history.rb
block in versions
/var/lib/gems/2.1.0/gems/gollum-3.1.2/lib/gollum/views/history.rb
in
block in versions
{ :id => v.id,
:id7 => v.id[0..6],
:num => i,
:selected => @page.version.id == v.id,
:author => v.author.name.respond_to?(:force_encoding) ? v.author.name.force_encoding('UTF-8') : v.author.name,
:message => v.message.respond_to?(:force_encoding) ? v.message.force_encoding('UTF-8') : v.message,
:date => v.authored_date.strftime("%B %d, %Y"),
:gravatar => Digest::MD5.hexdigest(v.author.email.strip.downcase),
:identicon => self._identicon_code(v.author.email),
:date_full => v.authored_date,
}
end
end
# http://stackoverflow.com/questions/9445760/bit-shifting-in-ruby
/var/lib/gems/2.1.0/gems/gollum-3.1.2/lib/gollum/views/history.rb
in
map
def title
@page.title
end
def versions
i = @versions.size + 1
@versions.map do |v|
i -= 1
{ :id => v.id,
:id7 => v.id[0..6],
:num => i,
:selected => @page.version.id == v.id,
:author => v.author.name.respond_to?(:force_encoding) ? v.author.name.force_encoding('UTF-8') : v.author.name,
:message => v.message.respond_to?(:force_encoding) ? v.message.force_encoding('UTF-8') : v.message,
/var/lib/gems/2.1.0/gems/gollum-3.1.2/lib/gollum/views/history.rb
in
versions
def title
@page.title
end
def versions
i = @versions.size + 1
@versions.map do |v|
i -= 1
{ :id => v.id,
:id7 => v.id[0..6],
:num => i,
:selected => @page.version.id == v.id,
:author => v.author.name.respond_to?(:force_encoding) ? v.author.name.force_encoding('UTF-8') : v.author.name,
:message => v.message.respond_to?(:force_encoding) ? v.message.force_encoding('UTF-8') : v.message,
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/context.rb
in
[]
if !obj.respond_to?(:to_hash)
# If a class, we need to find tags (methods) per Parser::ALLOWED_CONTENT.
key = key.to_s.tr('-', '_') if key.to_s.include?('-')
if obj.respond_to?(key)
meth = obj.method(key) rescue proc { obj.send(key) }
meth.arity == 1 ? meth.to_proc : meth[]
else
default
end
elsif obj.has_key?(key)
obj[key]
elsif obj.has_key?(key.to_s)
obj[key.to_s]
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/context.rb
in
find
if !obj.respond_to?(:to_hash)
# If a class, we need to find tags (methods) per Parser::ALLOWED_CONTENT.
key = key.to_s.tr('-', '_') if key.to_s.include?('-')
if obj.respond_to?(key)
meth = obj.method(key) rescue proc { obj.send(key) }
meth.arity == 1 ? meth.to_proc : meth[]
else
default
end
elsif obj.has_key?(key)
obj[key]
elsif obj.has_key?(key.to_s)
obj[key.to_s]
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/context.rb
in
block in fetch
# If no second parameter is passed (or raise_on_context_miss is
# set to true), will raise a ContextMiss exception on miss.
def fetch(name, default = :__raise)
@stack.each do |frame|
# Prevent infinite recursion.
next if frame == self
value = find(frame, name, :__missing)
return value if value != :__missing
end
if default == :__raise || mustache_in_stack.raise_on_context_miss?
raise ContextMiss.new("Can't find #{name} in #{@stack.inspect}")
else
default
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/context.rb
in
each
# Similar to Hash#fetch, finds a value by `name` in the context's
# stack. You may specify the default return value by passing a
# second parameter.
#
# If no second parameter is passed (or raise_on_context_miss is
# set to true), will raise a ContextMiss exception on miss.
def fetch(name, default = :__raise)
@stack.each do |frame|
# Prevent infinite recursion.
next if frame == self
value = find(frame, name, :__missing)
