strelka 0.18.0 → 0.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7dad453a5871872ca4f793e78253510d82e4ed27fbb173c82629501c60962477
-  data.tar.gz: 8bf1feafca4c80397808322ed09c93b9c6ed56cd917c5db12ab0f1e33cf8a59f
+  metadata.gz: 3a9926577075cbf009622a30ab13dc4f1fe38c4ba943419c318359d6648a58ba
+  data.tar.gz: 5c19c5a7b328e6cedbba07107a3c732e62e62aa71d0e48fb6b8e5efea3b40ca9
 SHA512:
-  metadata.gz: a220e3f1d3f6fdaf963173170dc2186ebf580a2b93c522017df7cfd7ba3ef3d45850943552a510e7bacbed11271dca7d0a42f1349b74651c64c5a9a957f852f5
-  data.tar.gz: b8eb408709e9fb4269d0516236d9d203a4ea3e59580b82c9b8d9939d7932c6722d79f0076aa44fd08638ce890dc7c6270e4c772ed9b064d698e043055596078e
+  metadata.gz: 1f44a6a2c1be7c96a96cb04111ff914c4022bdf52df94df541b183ce0150222b51d8cd21dedf60cb697fcfddb5c2a66dd339e4dc8caf1f862afa2e1c8bb313f6
+  data.tar.gz: 2e92f0355c0858e750bb0bbc5dfa8f3eb91103bf7632ba53bbeb7a671523bd6c0a659f2deadfb05be91d35efcd7e2a8fd603654e836fa82b47020ad43ad18192

data/History.rdoc

@@ -1,3 +1,27 @@
+= Release History for strelka
+
+---
+
+== v0.19.0 [2020-02-05] Mahlon E. Smith <mahlon@martini.nu>
+
+Bugfixes:
+
+- Separate reaping from signal sending (FreeBSD)
+
+Improvements:
+
+- Default devmode to false, requiring it to be explicitly enabled.
+- Remove untainting in preparation for Ruby 3.
+
+
+== v0.18.0 [2019-09-25] Mahlon E. Smith <mahlon@martini.nu>
+
+Bugfixes:
+
+- Add an optional hook to perform arbitrary actions before forking.
+- Make the signal handling for running multiple handlers less naive.
+
+
 == v0.17.0 [2019-09-18] Mahlon E. Smith <mahlon@martini.nu>
 
 Enhancements:

data/IDEAS.rdoc

@@ -47,7 +47,6 @@ gem sandboxing.
   another app via its appid.
 
 
-
 === Future Plugins
 
 * CORS (cors) — manage {Cross-Origin Resource Sharing}[http://www.html5rocks.com/en/tutorials/cors/]

data/README.rdoc

@@ -1,9 +1,9 @@
 = Strelka (Стрелка)
 
-home :: http://deveiate.org/projects/Strelka
-code :: http://bitbucket.org/ged/Strelka
-github :: https://github.com/ged/strelka
-docs :: http://deveiate.org/code/strelka
+home:: https://hg.sr.ht/~ged/Strelka
+code:: https://hg.sr.ht/~ged/Strelka/browse
+github:: https://github.com/ged/strelka
+docs:: http://deveiate.org/code/strelka
 
 
 == Description
@@ -197,7 +197,7 @@ Support for sending partial responses via the Chunked encoding.
 == Contributing
 
 You can check out the current development source with Mercurial via its
-{project page}[http://bitbucket.org/ged/Strelka]. Or if you prefer Git, via 
+{project page}[http://bitbucket.org/ged/Strelka]. Or if you prefer Git, via
 {its Github mirror}[https://github.com/ged/strelka].
 
 After checking out the source, run:
@@ -208,9 +208,15 @@ This task will install any missing dependencies, run the tests/specs,
 and generate the API documentation.
 
 
+== Authors
+
+- Mahlon E. Smith <mahlon@martini.nu>
+- Michael Granger <ged@faeriemud.org>
+
+
 == License
 
-Copyright (c) 2011-2016, Michael Granger and Mahlon E. Smith
+Copyright (c) 2011-2020, Michael Granger and Mahlon E. Smith
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

data/Rakefile

@@ -1,98 +1,8 @@
-#!/usr/bin/env rake
+#!/usr/bin/env ruby -S rake
 
-require 'rake/clean'
+require 'rake/deveiate'
 
