rubysl-webrick 1.0.0 → 2.0.0

data/lib/webrick/httpservlet/abstract.rb

@@ -18,17 +18,88 @@ module WEBrick
   module HTTPServlet
     class HTTPServletError < StandardError; end
 
+    ##
+    # AbstractServlet allows HTTP server modules to be reused across multiple
+    # servers and allows encapsulation of functionality.
+    #
+    # By default a servlet will respond to GET, HEAD (through an alias to GET)
+    # and OPTIONS requests.
+    #
+    # By default a new servlet is initialized for every request.  A servlet
+    # instance can be reused by overriding ::get_instance in the
+    # AbstractServlet subclass.
+    #
+    # == A Simple Servlet
+    #
+    #  class Simple < WEBrick::HTTPServlet::AbstractServlet
+    #    def do_GET request, response
+    #      status, content_type, body = do_stuff_with request
+    #
+    #      response.status = status
+    #      response['Content-Type'] = content_type
+    #      response.body = body
+    #    end
+    #
+    #    def do_stuff_with request
+    #      return 200, 'text/plain', 'you got a page'
+    #    end
+    #  end
+    #
+    # This servlet can be mounted on a server at a given path:
+    #
+    #   server.mount '/simple', Simple
+    #
+    # == Servlet Configuration
+    #
+    # Servlets can be configured via initialize.  The first argument is the
+    # HTTP server the servlet is being initialized for.
+    #
+    #  class Configurable < Simple
+    #    def initialize server, color, size
+    #      super server
+    #      @color = color
+    #      @size = size
+    #    end
+    #
+    #    def do_stuff_with request
+    #      content = "<p " \
+    #                %q{style="color: #{@color}; font-size: #{@size}"} \
+    #                ">Hello, World!"
+    #
+    #      return 200, "text/html", content
+    #    end
+    #  end
+    #
+    # This servlet must be provided two arguments at mount time:
+    #
+    #   server.mount '/configurable', Configurable, 'red', '2em'
+
     class AbstractServlet
-      def self.get_instance(config, *options)
-        self.new(config, *options)
+
+      ##
+      # Factory for servlet instances that will handle a request from +server+
+      # using +options+ from the mount point.  By default a new servlet
+      # instance is created for every call.
+
+      def self.get_instance(server, *options)
+        self.new(server, *options)
       end
 
+      ##
+      # Initializes a new servlet for +server+ using +options+ which are
+      # stored as-is in +@options+.  +@logger+ is also provided.
+
       def initialize(server, *options)
         @server = @config = server
         @logger = @server[:Logger]
         @options = options
       end
 
+      ##
+      # Dispatches to a +do_+ method based on +req+ if such a method is
+      # available.  (+do_GET+ for a GET request).  Raises a MethodNotAllowed
+      # exception if the method is not implemented.
+
       def service(req, res)
         method_name = "do_" + req.request_method.gsub(/-/, "_")
         if respond_to?(method_name)
@@ -39,27 +110,38 @@ module WEBrick
         end
       end
 
+      ##
+      # Raises a NotFound exception
+
       def do_GET(req, res)
         raise HTTPStatus::NotFound, "not found."
       end
 
+      ##
+      # Dispatches to do_GET
+
       def do_HEAD(req, res)
         do_GET(req, res)
       end
 
+      ##
+      # Returns the allowed HTTP request methods
+
       def do_OPTIONS(req, res)
-        m = self.methods.grep(/^do_[A-Z]+$/)
-        m.collect!{|i| i.sub(/do_/, "") }
+        m = self.methods.grep(/\Ado_([A-Z]+)\z/) {$1}
         m.sort!
         res["allow"] = m.join(",")
       end
 
       private
 
+      ##
+      # Redirects to a path ending in /
+
       def redirect_to_directory_uri(req, res)
         if req.path[-1] != ?/
-          location = req.path + "/"
-          if req.query_string && req.query_string.size > 0
+          location = WEBrick::HTTPUtils.escape_path(req.path + "/")
+          if req.query_string && req.query_string.bytesize > 0
             location << "?" << req.query_string
           end
           res.set_redirect(HTTPStatus::MovedPermanently, location)

data/lib/webrick/httpservlet/cgi_runner.rb

@@ -13,14 +13,13 @@ def sysread(io, size)
   while size > 0
     tmp = io.sysread(size)
     buf << tmp
-    size -= tmp.size
+    size -= tmp.bytesize
   end
   return buf
 end
 