return value if value != :__missing
end
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/context.rb
in
fetch
# Similar to Hash#fetch, finds a value by `name` in the context's
# stack. You may specify the default return value by passing a
# second parameter.
#
# If no second parameter is passed (or raise_on_context_miss is
# set to true), will raise a ContextMiss exception on miss.
def fetch(name, default = :__raise)
@stack.each do |frame|
# Prevent infinite recursion.
next if frame == self
value = find(frame, name, :__missing)
return value if value != :__missing
end
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/context.rb
in
[]
# context[:name] = "Chris"
def []=(name, value)
push(name => value)
end
# Alias for `fetch`.
def [](name)
fetch(name, nil)
end
# Do we know about a particular key? In other words, will calling
# `context[key]` give us a result that was set. Basically.
def has_key?(key)
!!fetch(key, false)
rescue ContextMiss
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/template.rb
in
render
# Here we rewrite ourself with the interpolated Ruby version of
# our Mustache template so subsequent calls are very fast and
# can skip the compilation stage.
instance_eval(compiled, __FILE__, __LINE__ - 1)
# Call the newly rewritten version of #render
render(context)
end
# Does the dirty work of transforming a Mustache template into an
# interpolation-friendly Ruby string.
def compile(src = @source)
Generator.new.compile(tokens(src))
end
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache.rb
in
render
when Symbol
self.template_name = data
templateify(template)
else
templateify(data)
end
return tpl.render(context) if ctx == {}
begin
context.push(ctx)
tpl.render(context)
ensure
context.pop
end
/var/lib/gems/2.1.0/gems/mustache-0.99.8/lib/mustache/sinatra.rb
in
mustache
# Copy instance variables set in Sinatra to the view
instance_variables.each do |name|
instance.instance_variable_set(name, instance_variable_get(name))
end
# Render with locals.
rendered = instance.render(instance.template, locals)
# Now render the layout with the view we just rendered, if we
# need to.
if layout && view_subclasses_layout
rendered = instance.render(layout.template, :yield => rendered)
elsif layout
rendered = layout.render(layout.template, :yield => rendered)
/var/lib/gems/2.1.0/gems/gollum-3.1.2/lib/gollum/app.rb
in
block in <class:App>
end
get '/history/*' do
@page = wiki_page(params[:splat].first).page
@page_num = [params[:page].to_i, 1].max
unless @page.nil?
@versions = @page.versions :page => @page_num
mustache :history
else
redirect to("/")
end
end
get '/latest_changes' do
@wiki = wiki_new
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call
method_name = "#{verb} #{path}"
unbound_method = generate_method(method_name, &block)
pattern, keys = compile path
conditions, @conditions = @conditions, []
wrapper = block.arity != 0 ?
proc { |a,p| unbound_method.bind(a).call(*p) } :
proc { |a,p| unbound_method.bind(a).call }
wrapper.instance_variable_set(:@route_name, method_name)
[ pattern, keys, conditions, wrapper ]
end
def compile(path)
if path.respond_to? :to_str
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in compile!
method_name = "#{verb} #{path}"
unbound_method = generate_method(method_name, &block)
pattern, keys = compile path
conditions, @conditions = @conditions, []
wrapper = block.arity != 0 ?
proc { |a,p| unbound_method.bind(a).call(*p) } :
proc { |a,p| unbound_method.bind(a).call }
wrapper.instance_variable_set(:@route_name, method_name)
[ pattern, keys, conditions, wrapper ]
end
def compile(path)
if path.respond_to? :to_str
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
[]
# Run routes defined on the class and all superclasses.
def route!(base = settings, pass_block = nil)
if routes = base.routes[@request.request_method]
routes.each do |pattern, keys, conditions, block|
returned_pass_block = process_route(pattern, keys, conditions) do |*args|
env['sinatra.route'] = block.instance_variable_get(:@route_name)
route_eval { block[*args] }
end
# don't wipe out pass_block in superclass
pass_block = returned_pass_block if returned_pass_block
end
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block (3 levels) in route!
# Run routes defined on the class and all superclasses.
def route!(base = settings, pass_block = nil)
if routes = base.routes[@request.request_method]
routes.each do |pattern, keys, conditions, block|
returned_pass_block = process_route(pattern, keys, conditions) do |*args|
env['sinatra.route'] = block.instance_variable_get(:@route_name)
route_eval { block[*args] }
end
# don't wipe out pass_block in superclass
pass_block = returned_pass_block if returned_pass_block
end
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
route_eval
route_eval(&pass_block) if pass_block
route_missing
end
# Run a route block and throw :halt with the result.
def route_eval
throw :halt, yield
end
# If the current request matches pattern and conditions, fill params
# with keys and call the given block.
# Revert params afterwards.
#
# Returns pass block.
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block (2 levels) in route!
