webrick 1.6.1 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3fb619ce6c4c78dad51be27360158b7e70c92ebdaa17c7b67b238c43ede73637
-  data.tar.gz: a9a2262fe7d36731d0d251c800a59d9f266a49811da67d8fb8240339cc1fe884
+  metadata.gz: 800e0427bf3a5f03799b0615f21888ef4827fde35a89663bcf90c055bf4e2221
+  data.tar.gz: ea2b6bdee1ae775c2946e6b16e73a3dbcd18ab27d910cc11eeb72f6eafdc3242
 SHA512:
-  metadata.gz: 051dbf7d8f19f366b7713835c2cc37c9f8c53c58c0a4d68fc8256d277c2379bc90099437a48fb876e8d3b6c414c417f5d8b9cf092f372a9dd715a7771c6764fb
-  data.tar.gz: 7541dc4794d62c5c6363ccc7da3742e9d61216e5f9a4a3d94418dc3239830320b416eeb464940ad75074802f673055141b7c4937983ede6d1092a888fc6f5df0
+  metadata.gz: 5d5511564c5ea1ff1eaf936af515acdaff9b157b767093b13e873a38596470bc42cab4a6be97770856e87d91b069ee05716e73dfea88d165a435737e332fb0f4
+  data.tar.gz: a2eaabfc8c4e16303a59cf45de503aaf71577824a8fb92dc2ad60cc4f5fc2478e707635062ed9abc138e260fbc7bea0cc999f8033e5a0f59deeb0e697ec47c1a

data/README.md

@@ -1,7 +1,5 @@
 # Webrick
 
-[![Build Status](https://travis-ci.org/ruby/webrick.svg?branch=master)](https://travis-ci.org/ruby/webrick)
-
 WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
 
 WEBrick features complete logging of both server operations and HTTP access.

data/lib/webrick.rb

@@ -15,6 +15,11 @@
 # WEBrick also includes tools for daemonizing a process and starting a process
 # at a higher privilege level and dropping permissions.
 #
+# == Security
+#
+# *Warning:* WEBrick is not recommended for production.  It only implements
+# basic security checks.
+#
 # == Starting an HTTP server
 #
 # To create a new WEBrick::HTTPServer that will listen to connections on port
@@ -139,9 +144,9 @@
 # servers.  See WEBrick::HTTPAuth, WEBrick::HTTPAuth::BasicAuth and
 # WEBrick::HTTPAuth::DigestAuth.
 #
-# == WEBrick as a Production Web Server
+# == WEBrick as a daemonized Web Server
 #
-# WEBrick can be run as a production server for small loads.
+# WEBrick can be run as a daemonized server for small loads.
 #
 # === Daemonizing
 #

data/lib/webrick/httpauth/authenticator.rb

@@ -85,7 +85,7 @@ module WEBrick
       def log(meth, fmt, *args)
         msg = format("%s %s: ", @auth_scheme, @realm)
         msg << fmt % args
-        @logger.send(meth, msg)
+        @logger.__send__(meth, msg)
       end
 
       def error(fmt, *args)

data/lib/webrick/httpproxy.rb

@@ -115,7 +115,7 @@ module WEBrick
       proxy_auth(req, res)
 
       begin
-        self.send("do_#{req.request_method}", req, res)
+        public_send("do_#{req.request_method}", req, res)
       rescue NoMethodError
         raise HTTPStatus::MethodNotAllowed,
           "unsupported method `#{req.request_method}'."
@@ -295,6 +295,10 @@ module WEBrick
       return FakeProxyURI
     end
 
+    def create_net_http(uri, upstream)
+      Net::HTTP.new(uri.host, uri.port, upstream.host, upstream.port)
+    end
+
     def perform_proxy_request(req, res, req_class, body_stream = nil)
       uri = req.request_uri
       path = uri.path.dup
@@ -303,7 +307,7 @@ module WEBrick
       upstream = setup_upstream_proxy_authentication(req, res, header)
 
       body_tmp = []
-      http = Net::HTTP.new(uri.host, uri.port, upstream.host, upstream.port)
+      http = create_net_http(uri, upstream)
       req_fib = Fiber.new do
         http.start do
           if @config[:ProxyTimeout]

data/lib/webrick/httprequest.rb

@@ -9,6 +9,7 @@
 #
 # $IPR: httprequest.rb,v 1.64 2003/07/13 17:18:22 gotoyuzo Exp $
 
