RubyGems - sbsm - Versions diffs - 1.5.5 → 1.6.0 - Mend

sbsm 1.5.5 → 1.6.0

Files changed (19) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2eda12c46b1116c92dfe97027a53565f71715cd3
-  data.tar.gz: 709c375fec68690bbabffebe91886f34f1b61503
+SHA256:
+  metadata.gz: b93d9bf6799d6d4acbc8d4b7da58620c38d3f25778ebc6b56362b8c122d563de
+  data.tar.gz: 9a31b8e5479f81901bbe32ddc555984343750be0cbab2fab46ec26f0713bbc89
 SHA512:
-  metadata.gz: 5086f2d5dc29a833ecc655695deac70c6373aa0363a5fc82ae9b7e9fe1dbaa9a121f700d36d5bb152a217cf6a949c6844114fb18cb7fe2fe0a3afc2f4221cf6d
-  data.tar.gz: 3be17e83ef6c00f6a1b192000848fdeae6d95ce294aa13ab28df53ba223208fcf073484b696ea5dca320d8697408b3ac14b1868db8bd0ea916206b8919c69771
+  metadata.gz: 8787656db28102c2e04512f319007348d5fa2ee39988f2a111718a6c94650b2d1637d5914a87f69ef558a5e167dee190e71985df8c27b97dd16a1708201751a4
+  data.tar.gz: f6d74035ec0fd830acbd2c599a20434fc674963093d955a220df0a7cbe942dd82dc091f7d71b2e3c62bc283821e3437e8c7d08009513f723baca9a7844230a41

data/.travis.yml CHANGED

@@ -7,21 +7,15 @@ notifications:
 cache: bundler
-sudo: false
 before_install:
   - gem --version
-bundler_args: --without debugger
+  - bundle config set without 'debugger'
 rvm:
+  - 2.7.1
+  - 2.5.0
   - ruby-head
-  - 2.2.3
-  - 2.4.0
-  - 2.3.0
 matrix:
   allow_failures:
-    # On november 1 had failure compiling the child_processes
     - rvm: ruby-head
-    - rvm: 2.2.3 # Test for LogLevel does not work
-    - rvm: 2.3.0 # Test for LogLevel does not work
+    - rvm: 2.5.0 # Test for LogLevel does not work

data/History.txt CHANGED

@@ -1,3 +1,25 @@
+=== 1.6.0 / 13.06.2020
+* Remove calls to obsolete taint/untaint methods
+=== 1.5.9 / 30.08.2017
+* Fix recognition whether we are using HTTPS or not
+* Fix using http_headers in views
+* Allow non standard HTTP-Port
+=== 1.5.8 / 8.08.2017
+* Fix recognizing mime type for unusual extensions
+=== 1.5.7 / 8.08.2017
+* Return nice 404 error for non existing files
+=== 1.5.6 / 12.07.2017
+* Handle several IPs in X_FORWARDED_FOR
 === 1.5.5 / 12.07.2017
 * Do not return body if HEAD is requested