# Run routes defined on the class and all superclasses.
def route!(base = settings, pass_block = nil)
if routes = base.routes[@request.request_method]
routes.each do |pattern, keys, conditions, block|
returned_pass_block = process_route(pattern, keys, conditions) do |*args|
env['sinatra.route'] = block.instance_variable_get(:@route_name)
route_eval { block[*args] }
end
# don't wipe out pass_block in superclass
pass_block = returned_pass_block if returned_pass_block
end
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in process_route
if values.any?
original, @params = params, params.merge('splat' => [], 'captures' => values)
keys.zip(values) { |k,v| Array === @params[k] ? @params[k] << v : @params[k] = v if v }
end
catch(:pass) do
conditions.each { |c| throw :pass if c.bind(self).call == false }
block ? block[self, values] : yield(self, values)
end
ensure
@params = original if original
end
# No matching route was found or all routes passed. The default
# implementation is to forward the request downstream when running
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
catch
values += match.captures.map! { |v| force_encoding URI_INSTANCE.unescape(v) if v }
if values.any?
original, @params = params, params.merge('splat' => [], 'captures' => values)
keys.zip(values) { |k,v| Array === @params[k] ? @params[k] << v : @params[k] = v if v }
end
catch(:pass) do
conditions.each { |c| throw :pass if c.bind(self).call == false }
block ? block[self, values] : yield(self, values)
end
ensure
@params = original if original
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
process_route
values += match.captures.map! { |v| force_encoding URI_INSTANCE.unescape(v) if v }
if values.any?
original, @params = params, params.merge('splat' => [], 'captures' => values)
keys.zip(values) { |k,v| Array === @params[k] ? @params[k] << v : @params[k] = v if v }
end
catch(:pass) do
conditions.each { |c| throw :pass if c.bind(self).call == false }
block ? block[self, values] : yield(self, values)
end
ensure
@params = original if original
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in route!
base.filters[type].each { |args| process_route(*args) }
end
# Run routes defined on the class and all superclasses.
def route!(base = settings, pass_block = nil)
if routes = base.routes[@request.request_method]
routes.each do |pattern, keys, conditions, block|
returned_pass_block = process_route(pattern, keys, conditions) do |*args|
env['sinatra.route'] = block.instance_variable_get(:@route_name)
route_eval { block[*args] }
end
# don't wipe out pass_block in superclass
pass_block = returned_pass_block if returned_pass_block
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
each
filter! type, base.superclass if base.superclass.respond_to?(:filters)
base.filters[type].each { |args| process_route(*args) }
end
# Run routes defined on the class and all superclasses.
def route!(base = settings, pass_block = nil)
if routes = base.routes[@request.request_method]
routes.each do |pattern, keys, conditions, block|
returned_pass_block = process_route(pattern, keys, conditions) do |*args|
env['sinatra.route'] = block.instance_variable_get(:@route_name)
route_eval { block[*args] }
end
# don't wipe out pass_block in superclass
pass_block = returned_pass_block if returned_pass_block
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
route!
filter! type, base.superclass if base.superclass.respond_to?(:filters)
base.filters[type].each { |args| process_route(*args) }
end
# Run routes defined on the class and all superclasses.
def route!(base = settings, pass_block = nil)
if routes = base.routes[@request.request_method]
routes.each do |pattern, keys, conditions, block|
returned_pass_block = process_route(pattern, keys, conditions) do |*args|
env['sinatra.route'] = block.instance_variable_get(:@route_name)
route_eval { block[*args] }
end
# don't wipe out pass_block in superclass
pass_block = returned_pass_block if returned_pass_block
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in dispatch!
end
# Dispatch a request with error handling.
def dispatch!
invoke do
static! if settings.static? && (request.get? || request.head?)
filter! :before
route!
end
rescue ::Exception => boom
invoke { handle_exception!(boom) }
ensure
begin
filter! :after unless env['sinatra.static_file']
rescue ::Exception => boom
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in invoke
# Creates a Hash with indifferent access.
def indifferent_hash
Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
end
# Run the block with 'throw :halt' support and apply result to the response.
def invoke
res = catch(:halt) { yield }
res = [res] if Integer === res or String === res
if Array === res and Integer === res.first
res = res.dup
status(res.shift)
body(res.pop)
headers(*res)
elsif res.respond_to? :each
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
catch
# Creates a Hash with indifferent access.
def indifferent_hash
Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
end
# Run the block with 'throw :halt' support and apply result to the response.
def invoke
res = catch(:halt) { yield }
res = [res] if Integer === res or String === res
if Array === res and Integer === res.first
res = res.dup
status(res.shift)
body(res.pop)
headers(*res)
elsif res.respond_to? :each
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
invoke
# Creates a Hash with indifferent access.
def indifferent_hash
Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
end
# Run the block with 'throw :halt' support and apply result to the response.
def invoke
res = catch(:halt) { yield }
res = [res] if Integer === res or String === res
if Array === res and Integer === res.first
res = res.dup
status(res.shift)
body(res.pop)
headers(*res)
elsif res.respond_to? :each
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
dispatch!
