webrick 1.8.2 → 1.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 963bdfcf1a0e919027a92007be283a146cd054be3a60e539e9f3cbce5c0a908f
-  data.tar.gz: 2ed0bd918c3c5dbb908a59350c9e3691afe88c63a4a5c0a2b5085de7c30aeab5
+  metadata.gz: d133a0575bc3ed8393d991def2829498130eac921b9485e47d00a6259ec00fe6
+  data.tar.gz: 2e8da0c038c346abc67b325c41408199eb6475ee7fad9a155c67330ca15c5aed
 SHA512:
-  metadata.gz: 2433fb9da7e7e7f10495059ac90de49238758fc0581fb8d0dfed28f08d47c9b21329fc4a03a7ade064cea71097f86e29a74003ca6369d3d9e58c401979871a0e
-  data.tar.gz: b0bd6929f6d49967215825cce3c7ad5c7e6b1b45fcda8fd97c898f377df2453934d62ff0cc0a941b2d4a374487b901a207674f76229d45a899938d40516c9271
+  metadata.gz: c5f68a58deca28be7dbde1b557a17a16f9d69c244c567830b89b22c26689db8b28e6a69097e6f47fc3d50d9caea69c691ead0468ef13777081aaf03e0d7c46f2
+  data.tar.gz: b9c35a51cf9d662d2151dd40d79c2cceebe5404fe5e8464cd666eff3127729a7225b728e78f59bfc08ea545b4de1046dad1c08a65e1e2fd402e91a0c53a264e6

data/Gemfile

@@ -5,3 +5,6 @@ gemspec
 gem "rake"
 gem "test-unit"
 gem "test-unit-ruby-core"
+
+# rbs requires ruby 3.0+
+gem "rbs", require: false if !RUBY_VERSION.start_with?('2.')

data/README.md

@@ -10,6 +10,8 @@ A WEBrick server can be composed of multiple WEBrick servers or servlets to prov
 
 WEBrick also includes tools for daemonizing a process and starting a process at a higher privilege level and dropping permissions.
 
+WEBrick is suitable for use in testing and for development.  However, while the developers of WEBrick will attempt to fix security issues, they do not encourage the use of WEBrick to serve production web applications that may be subject to hostile input.
+
 ## Installation
 
 Add this line to your application's Gemfile:

data/lib/webrick/cgi.rb

@@ -160,7 +160,7 @@ module WEBrick
         __send__(method_name, req, res)
       else
         raise HTTPStatus::MethodNotAllowed,
-              "unsupported method `#{req.request_method}'."
+              "unsupported method '#{req.request_method}'."
       end
     end
 

data/lib/webrick/httpauth/authenticator.rb

@@ -108,10 +108,10 @@ module WEBrick
     # authentication schemes for proxies.
 
     module ProxyAuthenticator
-      RequestField  = "Proxy-Authorization" # :nodoc:
-      ResponseField = "Proxy-Authenticate" # :nodoc:
-      InfoField     = "Proxy-Authentication-Info" # :nodoc:
-      AuthException = HTTPStatus::ProxyAuthenticationRequired # :nodoc:
+      RequestField      = "Proxy-Authorization" # :nodoc:
+      ResponseField     = "Proxy-Authenticate" # :nodoc:
+      ResponseInfoField = "Proxy-Authentication-Info" # :nodoc:
+      AuthException     = HTTPStatus::ProxyAuthenticationRequired # :nodoc:
     end
   end
 end

data/lib/webrick/httpauth/htgroup.rb

@@ -49,7 +49,7 @@ module WEBrick
           File.open(@path){|io|
             while line = io.gets
               line.chomp!
-              group, members = line.split(/:\s*/)
+              group, members = line.split(/:\s*/, 2)
               @group[group] = members.split(/\s+/)
             end
           }

data/lib/webrick/httpauth/htpasswd.rb

@@ -77,12 +77,12 @@ module WEBrick
                 if @password_hash == :bcrypt
                   raise StandardError, ".htpasswd file contains crypt password, only bcrypt passwords supported"
                 end
-                user, pass = line.split(":")
+                user, pass = line.split(":", 2)
               when %r!\A[^:]+:\$2[aby]\$\d{2}\$.{53}\z!
                 if @password_hash == :crypt
                   raise StandardError, ".htpasswd file contains bcrypt password, only crypt passwords supported"
                 end
-                user, pass = line.split(":")
+                user, pass = line.split(":", 2)
               when /:\$/, /:{SHA}/
                 raise NotImplementedError,
                       'MD5, SHA1 .htpasswd file not supported'

