rest-client 1.7.2-x64-mingw32 → 1.7.3-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rest-client might be problematic. Click here for more details.

checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: bc9b19f8abd8f264f4c7ac7acb61958e46a1cc42
4
+ data.tar.gz: bdaa911803deedb6cc50870ecc438f98fbd6ba8f
5
+ SHA512:
6
+ metadata.gz: d44146b63bc834c1edf8ac916c5f8a6c8ff322ff471114699464778fcd37a27509e7dedc71120ddc5b02c20244fb2a6615b6cb0a3a637916a61ad8dbc2defeb7
7
+ data.tar.gz: 88be594b35a8c7eca659b553fd79c09ee6aec9411f1eaa176c9bf1bba95822c7283fb1cba78c5c9528ad97d7581475ee59d9dccd93cc06f5c2d1a53c4a8f3ecb
data/history.md CHANGED
@@ -1,3 +1,9 @@
1
+ # 1.7.3
2
+
3
+ - Security: redact password in URI from logs (#349 / OSVDB-117461)
4
+ - Drop monkey patch on MIME::Types (added `type_for_extension` method, use
5
+ the public interface instead.
6
+
1
7
  # 1.7.2
2
8
 
3
9
  - Ignore duplicate certificates in CA store on Windows
@@ -195,8 +195,8 @@ module RestClient
195
195
  end
196
196
  end
197
197
 
198
- # backwards compatibility
199
198
  class RestClient::Request
199
+ # backwards compatibility
200
200
  Redirect = RestClient::Redirect
201
201
  Unauthorized = RestClient::Unauthorized
202
202
  RequestFailed = RestClient::RequestFailed
@@ -4,7 +4,7 @@ module RestClient
4
4
  # be false for jruby even on OS X.
5
5
  #
6
6
  # @return [Boolean]
7
- def self.mac?
7
+ def self.mac_mri?
8
8
  RUBY_PLATFORM.include?('darwin')
9
9
  end
10
10
 
@@ -334,7 +334,7 @@ module RestClient
334
334
 
335
335
  def print_verify_callback_warnings
336
336
  warned = false
337
- if RestClient::Platform.mac?
337
+ if RestClient::Platform.mac_mri?
338
338
  warn('warning: ssl_verify_callback return code is ignored on OS X')
339
339
  warned = true
340
340
  end
@@ -519,7 +519,18 @@ module RestClient
519
519
  return unless RestClient.log
520
520
 
521
521
  out = []
522
- out << "RestClient.#{method} #{url.inspect}"
522
+ sanitized_url = begin
523
+ uri = URI.parse(url)
524
+ uri.password = "REDACTED" if uri.password
525
+ uri.to_s
526
+ rescue URI::InvalidURIError
527
+ # An attacker may be able to manipulate the URL to be
528
+ # invalid, which could force discloure of a password if
529
+ # we show any of the un-parsed URL here.
530
+ "[invalid uri]"
531
+ end
532
+
533
+ out << "RestClient.#{method} #{sanitized_url.inspect}"
523
534
  out << payload.short_inspect if payload
524
535
  out << processed_headers.to_a.sort.map { |(k, v)| [k.inspect, v.inspect].join("=>") }.join(", ")
525
536
  RestClient.log << out.join(', ') + "\n"
@@ -544,8 +555,7 @@ module RestClient
544
555
  key = key.to_s.split(/_/).map { |w| w.capitalize }.join('-')
545
556
  end
546
557
  if 'CONTENT-TYPE' == key.upcase
547
- target_value = value.to_s
548
- result[key] = MIME::Types.type_for_extension target_value
558
+ result[key] = maybe_convert_extension(value.to_s)
549
559
  elsif 'ACCEPT' == key.upcase
550
560
  # Accept can be composed of several comma-separated values
551
561
  if value.is_a? Array
@@ -553,7 +563,9 @@ module RestClient
553
563
  else
554
564
  target_values = value.to_s.split ','
555
565
  end
556
- result[key] = target_values.map { |ext| MIME::Types.type_for_extension(ext.to_s.strip) }.join(', ')
566
+ result[key] = target_values.map { |ext|
567
+ maybe_convert_extension(ext.to_s.strip)
568
+ }.join(', ')
557
569
  else
558
570
  result[key] = value.to_s
559
571
  end
@@ -571,21 +583,38 @@ module RestClient
571
583
  URI.const_defined?(:Parser) ? URI::Parser.new : URI
572
584
  end
573
585
 