body res
end
nil # avoid double setting the same response tuple twice
end
# Dispatch a request with error handling.
def dispatch!
invoke do
static! if settings.static? && (request.get? || request.head?)
filter! :before
route!
end
rescue ::Exception => boom
invoke { handle_exception!(boom) }
ensure
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in call!
@request = Request.new(env)
@response = Response.new
@params = indifferent_params(@request.params)
template_cache.clear if settings.reload_templates
force_encoding(@params)
@response['Content-Type'] = nil
invoke { dispatch! }
invoke { error_block!(response.status) } unless @env['sinatra.error']
unless @response['Content-Type']
if Array === body and body[0].respond_to? :content_type
content_type body[0].content_type
else
content_type :html
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in invoke
# Creates a Hash with indifferent access.
def indifferent_hash
Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
end
# Run the block with 'throw :halt' support and apply result to the response.
def invoke
res = catch(:halt) { yield }
res = [res] if Integer === res or String === res
if Array === res and Integer === res.first
res = res.dup
status(res.shift)
body(res.pop)
headers(*res)
elsif res.respond_to? :each
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
catch
# Creates a Hash with indifferent access.
def indifferent_hash
Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
end
# Run the block with 'throw :halt' support and apply result to the response.
def invoke
res = catch(:halt) { yield }
res = [res] if Integer === res or String === res
if Array === res and Integer === res.first
res = res.dup
status(res.shift)
body(res.pop)
headers(*res)
elsif res.respond_to? :each
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
invoke
# Creates a Hash with indifferent access.
def indifferent_hash
Hash.new {|hash,key| hash[key.to_s] if Symbol === key }
end
# Run the block with 'throw :halt' support and apply result to the response.
def invoke
res = catch(:halt) { yield }
res = [res] if Integer === res or String === res
if Array === res and Integer === res.first
res = res.dup
status(res.shift)
body(res.pop)
headers(*res)
elsif res.respond_to? :each
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call!
@request = Request.new(env)
@response = Response.new
@params = indifferent_params(@request.params)
template_cache.clear if settings.reload_templates
force_encoding(@params)
@response['Content-Type'] = nil
invoke { dispatch! }
invoke { error_block!(response.status) } unless @env['sinatra.error']
unless @response['Content-Type']
if Array === body and body[0].respond_to? :content_type
content_type body[0].content_type
else
content_type :html
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call
@app = app
@template_cache = Tilt::Cache.new
yield self if block_given?
end
# Rack call interface.
def call(env)
dup.call!(env)
end
def call!(env) # :nodoc:
@env = env
@request = Request.new(env)
@response = Response.new
@params = indifferent_params(@request.params)
/var/lib/gems/2.1.0/gems/gollum-3.1.2/lib/gollum/editing_auth.rb
in
call
def call(env)
@env = env
# Blocks all potentially editable pages. Use EditingAuth::whitelist_pages to unblock pages.
unless (env["REQUEST_METHOD"] == "GET") || @app.settings.wiki_options[:allow_editing]
return block unless excluded_page?
end
@app.call(env)
end
def block
[403, {'Content-Type' => 'text/html', 'Content-Length' => '9'}, ['Forbidden']]
end
def excluded_page?
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb
in
call
#
# Options:
# xss_mode:: How the browser should prevent the attack (default: :block)
class XSSHeader < Base
default_options :xss_mode => :block, :nosniff => true
def call(env)
status, headers, body = @app.call(env)
headers['X-XSS-Protection'] ||= "1; mode=#{options[:xss_mode]}" if html? headers
headers['X-Content-Type-Options'] ||= 'nosniff' if options[:nosniff]
[status, headers, body]
end
end
end
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb
in
call
#
# Unescapes '/' and '.', expands +path_info+.
# Thus <tt>GET /foo/%2e%2e%2fbar</tt> becomes <tt>GET /bar</tt>.
class PathTraversal < Base
def call(env)
path_was = env["PATH_INFO"]
env["PATH_INFO"] = cleanup path_was if path_was && !path_was.empty?