-begin
-	require 'hoe'
-rescue LoadError
-	abort "This Rakefile requires 'hoe' (gem install hoe)"
+Rake::DevEiate.setup( 'strelka' ) do |project|
+	project.publish_to = 'deveiate:/usr/local/www/public/code'
 end
 
-GEMSPEC = 'strelka.gemspec'
-
-Hoe.plugin :mercurial
-Hoe.plugin :signing
-Hoe.plugin :deveiate
-
-Hoe.plugins.delete :rubyforge
-
-hoespec = Hoe.spec( 'strelka' ) do
-	self.readme_file = 'README.rdoc'
-	self.history_file = 'History.rdoc'
-	self.extra_rdoc_files = FileList[ '*.rdoc' ]
-	self.license "BSD"
-
-	self.developer 'Mahlon E. Smith', 'mahlon@martini.nu'
-	self.developer 'Michael Granger', 'ged@FaerieMUD.org'
-
-	self.dependency 'configurability', '~> 3.1'
-	self.dependency 'foreman',         '~> 0.62'
-	self.dependency 'highline',        '~> 1.6'
-	self.dependency 'inversion',       '~> 1.0'
-	self.dependency 'loggability',     '~> 0.9'
-	self.dependency 'mongrel2',        '~> 0.53'
-	self.dependency 'pluggability',    '~> 0.4'
-	self.dependency 'sysexits',        '~> 1.1'
-	self.dependency 'uuidtools',       '~> 2.1'
-	self.dependency 'safe_yaml',       '~> 1.0'
-	self.dependency 'gli',             '~> 2.14'
-
-	self.dependency 'hoe-deveiate',            '~> 0.6',  :developer
-	self.dependency 'rspec',                   '~> 3.0',  :developer
-	self.dependency 'simplecov',               '~> 0.7',  :developer
-	self.dependency 'rdoc-generator-fivefish', '~> 0.1',  :developer
-
-	self.require_ruby_version( '>=2.2.0' )
-	self.hg_sign_tags = true if self.respond_to?( :hg_sign_tags= )
-	self.check_history_on_release = true if self.respond_to?( :check_history_on_release= )
-	self.rdoc_locations << "deveiate:/usr/local/www/public/code/#{remote_rdoc_dir}"
-end
-
-ENV['VERSION'] ||= hoespec.spec.version.to_s
-
-# Ensure the specs pass before checking in
-task 'hg:precheckin' => [:check_history, :check_manifest, :spec]
-
-if Rake::Task.task_defined?( '.gemtest' )
-	Rake::Task['.gemtest'].clear
-	task '.gemtest' do
-		$stderr.puts "Not including a .gemtest until I'm confident the test suite is idempotent."
-	end
-end
-
-desc "Build a coverage report"
-task :coverage do
-	ENV["COVERAGE"] = 'yes'
-	Rake::Task[:spec].invoke
-end
-
-
-# Use the fivefish formatter for docs generated from development checkout
-if File.directory?( '.hg' )
-	require 'rdoc/task'
-
-	Rake::Task[ 'docs' ].clear
-	RDoc::Task.new( 'docs' ) do |rdoc|
-	rdoc.main = "README.rdoc"
-	rdoc.rdoc_files.include( "*.rdoc", "ChangeLog", "lib/**/*.rb" )
-	rdoc.generator = :fivefish
-	rdoc.title = "Strelka: A Ruby Web Framework"
-	rdoc.rdoc_dir = 'doc'
-	end
-end
-
-task :gemspec => GEMSPEC
-file GEMSPEC => __FILE__
-task GEMSPEC do |task|
-	spec = $hoespec.spec
-	spec.files.delete( '.gemtest' )
-	spec.signing_key = nil
-	spec.cert_chain = [ 'certs/mahlon.pem', 'certs/ged.pem' ]
-	spec.version = "#{spec.version.bump}.0.pre#{Time.now.strftime("%Y%m%d%H%M%S")}"
-	File.open( task.name, 'w' ) do |fh|
-		fh.write( spec.to_ruby )
-	end
-end
-
-CLOBBER.include( GEMSPEC.to_s )
-task :default => :gemspec

data/lib/strelka.rb

@@ -22,7 +22,7 @@ module Strelka
 	extend Loggability
 
 	# Library version constant
-	VERSION = '0.18.0'
+	VERSION = '0.19.0'
 
 	# Version-control revision constant
 	REVISION = %q$Revision$

data/lib/strelka/app.rb

@@ -32,7 +32,7 @@ class Strelka::App < Mongrel2::Handler
 
 		##
 		# 'Developer mode' flag.
-		setting :devmode, default: true
+		setting :devmode, default: false
 
 	end
 
@@ -40,7 +40,6 @@ class Strelka::App < Mongrel2::Handler
 	# Class instance variables
 	@devmode          = false
 	@default_type     = nil
-	@loading_file     = nil
 	@subclasses       = Hash.new {|h,k| h[k] = [] }
 
