2016-02-01 07:43:26 -05:00
|
|
|
# frozen_string_literal: true
|
2011-01-28 18:46:47 -05:00
|
|
|
require 'rubygems/test_case'
|
2007-11-10 02:48:56 -05:00
|
|
|
require 'rubygems/server'
|
|
|
|
require 'stringio'
|
|
|
|
|
|
|
|
class Gem::Server
|
|
|
|
attr_reader :server
|
|
|
|
end
|
|
|
|
|
2011-01-28 18:46:47 -05:00
|
|
|
class TestGemServer < Gem::TestCase
|
2015-07-01 23:26:14 -04:00
|
|
|
def process_based_port
|
|
|
|
0
|
|
|
|
end
|
|
|
|
|
2007-11-10 02:48:56 -05:00
|
|
|
def setup
|
|
|
|
super
|
|
|
|
|
2014-09-13 23:30:02 -04:00
|
|
|
@a1 = quick_gem 'a', '1'
|
|
|
|
@a2 = quick_gem 'a', '2'
|
|
|
|
@a3_p = quick_gem 'a', '3.a'
|
2007-11-10 02:48:56 -05:00
|
|
|
|
2008-04-11 16:57:02 -04:00
|
|
|
@server = Gem::Server.new Gem.dir, process_based_port, false
|
2007-11-10 02:48:56 -05:00
|
|
|
@req = WEBrick::HTTPRequest.new :Logger => nil
|
|
|
|
@res = WEBrick::HTTPResponse.new :HTTPVersion => '1.0'
|
|
|
|
end
|
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
def test_doc_root_3
|
|
|
|
orig_rdoc_version = Gem::RDoc.rdoc_version
|
|
|
|
Gem::RDoc.instance_variable_set :@rdoc_version, Gem::Version.new('3.12')
|
2010-04-22 04:24:42 -04:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
assert_equal '/doc_root/X-1/rdoc/index.html', @server.doc_root('X-1')
|
2010-04-22 04:24:42 -04:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
ensure
|
|
|
|
Gem::RDoc.instance_variable_set :@rdoc_version, orig_rdoc_version
|
2010-04-22 04:24:42 -04:00
|
|
|
end
|
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
def test_doc_root_4
|
|
|
|
orig_rdoc_version = Gem::RDoc.rdoc_version
|
|
|
|
Gem::RDoc.instance_variable_set :@rdoc_version, Gem::Version.new('4.0')
|
2007-11-10 02:48:56 -05:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
assert_equal '/doc_root/X-1/', @server.doc_root('X-1')
|
2007-11-10 02:48:56 -05:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
ensure
|
|
|
|
Gem::RDoc.instance_variable_set :@rdoc_version, orig_rdoc_version
|
|
|
|
end
|
2008-06-17 18:04:18 -04:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
def test_have_rdoc_4_plus_eh
|
|
|
|
orig_rdoc_version = Gem::RDoc.rdoc_version
|
2012-12-14 00:09:37 -05:00
|
|
|
Gem::RDoc.instance_variable_set(:@rdoc_version, Gem::Version.new('4.0'))
|
2008-06-17 18:04:18 -04:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
server = Gem::Server.new Gem.dir, 0, false
|
|
|
|
assert server.have_rdoc_4_plus?
|
2007-11-10 02:48:56 -05:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
Gem::RDoc.instance_variable_set :@rdoc_version, Gem::Version.new('3.12')
|
2007-11-10 02:48:56 -05:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
server = Gem::Server.new Gem.dir, 0, false
|
|
|
|
refute server.have_rdoc_4_plus?
|
2012-12-14 00:09:37 -05:00
|
|
|
|
|
|
|
Gem::RDoc.instance_variable_set(:@rdoc_version,
|
|
|
|
Gem::Version.new('4.0.0.preview2'))
|
|
|
|
|
|
|
|
server = Gem::Server.new Gem.dir, 0, false
|
|
|
|
assert server.have_rdoc_4_plus?