data/lib/webrick/httpproxy.rb

@@ -118,7 +118,7 @@ module WEBrick
         public_send("do_#{req.request_method}", req, res)
       rescue NoMethodError
         raise HTTPStatus::MethodNotAllowed,
-          "unsupported method `#{req.request_method}'."
+          "unsupported method '#{req.request_method}'."
       rescue => err
         logger.debug("#{err.class}: #{err.message}")
         raise HTTPStatus::ServiceUnavailable, err.message
@@ -149,7 +149,7 @@ module WEBrick
       end
 
       begin
-        @logger.debug("CONNECT: upstream proxy is `#{host}:#{port}'.")
+        @logger.debug("CONNECT: upstream proxy is '#{host}:#{port}'.")
         os = TCPSocket.new(host, port)     # origin server
 
         if proxy
@@ -175,7 +175,7 @@ module WEBrick
         @logger.debug("CONNECT #{host}:#{port}: succeeded")
         res.status = HTTPStatus::RC_OK
       rescue => ex
-        @logger.debug("CONNECT #{host}:#{port}: failed `#{ex.message}'")
+        @logger.debug("CONNECT #{host}:#{port}: failed '#{ex.message}'")
         res.set_error(ex)
         raise HTTPStatus::EOFError
       ensure
@@ -241,7 +241,7 @@ module WEBrick
         if HopByHop.member?(key)          || # RFC2616: 13.5.1
            connections.member?(key)       || # RFC2616: 14.10
            ShouldNotTransfer.member?(key)    # pragmatics
-          @logger.debug("choose_header: `#{key}: #{value}'")
+          @logger.debug("choose_header: '#{key}: #{value}'")
           next
         end
         dst[key] = value

data/lib/webrick/httprequest.rb

@@ -162,7 +162,6 @@ module WEBrick
       @script_name = @path_info = nil
       @query_string = nil
       @query = nil
-      @form_data = nil
 
       @raw_header = Array.new
       @header = nil
@@ -173,7 +172,8 @@ module WEBrick
       @accept_language = []
       @body = +""
 
-      @addr = @peeraddr = nil
+      @addr = []
+      @peeraddr = []
       @attributes = {}
       @user = nil
       @keep_alive = false
@@ -224,7 +224,7 @@ module WEBrick
         @script_name = ""
         @path_info = @path.dup
       rescue
-        raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'."
+        raise HTTPStatus::BadRequest, "bad URI '#{@unparsed_uri}'."
       end
 
       if /\Aclose\z/io =~ self["connection"]
@@ -464,7 +464,7 @@ module WEBrick
         @http_version   = HTTPVersion.new($3 ? $3 : "0.9")
       else
         rl = @request_line.sub(/\x0d?\x0a\z/o, '')
-        raise HTTPStatus::BadRequest, "bad Request-Line `#{rl}'."
+        raise HTTPStatus::BadRequest, "bad Request-Line '#{rl}'."
       end
     end
 
@@ -563,7 +563,7 @@ module WEBrick
         chunk_ext = $2
         [ chunk_size, chunk_ext ]
       else
-        raise HTTPStatus::BadRequest, "bad chunk `#{line}'."
+        raise HTTPStatus::BadRequest, "bad chunk '#{line}'."
       end
     end
 
@@ -581,7 +581,7 @@ module WEBrick
 
         line = read_line(socket)              # skip CRLF
         unless line == "\r\n"
-          raise HTTPStatus::BadRequest, "extra data after chunk `#{line}'."
+          raise HTTPStatus::BadRequest, "extra data after chunk '#{line}'."
         end
 
         chunk_size, = read_chunk_size(socket)

data/lib/webrick/httpresponse.rb

@@ -453,7 +453,7 @@ module WEBrick
       _end_of_html_
 
       if backtrace && $DEBUG
-        @body << "backtrace of `#{HTMLUtils::escape(ex.class.to_s)}' "
+        @body << "backtrace of '#{HTMLUtils::escape(ex.class.to_s)}' "
         @body << "#{HTMLUtils::escape(ex.message)}"
         @body << "<PRE>"
         ex.backtrace.each{|line| @body << "\t#{line}\n"}

data/lib/webrick/httpserver.rb

@@ -128,11 +128,11 @@ module WEBrick
           do_OPTIONS(req, res)
           raise HTTPStatus::OK
         end
-        raise HTTPStatus::NotFound, "`#{req.unparsed_uri}' not found."
+        raise HTTPStatus::NotFound, "'#{req.unparsed_uri}' not found."
       end
 