 
@@ -54,7 +53,7 @@ class Strelka::App < Mongrel2::Handler
 	### Developer mode is mostly informational by default (it just makes logging more
 	### verbose), but plugins and such might alter their behavior based on this setting.
 	def self::devmode?
-		return @devmode || $DEBUG
+		return @devmode
 	end
 	singleton_method_alias :in_devmode?, :devmode?
 

data/lib/strelka/app/parameters.rb

@@ -8,11 +8,10 @@ require 'strelka/plugins'
 require 'strelka/paramvalidator'
 
 
-# Parameter validation and untainting for Strelka apps.
+# Parameter validation for Strelka apps.
 #
-# When you include the +:parameters+ plugin, you can declare valid parameters, specify
-# constraints that describe what they should contain, and automatically untaint the incoming
-# values that match.
+# When you include the +:parameters+ plugin, you can declare valid parameters and specify
+# constraints that describe what incoming values should match.
 #
 # == Parameter Declaration
 #
@@ -101,14 +100,6 @@ module Strelka::App::Parameters
 		end
 
 
-		### Get/set the untainting flag. If set, all parameters which match their constraints
-		### will also be untainted.
-		def untaint_all_constraints( newval=nil )
-			self.paramvalidator.untaint_all = newval unless newval.nil?
-			return self.paramvalidator.untaint_all?
-		end
-
-
 		### Inheritance hook -- inheriting classes inherit their parents' parameter
 		### declarations, too.
 		def inherited( subclass )

data/lib/strelka/app/restresources.rb

@@ -152,9 +152,6 @@ module Strelka::App::RestResources
 			route = [ options[:prefix], name ].compact.join( '/' )
 			self.log.warn "Route is: %p" % [[ options[:prefix], name ]]
 
-			# Ensure validated parameters are untainted
-			self.untaint_all_constraints
-
 			# Make and install handler methods
 			self.log.debug "  adding readers"
 			self.add_options_handler( route, rsrcobj, options )

data/lib/strelka/cookie.rb

@@ -79,7 +79,7 @@ class Strelka::Cookie
 				raise Strelka::ParseError, "malformed cookie pair: %p" % [ cookie_pair ]
 
 			# self.log.debug "  matched cookie: %p" % [ match ]
-			name = match[:cookie_name].untaint
+			name = match[:cookie_name]
 			value = match[:cookie_value]
 			value = self.dequote( value ) if value.start_with?( DQUOTE )
 			value = nil if value.empty?

data/lib/strelka/mixins.rb

@@ -244,7 +244,7 @@ module Strelka
 			newhash = {}
 
 			hash.each do |key,val|
-				keysym = key.to_s.dup.untaint.to_sym
+				keysym = key.to_s.dup.to_sym
 
 				if val.is_a?( Hash )
 					newhash[ keysym ] = symbolify_keys( val )

data/lib/strelka/multirunner.rb

@@ -5,7 +5,7 @@
 require 'strelka' unless defined?( Strelka )
 require 'strelka/signal_handling'
 
-# Load multiple simulatneous Strelka handlers (of a single type) with
+# Load multiple simultaneous Strelka handlers (of a single type) with
 # proper signal handling.
 #
 class Strelka::MultiRunner
@@ -53,7 +53,9 @@ class Strelka::MultiRunner
 
 		self.log.debug "Starting multirunner loop..."
 		self.spawn_children
-		self.wait_for_signals while self.running
+		while self.running
+			self.reap_children if self.wait_for_signals
+		end
 		self.log.debug "Ending multirunner."
 