 STDIN.binmode
 
-buf = ""
 len = sysread(STDIN, 8).to_i
 out = sysread(STDIN, len)
 STDOUT.reopen(open(out, "w"))
@@ -38,8 +37,10 @@ hash.each{|k, v| ENV[k] = v if v }
 dir = File::dirname(ENV["SCRIPT_FILENAME"])
 Dir::chdir dir
 
-if interpreter = ARGV[0]
-  exec(interpreter, ENV["SCRIPT_FILENAME"])
+if ARGV[0]
+  argv = ARGV.dup
+  argv << ENV["SCRIPT_FILENAME"]
+  exec(*argv)
   # NOTREACHED
 end
 exec ENV["SCRIPT_FILENAME"]

data/lib/webrick/httpservlet/cgihandler.rb

@@ -1,11 +1,11 @@
-# 
+#
 # cgihandler.rb -- CGIHandler Class
-#       
+#
 # Author: IPR -- Internet Programming with Ruby -- writers
 # Copyright (c) 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
 # Copyright (c) 2002 Internet Programming with Ruby writers. All rights
 # reserved.
-#   
+#
 # $IPR: cgihandler.rb,v 1.27 2003/03/21 19:56:01 gotoyuzo Exp $
 
 require 'rbconfig'
@@ -16,26 +16,39 @@ require 'webrick/httpservlet/abstract'
 module WEBrick
   module HTTPServlet
 
+    ##
+    # Servlet for handling CGI scripts
+    #
+    # Example:
+    #
+    #  server.mount('/cgi/my_script', WEBrick::HTTPServlet::CGIHandler,
+    #               '/path/to/my_script')
+
     class CGIHandler < AbstractServlet
-      Ruby = File::join(::Config::CONFIG['bindir'],
-                        ::Config::CONFIG['ruby_install_name'])
-      Ruby << ::Config::CONFIG['EXEEXT']
-      CGIRunner = "\"#{Ruby}\" \"#{Config::LIBDIR}/httpservlet/cgi_runner.rb\""
+      Ruby = RbConfig.ruby # :nodoc:
+      CGIRunner = "\"#{Ruby}\" \"#{WEBrick::Config::LIBDIR}/httpservlet/cgi_runner.rb\"" # :nodoc:
+
+      ##
+      # Creates a new CGI script servlet for the script at +name+
 
       def initialize(server, name)
-        super
+        super(server, name)
         @script_filename = name
         @tempdir = server[:TempDir]
         @cgicmd = "#{CGIRunner} #{server[:CGIInterpreter]}"
       end
 
+      # :stopdoc:
+
       def do_GET(req, res)
         data = nil
         status = -1
 
         cgi_in = IO::popen(@cgicmd, "wb")
-        cgi_out = Tempfile.new("webrick.cgiout.", @tempdir)
-        cgi_err = Tempfile.new("webrick.cgierr.", @tempdir)
+        cgi_out = Tempfile.new("webrick.cgiout.", @tempdir, mode: IO::BINARY)
+        cgi_out.set_encoding("ASCII-8BIT")
+        cgi_err = Tempfile.new("webrick.cgierr.", @tempdir, mode: IO::BINARY)
+        cgi_err.set_encoding("ASCII-8BIT")
         begin
           cgi_in.sync = true
           meta = req.meta_vars
@@ -46,14 +59,14 @@ module WEBrick
           end
           dump = Marshal.dump(meta)
 
