web-console-compat 3.5.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7659e792ff45ac1b3fab5f870fa8a6f40365d6be
+  data.tar.gz: fff5836e9b6e8ca3ce19be2dd0d4d18ed44d8f52
+SHA512:
+  metadata.gz: f9300eb91aec7e36c9882579027bd6a598c6ced7434ef87aa586aa59579a10291bc18dd63114ca4aa1357bb6e79db647ec01ca7b20470b034a008fdb725a22de
+  data.tar.gz: d33b269c3d79e109002b45c704176bb7dd59c20f72db0ccc25517bbb912f121f3a19f977d367bd8d6639989c01a92954a681eab7783ffae84dcb558fe408610f

data/CHANGELOG.markdown

@@ -0,0 +1,110 @@
+# CHANGELOG
+
+## master (unreleased)
+
+## 3.5.1
+
+* [#239](https://github.com/rails/web-console/pull/239) Fix the ActionDispatch::DebugExceptions integration ([@gsamokovarov])
+
+## 3.5.0
+
+* [#237](https://github.com/rails/web-console/pull/237) Bindex integration for JRuby 9k support ([@gsamokovarov])
+* [#236](https://github.com/rails/web-console/pull/236) Remove unused Active Support lazy load hook ([@betesh])
+* [#230](https://github.com/rails/web-console/pull/230) Handle invalid remote addresses ([@akirakoyasu])
+
+## 3.4.0
+
+* [#205](https://github.com/rails/web-console/pull/205) Introduce autocompletion ([@sh19910711])
+
+## 3.3.1
+
+Drop support for Rails `4.2.0`.
+
+## 3.3.0
+
+* [#203](https://github.com/rails/web-console/pull/203) Map bindings to traces based on the trace __FILE__ and __LINE__ ([@gsamokovarov])
+
+## 3.2.1
+
+* [#202](https://github.com/rails/web-console/pull/202) Use first binding when there is no application binding ([@sh19910711])
+
+## 3.2.0
+
+* [#198](https://github.com/rails/web-console/pull/198) Pick the first application trace binding on errors ([@sh19910711])
+* [#189](https://github.com/rails/web-console/pull/189) Silence ActionView rendering information ([@gsamokovarov])
+
+## 3.1.1
+
+* [#185](https://github.com/rails/web-console/pull/185) Fix `rails console` startup ([@gsamokovarov])
+
+## 3.1.0
+
+* [#182](https://github.com/rails/web-console/pull/182) Let `#console` live in `Kernel` ([@schneems])
+* [#181](https://github.com/rails/web-console/pull/181) Log internal Web Console errors ([@gsamokovarov])
+* [#180](https://github.com/rails/web-console/pull/180) Autoload Web Console constants for faster Rails boot time ([@herminiotorres])
+
+## 3.0.0
+
+* [#173](https://github.com/rails/web-console/pull/173) Revert "Change config.development_only default until 4.2.4 is released" ([@gsamokovarov])
+* [#171](https://github.com/rails/web-console/pull/171) Fixed blocked IP logging ([@gsamokovarov])
+* [#162](https://github.com/rails/web-console/pull/162) Render the console inside the body tag ([@gsamokovarov])
+* [#165](https://github.com/rails/web-console/pull/165) Revamped integrations for CRuby and Rubinius ([@gsamokovarov])
+
+## 2.3.0
+
+This is mainly a Rails 5 compatibility release. If you have the chance, please
+go to 3.1.0 instead.
+
+* [#181](https://github.com/rails/web-console/pull/181) Log internal Web Console errors (@schneems)
+* [#150](https://github.com/rails/web-console/pull/150) Revert #150. (@gsamokovarov)
+
+## 2.2.1
+
+* [#150](https://github.com/rails/web-console/pull/150) Change config.development_only default until 4.2.4 is released ([@gsamokovarov])
+
+## 2.2.0
+
+* [#140](https://github.com/rails/web-console/pull/140) Add the ability to close the console on each page ([@sh19910711])
+* [#135](https://github.com/rails/web-console/pull/135) Run the console only in development mode and raise warning in tests ([@frenesim])
+* [#134](https://github.com/rails/web-conscle/pull/134) Force development only web console by default ([@gsamokovarov])
+* [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
+
+## 2.1.3
+
+* Fix remote code execution vulnerability in Web Console. CVE-2015-3224.
+
+## 2.1.2
+
+* [#115](https://github.com/rails/web-console/pull/115) Show proper binding when raising an error in a template ([@gsamokovarov])
+* [#114](https://github.com/rails/web-console/pull/114) Fix templates non rendering, because of missing template suffix ([@gsamokovarov])
+
+## 2.1.1
+
+* [#112](https://github.com/rails/web-console/pull/112) Always allow application/x-www-form-urlencoded content type ([@gsamokovarov])
+
+## 2.1.0
+
+* [#109](https://github.com/rails/web-console/pull/109) Revamp unavailable session response message ([@gsamokovarov])
+* [#107](https://github.com/rails/web-console/pull/107) Fix pasting regression for all browsers ([@parterburn])
+* [#105](https://github.com/rails/web-console/pull/105) Lock scroll bottom on console window resize ([@noahpatterson])
+* [#104](https://github.com/rails/web-console/pull/104) Always whitelist localhost and inform users why no console is displayed ([@gsamokovarov])
+* [#100](https://github.com/rails/web-console/pull/100) Accept text/plain as acceptable content type for Puma ([@gsamokovarov])
+* [#98](https://github.com/rails/web-console/pull/98) Add arbitrary big z-index to the console ([@bglbruno])
+* [#88](https://github.com/rails/web-console/pull/88) Spelling fixes ([@jeffnv])
+* [#86](https://github.com/rails/web-console/pull/86) Disable autofocus when initializing the console ([@ryandao])
+* [#84](https://github.com/rails/web-console/pull/84) Allow Rails 5 as dependency in gemspec ([@jonatack])
+* [#69](https://github.com/rails/web-console/pull/69) Introduce middleware for request dispatch and console rendering ([@gsamokovarov])
+
+[@jonatack]: https://github.com/jonatack
+[@ryandao]: https://github.com/ryandao
+[@jeffnv]: https://github.com/jeffnv
+[@gsamokovarov]: https://github.com/gsamokovarov
+[@bglbruno]: https://github.com/bglbruno
+[@noahpatterson]: https://github.com/noahpatterson
+[@parterburn]: https://github.com/parterburn
+[@sh19910711]: https://github.com/sh19910711
+[@frenesim]: https://github.com/frenesim
+[@herminiotorres]: https://github.com/herminiotorres
+[@schneems]: https://github.com/schneems
+[@betesh]: https://github.com/betesh
+[@akirakoyasu]: https://github.com/akirakoyasu