|
2012-11-29 01:52:18 -05:00
|
|
|
ensure
|
|
|
|
Gem::RDoc.instance_variable_set :@rdoc_version, orig_rdoc_version
|
|
|
|
end
|
2007-11-10 02:48:56 -05:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
def test_spec_dirs
|
|
|
|
s = Gem::Server.new Gem.dir, process_based_port, false
|
2008-06-17 18:04:18 -04:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
assert_equal [File.join(Gem.dir, 'specifications')], s.spec_dirs
|
2008-06-17 18:04:18 -04:00
|
|
|
|
2012-11-29 01:52:18 -05:00
|
|
|
s = Gem::Server.new [Gem.dir, Gem.dir], process_based_port, false
|
|
|
|
|
|
|
|
assert_equal [File.join(Gem.dir, 'specifications'),
|
|
|
|
File.join(Gem.dir, 'specifications')], s.spec_dirs
|
2008-06-17 18:04:18 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_latest_specs
|
|
|
|
data = StringIO.new "GET /latest_specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
2011-10-03 18:15:47 -04:00
|
|
|
Gem::Deprecate.skip_during do
|
2011-05-31 23:45:05 -04:00
|
|
|
@server.latest_specs @req, @res
|
|
|
|
end
|
2008-06-17 18:04:18 -04:00
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'application/octet-stream', @res['content-type']
|
|
|
|
assert_equal [['a', Gem::Version.new(2), Gem::Platform::RUBY]],
|
2011-05-31 23:45:05 -04:00
|
|
|
Marshal.load(@res.body)
|
2008-06-17 18:04:18 -04:00
|
|
|
end
|
|
|
|
|
2013-11-10 12:51:40 -05:00
|
|
|
def test_latest_specs_gemdirs
|
|
|
|
data = StringIO.new "GET /latest_specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
2013-11-11 19:16:41 -05:00
|
|
|
spec = util_spec 'z', 9
|
2013-11-10 12:51:40 -05:00
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
2018-02-05 21:58:35 -05:00
|
|
|
File.open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
2013-11-10 12:51:40 -05:00
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.latest_specs @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status
|
|
|
|
|
|
|
|
assert_equal [['z', v(9), Gem::Platform::RUBY]], Marshal.load(@res.body)
|
|
|
|
end
|
|
|
|
|
2008-06-17 18:04:18 -04:00
|
|
|
def test_latest_specs_gz
|
|
|
|
data = StringIO.new "GET /latest_specs.#{Gem.marshal_version}.gz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
2011-10-03 18:15:47 -04:00
|
|
|
Gem::Deprecate.skip_during do
|
2011-05-31 23:45:05 -04:00
|
|
|
@server.latest_specs @req, @res
|
|
|
|
end
|
2008-06-17 18:04:18 -04:00
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'application/x-gzip', @res['content-type']
|
|
|
|
assert_equal [['a', Gem::Version.new(2), Gem::Platform::RUBY]],
|
|
|
|
Marshal.load(Gem.gunzip(@res.body))
|
2007-11-10 02:48:56 -05:00
|
|
|
end
|
|
|
|
|
2010-02-21 21:52:35 -05:00
|
|
|
def test_listen
|
|
|
|
util_listen
|
|
|
|
|
2011-01-18 19:08:49 -05:00
|
|
|
capture_io do
|
2010-02-21 21:52:35 -05:00
|
|
|
@server.listen
|
|
|
|
end
|
|
|
|
|
|
|
|
assert_equal 1, @server.server.listeners.length
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_listen_addresses
|
|
|
|
util_listen
|
|
|
|
|
2011-01-18 19:08:49 -05:00
|
|
|
capture_io do
|
2010-02-21 21:52:35 -05:00
|
|
|
@server.listen %w[a b]
|
|
|
|
end
|
2008-06-17 18:04:18 -04:00
|
|
|
|
2011-01-18 19:08:49 -05:00
|
|
|
assert_equal 2, @server.server.listeners.length
|
2008-06-17 18:04:18 -04:00
|
|
|
end
|
|
|
|
|
2014-09-13 23:30:02 -04:00
|
|
|
def test_prerelease_specs
|
|
|
|
data = StringIO.new "GET /prerelease_specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