app.call env
ensure
env["PATH_INFO"] = path_was
end
def cleanup(path)
if path.respond_to?(:encoding)
# Ruby 1.9+ M17N
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb
in
call
# Array prototype has been patched to track data. Checks the referrer
# even on GET requests if the content type is JSON.
class JsonCsrf < Base
alias react deny
def call(env)
request = Request.new(env)
status, headers, body = app.call(env)
if has_vector? request, headers
warn env, "attack prevented by #{self.class}"
react(env) or [status, headers, body]
else
[status, headers, body]
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb
in
call
end
def call(env)
unless accepts? env
instrument env
result = react env
end
result or app.call(env)
end
def react(env)
result = send(options[:reaction], env)
result if Array === result and result.size == 3
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb
in
call
end
def call(env)
unless accepts? env
instrument env
result = react env
end
result or app.call(env)
end
def react(env)
result = send(options[:reaction], env)
result if Array === result and result.size == 3
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb
in
call
frame_options = options[:frame_options]
frame_options = options[:frame_options].to_s.upcase unless frame_options.respond_to? :to_str
frame_options.to_str
end
end
def call(env)
status, headers, body = @app.call(env)
headers['X-Frame-Options'] ||= frame_options if html? headers
[status, headers, body]
end
end
end
end
/var/lib/gems/2.1.0/gems/rack-1.6.8/lib/rack/nulllogger.rb
in
call
class NullLogger
def initialize(app)
@app = app
end
def call(env)
env['rack.logger'] = self
@app.call(env)
end
def info(progname = nil, &block); end
def debug(progname = nil, &block); end
def warn(progname = nil, &block); end
def error(progname = nil, &block); end
def fatal(progname = nil, &block); end
/var/lib/gems/2.1.0/gems/rack-1.6.8/lib/rack/head.rb
in
call
# Rack::Head returns an empty body for all HEAD requests. It leaves
# all other requests unchanged.
def initialize(app)
@app = app
end
def call(env)
status, headers, body = @app.call(env)
if env[REQUEST_METHOD] == HEAD
[
status, headers, Rack::BodyProxy.new([]) do
body.close if body.respond_to? :close
end
]
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/show_exceptions.rb
in
call
def initialize(app)
@app = app
@template = ERB.new(TEMPLATE)
end
def call(env)
@app.call(env)
rescue Exception => e
errors, env["rack.errors"] = env["rack.errors"], @@eats_errors
if prefers_plain_text?(env)
content_type = "text/plain"
exception = dump_exception(e)
else
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call
# Some Rack handlers (Thin, Rainbows!) implement an extended body object protocol, however,
# some middleware (namely Rack::Lint) will break it by not mirroring the methods in question.
# This middleware will detect an extended body object and will make sure it reaches the
# handler directly. We do this here, so our middleware and middleware set up by the app will
# still be able to run.
class ExtendedRack < Struct.new(:app)
def call(env)
result, callback = app.call(env), env['async.callback']
return result unless callback and async?(*result)
after_response { callback.call result }
setup_close(env, *result)
throw :async
end
private
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call
end
def helpers
@instance
end
def call(env)
@stack.call(env)
end
def inspect
"#<#{@instance.class} app_file=#{settings.app_file.inspect}>"
end
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb
in
call
#
# Options:
# xss_mode:: How the browser should prevent the attack (default: :block)
class XSSHeader < Base
default_options :xss_mode => :block, :nosniff => true
def call(env)
status, headers, body = @app.call(env)
headers['X-XSS-Protection'] ||= "1; mode=#{options[:xss_mode]}" if html? headers
headers['X-Content-Type-Options'] ||= 'nosniff' if options[:nosniff]
[status, headers, body]
end
end
end
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb
in
call
#
# Unescapes '/' and '.', expands +path_info+.
# Thus <tt>GET /foo/%2e%2e%2fbar</tt> becomes <tt>GET /bar</tt>.
class PathTraversal < Base
def call(env)
path_was = env["PATH_INFO"]
env["PATH_INFO"] = cleanup path_was if path_was && !path_was.empty?