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2014-2016 Charlie Somerville, Genadi Samokovarov, Guillermo Iguaran and Ryan Dao
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,5 @@
+# Web Console Compat
+
+A fork of [Web Console] latest features for Rails 4.2 projects.
+
+[Web Console]: https://github.com/rails/web-console

data/Rakefile

@@ -0,0 +1,27 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'socket'
+require 'rake/testtask'
+require 'tmpdir'
+require 'securerandom'
+require 'json'
+require 'web_console/testing/erb_precompiler'
+
+EXPANDED_CWD = File.expand_path(File.dirname(__FILE__))
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+Dir['lib/web_console/tasks/**/*.rake'].each { |task| load task  }
+
+Bundler::GemHelper.install_tasks
+
+task default: :test

data/lib/web-console-compat.rb

@@ -0,0 +1 @@
+require 'web_console'

data/lib/web-console.rb

@@ -0,0 +1 @@
+require 'web_console'

data/lib/web_console.rb

@@ -0,0 +1,28 @@
+require 'active_support/dependencies/autoload'
+require 'active_support/logger'
+
+module WebConsole
+  extend ActiveSupport::Autoload
+
+  autoload :View
+  autoload :Evaluator
+  autoload :ExceptionMapper
+  autoload :Session
+  autoload :Response
+  autoload :Request
+  autoload :WhinyRequest
+  autoload :Whitelist
+  autoload :Template
+  autoload :Middleware
+  autoload :Context
+
+  autoload_at 'web_console/errors' do
+    autoload :Error
+    autoload :DoubleRenderError
+  end
+
+  mattr_accessor :logger
+  @@logger = ActiveSupport::Logger.new($stderr)
+end
+
+require 'web_console/railtie'

