   RestClient.proxy = ENV['http_proxy']
+#
+# For live tests of RestClient, try using http://rest-test.heroku.com, which echoes back information about the rest call:
+#
+#   >> RestClient.put 'http://rest-test.heroku.com/resource', :foo => 'baz'
+#   => "PUT http://rest-test.heroku.com/resource with a 7 byte payload, content type application/x-www-form-urlencoded {\"foo\"=>\"baz\"}"
+#
+module RestClient
+
+  def self.get(url, headers={}, &block)
+    Request.execute(:method => :get, :url => url, :headers => headers, &block)
+  end
+
+  def self.post(url, payload, headers={}, &block)
+    Request.execute(:method => :post, :url => url, :payload => payload, :headers => headers, &block)
+  end
+
+  def self.patch(url, payload, headers={}, &block)
+    Request.execute(:method => :patch, :url => url, :payload => payload, :headers => headers, &block)
+  end
+
+  def self.put(url, payload, headers={}, &block)
+    Request.execute(:method => :put, :url => url, :payload => payload, :headers => headers, &block)
+  end
+
+  def self.delete(url, headers={}, &block)
+    Request.execute(:method => :delete, :url => url, :headers => headers, &block)
+  end
+
+  def self.head(url, headers={}, &block)
+    Request.execute(:method => :head, :url => url, :headers => headers, &block)
+  end
+
+  def self.options(url, headers={}, &block)
+    Request.execute(:method => :options, :url => url, :headers => headers, &block)
+  end
+
+  class << self
+    attr_accessor :proxy
+  end
+
+  # Setup the log for RestClient calls.
+  # Value should be a logger but can can be stdout, stderr, or a filename.
+  # You can also configure logging by the environment variable RESTCLIENT_LOG.
+  def self.log= log
+    @@log = create_log log
+  end
+
+  # Create a log that respond to << like a logger
+  # param can be 'stdout', 'stderr', a string (then we will log to that file) or a logger (then we return it)
+  def self.create_log param
+    if param
+      if param.is_a? String
+        if param == 'stdout'
+          stdout_logger = Class.new do
+            def << obj
+              STDOUT.puts obj
+            end
+          end
+          stdout_logger.new
+        elsif param == 'stderr'
+          stderr_logger = Class.new do
+            def << obj
+              STDERR.puts obj
+            end
+          end
+          stderr_logger.new
+        else
+          file_logger = Class.new do
+            attr_writer :target_file
+
+            def << obj
+              File.open(@target_file, 'a') { |f| f.puts obj }
+            end
+          end
+          logger = file_logger.new
+          logger.target_file = param
+          logger
+        end
+      else
+        param
+      end
+    end
+  end
+
+  @@env_log = create_log ENV['RESTCLIENT_LOG']
+
+  @@log = nil
+
+  def self.log # :nodoc:
+    @@env_log || @@log
+  end
+
+  @@before_execution_procs = []
+
+  # Add a Proc to be called before each request in executed.
+  # The proc parameters will be the http request and the request params.
+  def self.add_before_execution_proc &proc
+    @@before_execution_procs << proc
+  end
+
+  # Reset the procs to be called before each request is executed.
+  def self.reset_before_execution_procs
+    @@before_execution_procs = []
+  end
+
+  def self.before_execution_procs # :nodoc:
+    @@before_execution_procs
+  end
+
+end

data/lib/restclient/abstract_response.rb

@@ -0,0 +1,106 @@
+require 'cgi'
+
+module RestClient
+
+  module AbstractResponse
+
+    attr_reader :net_http_res, :args
+
+    # HTTP status code
+    def code
+      @code ||= @net_http_res.code.to_i
+    end
+
+    # A hash of the headers, beautified with symbols and underscores.
+    # e.g. "Content-type" will become :content_type.
+    def headers
+      @headers ||= AbstractResponse.beautify_headers(@net_http_res.to_hash)
+    end
+
+    # The raw headers.
+    def raw_headers
+      @raw_headers ||= @net_http_res.to_hash
+    end
+
+    # Hash of cookies extracted from response headers
+    def cookies
+      @cookies ||= (self.headers[:set_cookie] || {}).inject({}) do |out, cookie_content|
+        out.merge parse_cookie(cookie_content)
+      end
+    end
+
+    # Return the default behavior corresponding to the response code:
+    # the response itself for code in 200..206, redirection for 301, 302 and 307 in get and head cases, redirection for 303 and an exception in other cases
+    def return! request = nil, result = nil, & block
+      if (200..207).include? code
+        self
+      elsif [301, 302, 307].include? code
+        unless [:get, :head].include? args[:method]
+          raise Exceptions::EXCEPTIONS_MAP[code].new(self, code)
+        else
+          follow_redirection(request, result, & block)
+        end
+      elsif code == 303
+        args[:method] = :get
+        args.delete :payload
+        follow_redirection(request, result, & block)
+      elsif Exceptions::EXCEPTIONS_MAP[code]
+        raise Exceptions::EXCEPTIONS_MAP[code].new(self, code)
+      else
+        raise RequestFailed.new(self, code)
+      end
+    end
+
+    def to_i
+      code
+    end
+
+    def description
+      "#{code} #{STATUSES[code]} | #{(headers[:content_type] || '').gsub(/;.*$/, '')} #{size} bytes\n"
+    end
+
+    # Follow a redirection
+    def follow_redirection request = nil, result = nil, & block
+      url = headers[:location]
+      if url !~ /^http/
+        url = URI.parse(args[:url]).merge(url).to_s
+      end
+      args[:url] = url
+      if request
+        if request.max_redirects == 0
+          raise MaxRedirectsReached
+        end
+        args[:password] = request.password
+        args[:user] = request.user
+        args[:headers] = request.headers
+        args[:max_redirects] = request.max_redirects - 1
+        # pass any cookie set in the result
+        if result && result['set-cookie']
+          args[:headers][:cookies] = (args[:headers][:cookies] || {}).merge(parse_cookie(result['set-cookie']))
+        end
+      end
+      Request.execute args, &block
+    end
+
+    def AbstractResponse.beautify_headers(headers)
+      headers.inject({}) do |out, (key, value)|
+        out[key.gsub(/-/, '_').downcase.to_sym] = %w{ set-cookie }.include?(key.downcase) ? value : value.first
+        out
+      end
+    end
+
+    private
+
+    # Parse a cookie value and return its content in an Hash
+    def parse_cookie cookie_content
+      out = {}
+      CGI::Cookie::parse(cookie_content).each do |key, cookie|
+        unless ['expires', 'path'].include? key
+          out[CGI::escape(key)] = cookie.value[0] ? (CGI::escape(cookie.value[0]) || '') : ''
+        end
+      end
+      out
+    end
+  end
+
+end