-          cgi_in.write("%8d" % cgi_out.path.size)
+          cgi_in.write("%8d" % cgi_out.path.bytesize)
           cgi_in.write(cgi_out.path)
-          cgi_in.write("%8d" % cgi_err.path.size)
+          cgi_in.write("%8d" % cgi_err.path.bytesize)
           cgi_in.write(cgi_err.path)
-          cgi_in.write("%8d" % dump.size)
+          cgi_in.write("%8d" % dump.bytesize)
           cgi_in.write(dump)
 
-          if req.body and req.body.size > 0
+          if req.body and req.body.bytesize > 0
             cgi_in.write(req.body)
           end
         ensure
@@ -63,19 +76,19 @@ module WEBrick
           data = cgi_out.read
           cgi_out.close(true)
           if errmsg = cgi_err.read
-            if errmsg.size > 0
+            if errmsg.bytesize > 0
               @logger.error("CGIHandler: #{@script_filename}:\n" + errmsg)
             end
-          end 
+          end
           cgi_err.close(true)
         end
-        
+
         if status != 0
           @logger.error("CGIHandler: #{@script_filename} exit with #{status}")
         end
 
         data = "" unless data
-        raw_header, body = data.split(/^[\xd\xa]+/on, 2) 
+        raw_header, body = data.split(/^[\xd\xa]+/, 2)
         raise HTTPStatus::InternalServerError,
           "Premature end of script headers: #{@script_filename}" if body.nil?
 
@@ -85,6 +98,10 @@ module WEBrick
             res.status = $1.to_i
             header.delete('status')
           end
+          if header.has_key?('location')
+            # RFC 3875 6.2.3, 6.2.4
+            res.status = 302 unless (300...400) === res.status
+          end
           if header.has_key?('set-cookie')
             header['set-cookie'].each{|k|
               res.cookies << Cookie.parse_set_cookie(k)
@@ -98,6 +115,8 @@ module WEBrick
         res.body = body
       end
       alias do_POST do_GET
+
+      # :startdoc:
     end
 
   end

data/lib/webrick/httpservlet/erbhandler.rb

@@ -1,11 +1,11 @@
-# 
+#
 # erbhandler.rb -- ERBHandler Class
-# 
+#
 # Author: IPR -- Internet Programming with Ruby -- writers
 # Copyright (c) 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
 # Copyright (c) 2002 Internet Programming with Ruby writers. All rights
 # reserved.
-# 
+#
 # $IPR: erbhandler.rb,v 1.25 2003/02/24 19:25:31 gotoyuzo Exp $
 
 require 'webrick/httpservlet/abstract.rb'
@@ -15,12 +15,37 @@ require 'erb'
 module WEBrick
   module HTTPServlet
 
+    ##
+    # ERBHandler evaluates an ERB file and returns the result.  This handler
+    # is automatically used if there are .rhtml files in a directory served by
+    # the FileHandler.
+    #
+    # ERBHandler supports GET and POST methods.
+    #
+    # The ERB file is evaluated with the local variables +servlet_request+ and
+    # +servlet_response+ which are a WEBrick::HTTPRequest and
+    # WEBrick::HTTPResponse respectively.
+    #
+    # Example .rhtml file:
+    #
+    #   Request to <%= servlet_request.request_uri %>
+    #
+    #   Query params <%= servlet_request.query.inspect %>
+
     class ERBHandler < AbstractServlet
+
+      ##
+      # Creates a new ERBHandler on +server+ that will evaluate and serve the
+      # ERB file +name+
+
       def initialize(server, name)
-        super
+        super(server, name)
         @script_filename = name
       end
 