data/lib/web_console/context.rb

@@ -0,0 +1,43 @@
+module WebConsole
+  # A context lets you get object names related to the current session binding.
+  class Context
+    def initialize(binding)
+      @binding = binding
+    end
+
+    # Extracts entire objects which can be called by the current session unless
+    # the inputs is present.
+    #
+    # Otherwise, it extracts methods and constants of the object specified by
+    # the input.
+    def extract(input = nil)
+      input.present? ? local(input) : global
+    end
+
+    private
+
+      GLOBAL_OBJECTS = [
+        'instance_variables',
+        'local_variables',
+        'methods',
+        'class_variables',
+        'Object.constants',
+        'global_variables'
+      ]
+
+      def global
+        GLOBAL_OBJECTS.map { |cmd| eval(cmd) }
+      end
+
+      def local(input)
+        [
+          eval("#{input}.methods").map { |m| "#{input}.#{m}" },
+          eval("#{input}.constants").map { |c| "#{input}::#{c}" },
+        ]
+      end
+
+      def eval(cmd)
+        @binding.eval(cmd) rescue []
+      end
+  end
+end

data/lib/web_console/errors.rb

@@ -0,0 +1,7 @@
+module WebConsole
+  # The base class for every Web Console related error.
+  Error = Class.new(StandardError)
+
+  # Raised when there is an attempt to render a console more than once.
+  DoubleRenderError = Class.new(Error)
+end

data/lib/web_console/evaluator.rb

@@ -0,0 +1,33 @@
+module WebConsole
+  # Simple Ruby code evaluator.
+  #
+  # This class wraps a +Binding+ object and evaluates code inside of it. The
+  # difference of a regular +Binding+ eval is that +Evaluator+ will always
+  # return a string and will format exception output.
+  class Evaluator
+    # Cleanses exceptions raised inside #eval.
+    cattr_reader :cleaner
+    @@cleaner = ActiveSupport::BacktraceCleaner.new
+    @@cleaner.add_silencer { |line| line.start_with?(File.expand_path('..', __FILE__)) }
+
+    def initialize(binding = TOPLEVEL_BINDING)
+      @binding = binding
+    end
+
+    def eval(input)
+      "=> #{@binding.eval(input).inspect}\n"
+    rescue Exception => exc
+      format_exception(exc)
+    end
+
+    private
+
+      def format_exception(exc)
+        backtrace = cleaner.clean(Array(exc.backtrace) - caller)
+
+        format = "#{exc.class.name}: #{exc}\n"
+        format << backtrace.map { |trace| "\tfrom #{trace}\n" }.join
+        format
+      end
+  end
+end

data/lib/web_console/exception_mapper.rb

@@ -0,0 +1,33 @@
+module WebConsole
+  class ExceptionMapper
+    def initialize(exception)
+      @backtrace = exception.backtrace
+      @bindings = exception.bindings
+    end
+
+    def first
+      guess_the_first_application_binding || @bindings.first
+    end
+
+    def [](index)
+      guess_binding_for_index(index) || @bindings[index]
+    end
+
+    private
+
+    def guess_binding_for_index(index)
+      file, line = @backtrace[index].to_s.split(':')
+      line = line.to_i
+
+      @bindings.find do |binding|
+        binding.eval('__FILE__') == file && binding.eval('__LINE__') == line
+      end
+    end
+
+    def guess_the_first_application_binding
+      @bindings.find do |binding|
+        binding.eval('__FILE__').to_s.start_with?(Rails.root.to_s)
+      end
+    end
+  end
+end