Gem::Deprecate.skip_during do
|
|
|
|
@server.prerelease_specs @req, @res
|
|
|
|
end
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'application/octet-stream', @res['content-type']
|
|
|
|
assert_equal [['a', v('3.a'), Gem::Platform::RUBY]],
|
|
|
|
Marshal.load(@res.body)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_prerelease_specs_gz
|
|
|
|
data = StringIO.new "GET /prerelease_specs.#{Gem.marshal_version}.gz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
Gem::Deprecate.skip_during do
|
|
|
|
@server.prerelease_specs @req, @res
|
|
|
|
end
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'application/x-gzip', @res['content-type']
|
|
|
|
assert_equal [['a', v('3.a'), Gem::Platform::RUBY]],
|
|
|
|
Marshal.load(Gem.gunzip(@res.body))
|
|
|
|
end
|
|
|
|
|
2013-11-10 12:51:40 -05:00
|
|
|
def test_quick_gemdirs
|
|
|
|
data = StringIO.new "GET /quick/Marshal.4.8/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.quick @req, @res
|
|
|
|
|
|
|
|
assert_equal 404, @res.status
|
|
|
|
|
2013-11-11 19:16:41 -05:00
|
|
|
spec = util_spec 'z', 9
|
2013-11-10 12:51:40 -05:00
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
2018-02-05 21:58:35 -05:00
|
|
|
File.open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
2013-11-10 12:51:40 -05:00
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
data.rewind
|
|
|
|
|
|
|
|
req = WEBrick::HTTPRequest.new :Logger => nil
|
|
|
|
res = WEBrick::HTTPResponse.new :HTTPVersion => '1.0'
|
|
|
|
req.parse data
|
|
|
|
|
|
|
|
server.quick req, res
|
|
|
|
|
|
|
|
assert_equal 200, res.status
|
|
|
|
end
|
|
|
|
|
2008-06-17 18:04:18 -04:00
|
|
|
def test_quick_missing
|
2013-11-10 12:51:40 -05:00
|
|
|
data = StringIO.new "GET /quick/Marshal.4.8/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
|
2007-11-10 02:48:56 -05:00
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.quick @req, @res
|
|
|
|
|
2007-12-20 03:39:12 -05:00
|
|
|
assert_equal 404, @res.status, @res.body
|
2007-11-10 02:48:56 -05:00
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'text/plain', @res['content-type']
|
2017-10-07 21:32:18 -04:00
|
|
|
assert_equal 'No gems found matching "z-9"', @res.body
|
2007-11-10 02:48:56 -05:00
|
|
|
assert_equal 404, @res.status
|
|
|
|
end
|
|
|
|
|
2008-06-17 18:04:18 -04:00
|
|
|
def test_quick_marshal_a_1_gemspec_rz
|
|
|
|
data = StringIO.new "GET /quick/Marshal.#{Gem.marshal_version}/a-1.gemspec.rz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.quick @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert @res['date']
|
|
|
|
assert_equal 'application/x-deflate', @res['content-type']
|
|
|
|
|
|
|
|
spec = Marshal.load Gem.inflate(@res.body)
|
|
|
|
assert_equal 'a', spec.name
|
|
|
|
assert_equal Gem::Version.new(1), spec.version
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_quick_marshal_a_1_mswin32_gemspec_rz
|
2011-01-18 19:08:49 -05:00
|
|
|
quick_gem 'a', '1' do |s| s.platform = Gem::Platform.local end
|
2008-06-17 18:04:18 -04:00
|
|
|
|
|
|
|
data = StringIO.new "GET /quick/Marshal.#{Gem.marshal_version}/a-1-#{Gem::Platform.local}.gemspec.rz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.quick @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert @res['date']
|
|
|
|
assert_equal 'application/x-deflate', @res['content-type']
|
|
|
|
|
|
|
|