       servlet, options, script_name, path_info = search_servlet(req.path)
-      raise HTTPStatus::NotFound, "`#{req.path}' not found." unless servlet
+      raise HTTPStatus::NotFound, "'#{req.path}' not found." unless servlet
       req.script_name = script_name
       req.path_info = path_info
       si = servlet.get_instance(self, *options)

data/lib/webrick/httpservlet/abstract.rb

@@ -105,7 +105,7 @@ module WEBrick
           __send__(method_name, req, res)
         else
           raise HTTPStatus::MethodNotAllowed,
-                "unsupported method `#{req.request_method}'."
+                "unsupported method '#{req.request_method}'."
         end
       end
 

data/lib/webrick/httpservlet/filehandler.rb

@@ -250,7 +250,7 @@ module WEBrick
 
       def do_POST(req, res)
         unless exec_handler(req, res)
-          raise HTTPStatus::NotFound, "`#{req.path}' not found."
+          raise HTTPStatus::NotFound, "'#{req.path}' not found."
         end
       end
 
@@ -307,7 +307,7 @@ module WEBrick
       end
 
       def exec_handler(req, res)
-        raise HTTPStatus::NotFound, "`#{req.path}' not found." unless @root
+        raise HTTPStatus::NotFound, "'#{req.path}' not found." unless @root
         if set_filename(req, res)
           handler = get_handler(req, res)
           call_callback(:HandlerCallback, req, res)
@@ -359,7 +359,7 @@ module WEBrick
             call_callback(:FileCallback, req, res)
             return true
           else
-            raise HTTPStatus::NotFound, "`#{req.path}' not found."
+            raise HTTPStatus::NotFound, "'#{req.path}' not found."
           end
         end
 
@@ -368,8 +368,8 @@ module WEBrick
 
       def check_filename(req, res, name)
         if nondisclosure_name?(name) || windows_ambiguous_name?(name)
-          @logger.warn("the request refers nondisclosure name `#{name}'.")
-          raise HTTPStatus::NotFound, "`#{req.path}' not found."
+          @logger.warn("the request refers nondisclosure name '#{name}'.")
+          raise HTTPStatus::NotFound, "'#{req.path}' not found."
         end
       end
 
@@ -437,7 +437,7 @@ module WEBrick
       def set_dir_list(req, res)
         redirect_to_directory_uri(req, res)
         unless @options[:FancyIndexing]
-          raise HTTPStatus::Forbidden, "no access permission to `#{req.path}'"
+          raise HTTPStatus::Forbidden, "no access permission to '#{req.path}'"
         end
         local_path = res.filename
         list = Dir::entries(local_path).collect{|name|

data/lib/webrick/httputils.rb

@@ -29,14 +29,14 @@ module WEBrick
     # normalized.
 
     def normalize_path(path)
-      raise "abnormal path `#{path}'" if path[0] != ?/
+      raise "abnormal path '#{path}'" if path[0] != ?/
       ret = path.dup
 
       ret.gsub!(%r{/+}o, '/')                    # //      => /
       while ret.sub!(%r'/\.(?:/|\Z)', '/'); end  # /.      => /
       while ret.sub!(%r'/(?!\.\./)[^/]+/\.\.(?:/|\Z)', '/'); end # /foo/.. => /foo
 
-      raise "abnormal path `#{path}'" if %r{/\.\.(/|\Z)} =~ ret
+      raise "abnormal path '#{path}'" if %r{/\.\.(/|\Z)} =~ ret
       ret
     end
     module_function :normalize_path

data/lib/webrick/server.rb

@@ -365,7 +365,7 @@ module WEBrick
         begin
           s.shutdown
         rescue Errno::ENOTCONN
-          # when `Errno::ENOTCONN: Socket is not connected' on some platforms,
+          # when 'Errno::ENOTCONN: Socket is not connected' on some platforms,
           # call #close instead of #shutdown.
           # (ignore @config[:ShutdownSocketWithoutClose])
           s.close

data/lib/webrick/version.rb

@@ -14,5 +14,5 @@ module WEBrick
   ##
   # The WEBrick version
 
-  VERSION      = "1.8.2"
+  VERSION      = "1.9.1"
 end

data/sig/accesslog.rbs

@@ -0,0 +1,24 @@
+module WEBrick
+  module AccessLog
+    class AccessLogError < StandardError
+    end
+
+    CLF_TIME_FORMAT: String
+
+    COMMON_LOG_FORMAT: String
+
+    CLF: String
+
+    REFERER_LOG_FORMAT: String
+
+    AGENT_LOG_FORMAT: String
+
+    COMBINED_LOG_FORMAT: String
+
+    def self?.setup_params: (Hash[Symbol, untyped] config, HTTPRequest req, HTTPResponse res) -> Hash[String, untyped]
+
+    def self?.format: (String format_string, Hash[String, untyped] params) -> String
+
+    def self?.escape: (String data) -> String
+  end
+end