app.call env
ensure
env["PATH_INFO"] = path_was
end
def cleanup(path)
if path.respond_to?(:encoding)
# Ruby 1.9+ M17N
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb
in
call
# Array prototype has been patched to track data. Checks the referrer
# even on GET requests if the content type is JSON.
class JsonCsrf < Base
alias react deny
def call(env)
request = Request.new(env)
status, headers, body = app.call(env)
if has_vector? request, headers
warn env, "attack prevented by #{self.class}"
react(env) or [status, headers, body]
else
[status, headers, body]
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb
in
call
end
def call(env)
unless accepts? env
instrument env
result = react env
end
result or app.call(env)
end
def react(env)
result = send(options[:reaction], env)
result if Array === result and result.size == 3
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb
in
call
end
def call(env)
unless accepts? env
instrument env
result = react env
end
result or app.call(env)
end
def react(env)
result = send(options[:reaction], env)
result if Array === result and result.size == 3
end
/var/lib/gems/2.1.0/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb
in
call
frame_options = options[:frame_options]
frame_options = options[:frame_options].to_s.upcase unless frame_options.respond_to? :to_str
frame_options.to_str
end
end
def call(env)
status, headers, body = @app.call(env)
headers['X-Frame-Options'] ||= frame_options if html? headers
[status, headers, body]
end
end
end
end
/var/lib/gems/2.1.0/gems/rack-1.6.8/lib/rack/nulllogger.rb
in
call
class NullLogger
def initialize(app)
@app = app
end
def call(env)
env['rack.logger'] = self
@app.call(env)
end
def info(progname = nil, &block); end
def debug(progname = nil, &block); end
def warn(progname = nil, &block); end
def error(progname = nil, &block); end
def fatal(progname = nil, &block); end
/var/lib/gems/2.1.0/gems/rack-1.6.8/lib/rack/head.rb
in
call
# Rack::Head returns an empty body for all HEAD requests. It leaves
# all other requests unchanged.
def initialize(app)
@app = app
end
def call(env)
status, headers, body = @app.call(env)
if env[REQUEST_METHOD] == HEAD
[
status, headers, Rack::BodyProxy.new([]) do
body.close if body.respond_to? :close
end
]
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/show_exceptions.rb
in
call
def initialize(app)
@app = app
@template = ERB.new(TEMPLATE)
end
def call(env)
@app.call(env)
rescue Exception => e
errors, env["rack.errors"] = env["rack.errors"], @@eats_errors
if prefers_plain_text?(env)
content_type = "text/plain"
exception = dump_exception(e)
else
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call
# Some Rack handlers (Thin, Rainbows!) implement an extended body object protocol, however,
# some middleware (namely Rack::Lint) will break it by not mirroring the methods in question.
# This middleware will detect an extended body object and will make sure it reaches the
# handler directly. We do this here, so our middleware and middleware set up by the app will
# still be able to run.
class ExtendedRack < Struct.new(:app)
def call(env)
result, callback = app.call(env), env['async.callback']
return result unless callback and async?(*result)
after_response { callback.call result }
setup_close(env, *result)
throw :async
end
private
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call
end
def helpers
@instance
end
def call(env)
@stack.call(env)
end
def inspect
"#<#{@instance.class} app_file=#{settings.app_file.inspect}>"
end
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
block in call
setup_default_middleware builder
setup_middleware builder
builder.run app
builder
end
def call(env)
synchronize { prototype.call(env) }
end
# Like Kernel#caller but excluding certain magic entries and without
# line / method information; the resulting array contains filenames only.
def caller_files
cleaned_caller(1).flatten
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
synchronize
end
@@mutex = Mutex.new
def synchronize(&block)
if lock?
@@mutex.synchronize(&block)
else
yield
end
end
# used for deprecation warnings
def warn(message)
super message + "\n\tfrom #{cleaned_caller.first.join(':')}"
end
/var/lib/gems/2.1.0/gems/sinatra-1.4.8/lib/sinatra/base.rb
in
call
setup_default_middleware builder
setup_middleware builder
builder.run app
builder
end
def call(env)