+      ##
+      # Handles GET requests
+
       def do_GET(req, res)
         unless defined?(ERB)
           @logger.warn "#{self.class}: ERB not defined."
@@ -29,7 +54,7 @@ module WEBrick
         begin
           data = open(@script_filename){|io| io.read }
           res.body = evaluate(ERB.new(data), req, res)
-          res['content-type'] =
+          res['content-type'] ||=
             HTTPUtils::mime_type(@script_filename, @config[:MimeTypes])
         rescue StandardError => ex
           raise
@@ -39,13 +64,21 @@ module WEBrick
         end
       end
 
+      ##
+      # Handles POST requests
+
       alias do_POST do_GET
 
       private
+
+      ##
+      # Evaluates +erb+ providing +servlet_request+ and +servlet_response+ as
+      # local variables.
+
       def evaluate(erb, servlet_request, servlet_response)
         Module.new.module_eval{
-          meta_vars = servlet_request.meta_vars
-          query = servlet_request.query
+          servlet_request.meta_vars
+          servlet_request.query
           erb.result(binding)
         }
       end

data/lib/webrick/httpservlet/filehandler.rb

@@ -18,12 +18,29 @@ require 'webrick/httpstatus'
 module WEBrick
   module HTTPServlet
 
+    ##
+    # Servlet for serving a single file.  You probably want to use the
+    # FileHandler servlet instead as it handles directories and fancy indexes.
+    #
+    # Example:
+    #
+    #   server.mount('/my_page.txt', WEBrick::HTTPServlet::DefaultFileHandler,
+    #                '/path/to/my_page.txt')
+    #
+    # This servlet handles If-Modified-Since and Range requests.
+
     class DefaultFileHandler < AbstractServlet
+
+      ##
+      # Creates a DefaultFileHandler instance for the file at +local_path+.
+
       def initialize(server, local_path)
-        super
+        super(server, local_path)
         @local_path = local_path
       end
 
+      # :stopdoc:
+
       def do_GET(req, res)
         st = File::stat(@local_path)
         mtime = st.mtime
@@ -32,7 +49,7 @@ module WEBrick
         if not_modified?(req, res, mtime, res['etag'])
           res.body = ''
           raise HTTPStatus::NotModified
-        elsif req['range'] 
+        elsif req['range']
           make_partial_content(req, res, @local_path, st.size)
           raise HTTPStatus::PartialContent
         else
@@ -87,7 +104,7 @@ module WEBrick
               content = io.read(last-first+1)
               body << "--" << boundary << CRLF
               body << "Content-Type: #{mtype}" << CRLF
-              body << "Content-Range: #{first}-#{last}/#{filesize}" << CRLF
+              body << "Content-Range: bytes #{first}-#{last}/#{filesize}" << CRLF
               body << CRLF
               body << content
               body << CRLF
@@ -107,7 +124,7 @@ module WEBrick
               content = io.read(last-first+1)
             end
             res['content-type'] = mtype
-            res['content-range'] = "#{first}-#{last}/#{filesize}"
+            res['content-range'] = "bytes #{first}-#{last}/#{filesize}"
             res['content-length'] = last - first + 1
             res.body = content
           else
@@ -123,19 +140,46 @@ module WEBrick
         last = filesize - 1 if last >= filesize
         return first, last
       end
+
+      # :startdoc:
     end
 
+    ##
+    # Serves a directory including fancy indexing and a variety of other
+    # options.
+    #
+    # Example:
+    #
+    #   server.mount '/assets', WEBrick::FileHandler, '/path/to/assets'
+
     class FileHandler < AbstractServlet
-      HandlerTable = Hash.new
+      HandlerTable = Hash.new # :nodoc:
+
+      ##
+      # Allow custom handling of requests for files with +suffix+ by class
+      # +handler+
 
       def self.add_handler(suffix, handler)
         HandlerTable[suffix] = handler
       end
 
+      ##
+      # Remove custom handling of requests for files with +suffix+
+
       def self.remove_handler(suffix)
         HandlerTable.delete(suffix)
       end
 