 		# Restore the default signal handlers
@@ -81,16 +83,37 @@ class Strelka::MultiRunner
 	end
 
 
-	### Wait on the child associated with the given +pid+, deleting it from the
-	### running tasks Hash if successful.
-	def reap_children( signal )
-		self.handler_pids.dup.each do |pid|
-			self.log.debug "  sending %p to pid %p" % [ signal, pid ]
-			Process.kill( signal, pid )
-			pid, status = Process.waitpid2( pid, Process::WUNTRACED )
-			self.log.debug "  waitpid2 returned: [ %p, %p ]" % [ pid, status ]
+	### Clean up after any children that have died.
+	def reap_children
+		pid, status = Process.waitpid2( -1, Process::WNOHANG|Process::WUNTRACED )
+		self.log.debug "  waitpid2 returned: [ %p, %p ]" % [ pid, status ]
+		while pid
 			self.handler_pids.delete( pid )
+			pid, status = Process.waitpid2( -1, Process::WNOHANG|Process::WUNTRACED )
+			self.log.debug "  waitpid2 returned: [ %p, %p ]" % [ pid, status ]
+		end
+	end
+
+
+	### Kill all current children with the specified +signal+. Returns
+	### +true+ if the signal was sent to one or more children.
+	def kill_children( signal=:TERM )
+		return false if self.handler_pids.empty?
+
+		self.log.info "Sending %s signal to %d task pids: %p." %
+			 [ signal, self.handler_pids.length, self.handler_pids ]
+		self.handler_pids.each do |pid|
+			begin
+				Process.kill( signal, pid )
+			rescue Errno::ESRCH => err
+				self.log.error "%p when trying to %s child %d: %s" %
+					[ err.class, signal, pid, err.message ]
+			end
 		end
+
+		return true
+	rescue Errno::ESRCH
+		self.log.debug "Ignoring signals to unreaped children."
 	end
 
 
@@ -101,7 +124,7 @@ class Strelka::MultiRunner
 		when :INT, :TERM, :QUIT
 			if @running
 				self.log.warn "%s signal: graceful shutdown" % [ sig ]
-				self.reap_children( sig )
+				self.kill_children( sig )
 				@running = false
 			else
 				self.ignore_signals

data/lib/strelka/paramvalidator.rb

@@ -26,10 +26,7 @@ require 'strelka/app' unless defined?( Strelka::App )
 #	validator.add( :feedback, :printable, "Customer Feedback" )
 #	validator.override( :email, :printable, "Your Email Address" )
 #
-#	# Untaint all parameter values which match their constraints
-#	validate.untaint_all_constraints = true
-#
-#	# Now pass in tainted values in a hash (e.g., from an HTML form)
+#	# Now pass in values in a hash (e.g., from an HTML form)
 #	validator.validate( req.params )
 #
 #	# Now if there weren't any errors, use some form values to fill out the
@@ -79,7 +76,7 @@ class Strelka::ParamValidator
 
 
 		# Flags that are passed as Symbols when declaring a parameter
-		FLAGS = [ :required, :untaint, :multiple ]
+		FLAGS = [ :required, :multiple ]
 
 		# Map of constraint specification types to their equivalent Constraint class.
 		TYPES = { Proc => self }
@@ -124,7 +121,6 @@ class Strelka::ParamValidator
 			@description = args.shift if args.first.is_a?( String )
 
 			@required	 = args.include?( :required )
-			@untaint	 = args.include?( :untaint )
 			@multiple	 = args.include?( :multiple )
 		end
 
@@ -151,19 +147,13 @@ class Strelka::ParamValidator
 		# order for the parameters to be valid.
 		attr_predicate :required?
 
-		##
-		# Returns true if the constraint will also untaint its result before returning it.
-		attr_predicate :untaint?
-
 
 		### Check the given value against the constraint and return the result if it passes.
-		def apply( value, force_untaint=false )
-			untaint = self.untaint? || force_untaint
-
+		def apply( value )
 			if self.multiple?
-				return self.check_multiple( value, untaint )
+				return self.check_multiple( value )
 			else
-				return self.check( value, untaint )
+				return self.check( value )
 			end
 		end
 
@@ -190,7 +180,6 @@ class Strelka::ParamValidator
 			flags = []
 			flags << 'required' if self.required?
 			flags << 'multiple' if self.multiple?
-			flags << 'untaint' if self.untaint?
 
 			desc << " (%s)" % [ flags.join(',') ] unless flags.empty?
 