spec = Marshal.load Gem.inflate(@res.body)
|
|
|
|
assert_equal 'a', spec.name
|
|
|
|
assert_equal Gem::Version.new(1), spec.version
|
|
|
|
assert_equal Gem::Platform.local, spec.platform
|
|
|
|
end
|
|
|
|
|
2014-09-13 23:30:02 -04:00
|
|
|
def test_quick_marshal_a_3_a_gemspec_rz
|
|
|
|
data = StringIO.new "GET /quick/Marshal.#{Gem.marshal_version}/a-3.a.gemspec.rz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.quick @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert @res['date']
|
|
|
|
assert_equal 'application/x-deflate', @res['content-type']
|
|
|
|
|
|
|
|
spec = Marshal.load Gem.inflate(@res.body)
|
|
|
|
assert_equal 'a', spec.name
|
|
|
|
assert_equal v('3.a'), spec.version
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_quick_marshal_a_b_3_a_gemspec_rz
|
|
|
|
quick_gem 'a-b', '3.a'
|
|
|
|
|
|
|
|
data = StringIO.new "GET /quick/Marshal.#{Gem.marshal_version}/a-b-3.a.gemspec.rz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.quick @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert @res['date']
|
|
|
|
assert_equal 'application/x-deflate', @res['content-type']
|
|
|
|
|
|
|
|
spec = Marshal.load Gem.inflate(@res.body)
|
|
|
|
assert_equal 'a-b', spec.name
|
|
|
|
assert_equal v('3.a'), spec.version
|
|
|
|
end
|
|
|
|
|
2017-10-07 21:32:18 -04:00
|
|
|
def test_quick_marshal_a_b_1_3_a_gemspec_rz
|
|
|
|
quick_gem 'a-b-1', '3.a'
|
|
|
|
|
|
|
|
data = StringIO.new "GET /quick/Marshal.#{Gem.marshal_version}/a-b-1-3.a.gemspec.rz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.quick @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert @res['date']
|
|
|
|
assert_equal 'application/x-deflate', @res['content-type']
|
|
|
|
|
|
|
|
spec = Marshal.load Gem.inflate(@res.body)
|
|
|
|
assert_equal 'a-b-1', spec.name
|
|
|
|
assert_equal v('3.a'), spec.version
|
|
|
|
end
|
|
|
|
|
2009-06-09 17:38:59 -04:00
|
|
|
def test_rdoc
|
|
|
|
data = StringIO.new "GET /rdoc?q=a HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.rdoc @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r|No documentation found|, @res.body
|
|
|
|
assert_equal 'text/html', @res['content-type']
|
|
|
|
end
|
2008-06-17 18:04:18 -04:00
|
|
|
|
|
|
|
def test_root
|
|
|
|
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.root @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'text/html', @res['content-type']
|
|
|
|
end
|
|
|
|
|
2013-11-10 12:51:40 -05:00
|
|
|
def test_root_gemdirs
|
|
|
|
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
2013-11-11 19:16:41 -05:00
|
|
|
spec = util_spec 'z', 9
|
2013-11-10 12:51:40 -05:00
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
2018-02-05 21:58:35 -05:00
|
|
|
File.open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
2013-11-10 12:51:40 -05:00
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.root @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status
|
|
|
|
assert_match 'z 9', @res.body
|
|
|
|
end
|
|
|
|
|
2018-02-16 03:08:06 -05:00
|
|
|
|
|
|
|
def test_xss_homepage_fix_289313
|
|
|
|
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
|
|
|
spec = util_spec 'xsshomepagegem', 1
|
|
|
|
spec.homepage = "javascript:confirm(document.domain)"
|
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
|
|
|
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.root @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status