data/sig/cgi.rbs

@@ -0,0 +1,92 @@
+module WEBrick
+  class CGI
+    @options: Array[untyped]
+
+    class CGIError < StandardError
+    end
+
+    attr_reader config: Hash[Symbol, untyped]
+
+    attr_reader logger: BasicLog
+
+    def initialize: (*untyped args) -> void
+
+    def []: (Symbol key) -> untyped
+
+    interface _Env
+      def []: (String) -> String?
+    end
+
+    def start: (?_Env env, ?IO stdin, ?IO stdout) -> void
+
+    def self.setup_header: () -> untyped
+
+    def self.status_line: () -> ""
+
+    def service: (HTTPRequest req, HTTPResponse res) -> void
+
+    class Socket
+      @config: Hash[Symbol, untyped]
+
+      @env: _Env
+
+      @header_part: StringIO
+
+      @body_part: IO
+
+      @out_port: IO
+
+      @server_addr: String
+
+      @server_name: String?
+
+      @server_port: String?
+
+      @remote_addr: String?
+
+      @remote_host: String?
+
+      @remote_port: (String | 0)
+
+      include Enumerable[String]
+
+      private
+
+      def initialize: (Hash[Symbol, untyped] config, _Env env, IO stdin, IO stdout) -> void
+
+      def request_line: () -> String
+
+      def setup_header: () -> void
+
+      def add_header: (String hdrname, String value) -> void
+
+      def input: () -> (IO | StringIO)
+
+      public
+
+      def peeraddr: () -> [nil, (String | 0), String?, String?]
+
+      def addr: () -> [nil, String?, String?, String]
+
+      def gets: (?String eol, ?Integer? size) -> String?
+
+      def read: (?Integer? size) -> String?
+
+      def each: () { (String) -> void } -> void
+
+      def eof?: () -> bool
+
+      def <<: (_ToS data) -> IO
+
+      def write: (_ToS data) -> Integer
+
+      def cert: () -> OpenSSL::X509::Certificate?
+
+      def peer_cert: () -> OpenSSL::X509::Certificate?
+
+      def peer_cert_chain: () -> Array[OpenSSL::X509::Certificate]?
+
+      def cipher: () -> [String?, String?, String?, String?]?
+    end
+  end
+end

data/sig/compat.rbs

@@ -0,0 +1,18 @@
+#
+# System call error module used by webrick for cross platform compatibility.
+#
+# EPROTO:: protocol error
+# ECONNRESET:: remote host reset the connection request
+# ECONNABORTED:: Client sent TCP reset (RST) before server has accepted the
+#                connection requested by client.
+#
+module Errno
+  class EPROTO < SystemCallError
+  end
+
+  class ECONNRESET < SystemCallError
+  end
+
+  class ECONNABORTED < SystemCallError
+  end
+end

data/sig/config.rbs

@@ -0,0 +1,17 @@
+module WEBrick
+  module Config
+    LIBDIR: String
+
+    # for GenericServer
+    General: Hash[Symbol, untyped]
+
+    # for HTTPServer, HTTPRequest, HTTPResponse ...
+    HTTP: Hash[Symbol, untyped]
+
+    FileHandler: Hash[Symbol, untyped]
+
+    BasicAuth: Hash[Symbol, untyped]
+
+    DigestAuth: Hash[Symbol, untyped]
+  end
+end

data/sig/cookie.rbs

@@ -0,0 +1,37 @@
+module WEBrick
+  class Cookie
+    @expires: String?
+
+    attr_reader name: String?
+
+    attr_accessor value: String?
+
+    attr_accessor version: Integer
+
+    #
+    # The cookie domain
+    attr_accessor domain: String?
+
+    attr_accessor path: String?
+
+    attr_accessor secure: true?
+
+    attr_accessor comment: String?
+
+    attr_accessor max_age: Integer?
+
+    def initialize: (untyped name, untyped value) -> void
+
+    def expires=: ((Time | _ToS)? t) -> untyped
+
+    def expires: () -> Time?
+
+    def to_s: () -> String
+
+    def self.parse: (String? str) -> Array[instance]?
+
+    def self.parse_set_cookie: (String str) -> instance
+
+    def self.parse_set_cookies: (String str) -> Array[instance]
+  end
+end

data/sig/htmlutils.rbs

@@ -0,0 +1,5 @@
+module WEBrick
+  module HTMLUtils
+    def self?.escape: (String? string) -> String
+  end
+end