+require 'fiber'
 require 'uri'
 require_relative 'httpversion'
 require_relative 'httpstatus'
@@ -273,13 +274,17 @@ module WEBrick
       self
     end
 
-    # for IO.copy_stream.  Note: we may return a larger string than +size+
-    # here; but IO.copy_stream does not care.
+    # for IO.copy_stream.
     def readpartial(size, buf = ''.b) # :nodoc
       res = @body_tmp.shift or raise EOFError, 'end of file reached'
+      if res.length > size
+        @body_tmp.unshift(res[size..-1])
+        res = res[0..size - 1]
+      end
       buf.replace(res)
       res.clear
-      @body_rd.resume # get more chunks
+      # get more chunks - check alive? because we can take a partial chunk
+      @body_rd.resume if @body_rd.alive?
       buf
     end
 
@@ -517,7 +522,7 @@ module WEBrick
         if @remaining_size > 0 && @socket.eof?
           raise HTTPStatus::BadRequest, "invalid body size."
         end
-      elsif BODY_CONTAINABLE_METHODS.member?(@request_method)
+      elsif BODY_CONTAINABLE_METHODS.member?(@request_method) && !@socket.eof
         raise HTTPStatus::LengthRequired
       end
       return @body

data/lib/webrick/httpservlet/filehandler.rb

@@ -212,9 +212,18 @@ module WEBrick
 
       # :stopdoc:
 
+      def set_filesystem_encoding(str)
+        enc = Encoding.find('filesystem')
+        if enc == Encoding::US_ASCII
+          str.b
+        else
+          str.dup.force_encoding(enc)
+        end
+      end
+
       def service(req, res)
         # if this class is mounted on "/" and /~username is requested.
-        # we're going to override path informations before invoking service.
+        # we're going to override path information before invoking service.
         if defined?(Etc) && @options[:UserDir] && req.script_name.empty?
           if %r|^(/~([^/]+))| =~ req.path_info
             script_name, user = $1, $2
@@ -298,7 +307,7 @@ module WEBrick
       end
 
       def exec_handler(req, res)
-        raise HTTPStatus::NotFound, "`#{req.path}' not found" unless @root
+        raise HTTPStatus::NotFound, "`#{req.path}' not found." unless @root
         if set_filename(req, res)
           handler = get_handler(req, res)
           call_callback(:HandlerCallback, req, res)
@@ -324,11 +333,12 @@ module WEBrick
       end
 
       def set_filename(req, res)
-        res.filename = @root.dup
+        res.filename = @root
         path_info = req.path_info.scan(%r|/[^/]*|)
 
         path_info.unshift("")  # dummy for checking @root dir
         while base = path_info.first
+          base = set_filesystem_encoding(base)
           break if base == "/"
           break unless File.directory?(File.expand_path(res.filename + base))
           shift_path_info(req, res, path_info)
@@ -336,6 +346,7 @@ module WEBrick
         end
 
         if base = path_info.first
+          base = set_filesystem_encoding(base)
           if base == "/"
             if file = search_index_file(req, res)
               shift_path_info(req, res, path_info, file)
@@ -364,7 +375,7 @@ module WEBrick
 
       def shift_path_info(req, res, path_info, base=nil)
         tmp = path_info.shift
-        base = base || tmp
+        base = base || set_filesystem_encoding(tmp)
         req.path_info = path_info.join
         req.script_name << base
         res.filename = File.expand_path(res.filename + base)

data/lib/webrick/httputils.rb

@@ -72,6 +72,7 @@ module WEBrick
       "json"  => "application/json",
       "lha"   => "application/octet-stream",
       "lzh"   => "application/octet-stream",
+      "mjs"   => "application/javascript",
       "mov"   => "video/quicktime",
       "mpe"   => "video/mpeg",
       "mpeg"  => "video/mpeg",