synchronize { prototype.call(env) }
end
# Like Kernel#caller but excluding certain magic entries and without
# line / method information; the resulting array contains filenames only.
def caller_files
cleaned_caller(1).flatten
end
/var/lib/gems/2.1.0/gems/rack-1.6.8/lib/rack/handler/webrick.rb
in
service
env[QUERY_STRING] ||= ""
unless env[PATH_INFO] == ""
path, n = req.request_uri.path, env["SCRIPT_NAME"].length
env[PATH_INFO] = path[n, path.length-n]
end
env["REQUEST_PATH"] ||= [env["SCRIPT_NAME"], env[PATH_INFO]].join
status, headers, body = @app.call(env)
begin
res.status = status.to_i
headers.each { |k, vs|
next if k.downcase == "rack.hijack"
if k.downcase == "set-cookie"
res.cookies.concat vs.split("\n")
/usr/lib/ruby/2.1.0/webrick/httpserver.rb
in
service
servlet, options, script_name, path_info = search_servlet(req.path)
raise HTTPStatus::NotFound, "`#{req.path}' not found." unless servlet
req.script_name = script_name
req.path_info = path_info
si = servlet.get_instance(self, *options)
@logger.debug(format("%s is invoked.", si.class.name))
si.service(req, res)
end
##
# The default OPTIONS request handler says GET, HEAD, POST and OPTIONS
# requests are allowed.
def do_OPTIONS(req, res)
/usr/lib/ruby/2.1.0/webrick/httpserver.rb
in
run
if callback = server[:RequestCallback]
callback.call(req, res)
elsif callback = server[:RequestHandler]
msg = ":RequestHandler is deprecated, please use :RequestCallback"
@logger.warn(msg)
callback.call(req, res)
end
server.service(req, res)
rescue HTTPStatus::EOFError, HTTPStatus::RequestTimeout => ex
res.set_error(ex)
rescue HTTPStatus::Error => ex
@logger.error(ex.message)
res.set_error(ex)
rescue HTTPStatus::Status => ex
res.status = ex.code
/usr/lib/ruby/2.1.0/webrick/server.rb
in
block in start_thread
addr = sock.peeraddr
@logger.debug "accept: #{addr[3]}:#{addr[1]}"
rescue SocketError
@logger.debug "accept: <address unknown>"
raise
end
call_callback(:AcceptCallback, sock)
block ? block.call(sock) : run(sock)
rescue Errno::ENOTCONN
@logger.debug "Errno::ENOTCONN raised"
rescue ServerError => ex
msg = "#{ex.class}: #{ex.message}\n\t#{ex.backtrace[0]}"
@logger.error msg
rescue Exception => ex
@logger.error ex
No GET data.
No POST data.
Variable | Value |
---|---|
GATEWAY_INTERFACE | CGI/1.1 |
HTTP_ACCEPT | */* |
HTTP_CONNECTION | close |
HTTP_HOST | gollum |
HTTP_USER_AGENT | claudebot |
HTTP_VERSION | HTTP/1.1 |
PATH_INFO | /history/howto/wireguard |
QUERY_STRING | |
REMOTE_ADDR | 127.0.0.1 |
REMOTE_HOST | localhost |
REQUEST_METHOD | GET |
REQUEST_PATH | /history/howto/wireguard |
REQUEST_URI | http://gollum/history/howto/wireguard |
SCRIPT_NAME | |
SERVER_NAME | gollum |
SERVER_PORT | 80 |
SERVER_PROTOCOL | HTTP/1.1 |
SERVER_SOFTWARE | WEBrick/1.3.1 (Ruby/2.1.5/2014-11-13) |
rack.errors | #<Object:0x00000002134c58> |
rack.hijack | #<Proc:0x00000002292f28@/var/lib/gems/2.1.0/gems/rack-1.6.8/lib/rack/handler/webrick.rb:76 (lambda)> |
rack.hijack? | true |
rack.hijack_io | nil |
rack.input | #<StringIO:0x000000022931d0> |
rack.logger | #<Rack::NullLogger:0x000000030d60d0 @app=#<Rack::Protection::FrameOptions:0x000000030d61e8 @app=#<Rack::Protection::HttpOrigin:0x000000030d63f0 @app=#<Rack::Protection::IPSpoofing:0x000000030d6828 @app=#<Rack::Protection::JsonCsrf:0x000000030d6940 @app=#<Rack::Protection::PathTraversal:0x000000030d6a30 @app=#<Rack::Protection::XSSHeader:0x000000030d6b48 @app=#<Precious::EditingAuth:0x00000003141e98 @app=#<Precious::App:0x00000003150cb8 @default_layout=:layout, @preferred_extension=nil, @app=nil, @template_cache=#<Tilt::Cache:0x00000003150c90 @cache={[:mustache, :layout]=>Precious::Views::Layout, [:mustache, :history]=>Precious::Views::History}>>, @env={"GATEWAY_INTERFACE"=>"CGI/1.1", "PATH_INFO"=>"/history/howto/wireguard", "QUERY_STRING"=>"", "REMOTE_ADDR"=>"127.0.0.1", "REMOTE_HOST"=>"localhost", "REQUEST_METHOD"=>"GET", "REQUEST_URI"=>"http://gollum/history/howto/wireguard", "SCRIPT_NAME"=>"", "SERVER_NAME"=>"gollum", "SERVER_PORT"=>"80", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"WEBrick/1.3.1 (Ruby/2.1.5/2014-11-13)", "HTTP_HOST"=>"gollum", "HTTP_CONNECTION"=>"close", "HTTP_ACCEPT"=>"*/*", "HTTP_USER_AGENT"=>"claudebot", "rack.version"=>[1, 3], "rack.input"=>#<StringIO:0x000000022931d0>, "rack.errors"=>#<Object:0x00000002134c58>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "rack.url_scheme"=>"http", "rack.hijack?"=>true, "rack.hijack"=>#<Proc:0x00000002292f28@/var/lib/gems/2.1.0/gems/rack-1.6.8/lib/rack/handler/webrick.rb:76 (lambda)>, "rack.hijack_io"=>nil, "HTTP_VERSION"=>"HTTP/1.1", "REQUEST_PATH"=>"/history/howto/wireguard", "rack.logger"=>#<Rack::NullLogger:0x000000030d60d0 ...>, "rack.request.query_string"=>"", "rack.request.query_hash"=>{}, "sinatra.route"=>"GET /history/*", "sinatra.error"=>#<NoMethodError: undefined method `strip' for nil:NilClass>, "sinatra.accept"=>[#<Sinatra::Request::AcceptEntry:0x0000000307c148 @entry="*/*", @type="*/*", @params={}, @q=1.0>], "rack.request.cookie_hash"=>{}}>, @options={:reaction=>:drop_session, :logging=>true, :message=>"Forbidden", :encryptor=>Digest::SHA1, :session_key=>"rack.session", :status=>403, :allow_empty_referrer=>true, :report_key=>"protection.failed", :html_types=>["text/html", "application/xhtml"], :xss_mode=>:block, :nosniff=>true, :except=>[:session_hijacking, :remote_token]}>, @options={:reaction=>:drop_session, :logging=>true, :message=>"Forbidden", :encryptor=>Digest::SHA1, :session_key=>"rack.session", :status=>403, :allow_empty_referrer=>true, :report_key=>"protection.failed", :html_types=>["text/html", "application/xhtml"], :except=>[:session_hijacking, :remote_token]}>, @options={:reaction=>:drop_session, :logging=>true, :message=>"Forbidden", :encryptor=>Digest::SHA1, :session_key=>"rack.session", :status=>403, :allow_empty_referrer=>true, :report_key=>"protection.failed", :html_types=>["text/html", "application/xhtml"], :except=>[:session_hijacking, :remote_token]}>, @options={:reaction=>:drop_session, :logging=>true, :message=>"Forbidden", :encryptor=>Digest::SHA1, :session_key=>"rack.session", :status=>403, :allow_empty_referrer=>true, :report_key=>"protection.failed", :html_types=>["text/html", "application/xhtml"], :except=>[:session_hijacking, :remote_token]}>, @options={:reaction=>:drop_session, :logging=>true, :message=>"Forbidden", :encryptor=>Digest::SHA1, :session_key=>"rack.session", :status=>403, :allow_empty_referrer=>true, :report_key=>"protection.failed", :html_types=>["text/html", "application/xhtml"], :except=>[:session_hijacking, :remote_token]}>, @options={:reaction=>:drop_session, :logging=>true, :message=>"Forbidden", :encryptor=>Digest::SHA1, :session_key=>"rack.session", :status=>403, :allow_empty_referrer=>true, :report_key=>"protection.failed", :html_types=>["text/html", "application/xhtml"], :frame_options=>:sameorigin, :except=>[:session_hijacking, :remote_token]}, @frame_options="SAMEORIGIN">> |
rack.multiprocess | false |
rack.multithread | true |
rack.request.cookie_hash | {} |
rack.request.query_hash | {} |
rack.request.query_string | |
rack.run_once | false |
rack.url_scheme | http |
rack.version | [1, 3] |
sinatra.accept | [#<Sinatra::Request::AcceptEntry:0x0000000307c148 @entry="*/*", @type="*/*", @params={}, @q=1.0>] |
sinatra.error | #<NoMethodError: undefined method `strip' for nil:NilClass> |
sinatra.route | GET /history/* |
You're seeing this error because you have
enabled the show_exceptions
setting.