574
- end
575
- end
576
-
577
- module MIME
578
- class Types
579
-
580
- # Return the first found content-type for a value considered as an extension or the value itself
581
- def type_for_extension ext
582
- candidates = @extension_index[ext]
583
- candidates.empty? ? ext : candidates[0].content_type
584
- end
586
+ # Given a MIME type or file extension, return either a MIME type or, if
587
+ # none is found, the input unchanged.
588
+ #
589
+ # >> maybe_convert_extension('json')
590
+ # => 'application/json'
591
+ #
592
+ # >> maybe_convert_extension('unknown')
593
+ # => 'unknown'
594
+ #
595
+ # >> maybe_convert_extension('application/xml')
596
+ # => 'application/xml'
597
+ #
598
+ # @param ext [String]
599
+ #
600
+ # @return [String]
601
+ #
602
+ def maybe_convert_extension(ext)
603
+ unless ext =~ /\A[a-zA-Z0-9_@-]+\z/
604
+ # Don't look up strings unless they look like they could be a file
605
+ # extension known to mime-types.
606
+ #
607
+ # There currently isn't any API public way to look up extensions
608
+ # directly out of MIME::Types, but the type_for() method only strips
609
+ # off after a period anyway.
610
+ return ext
611
+ end
585
612
 
586
- class << self
587
- def type_for_extension ext
588
- @__types__.type_for_extension ext
613
+ types = MIME::Types.type_for(ext)
614
+ if types.empty?
615
+ ext
616
+ else
617
+ types.first.content_type
589
618
  end
590
619
  end
591
620
  end
@@ -1,5 +1,5 @@
1
1
  module RestClient
2
- VERSION = '1.7.2' unless defined?(self::VERSION)
2
+ VERSION = '1.7.3' unless defined?(self::VERSION)
3
3
 
4
4
  def self.version
5
5
  VERSION
@@ -34,7 +34,7 @@ describe RestClient::Request do
34
34
  #
35
35
  # On OS X, this test fails since Apple has patched OpenSSL to always fall
36
36
  # back on the system CA store.
37
- it "is unsuccessful with an incorrect ca_file", :unless => RestClient::Platform.mac? do
37
+ it "is unsuccessful with an incorrect ca_file", :unless => RestClient::Platform.mac_mri? do
38
38
  request = RestClient::Request.new(
39
39
  :method => :get,
40
40
  :url => 'https://www.mozilla.org',
@@ -45,7 +45,7 @@ describe RestClient::Request do
45
45
 
46
46
  # On OS X, this test fails since Apple has patched OpenSSL to always fall
47
47
  # back on the system CA store.
48
- it "is unsuccessful with an incorrect ca_path", :unless => RestClient::Platform.mac? do
48
+ it "is unsuccessful with an incorrect ca_path", :unless => RestClient::Platform.mac_mri? do
49
49
  request = RestClient::Request.new(
50
50
  :method => :get,
51
51
  :url => 'https://www.mozilla.org',
@@ -79,7 +79,7 @@ describe RestClient::Request do
79
79
  end
80
80
 
81
81
  it "fails verification when the callback returns false",
82
- :unless => RestClient::Platform.mac? do
82
+ :unless => RestClient::Platform.mac_mri? do
83
83
  request = RestClient::Request.new(
84
84
  :method => :get,
85
85
  :url => 'https://www.mozilla.org',
@@ -90,7 +90,7 @@ describe RestClient::Request do
90
90
  end
91
91
 