data/lib/webrick/server.rb

@@ -102,6 +102,9 @@ module WEBrick
       @listeners = []
       @shutdown_pipe = nil
       unless @config[:DoNotListen]
+        raise ArgumentError, "Port must an integer" unless @config[:Port].to_s == @config[:Port].to_i.to_s
+
+        @config[:Port] = @config[:Port].to_i
         if @config[:Listen]
           warn(":Listen option is deprecated; use GenericServer#listen", uplevel: 1)
         end

data/lib/webrick/ssl.rb

@@ -122,7 +122,7 @@ module WEBrick
       ef.issuer_certificate = cert
       cert.extensions = [
         ef.create_extension("basicConstraints","CA:FALSE"),
-        ef.create_extension("keyUsage", "keyEncipherment"),
+        ef.create_extension("keyUsage", "keyEncipherment, digitalSignature, keyAgreement, dataEncipherment"),
         ef.create_extension("subjectKeyIdentifier", "hash"),
         ef.create_extension("extendedKeyUsage", "serverAuth"),
         ef.create_extension("nsComment", comment),
@@ -130,7 +130,7 @@ module WEBrick
       aki = ef.create_extension("authorityKeyIdentifier",
                                 "keyid:always,issuer:always")
       cert.add_extension(aki)
-      cert.sign(rsa, OpenSSL::Digest::SHA256.new)
+      cert.sign(rsa, "SHA256")
 
       return [ cert, rsa ]
     end

data/lib/webrick/utils.rb

@@ -45,12 +45,7 @@ module WEBrick
     ##
     # The server hostname
     def getservername
-      host = Socket::gethostname
-      begin
-        Socket::gethostbyname(host)[0]
-      rescue
-        host
-      end
+      Socket::gethostname
     end
     module_function :getservername
 

data/lib/webrick/version.rb

@@ -14,5 +14,5 @@ module WEBrick
   ##
   # The WEBrick version
 
-  VERSION      = "1.6.1"
+  VERSION      = "1.7.0"
 end

data/webrick.gemspec

@@ -61,14 +61,12 @@ Gem::Specification.new do |s|
 
   s.authors = ["TAKAHASHI Masayoshi", "GOTOU YUUZOU", "Eric Wong"]
   s.email = [nil, nil, 'normal@ruby-lang.org']
-  s.homepage = "https://www.ruby-lang.org"
-  s.license = "BSD-2-Clause"
+  s.homepage = "https://github.com/ruby/webrick"
+  s.licenses = ["Ruby", "BSD-2-Clause"]
 
   if s.respond_to?(:metadata=)
     s.metadata = {
-      "bug_tracker_uri" => "https://bugs.ruby-lang.org/projects/ruby-trunk/issues",
-      "homepage_uri" => "https://www.ruby-lang.org",
-      "source_code_uri" => "https://git.ruby-lang.org/ruby.git/"
+      "bug_tracker_uri" => "https://github.com/ruby/webrick/issues",
     }
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webrick
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 1.7.0
 platform: ruby
 authors:
 - TAKAHASHI Masayoshi
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-29 00:00:00.000000000 Z
+date: 2020-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -78,13 +78,12 @@ files:
 - lib/webrick/utils.rb
 - lib/webrick/version.rb
 - webrick.gemspec
-homepage: https://www.ruby-lang.org
+homepage: https://github.com/ruby/webrick
 licenses:
+- Ruby
 - BSD-2-Clause
 metadata:
-  bug_tracker_uri: https://bugs.ruby-lang.org/projects/ruby-trunk/issues
-  homepage_uri: https://www.ruby-lang.org
-  source_code_uri: https://git.ruby-lang.org/ruby.git/
+  bug_tracker_uri: https://github.com/ruby/webrick/issues
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -100,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.0.rc.1
+rubygems_version: 3.2.0
 signing_key:
 specification_version: 4
 summary: HTTP server toolkit