data/sig/httpauth/authenticator.rbs

@@ -0,0 +1,55 @@
+module WEBrick
+  module HTTPAuth
+    module Authenticator
+      @reload_db: bool?
+
+      @request_field: String
+
+      @response_field: String
+
+      @resp_info_field: String
+
+      @auth_exception: singleton(HTTPStatus::ClientError)
+
+      @auth_scheme: String
+
+      RequestField: String
+
+      ResponseField: String
+
+      ResponseInfoField: String
+
+      AuthException: singleton(HTTPStatus::ClientError)
+
+      AuthScheme: String?
+
+      attr_reader realm: String?
+
+      attr_reader userdb: UserDB
+
+      attr_reader logger: Log
+
+      private
+
+      def check_init: (Hash[Symbol, untyped] config) -> void
+
+      def check_scheme: (HTTPRequest req) -> String?
+
+      def log: (interned meth, String fmt, *untyped args) -> void
+
+      def error: (String fmt, *untyped args) -> void
+
+      def info: (String fmt, *untyped args) -> void
+    end
+
+    module ProxyAuthenticator
+      RequestField: String
+
+      ResponseField: String
+
+      ResponseInfoField: String
+
+      AuthException: singleton(HTTPStatus::ClientError)
+    end
+  end
+end

data/sig/httpauth/basicauth.rbs

@@ -0,0 +1,29 @@
+module WEBrick
+  module HTTPAuth
+    class BasicAuth
+      @config: Hash[Symbol, untyped]
+
+      include Authenticator
+
+      AuthScheme: String
+
+      def self.make_passwd: (String? realm, String? user, String? pass) -> String
+
+      attr_reader realm: String?
+
+      attr_reader userdb: UserDB
+
+      attr_reader logger: Log
+
+      def initialize: (Hash[Symbol, untyped] config, ?Hash[Symbol, untyped] default) -> void
+
+      def authenticate: (HTTPRequest req, HTTPResponse res) -> void
+
+      def challenge: (HTTPRequest req, HTTPResponse res) -> bot
+    end
+
+    class ProxyBasicAuth < BasicAuth
+      include ProxyAuthenticator
+    end
+  end
+end

data/sig/httpauth/digestauth.rbs

@@ -0,0 +1,85 @@
+module WEBrick
+  module HTTPAuth
+    class DigestAuth
+      @config: Hash[Symbol, untyped]
+
+      @domain: Array[String]?
+
+      @use_opaque: bool
+
+      @use_next_nonce: bool
+
+      @check_nc: bool
+
+      @use_auth_info_header: bool
+
+      @nonce_expire_period: Integer
+
+      @nonce_expire_delta: Integer
+
+      @internet_explorer_hack: bool
+
+      @h: singleton(Digest::Base)
+
+      @instance_key: String
+
+      @opaques: Hash[String, OpaqueInfo]
+
+      @last_nonce_expire: Time
+
+      @mutex: Thread::Mutex
+
+      include Authenticator
+
+      AuthScheme: String
+
+      class OpaqueInfo < Struct[untyped]
+        attr_accessor time(): Time
+        attr_accessor nonce(): String?
+        attr_accessor nc(): String
+      end
+
+      attr_reader algorithm: String?
+
+      attr_reader qop: Array[String]
+
+      def self.make_passwd: (String realm, String user, String pass) -> untyped
+
+      def initialize: (Hash[Symbol, untyped] config, ?Hash[Symbol, untyped] default) -> void
+
+      def authenticate: (HTTPRequest req, HTTPResponse res) -> void
+
+      def challenge: (HTTPRequest req, HTTPResponse res, ?bool stale) -> bot
+
+      private
+
+      MustParams: Array[String]
+
+      MustParamsAuth: Array[String]
+
+      def _authenticate: (HTTPRequest req, HTTPResponse res) -> (:nonce_is_stale | bool)
+
+      def split_param_value: (String string) -> Hash[String, String]
+
+      def generate_next_nonce: (HTTPRequest req) -> String
+
+      def check_nonce: (HTTPRequest req, Hash[String, String] auth_req) -> bool
+
+      def generate_opaque: (HTTPRequest req) -> String
+
+      def check_opaque: (OpaqueInfo opaque_struct, untyped req, Hash[String, String] auth_req) -> bool
+
+      def check_uri: (HTTPRequest req, Hash[String, String] auth_req) -> bool
+
+      def hexdigest: (*_ToS? args) -> String
+    end
+
+    class ProxyDigestAuth < DigestAuth
+      include ProxyAuthenticator
+
+      private
+
+      def check_uri: (HTTPRequest req, Hash[String, String] auth_req) -> true
+    end
+  end
+end