data/lib/web_console/extensions.rb

@@ -0,0 +1,44 @@
+module Kernel
+  module_function
+
+  # Instructs Web Console to render a console in the specified binding.
+  #
+  # If +binding+ isn't explicitly given it will default to the binding of the
+  # previous frame. E.g. the one that invoked +console+.
+  #
+  # Raises DoubleRenderError if a double +console+ invocation per request is
+  # detected.
+  def console(binding = WebConsole.caller_bindings.first)
+    raise WebConsole::DoubleRenderError if Thread.current[:__web_console_binding]
+
+    Thread.current[:__web_console_binding] = binding
+
+    # Make sure nothing is rendered from the view helper. Otherwise
+    # you're gonna see unexpected #<Binding:0x007fee4302b078> in the
+    # templates.
+    nil
+  end
+end
+
+module ActionDispatch
+  class DebugExceptions
+    def render_exception_with_web_console(env, exception)
+      render_exception_without_web_console(env, exception).tap do
+        error = ExceptionWrapper.new(env, exception).exception
+
+        # Get the original exception if ExceptionWrapper decides to follow it.
+        Thread.current[:__web_console_exception] = error
+
+        # ActionView::Template::Error bypass ExceptionWrapper original
+        # exception following. The backtrace in the view is generated from
+        # reaching out to original_exception in the view.
+        if error.is_a?(ActionView::Template::Error)
+          Thread.current[:__web_console_exception] = error.original_exception
+        end
+      end
+    end
+
+    alias_method :render_exception_without_web_console, :render_exception
+    alias_method :render_exception, :render_exception_with_web_console
+  end
+end

data/lib/web_console/integration.rb

@@ -0,0 +1,31 @@
+module WebConsole
+  # Returns the Ruby bindings of Kernel#callers locations.
+  #
+  # The list of bindings here doesn't map 1 to 1 with Kernel#callers, as we
+  # can't build Ruby bindings for C functions or the equivalent native
+  # implementations in JRuby and Rubinius.
+  #
+  # This method needs to be overridden by every integration.
+  def self.caller_bindings
+    raise NotImplementedError
+  end
+end
+
+class Exception
+  # Returns an array of the exception backtrace locations bindings.
+  #
+  # The list won't map to the traces in #backtrace 1 to 1, because we can't
+  # build bindings for every trace (C functions, for example).
+  #
+  # Every integration should the instance variable.
+  def bindings
+    (defined?(@bindings) && @bindings) || []
+  end
+end
+
+case RUBY_ENGINE
+when 'rbx'
+  require 'web_console/integration/rubinius'
+when 'ruby'
+  require 'web_console/integration/cruby'
+end

data/lib/web_console/integration/cruby.rb

@@ -0,0 +1,23 @@
+require 'debug_inspector'
+
+def WebConsole.caller_bindings
+  bindings = RubyVM::DebugInspector.open do |context|
+    context.backtrace_locations.each_index.map { |i| context.frame_binding(i) }
+  end
+
+  # For C functions, we can't extract a binding. In this case,
+  # DebugInspector#frame_binding would have returned us nil. That's why we need
+  # to compact the bindings.
+  #
+  # Dropping two bindings, removes the current Ruby one in this exact method,
+  # and the one in the caller method. The caller method binding can be obtained
+  # by Kernel#binding, if needed.
+  bindings.compact.drop(2)
+end
+
+TracePoint.trace(:raise) do |context|
+  exc = context.raised_exception
+  if exc.bindings.empty?
+    exc.instance_variable_set(:@bindings, WebConsole.caller_bindings)
+  end
+end

data/lib/web_console/integration/rubinius.rb

@@ -0,0 +1,39 @@
+def WebConsole.caller_bindings
+  locations = ::Rubinius::VM.backtrace(1, true)
+
+  # Kernel.raise, is implemented in Ruby for Rubinius. We don't wanna have
+  # the frame for it to align with the CRuby and JRuby implementations.
+  #
+  # For internal methods location variables can be nil. We can't create a
+  # bindings for them.
+  locations.reject! do |location|
+    location.file.start_with?('kernel/delta/kernel.rb') || location.variables.nil?
+  end
+
+  bindings = locations.map do |location|
+    Binding.setup(
+      location.variables,
+      location.variables.method,
+      location.constant_scope,
+      location.variables.self,
+      location
+    )
+  end
+
+  # Drop the binding of the direct caller. That one can be created by
+  # Kernel#binding.
+  bindings.drop(1)
+end
+
+::Rubinius.singleton_class.class_eval do
+  def raise_exception_with_current_bindings(exc)
+    if exc.bindings.empty?
+      exc.instance_variable_set(:@bindings, WebConsole.caller_bindings)
+    end
+
+    raise_exception_without_current_bindings(exc)
+  end
+
+  alias_method :raise_exception_without_current_bindings, :raise_exception
+  alias_method :raise_exception, :raise_exception_with_current_bindings
+end