|
|
|
|
assert_match 'xsshomepagegem 1', @res.body
|
|
|
|
|
|
|
|
# This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a
|
|
|
|
# valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here,
|
|
|
|
# but spec.homepage is currently free form and not currently required to be a URL, this behavior may be
|
|
|
|
# validated in future versions of Gem::Specification.
|
|
|
|
#
|
|
|
|
# There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex:
|
|
|
|
#
|
|
|
|
# Variant #1 - rdoc not installed
|
|
|
|
#
|
|
|
|
# <b>xsshomepagegem 1</b>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <span title="rdoc not installed">[rdoc]</span>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <a href="." title=".">[www]</a>
|
|
|
|
#
|
|
|
|
# Variant #2 - rdoc installed
|
|
|
|
#
|
|
|
|
# <b>xsshomepagegem 1</b>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <a href="." title=".">[www]</a>
|
|
|
|
regex_match = /xsshomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/
|
|
|
|
assert_match regex_match, @res.body
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_invalid_homepage
|
|
|
|
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
|
|
|
spec = util_spec 'invalidhomepagegem', 1
|
|
|
|
spec.homepage = "notavalidhomepageurl"
|
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
|
|
|
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.root @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status
|
|
|
|
assert_match 'invalidhomepagegem 1', @res.body
|
|
|
|
|
|
|
|
# This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a
|
|
|
|
# valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here,
|
|
|
|
# but spec.homepage is currently free form and not currently required to be a URL, this behavior may be
|
|
|
|
# validated in future versions of Gem::Specification.
|
|
|
|
#
|
|
|
|
# There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex:
|
|
|
|
#
|
|
|
|
# Variant #1 - rdoc not installed
|
|
|
|
#
|
|
|
|
# <b>invalidhomepagegem 1</b>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <span title="rdoc not installed">[rdoc]</span>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <a href="." title=".">[www]</a>
|
|
|
|
#
|
|
|
|
# Variant #2 - rdoc installed
|
|
|
|
#
|
|
|
|
# <b>invalidhomepagegem 1</b>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# <a href="." title=".">[www]</a>
|
|
|
|
regex_match = /invalidhomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/
|
|
|
|
assert_match regex_match, @res.body
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_valid_homepage_http
|
|
|
|
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
|
|
|
spec = util_spec 'validhomepagegemhttp', 1
|
|
|
|
spec.homepage = "http://rubygems.org"
|
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
|
|
|
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.root @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status
|
|
|
|
assert_match 'validhomepagegemhttp 1', @res.body
|
|
|
|
|
|
|
|
regex_match = /validhomepagegemhttp 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttp-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="http:\/\/rubygems\.org" title="http:\/\/rubygems\.org">\[www\]<\/a>/
|
|
|
|
assert_match regex_match, @res.body
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_valid_homepage_https
|
|
|
|
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
|
|
|
spec = util_spec 'validhomepagegemhttps', 1
|
|
|
|
spec.homepage = "https://rubygems.org"
|
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
|
|
|