data/lib/sbsm/admin_server.rb CHANGED

File without changes

data/lib/sbsm/app.rb CHANGED

@@ -106,10 +106,9 @@ module SBSM
       else
         file_name = File.expand_path(File.join('doc', request.path))
       end
       if File.file?(file_name)
-        if File.extname(file_name).length > 0
-          mime_type = MimeMagic.by_extension(File.extname(file_name)).type
+        if File.extname(file_name).length > 0 && (mime_info = MimeMagic.by_extension(File.extname(file_name)))
+          mime_type = mime_info.type
         else
           mime_type = MimeMagic.by_path(file_name)
         end
@@ -117,7 +116,7 @@ module SBSM
         SBSM.debug "file_name is #{file_name} checkin base #{File.basename(file_name)} MIME #{mime_type}"
         response.set_header('Content-Type', mime_type)
         response.write(File.open(file_name, File::RDONLY){|file| file.read})
-        return response
+        return response.finish
       end
       return [400, {}, []] if /favicon.ico/i.match(request.path)
@@ -127,15 +126,17 @@ module SBSM
       res = session.process_rack(rack_request: request)
       thru = session.get_passthru
       if thru.size > 0
-        file_name = thru.first.untaint
-        response.set_header('Content-Type', MimeMagic.by_extension(File.extname(file_name)).type)
-        response.headers['Content-Disposition'] = "#{thru.last}; filename=#{File.basename(file_name)}"
-        response.headers['Content-Length'] =  File.size(file_name).to_s
         begin
+          file_name = thru.first
+          raise Errno::ENOENT unless File.exist?(file_name)
+          response.set_header('Content-Type', MimeMagic.by_extension(File.extname(file_name)).type)
+          response.headers['Content-Disposition'] = "#{thru.last}; filename=#{File.basename(file_name)}"
+          response.headers['Content-Length'] =  File.size(file_name).to_s
           response.write(File.open(file_name, File::RDONLY){|file| file.read})
         rescue Errno::ENOENT, IOError => err
-          SBSM.error("#{err.message} #{thru.first}")
-          return [404, {}, []]
+          error_msg = "#{file_name} Not found\n"
+          SBSM.error("#{err.message} #{thru.first} => #{error_msg}")
+          return [404, {'Content-Type' => 'text/html', 'Content-Length' => error_msg.size.to_s}, [error_msg]]
         end
       else
         response.write res unless request.request_method.eql?('HEAD')
@@ -163,5 +164,9 @@ module SBSM
       response.finish
     end
+    private
+      def self.last_session  # for unit tests only
+        @@last_session
+      end
   end
 end

data/lib/sbsm/logger.rb CHANGED

File without changes

data/lib/sbsm/lookandfeel.rb CHANGED

@@ -54,7 +54,8 @@ module SBSM
       self::class::HTML_ATTRIBUTES.fetch(key.to_sym, {}).dup rescue {}
 		end
 		def base_url
-			[@session.http_protocol + ':/', @session.server_name, @language, @flavor].compact.join("/")
+      maybe_port = @session.server_port ? (":" + @session.server_port ) : ''
+			[@session.http_protocol + ':/', @session.server_name + maybe_port, @language, @flavor].compact.join("/")
 		end
 		def direct_event
 			@session.direct_event
@@ -88,7 +89,7 @@ module SBSM
 			@languages ||= self::class::DICTIONARIES.keys.sort
 		end
 		def language_url(language)
-			[@session.http_protocol + ':/', @session.server_name, language, @flavor].compact.join("/")
+			base_url
 		end
     def lookup(key, *args, &block)
       _lookup(key, *args) || (block.call if block)
@@ -166,9 +167,8 @@ module SBSM
       end
 		end
     def _collect_resource(base, part, rstr)
-      [ @session.http_protocol + ':/',
-        @session.server_name,
-        base, part, rstr].flatten.compact.join('/')
+      maybe_port = @session.server_port ? (":" + @session.server_port ) : ''
+      [ @session.http_protocol + ':/', @session.server_name + maybe_port, base, part, rstr].flatten.compact.join('/')
     end
     def set_dictionary(language)
       @dictionary = self::class::DICTIONARIES[language] || {}

data/lib/sbsm/session.rb CHANGED

@@ -213,7 +213,6 @@ module SBSM
           @rack_request = rack_request
           @request_path ||= rack_request.path
           @post_content = nil
           if rack_request.request_method.eql?('POST')
             rack_request.params.each do |k, v|
               # needed to test POST requests generated by curl (first parameter) or ARC (second parameter)
@@ -463,7 +462,7 @@ module SBSM
 			{'Content-Type' => 'text/plain'}
 		end
 		def http_protocol
-                @http_protocol ||= if(@server_port && @server_port == 443) || ENV['SERVER_PORT']
+                @http_protocol ||= if(@server_port && @server_port.to_i == 443) || ENV['SERVER_PORT']
 														'https'
 													else
 														'http'
@@ -480,7 +479,7 @@ module SBSM
     end
 		def passthru(path, disposition='attachment')
       # the variable @passthru is set by a trusted source
-      @passthru    = path.untaint
+      @passthru    = path
       @disposition = disposition
       ''
 		end
@@ -518,6 +517,13 @@ module SBSM
 			@remote_ip ||= if(@request.respond_to?(:remote_host))
 				@request.remote_host
 			end
+      if @remote_ip.to_s.index(',')
+        saved = @remote_ip.clone
+        @remote_ip = @remote_ip.first if @remote_ip.is_a?(Array)
+        @remote_ip = @remote_ip.split(',').first.gsub(/[\[\]]/, '') if @remote_ip.is_a?(String)
+        SBSM.info("remote_ip is weird #{saved.inspect} => #{@remote_ip.inspect}")
+      end
+      @remote_ip
 		end
 		def set_cookie_input(key, val)
       SBSM.debug"set_cookie_input #{key} #{val}"