@@ -218,21 +207,20 @@ class Strelka::ParamValidator
 		### Check the specified value against the constraint and return the results. By
 		### default, this just calls to_proc and the block and calls the result with the
 		### value as its argument.
-		def check( value, untaint )
+		def check( value )
 			return self.block.to_proc.call( value ) if self.block
-			value.untaint if untaint && value.respond_to?( :untaint )
 			return value
 		end
 
 
 		### Check the given +values+ against the constraint and return the results if
 		### all of them succeed.
-		def check_multiple( values, untaint )
+		def check_multiple( values )
 			values = [ values ] unless values.is_a?( Array )
 			results = []
 
 			values.each do |value|
-				result = self.check( value, untaint ) or return nil
+				result = self.check( value ) or return nil
 				results << result
 			end
 
@@ -280,38 +268,35 @@ class Strelka::ParamValidator
 
 		### Check the +value+ against the regular expression and return its
 		### match groups if successful.
-		def check( value, untaint )
+		def check( value )
 			self.log.debug "Validating %p via regexp %p" % [ value, self.pattern ]
 			match = self.pattern.match( value.to_s ) or return nil
 
 			if match.captures.empty?
 				self.log.debug "  no captures, using whole match: %p" % [match[0]]
-				return super( match[0], untaint )
+				return super( match[0] )
 
 			elsif match.names.length > 1
 				self.log.debug "  extracting hash of named captures: %p" % [ match.names ]
-				rhash = self.matched_hash( match, untaint )
-				return super( rhash, untaint )
+				rhash = self.matched_hash( match )
+				return super( rhash )
 
 			elsif match.captures.length == 1
 				self.log.debug "  extracting one capture: %p" % [match.captures.first]
-				return super( match.captures.first, untaint )
+				return super( match.captures.first )
 
 			else
 				self.log.debug "  extracting multiple captures: %p" % [match.captures]
 				values = match.captures
-				values.map {|val| val.untaint if val } if untaint
-				return super( values, untaint )
+				return super( values )
 			end
 		end
 
 
-		### Return a Hash of the given +match+ object's named captures, untainting the values
-		### if +untaint+ is true.
-		def matched_hash( match, untaint )
+		### Return a Hash of the given +match+ object's named captures.
+		def matched_hash( match )
 			return match.names.inject( {} ) do |accum,name|
 				value = match[ name ]
-				value.untaint if untaint && value
 				accum[ name.to_sym ] = value
 				accum
 			end
@@ -566,7 +551,6 @@ class Strelka::ParamValidator
 	def initialize
 		@constraints = {}
 		@fields      = {}
-		@untaint_all = false
 
 		self.reset
 	end
@@ -591,12 +575,6 @@ class Strelka::ParamValidator
 	# The Hash of raw field data (if validation has occurred)
 	attr_reader :fields
 
-	##
-	# Global untainting flag
-	attr_predicate_accessor :untaint_all?
-	alias_method :untaint_all_constraints=, :untaint_all=
-	alias_method :untaint_all_constraints?, :untaint_all?
-
 	##
 	# Returns +true+ if the paramvalidator has been given parameters to validate. Adding or
 	# overriding constraints resets this.
@@ -680,13 +658,12 @@ class Strelka::ParamValidator
 			constraint.required?
 		end
 
-		return "#<%p:0x%016x %s, profile: [required: %s, optional: %s] global untaint: %s>" % [
+		return "#<%p:0x%016x %s, profile: [required: %s, optional: %s]>" % [
 			self.class,
 			self.object_id / 2,
 			self.to_s,
 			required.empty? ? "(none)" : required.map( &:last ).map( &:name ).join(','),
 			optional.empty? ? "(none)" : optional.map( &:last ).map( &:name ).join(','),
-			self.untaint_all? ? "enabled" : "disabled",
 		]
 	end
 
@@ -754,7 +731,7 @@ class Strelka::ParamValidator
 	### result.
 	def apply_constraint( constraint, value )
 		if !( value.nil? || value == '' )
-			result = constraint.apply( value, self.untaint_all? )
+			result = constraint.apply( value )
 
 			if !result.nil?
 				self.log.debug "  constraint for %p passed: %p" % [ constraint.name, result ]
@@ -976,7 +953,7 @@ class Strelka::ParamValidator
 	### Build a deep hash out of the given parameter +value+
 	def build_deep_hash( value, hash, levels )
 		if levels.length == 0
-			value.untaint
+			value
 		elsif hash.nil?
 			{ levels.first => build_deep_hash(value, nil, levels[1..-1]) }
 		else
@@ -992,11 +969,11 @@ class Strelka::ParamValidator
 		if main.nil?
 			return []
 		elsif trailing
-			return [key.untaint]
+			return [key]
 		elsif bracketed
-			return [main.untaint] + bracketed.slice(1...-1).split('][').collect {|k| k.untaint }
+			return [main] + bracketed.slice(1...-1).split('][')
 		else
-			return [main.untaint]
+			return [main]
 		end
 	end