+      ##
+      # Creates a FileHandler servlet on +server+ that serves files starting
+      # at directory +root+
+      #
+      # +options+ may be a Hash containing keys from
+      # WEBrick::Config::FileHandler or +true+ or +false+.
+      #
+      # If +options+ is true or false then +:FancyIndexing+ is enabled or
+      # disabled respectively.
+
       def initialize(server, root, options={}, default=Config::FileHandler)
         @config = server.config
         @logger = @config[:Logger]
@@ -146,6 +190,8 @@ module WEBrick
         @options = default.dup.update(options)
       end
 
+      # :stopdoc:
+
       def service(req, res)
         # if this class is mounted on "/" and /~username is requested.
         # we're going to override path informations before invoking service.
@@ -163,6 +209,7 @@ module WEBrick
             end
           end
         end
+        prevent_directory_traversal(req, res)
         super(req, res)
       end
 
@@ -198,10 +245,42 @@ module WEBrick
 
       private
 
+      def trailing_pathsep?(path)
+        # check for trailing path separator:
+        #   File.dirname("/aaaa/bbbb/")      #=> "/aaaa")
+        #   File.dirname("/aaaa/bbbb/x")     #=> "/aaaa/bbbb")
+        #   File.dirname("/aaaa/bbbb")       #=> "/aaaa")
+        #   File.dirname("/aaaa/bbbbx")      #=> "/aaaa")
+        return File.dirname(path) != File.dirname(path+"x")
+      end
+
+      def prevent_directory_traversal(req, res)
+        # Preventing directory traversal on Windows platforms;
+        # Backslashes (0x5c) in path_info are not interpreted as special
+        # character in URI notation. So the value of path_info should be
+        # normalize before accessing to the filesystem.
+
+        # dirty hack for filesystem encoding; in nature, File.expand_path
+        # should not be used for path normalization.  [Bug #3345]
+        path = req.path_info.dup.force_encoding(Encoding.find("filesystem"))
+        if trailing_pathsep?(req.path_info)
+          # File.expand_path removes the trailing path separator.
+          # Adding a character is a workaround to save it.
+          #  File.expand_path("/aaa/")        #=> "/aaa"
+          #  File.expand_path("/aaa/" + "x")  #=> "/aaa/x"
+          expanded = File.expand_path(path + "x")
+          expanded.chop!  # remove trailing "x"
+        else
+          expanded = File.expand_path(path)
+        end
+        expanded.force_encoding(req.path_info.encoding)
+        req.path_info = expanded
+      end
+
       def exec_handler(req, res)
         raise HTTPStatus::NotFound, "`#{req.path}' not found" unless @root
         if set_filename(req, res)
-          handler = get_handler(req)
+          handler = get_handler(req, res)
           call_callback(:HandlerCallback, req, res)
           h = handler.get_instance(@config, res.filename)
           h.service(req, res)
@@ -211,9 +290,13 @@ module WEBrick
         return false
       end
 
-      def get_handler(req)
-        suffix1 = (/\.(\w+)$/ =~ req.script_name) && $1.downcase
-        suffix2 = (/\.(\w+)\.[\w\-]+$/ =~ req.script_name) && $1.downcase
+      def get_handler(req, res)
+        suffix1 = (/\.(\w+)\z/ =~ res.filename) && $1.downcase
+        if /\.(\w+)\.([\w\-]+)\z/ =~ res.filename
+          if @options[:AcceptableLanguages].include?($2.downcase)
+            suffix2 = $1.downcase
+          end
+        end
         handler_table = @options[:HandlerTable]
         return handler_table[suffix1] || handler_table[suffix2] ||
                HandlerTable[suffix1] || HandlerTable[suffix2] ||
@@ -226,15 +309,13 @@ module WEBrick
 
         path_info.unshift("")  # dummy for checking @root dir
         while base = path_info.first
-          check_filename(req, res, base)
           break if base == "/"
-          break unless File.directory?(res.filename + base)
+          break unless File.directory?(File.expand_path(res.filename + base))
           shift_path_info(req, res, path_info)
           call_callback(:DirectoryCallback, req, res)
         end
 