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.root @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status
|
|
|
|
assert_match 'validhomepagegemhttps 1', @res.body
|
|
|
|
|
|
|
|
regex_match = /validhomepagegemhttps 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttps-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="https:\/\/rubygems\.org" title="https:\/\/rubygems\.org">\[www\]<\/a>/
|
|
|
|
assert_match regex_match, @res.body
|
|
|
|
end
|
|
|
|
|
2008-06-17 18:04:18 -04:00
|
|
|
def test_specs
|
|
|
|
data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.specs @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'application/octet-stream', @res['content-type']
|
|
|
|
|
|
|
|
assert_equal [['a', Gem::Version.new(1), Gem::Platform::RUBY],
|
2014-09-13 23:30:02 -04:00
|
|
|
['a', Gem::Version.new(2), Gem::Platform::RUBY],
|
|
|
|
['a', v('3.a'), Gem::Platform::RUBY]],
|
2008-06-17 18:04:18 -04:00
|
|
|
Marshal.load(@res.body)
|
|
|
|
end
|
|
|
|
|
2013-11-10 12:51:40 -05:00
|
|
|
def test_specs_gemdirs
|
|
|
|
data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
|
|
|
dir = "#{@gemhome}2"
|
|
|
|
|
2013-11-11 19:16:41 -05:00
|
|
|
spec = util_spec 'z', 9
|
2013-11-10 12:51:40 -05:00
|
|
|
|
|
|
|
specs_dir = File.join dir, 'specifications'
|
|
|
|
FileUtils.mkdir_p specs_dir
|
|
|
|
|
2018-02-05 21:58:35 -05:00
|
|
|
File.open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
2013-11-10 12:51:40 -05:00
|
|
|
io.write spec.to_ruby
|
|
|
|
end
|
|
|
|
|
|
|
|
server = Gem::Server.new dir, process_based_port, false
|
|
|
|
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
server.specs @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status
|
|
|
|
|
|
|
|
assert_equal [['z', v(9), Gem::Platform::RUBY]], Marshal.load(@res.body)
|
|
|
|
end
|
|
|
|
|
2008-06-17 18:04:18 -04:00
|
|
|
def test_specs_gz
|
|
|
|
data = StringIO.new "GET /specs.#{Gem.marshal_version}.gz HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.specs @req, @res
|
|
|
|
|
|
|
|
assert_equal 200, @res.status, @res.body
|
|
|
|
assert_match %r| \d\d:\d\d:\d\d |, @res['date']
|
|
|
|
assert_equal 'application/x-gzip', @res['content-type']
|
|
|
|
|
|
|
|
assert_equal [['a', Gem::Version.new(1), Gem::Platform::RUBY],
|
2014-09-13 23:30:02 -04:00
|
|
|
['a', Gem::Version.new(2), Gem::Platform::RUBY],
|
|
|
|
['a', v('3.a'), Gem::Platform::RUBY]],
|
2008-06-17 18:04:18 -04:00
|
|
|
Marshal.load(Gem.gunzip(@res.body))
|
|
|
|
end
|
|
|
|
|
2017-01-23 21:38:57 -05:00
|
|
|
def test_uri_encode
|
|
|
|
url_safe = @server.uri_encode 'http://rubyonrails.org/">malicious_content</a>'
|
|
|
|
assert_equal url_safe, 'http://rubyonrails.org/%22%3Emalicious_content%3C/a%3E'
|
|
|
|
end
|
|
|
|
|
|
|
|
# Regression test for issue #1793: incorrect URL encoding.
|
|
|
|
# Checking that no URLs have had '://' incorrectly encoded
|
|
|
|
def test_regression_1793
|
|
|
|
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
|
|
|
@req.parse data
|
|
|
|
|
|
|
|
@server.root @req, @res
|
|
|
|
|
|
|
|
refute_match %r|%3A%2F%2F|, @res.body
|
|
|
|
end
|
|
|
|
|
2010-02-21 21:52:35 -05:00
|
|
|
def util_listen
|
|
|
|
webrick = Object.new
|
|
|
|
webrick.instance_variable_set :@listeners, []
|
|
|
|
def webrick.listeners() @listeners end
|
|
|
|
def webrick.listen(host, port)
|
|
|
|
socket = Object.new
|
|
|
|
socket.instance_variable_set :@host, host
|
|
|
|
socket.instance_variable_set :@port, port
|
|
|
|
def socket.addr() [nil, @port, @host] end
|
|
|
|
@listeners << socket
|
|
|
|
end
|
|
|
|
|
|
|
|
@server.instance_variable_set :@server, webrick
|
|
|
|
end
|
2007-11-10 02:48:56 -05:00
|
|
|
end
|