92
92
  it "succeeds verification when the callback returns true",
93
- :unless => RestClient::Platform.mac? do
93
+ :unless => RestClient::Platform.mac_mri? do
94
94
  request = RestClient::Request.new(
95
95
  :method => :get,
96
96
  :url => 'https://www.mozilla.org',
@@ -414,6 +414,18 @@ describe RestClient::Request do
414
414
  @request.log_response res
415
415
  log[0].should eq "# => 200 OK | text/html 0 bytes\n"
416
416
  end
417
+
418
+ it 'does not log request password' do
419
+ log = RestClient.log = []
420
+ RestClient::Request.new(:method => :get, :url => 'http://user:password@url', :headers => {:user_agent => 'rest-client', :accept => '*/*'}).log_request
421
+ log[0].should eq %Q{RestClient.get "http://user:REDACTED@url", "Accept"=>"*/*", "Accept-Encoding"=>"gzip, deflate", "User-Agent"=>"rest-client"\n}
422
+ end
423
+
424
+ it 'logs invalid URIs, even though they will fail elsewhere' do
425
+ log = RestClient.log = []
426
+ RestClient::Request.new(:method => :get, :url => 'http://a@b:c', :headers => {:user_agent => 'rest-client', :accept => '*/*'}).log_request
427
+ log[0].should eq %Q{RestClient.get "[invalid uri]", "Accept"=>"*/*", "Accept-Encoding"=>"gzip, deflate", "User-Agent"=>"rest-client"\n}
428
+ end
417
429
  end
418
430
 