         if base = path_info.first
-          check_filename(req, res, base)
           if base == "/"
             if file = search_index_file(req, res)
               shift_path_info(req, res, path_info, file)
@@ -255,12 +336,10 @@ module WEBrick
       end
 
       def check_filename(req, res, name)
-        @options[:NondisclosureName].each{|pattern|
-          if File.fnmatch("/#{pattern}", name)
-            @logger.warn("the request refers nondisclosure name `#{name}'.")
-            raise HTTPStatus::NotFound, "`#{req.path}' not found."
-          end
-        }
+        if nondisclosure_name?(name) || windows_ambiguous_name?(name)
+          @logger.warn("the request refers nondisclosure name `#{name}'.")
+          raise HTTPStatus::NotFound, "`#{req.path}' not found."
+        end
       end
 
       def shift_path_info(req, res, path_info, base=nil)
@@ -268,7 +347,8 @@ module WEBrick
         base = base || tmp
         req.path_info = path_info.join
         req.script_name << base
-        res.filename << base
+        res.filename = File.expand_path(res.filename + base)
+        check_filename(req, res, File.basename(res.filename))
       end
 
       def search_index_file(req, res)
@@ -308,9 +388,15 @@ module WEBrick
         end
       end
 
+      def windows_ambiguous_name?(name)
+        return true if /[. ]+\z/ =~ name
+        return true if /::\$DATA\z/ =~ name
+        return false
+      end
+
       def nondisclosure_name?(name)
         @options[:NondisclosureName].each{|pattern|
-          if File.fnmatch(pattern, name)
+          if File.fnmatch(pattern, name, File::FNM_CASEFOLD)
             return true
           end
         }
@@ -326,7 +412,8 @@ module WEBrick
         list = Dir::entries(local_path).collect{|name|
           next if name == "." || name == ".."
           next if nondisclosure_name?(name)
-          st = (File::stat(local_path + name) rescue nil)
+          next if windows_ambiguous_name?(name)
+          st = (File::stat(File.join(local_path, name)) rescue nil)
           if st.nil?
             [ name, nil, -1 ]
           elsif st.directory?
@@ -365,25 +452,25 @@ module WEBrick
         res.body << "<A HREF=\"?M=#{d1}\">Last modified</A>         "
         res.body << "<A HREF=\"?S=#{d1}\">Size</A>\n"
         res.body << "<HR>\n"
-       
-        list.unshift [ "..", File::mtime(local_path+".."), -1 ]
+
+        list.unshift [ "..", File::mtime(local_path+"/.."), -1 ]
         list.each{ |name, time, size|
           if name == ".."
             dname = "Parent Directory"
-          elsif name.size > 25
-            dname = name.sub(/^(.{23})(.*)/){ $1 + ".." }
+          elsif name.bytesize > 25
+            dname = name.sub(/^(.{23})(?:.*)/, '\1..')
           else
             dname = name
           end
-          s =  " <A HREF=\"#{HTTPUtils::escape(name)}\">#{dname}</A>"
-          s << " " * (30 - dname.size)
+          s =  " <A HREF=\"#{HTTPUtils::escape(name)}\">#{HTMLUtils::escape(dname)}</A>"
+          s << " " * (30 - dname.bytesize)
           s << (time ? time.strftime("%Y/%m/%d %H:%M      ") : " " * 22)
           s << (size >= 0 ? size.to_s : "-") << "\n"
           res.body << s
         }
         res.body << "</PRE><HR>"
 
-        res.body << <<-_end_of_html_    
+        res.body << <<-_end_of_html_
     <ADDRESS>
      #{HTMLUtils::escape(@config[:ServerSoftware])}<BR>
      at #{req.host}:#{req.port}
@@ -393,6 +480,7 @@ module WEBrick
         _end_of_html_
       end
 
+      # :startdoc:
     end
   end
 end