data/lib/sbsm/session_store.rb CHANGED

@@ -112,7 +112,7 @@ module SBSM
         end
       end
       seconds = (Time.now.to_i - now.to_i)
-      SBSM.warn sprintf("Cleaned #{old_size - @@sessions.size} sessions. Took %d seconds", seconds)
+      # SBSM.warn sprintf("Cleaned #{old_size - @@sessions.size} sessions. Took %d seconds", seconds)
     end
     def SessionStore.sessions
       @@sessions

data/lib/sbsm/state.rb CHANGED

@@ -135,7 +135,8 @@ module SBSM
 		def http_headers
       return @http_headers if @http_headers
       name = view
-      name ? view.http_headers : {}
+      result = name ? view.http_headers : {}
+      result
 		end
 		def info?
 			!@infos.empty?

data/lib/sbsm/trans_handler.rb CHANGED

@@ -44,13 +44,13 @@ module SBSM
     def initialize(name: nil, config_file: nil, handler_uri: nil)
       @handler_uri = handler_uri ||=  '/index.rbx'
       config_file ||=  'etc/trans_handler.yml'
-      @config_file = File.expand_path(config_file).untaint
+      @config_file = File.expand_path(config_file)
       @parser_name = name ||= 'uri'
       @parser_method = "_#{name}_parser"
       @grammar_path = File.expand_path("../../data/#{name}.grammar",
-        File.dirname(__FILE__).untaint)
+        File.dirname(__FILE__))
       @parser_path = File.expand_path("#{name}_parser.rb",
-        File.dirname(__FILE__).untaint)
+        File.dirname(__FILE__))
     end
     def config(request)
       config = Hash.new { {} }
@@ -150,12 +150,12 @@ module SBSM
 		end
 		def uri_parser(grammar_path=@grammar_path, parser_path=@parser_path)
 			if(File.exist?(grammar_path))
-				oldpath = File.expand_path("_" << File.basename(grammar_path),
+				oldpath = File.expand_path("_" << File.basename(grammar_path),
 					File.dirname(grammar_path))
 				src = File.read(grammar_path)
 				unless(File.exists?(oldpath) && File.read(oldpath)==src)
 					File.delete(oldpath) if File.exists?(oldpath)
-					Parse.generate_parser_from_file_to_file(grammar_path,
+					Parse.generate_parser_from_file_to_file(grammar_path,
 						parser_path, @parser_method, 'SBSM')
 					File.open(oldpath, 'w') { |f| f << src }
 				end

data/lib/sbsm/user.rb CHANGED

File without changes

data/lib/sbsm/version.rb CHANGED

@@ -1,3 +1,3 @@
 module SBSM
-  VERSION = '1.5.5'
+  VERSION = '1.6.0'
 end

data/test/simple_sbsm.rb CHANGED

@@ -69,15 +69,20 @@ module Demo
       info.join("\n")
     end
   end
+  class AboutView
+    def initialize(model, session)
+    end
+    def to_html(cgi)
+      'About SBSM: TDD ist great!'
+    end
+  end
   class AboutState < GlobalState
     DIRECT_EVENT = :about
+    VIEW = AboutView
     def initialize(session, user)
       SBSM.info "AboutState #{session}"
       super(session, user)
     end
-    def to_html(cgi)
-      'About SBSM: TDD ist great!'
-    end
   end
   class RedirectState < GlobalState
     DIRECT_EVENT = :redirect
@@ -239,4 +244,4 @@ module Demo
             session_class: session_class)
     end
   end
-end
+end