419
431
  it "strips the charset from the response content type" do
metadata CHANGED
@@ -1,157 +1,140 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rest-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.2
5
- prerelease:
4
+ version: 1.7.3
6
5
  platform: x64-mingw32
7
6
  authors:
8
7
  - REST Client Team
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2014-07-14 00:00:00.000000000 Z
11
+ date: 2015-02-20 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: webmock
16
15
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
16
  requirements:
19
- - - ~>
17
+ - - "~>"
20
18
  - !ruby/object:Gem::Version
21
19
  version: '1.4'
22
20
  type: :development
23
21
  prerelease: false
24
22
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
23
  requirements:
27
- - - ~>
24
+ - - "~>"
28
25
  - !ruby/object:Gem::Version
29
26
  version: '1.4'
30
27
  - !ruby/object:Gem::Dependency
31
28
  name: rspec
32
29
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
30
  requirements:
35
- - - ~>
31
+ - - "~>"
36
32
  - !ruby/object:Gem::Version
37
33
  version: '2.4'
38
34
  type: :development
39
35
  prerelease: false
40
36
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
37
  requirements:
43
- - - ~>
38
+ - - "~>"
44
39
  - !ruby/object:Gem::Version
45
40
  version: '2.4'
46
41
  - !ruby/object:Gem::Dependency
47
42
  name: pry
48
43
  requirement: !ruby/object:Gem::Requirement
49
- none: false
50
44
  requirements:
51
- - - ! '>='
45
+ - - ">="
52
46
  - !ruby/object:Gem::Version
53
47
  version: '0'
54
48
  type: :development
55
49
  prerelease: false
56
50
  version_requirements: !ruby/object:Gem::Requirement
57
- none: false
58
51
  requirements:
59
- - - ! '>='
52
+ - - ">="
60
53
  - !ruby/object:Gem::Version
61
54
  version: '0'
62
55
  - !ruby/object:Gem::Dependency
63
56
  name: pry-doc
64
57
  requirement: !ruby/object:Gem::Requirement
65
- none: false
66
58
  requirements:
67
- - - ! '>='
59
+ - - ">="
68
60
  - !ruby/object:Gem::Version
69
61
  version: '0'
70
62
  type: :development
71
63
  prerelease: false
72
64
  version_requirements: !ruby/object:Gem::Requirement
73
- none: false
74
65
  requirements:
75
- - - ! '>='
66
+ - - ">="
76
67
  - !ruby/object:Gem::Version
77
68
  version: '0'
78
69
  - !ruby/object:Gem::Dependency
79
70
  name: rdoc
80
71
  requirement: !ruby/object:Gem::Requirement
81
- none: false
82
72
  requirements:
83
- - - ! '>='
73
+ - - ">="
84
74
  - !ruby/object:Gem::Version
85
75
  version: 2.4.2
86
- - - <
76
+ - - "<"
87
77
  - !ruby/object:Gem::Version
88
78
  version: '5.0'
89
79
  type: :development
90
80
  prerelease: false
91
81
  version_requirements: !ruby/object:Gem::Requirement
92
- none: false
93
82
  requirements:
94
- - - ! '>='
83
+ - - ">="
95
84
  - !ruby/object:Gem::Version
96
85
  version: 2.4.2
97
- - - <
86
+ - - "<"
98
87
  - !ruby/object:Gem::Version
99
88
  version: '5.0'
100
89
  - !ruby/object:Gem::Dependency
101
90
  name: mime-types
102
91
  requirement: !ruby/object:Gem::Requirement
103
- none: false
104
92
  requirements:
105
- - - ! '>='
93
+ - - ">="
106
94
  - !ruby/object:Gem::Version
107
95
  version: '1.16'
108
- - - <
96
+ - - "<"
109
97
  - !ruby/object:Gem::Version
110
98
  version: '3.0'
111
99
  type: :runtime
112
100
  prerelease: false
113
101
  version_requirements: !ruby/object:Gem::Requirement
114
- none: false
115
102
  requirements:
116
- - - ! '>='
103
+ - - ">="
117
104
  - !ruby/object:Gem::Version
118
105
  version: '1.16'
119
- - - <
106
+ - - "<"
120
107
  - !ruby/object:Gem::Version
121
108
  version: '3.0'
122
109
  - !ruby/object:Gem::Dependency
123
110
  name: netrc
124
111
  requirement: !ruby/object:Gem::Requirement
125
- none: false
126
112
  requirements:
127
- - - ~>
113
+ - - "~>"
128
114
  - !ruby/object:Gem::Version
129
115
  version: '0.7'
130
116
  type: :runtime
131
117
  prerelease: false
132
118
  version_requirements: !ruby/object:Gem::Requirement
133
- none: false
134
119
  requirements:
135
- - - ~>
120
+ - - "~>"
136
121
  - !ruby/object:Gem::Version
137
122
  version: '0.7'
138
123
  - !ruby/object:Gem::Dependency
139
124
  name: ffi
140
125
  requirement: !ruby/object:Gem::Requirement
141
- none: false
142
126
  requirements:
143
- - - ~>
127
+ - - "~>"
144
128
  - !ruby/object:Gem::Version
145
129
  version: '1.9'
146
130
  type: :runtime
147
131
  prerelease: false
148
132
  version_requirements: !ruby/object:Gem::Requirement
149
- none: false
150
133
  requirements:
151
- - - ~>
134
+ - - "~>"
152
135
  - !ruby/object:Gem::Version
153
136
  version: '1.9'
154
- description: ! 'A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework
137
+ description: 'A simple HTTP and REST client for Ruby, inspired by the Sinatra microframework
155
138
  style of specifying actions: get, put, post, delete.'
156
139
  email: rest.client@librelist.com
157
140
  executables:
@@ -161,9 +144,9 @@ extra_rdoc_files:
161
144
  - README.rdoc
162
145
  - history.md
163
146
  files:
164
- - .gitignore
165
- - .rspec
166
- - .travis.yml
147
+ - ".gitignore"
148
+ - ".rspec"
149
+ - ".travis.yml"
167
150
  - AUTHORS
168
151
  - Gemfile
169
152
  - LICENSE
@@ -214,30 +197,26 @@ files:
214
197
  homepage: https://github.com/rest-client/rest-client
215
198
  licenses:
216
199
  - MIT
200
+ metadata: {}
217
201
  post_install_message:
218
202
  rdoc_options: []
219
203
  require_paths:
220
204
  - lib
221
205
  required_ruby_version: !ruby/object:Gem::Requirement
222
- none: false
223
206
  requirements:
224
- - - ! '>='
207
+ - - ">="
225
208
  - !ruby/object:Gem::Version
226
209
  version: 1.9.2
227
210
  required_rubygems_version: !ruby/object:Gem::Requirement
228
- none: false
229
211
  requirements:
230
- - - ! '>='
212
+ - - ">="
231
213
  - !ruby/object:Gem::Version
232
214
  version: '0'
233
- segments:
234
- - 0
235
- hash: -4055888376059287478
236
215
  requirements: []
237
216
  rubyforge_project:
238
- rubygems_version: 1.8.23
217
+ rubygems_version: 2.2.2
239
218
  signing_key:
240
- specification_version: 3
219
+ specification_version: 4
241
220
  summary: Simple HTTP and REST client for Ruby, inspired by microframework syntax for
242
221
  specifying actions.
243
222
  test_files: