webrick 1.3.1 → 1.5.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 97da95d5faf45f62560954f75b5fb1536ffdb804a991adbfc1a8da2f312282fb
+  data.tar.gz: c4b305ec0e615913868e1707c42656faa197f6f7a26af17505d7b5b38cbaf9dc
+SHA512:
+  metadata.gz: 62878410914483e24c84430af518e417f985e2471b8907655d2a096966afdd5f872c29f2d65dc6ee88ab4df216f7077678b5cdf04ba021185f1b40402e565114
+  data.tar.gz: ec3e25caa3db02dcf9e7d8dc916cab302c571ba6acb1810681e2051ab7fb35eae06752189a0701c6dee9cd4b5e91f7361c78ceb36e779ed82488702c87d305d9

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.

data/README.md

@@ -0,0 +1,63 @@
+# Webrick
+
+[![Build Status](https://travis-ci.org/ruby/webrick.svg?branch=master)](https://travis-ci.org/ruby/webrick)
+
+WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
+
+WEBrick features complete logging of both server operations and HTTP access.
+
+WEBrick supports both basic and digest authentication in addition to algorithms not in RFC 2617.
+
+A WEBrick server can be composed of multiple WEBrick servers or servlets to provide differing behavior on a per-host or per-path basis. WEBrick includes servlets for handling CGI scripts, ERB pages, Ruby blocks and directory listings.
+
+WEBrick also includes tools for daemonizing a process and starting a process at a higher privilege level and dropping permissions.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'webrick'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install webrick
+
+## Usage
+
+To create a new WEBrick::HTTPServer that will listen to connections on port 8000 and serve documents from the current user's public_html folder:
+
+```ruby
+require 'webrick'
+
+root = File.expand_path '~/public_html'
+server = WEBrick::HTTPServer.new :Port => 8000, :DocumentRoot => root
+```
+
+To run the server you will need to provide a suitable shutdown hook as
+starting the server blocks the current thread:
+
+```ruby
+trap 'INT' do server.shutdown end
+
+server.start
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and Patch are welcome on https://bugs.ruby-lang.org/.
+
+## License
+
+The gem is available as open source under the terms of the [2-Clause BSD License](https://opensource.org/licenses/BSD-2-Clause).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test" << "test/lib"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/test_*.rb']
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "webrick"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/webrick/accesslog.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #--
 # accesslog.rb -- Access log handling utilities
 #
@@ -85,7 +86,7 @@ module WEBrick
     # %q:: Request query string
     # %r:: First line of the request
     # %s:: Request status
-    # %t:: Time the request was recieved
+    # %t:: Time the request was received
     # %T:: Time taken to process the request
     # %u:: Remote user from auth
     # %U:: Unparsed URI
@@ -115,6 +116,10 @@ module WEBrick
       params
     end
 
+    ##
+    # Formats +params+ according to +format_string+ which is described in
+    # setup_params.
+
     def format(format_string, params)
       format_string.gsub(/\%(?:\{(.*?)\})?>?([a-zA-Z%])/){
          param, spec = $1, $2
@@ -140,6 +145,9 @@ module WEBrick
       }
     end
 
+    ##
+    # Escapes control characters in +data+
+
     def escape(data)
       if data.tainted?
         data.gsub(/[[:cntrl:]\\]+/) {$&.dump[1...-1]}.untaint

data/lib/webrick/cgi.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # cgi.rb -- Yet another CGI library
 #
@@ -7,16 +8,50 @@
 #
 # $Id$
 
-require "webrick/httprequest"
-require "webrick/httpresponse"
-require "webrick/config"
+require_relative "httprequest"
+require_relative "httpresponse"
+require_relative "config"
 require "stringio"
 
 module WEBrick
+
+  # A CGI library using WEBrick requests and responses.
+  #
+  # Example:
+  #
+  #   class MyCGI < WEBrick::CGI
+  #     def do_GET req, res
+  #       res.body = 'it worked!'
+  #       res.status = 200
+  #     end
+  #   end
+  #
+  #   MyCGI.new.start
+
   class CGI
+
+    # The CGI error exception class
+
     CGIError = Class.new(StandardError)
 
-    attr_reader :config, :logger
+    ##
+    # The CGI configuration.  This is based on WEBrick::Config::HTTP
+
+    attr_reader :config
+
+    ##
+    # The CGI logger
+
+    attr_reader :logger
+
+    ##
+    # Creates a new CGI interface.
+    #
+    # The first argument in +args+ is a configuration hash which would update
+    # WEBrick::Config::HTTP.
+    #
+    # Any remaining arguments are stored in the <code>@options</code> instance
+    # variable for use by a subclass.
 
     def initialize(*args)
       if defined?(MOD_RUBY)
@@ -41,10 +76,17 @@ module WEBrick
       @options = args
     end
 
+    ##
+    # Reads +key+ from the configuration
+
     def [](key)
       @config[key]
     end
 
+    ##
+    # Starts the CGI process with the given environment +env+ and standard
+    # input and output +stdin+ and +stdout+.
+
     def start(env=ENV, stdin=$stdin, stdout=$stdout)
       sock = WEBrick::CGI::Socket.new(@config, env, stdin, stdout)
       req = HTTPRequest.new(@config)
@@ -108,6 +150,10 @@ module WEBrick
       end
     end
 
+    ##
+    # Services the request +req+ which will fill in the response +res+.  See
+    # WEBrick::HTTPServlet::AbstractServlet#service for details.
+
     def service(req, res)
       method_name = "do_" + req.request_method.gsub(/-/, "_")
       if respond_to?(method_name)
@@ -118,7 +164,10 @@ module WEBrick
       end
     end
 
-    class Socket
+    ##
+    # Provides HTTP socket emulation from the CGI environment
+
+    class Socket # :nodoc:
       include Enumerable
 
       private
@@ -216,6 +265,10 @@ module WEBrick
         @out_port << data
       end
 
+      def write(data)
+        @out_port.write(data)
+      end
+
       def cert
         return nil unless defined?(OpenSSL)
         if pem = @env["SSL_SERVER_CERT"]

data/lib/webrick/compat.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # compat.rb -- cross platform compatibility
 #
@@ -9,7 +10,7 @@
 # $IPR: compat.rb,v 1.6 2002/10/01 17:16:32 gotoyuzo Exp $
 
 ##
-# System call error module used by webrick for cross platform compatability.
+# System call error module used by webrick for cross platform compatibility.
 #
 # EPROTO:: protocol error
 # ECONNRESET:: remote host reset the connection request

data/lib/webrick/config.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # config.rb -- Default configurations.
 #
@@ -8,19 +9,25 @@
 #
 # $IPR: config.rb,v 1.52 2003/07/22 19:20:42 gotoyuzo Exp $
 
-require 'webrick/version'
-require 'webrick/httpversion'
-require 'webrick/httputils'
-require 'webrick/utils'
-require 'webrick/log'
+require_relative 'version'
+require_relative 'httpversion'
+require_relative 'httputils'
+require_relative 'utils'
+require_relative 'log'
 
 module WEBrick
   module Config
-    LIBDIR = File::dirname(__FILE__)
+    LIBDIR = File::dirname(__FILE__) # :nodoc:
 
     # for GenericServer
-    General = {
-      :ServerName     => Utils::getservername,
+    General = Hash.new { |hash, key|
+      case key
+      when :ServerName
+        hash[key] = Utils.getservername
+      else
+        nil
+      end
+    }.update(
       :BindAddress    => nil,   # "0.0.0.0" or "::" or nil
       :Port           => nil,   # users MUST specify this!!
       :MaxClients     => 100,   # maximum number of the concurrent connections
@@ -33,9 +40,9 @@ module WEBrick
       :StartCallback  => nil,
       :StopCallback   => nil,
       :AcceptCallback => nil,
-      :DoNotReverseLookup => nil,
+      :DoNotReverseLookup => true,
       :ShutdownSocketWithoutClose => false,
-    }
+    )
 
     # for HTTPServer, HTTPRequest, HTTPResponse ...
     HTTP = General.dup.update(
@@ -67,6 +74,30 @@ module WEBrick
       :Escape8bitURI  => false
     )
 
+    ##
+    # Default configuration for WEBrick::HTTPServlet::FileHandler
+    #
+    # :AcceptableLanguages::
+    #   Array of languages allowed for accept-language.  There is no default
+    # :DirectoryCallback::
+    #   Allows preprocessing of directory requests.  There is no default
+    #   callback.
+    # :FancyIndexing::
+    #   If true, show an index for directories.  The default is true.
+    # :FileCallback::
+    #   Allows preprocessing of file requests.  There is no default callback.
+    # :HandlerCallback::
+    #   Allows preprocessing of requests.  There is no default callback.
+    # :HandlerTable::
+    #   Maps file suffixes to file handlers.  DefaultFileHandler is used by
+    #   default but any servlet can be used.
+    # :NondisclosureName::
+    #   Do not show files matching this array of globs.  .ht* and *~ are
+    #   excluded by default.
+    # :UserDir::
+    #   Directory inside ~user to serve content from for /~user requests.
+    #   Only works if mounted on /.  Disabled by default.
+
     FileHandler = {
       :NondisclosureName => [".ht*", "*~"],
       :FancyIndexing     => false,
@@ -78,6 +109,12 @@ module WEBrick
       :AcceptableLanguages => []  # ["en", "ja", ... ]
     }
 
+    ##
+    # Default configuration for WEBrick::HTTPAuth::BasicAuth
+    #
+    # :AutoReloadUserDB:: Reload the user database provided by :UserDB
+    #                     automatically?
+
     BasicAuth = {
       :AutoReloadUserDB     => true,
     }

data/lib/webrick/cookie.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # cookie.rb -- Cookie class
 #
@@ -9,17 +10,59 @@
 # $IPR: cookie.rb,v 1.16 2002/09/21 12:23:35 gotoyuzo Exp $
 
 require 'time'
-require 'webrick/httputils'
+require_relative 'httputils'
 
 module WEBrick
+
+  ##
+  # Processes HTTP cookies
+
   class Cookie
 
+    ##
+    # The cookie name
+
     attr_reader :name
-    attr_accessor :value, :version
-    attr_accessor :domain, :path, :secure
-    attr_accessor :comment, :max_age
+
+    ##
+    # The cookie value
+
+    attr_accessor :value
+
+    ##
+    # The cookie version
+
+    attr_accessor :version
+
+    ##
+    # The cookie domain
+    attr_accessor :domain
+
+    ##
+    # The cookie path
+
+    attr_accessor :path
+
+    ##
+    # Is this a secure cookie?
+
+    attr_accessor :secure
+
+    ##
+    # The cookie comment
+
+    attr_accessor :comment
+
+    ##
+    # The maximum age of the cookie
+
+    attr_accessor :max_age
+
     #attr_accessor :comment_url, :discard, :port
 
+    ##
+    # Creates a new cookie with the given +name+ and +value+
+
     def initialize(name, value)
       @name = name
       @value = value
@@ -29,14 +72,25 @@ module WEBrick
       @expires = @comment_url = @discard = @port = nil
     end
 
+    ##
+    # Sets the cookie expiration to the time +t+.  The expiration time may be
+    # a false value to disable expiration or a Time or HTTP format time string
+    # to set the expiration date.
+
     def expires=(t)
       @expires = t && (t.is_a?(Time) ? t.httpdate : t.to_s)
     end
 
+    ##
+    # Retrieves the expiration time as a Time
+
     def expires
       @expires && Time.parse(@expires)
     end
 
+    ##
+    # The cookie string suitable for use in an HTTP header
+
     def to_s
       ret = ""
       ret << @name << "=" << @value
@@ -50,14 +104,16 @@ module WEBrick
       ret
     end
 
-    # Cookie::parse()
-    #   It parses Cookie field sent from the user agent.
+    ##
+    # Parses a Cookie field sent from the user-agent.  Returns an array of
+    # cookies.
+
     def self.parse(str)
       if str
         ret = []
         cookie = nil
         ver = 0
-        str.split(/[;,]\s+/).each{|x|
+        str.split(/;\s+/).each{|x|
           key, val = x.split(/=/,2)
           val = val ? HTTPUtils::dequote(val) : ""
           case key
@@ -76,6 +132,9 @@ module WEBrick
       end
     end
 
+    ##
+    # Parses the cookie in +str+
+
     def self.parse_set_cookie(str)
       cookie_elem = str.split(/;/)
       first_elem = cookie_elem.shift
@@ -101,6 +160,9 @@ module WEBrick
       return cookie
     end
 
+    ##
+    # Parses the cookies in +str+
+
     def self.parse_set_cookies(str)
       return str.split(/,(?=[^;,]*=)|,$/).collect{|c|
         parse_set_cookie(c)

data/lib/webrick/htmlutils.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #--
 # htmlutils.rb -- HTMLUtils Module
 #
@@ -15,12 +16,13 @@ module WEBrick
     # Escapes &, ", > and < in +string+
 
     def escape(string)
-      str = string ? string.dup : ""
+      return "" unless string
+      str = string.b
       str.gsub!(/&/n, '&amp;')
       str.gsub!(/\"/n, '&quot;')
       str.gsub!(/>/n, '&gt;')
       str.gsub!(/</n, '&lt;')
-      str
+      str.force_encoding(string.encoding)
     end
     module_function :escape
 

data/lib/webrick/httpauth/authenticator.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #--
 # httpauth/authenticator.rb -- Authenticator mix-in module.
 #
@@ -16,10 +17,10 @@ module WEBrick
 
     module Authenticator
 
-      RequestField      = "Authorization"
-      ResponseField     = "WWW-Authenticate"
-      ResponseInfoField = "Authentication-Info"
-      AuthException     = HTTPStatus::Unauthorized
+      RequestField      = "Authorization" # :nodoc:
+      ResponseField     = "WWW-Authenticate" # :nodoc:
+      ResponseInfoField = "Authentication-Info" # :nodoc:
+      AuthException     = HTTPStatus::Unauthorized # :nodoc:
 
       ##
       # Method of authentication, must be overridden by the including class
@@ -43,6 +44,8 @@ module WEBrick
 
       private
 
+      # :stopdoc:
+
       ##
       # Initializes the authenticator from +config+
 
@@ -96,6 +99,8 @@ module WEBrick
           log(:info, fmt, *args)
         end
       end
+
+      # :startdoc:
     end
 
     ##
@@ -103,10 +108,10 @@ module WEBrick
     # authentication schemes for proxies.
 
     module ProxyAuthenticator
-      RequestField  = "Proxy-Authorization"
-      ResponseField = "Proxy-Authenticate"
-      InfoField     = "Proxy-Authentication-Info"
-      AuthException = HTTPStatus::ProxyAuthenticationRequired
+      RequestField  = "Proxy-Authorization" # :nodoc:
+      ResponseField = "Proxy-Authenticate" # :nodoc:
+      InfoField     = "Proxy-Authentication-Info" # :nodoc:
+      AuthException = HTTPStatus::ProxyAuthenticationRequired # :nodoc:
     end
   end
 end

data/lib/webrick/httpauth/basicauth.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # httpauth/basicauth.rb -- HTTP basic access authentication
 #
@@ -7,9 +8,9 @@
 #
 # $IPR: basicauth.rb,v 1.5 2003/02/20 07:15:47 gotoyuzo Exp $
 
-require 'webrick/config'
-require 'webrick/httpstatus'
-require 'webrick/httpauth/authenticator'
+require_relative '../config'
+require_relative '../httpstatus'
+require_relative 'authenticator'
 
 module WEBrick
   module HTTPAuth
@@ -23,7 +24,7 @@ module WEBrick
     #
     #   config = { :Realm => 'BasicAuth example realm' }
     #
-    #   htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
+    #   htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file', password_hash: :bcrypt
     #   htpasswd.set_passwd config[:Realm], 'username', 'password'
     #   htpasswd.flush
     #
@@ -34,7 +35,7 @@ module WEBrick
     class BasicAuth
       include Authenticator
 
-      AuthScheme = "Basic"
+      AuthScheme = "Basic" # :nodoc:
 
       ##
       # Used by UserDB to create a basic password entry
@@ -80,7 +81,15 @@ module WEBrick
           error("%s: the user is not allowed.", userid)
           challenge(req, res)
         end
-        if password.crypt(encpass) != encpass
+
+        case encpass
+        when /\A\$2[aby]\$/
+          password_matches = BCrypt::Password.new(encpass.sub(/\A\$2[aby]\$/, '$2a$')) == password
+        else
+          password_matches = password.crypt(encpass) == encpass
+        end
+
+        unless password_matches
           error("%s: password unmatch.", userid)
           challenge(req, res)
         end
@@ -89,8 +98,7 @@ module WEBrick
       end
 
       ##
-      # Returns a challenge response which asks for for authentication
-      # information
+      # Returns a challenge response which asks for authentication information
 
       def challenge(req, res)
         res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\""