data/test/test_application.rb CHANGED

@@ -7,6 +7,7 @@ ENV['RACK_ENV'] = 'test'
 ENV['REQUEST_METHOD'] = 'GET'
 require 'minitest/autorun'
+require 'flexmock/minitest'
 require 'rack/test'
 require 'sbsm/app'
 require 'sbsm/session'
@@ -55,6 +56,67 @@ class AppVariantTest < Minitest::Test
     assert last_response.body.empty?
     assert last_response.headers.keys.index('Content-Type')
   end
+  def test_request_file
+    session_id_mock  = '1234'
+    invalid_path = '/path/to/non/existing/file'
+    @app = flexmock('file_app', @app)
+    env = { 'HTTP_COOKIE' => "_session_id=#{session_id_mock}" }
+    session_store = SBSM::SessionStore.new(app: @app)
+    session_mock= flexmock('session', session_store[session_id_mock.to_s])
+    session_mock.should_receive(:get_passthru).and_return([invalid_path])
+    @app.should_receive(:session_store).and_return(session_store)
+    result = get invalid_path, {},  env
+    assert_equal(false, last_response.ok?)
+    assert_equal(404, last_response.status)
+    assert (last_response.body.to_s.index(invalid_path))
+    assert last_response.headers.keys.index('Content-Type')
+    assert_equal('text/html', last_response.headers['Content-Type'])
+  end
+  def test_request_file_with_no_mime_info
+    session_id_mock  = '1234'
+    invalid_path = '/window.js.map.dummy'
+    file_name = File.expand_path(File.join('doc', invalid_path))
+    FileUtils.makedirs(File.dirname(file_name))
+    File.open(file_name, 'w+') {|f| f.puts 'dummy'}
+    @app = flexmock('file_app', @app)
+    env = { 'HTTP_COOKIE' => "_session_id=#{session_id_mock}" }
+    session_store = SBSM::SessionStore.new(app: @app)
+    session_mock= flexmock('session', session_store[session_id_mock.to_s])
+    session_mock.should_receive(:get_passthru).and_return([invalid_path])
+    @app.should_receive(:session_store).and_return(session_store)
+    result = get invalid_path, {},  env
+    assert_equal(true, last_response.ok?)
+    assert last_response.headers.keys.index('Content-Type')
+    assert_equal('text/plain', last_response.headers['Content-Type'])
+    FileUtils.rm(file_name)
+  end
+  def test_request_file_with_mime_info
+    session_id_mock  = '1234'
+    invalid_path = '/window.png'
+    file_name = File.expand_path(File.join('doc', invalid_path))
+    FileUtils.makedirs(File.dirname(file_name))
+    File.open(file_name, 'w+') {|f| f.puts 'dummy'}
+    @app = flexmock('file_app', @app)
+    env = { 'HTTP_COOKIE' => "_session_id=#{session_id_mock}" }
+    session_store = SBSM::SessionStore.new(app: @app)
+    session_mock= flexmock('session', session_store[session_id_mock.to_s])
+    session_mock.should_receive(:get_passthru).and_return([invalid_path])
+    @app.should_receive(:session_store).and_return(session_store)
+    result = get invalid_path, {},  env
+    assert_equal(true, last_response.ok?)
+    assert last_response.headers.keys.index('Content-Type')
+    assert_equal('image/png', last_response.headers['Content-Type'])
+    FileUtils.rm(file_name)
+  end
 end
 class AppTestSimple < Minitest::Test
@@ -113,6 +175,7 @@ class AppTestSimple < Minitest::Test
     get '/sbsm.css'
     assert last_response.ok?
     assert_match css_content, last_response.body
+    FileUtils.rm(css_file)
   end
   def test_session_about_then_home
     skip ('TODO: We should test test_post_feedback')

data/test/test_customized_app.rb CHANGED

@@ -16,19 +16,27 @@ RUN_ALL_TESTS=true unless defined?(RUN_ALL_TESTS)
 # Overriding some stuff from the simple_sbsm
 module Demo
+  class View_AboutState
+    def initialize(model, session)
+    end
+    def http_headers
+      { "foo" =>  "bar" }
+    end
+    def to_html(cgi)
+      "<br>customized to_html<br>"
+    end
+  end
   class AboutState < GlobalState
     DIRECT_EVENT = :about
+    VIEW = View_AboutState
     def initialize(session, user)
       SBSM.info "AboutState #{session}"
       super(session, user)
       session.login
     end
-    def http_headers
-      { "foo" =>  "bar" }
-    end
   end
   DEMO_PERSISTENT_COOKIE_NAME = 'demo-simple-sbsm'
   class Demo::CustomizedSBSM_COOKIE < SBSM::App
     PERSISTENT_COOKIE_NAME = DEMO_PERSISTENT_COOKIE_NAME
@@ -201,6 +209,7 @@ class CustomizedAppSessionValidatorLnf < Minitest::Test
     end
     assert last_response.ok?
     assert_equal 'bar', last_response.headers['foo']
+    assert_equal '<br>customized to_html<br>', last_response.body
   end
   def test_process_state

data/test/test_lookandfeel.rb CHANGED

@@ -69,6 +69,9 @@ class StubLookandfeelSession
 	def flavor
 		"gcc"
 	end
+	def server_port
+		"1234"
+	end
 	def server_name
 		"test.com"
 	end
@@ -127,7 +130,7 @@ class TestLookandfeel < Minitest::Test
 		assert_equal({}, @lookandfeel.attributes(:undefined))
 	end
 	def test_resource
-		assert_equal('http://test.com/resources/gcc/bar', @lookandfeel.resource(:foo))
+		assert_equal('http://test.com:1234/resources/gcc/bar', @lookandfeel.resource(:foo))
 	end
 	def test_lookup
 		assert_equal('dictbar', @lookandfeel.lookup(:foo))
@@ -161,18 +164,18 @@ class TestLookandfeel < Minitest::Test
 		assert_equal(expected, time.rfc1123)
 	end
 	def test_base_url
-		assert_equal("http://test.com/de/gcc", @lookandfeel.base_url)
+		assert_equal("http://test.com:1234/de/gcc", @lookandfeel.base_url)
 	end
 	def test_event_url
-		assert_match(/http:\/\/test.com\/de\/gcc\/foo\/state_id\/\d\/bar\/baz/,@lookandfeel.event_url(:foo, {:bar => 'baz'}))
+		assert_match(/http:\/\/test.com:1234\/de\/gcc\/foo\/state_id\/\d\/bar\/baz/,@lookandfeel.event_url(:foo, {:bar => 'baz'}))
 	end
 	def test_event_url__crawler
 		@session.is_crawler = true
-		assert_equal("http://test.com/de/gcc/foo/bar/baz",
+		assert_equal("http://test.com:1234/de/gcc/foo/bar/baz",
 			@lookandfeel.event_url(:foo, {:bar => 'baz'}))
 	end
 	def test_event_url__state_id_given
-		assert_equal("http://test.com/de/gcc/foo/bar/baz/state_id/mine",
+		assert_equal("http://test.com:1234/de/gcc/foo/bar/baz/state_id/mine",
 			@lookandfeel.event_url(:foo, [:bar, 'baz', :state_id, 'mine']))
 	end
 	def test_format_price
@@ -214,10 +217,10 @@ class TestLookandfeelWrapper < Minitest::Test
 	end
 	def test_resource1
 		lnf = SBSM::LookandfeelWrapper.new(@lookandfeel)
-		assert_equal('http://test.com/resources/gcc/bar', lnf.resource(:foo))
+		assert_equal('http://test.com:1234/resources/gcc/bar', lnf.resource(:foo))
 	end
 	def test_resource2
-		assert_equal('http://test.com/resources/gcc/foo', @wrapped.resource(:foo))
+		assert_equal('http://test.com:1234/resources/gcc/foo', @wrapped.resource(:foo))
 	end
 	def test_attributes1
 		lnf = SBSM::LookandfeelWrapper.new(@lookandfeel)

data/test/test_session.rb CHANGED

@@ -142,6 +142,23 @@ class StubSessionSession < SBSM::Session
 	end
 end
+class TestSessionApp < Minitest::Test
+  include Rack::Test::Methods
+  # attr_reader :app
+  def app
+    app = SBSM::RackInterface.new(app: SBSM::App)
+    builder = Rack::Builder.new
+    builder.run app
+  end
+  def test_request_remote_ip
+    get '/'
+    assert_nil SBSM::RackInterface.last_session.remote_ip
+    header 'X_FORWARDED_FOR', '[212.51.146.241],[66.249.93.27]' # a HTTP_ will be prepended to it
+    get '/'
+    assert_equal '212.51.146.241', SBSM::RackInterface.last_session.remote_ip
+  end
+end
 class TestSession < Minitest::Test
   include Rack::Test::Methods
 	def setup

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sbsm
 version: !ruby/object:Gem::Version
-  version: 1.5.5
+  version: 1.6.0
 platform: ruby
 authors:
 - Masaomi Hatakeyama, Zeno R.R. Davatz
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-07-12 00:00:00.000000000 Z
+date: 2020-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -331,8 +331,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.8
+rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
 summary: Application framework for state based session management from ywesee