[DRE-commits] [ruby-rack-protection] 01/03: Port tests to RSpec3 and enable them
Balasankar C
balasankarc-guest at moszumanska.debian.org
Wed Sep 2 12:38:56 UTC 2015
This is an automated email from the git hooks/post-receive script.
balasankarc-guest pushed a commit to branch master
in repository ruby-rack-protection.
commit 7fe1d60fcdec50853f5c836330bdce836eef305d
Author: Balasankar C <balasankarc at autistici.org>
Date: Wed Sep 2 18:08:24 2015 +0530
Port tests to RSpec3 and enable them
---
debian/patches/rpsec3-port.patch | 730 +++++++++++++++++++++
debian/patches/series | 1 +
...-tests.rake.disabled.rspec3 => ruby-tests.rake} | 0
3 files changed, 731 insertions(+)
diff --git a/debian/patches/rpsec3-port.patch b/debian/patches/rpsec3-port.patch
new file mode 100644
index 0000000..6567ae7
--- /dev/null
+++ b/debian/patches/rpsec3-port.patch
@@ -0,0 +1,730 @@
+Description: Port tests to RSpec 3 syntax (partially)
+Author: Balasankar C <balasankarc at autistici.org>
+Last-Update: 2015-09-02
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/spec/authenticity_token_spec.rb
++++ b/spec/authenticity_token_spec.rb
+@@ -4,31 +4,31 @@
+ it_behaves_like "any rack application"
+
+ it "denies post requests without any token" do
+- post('/').should_not be_ok
++ expect(post('/')).not_to be_ok
+ end
+
+ it "accepts post requests with correct X-CSRF-Token header" do
+ post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a")
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "denies post requests with wrong X-CSRF-Token header" do
+ post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b")
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it "accepts post form requests with correct authenticity_token field" do
+ post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "a"})
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "denies post form requests with wrong authenticity_token field" do
+ post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "b"})
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it "prevents ajax requests without a valid token" do
+- post('/', {}, "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest").should_not be_ok
++ expect(post('/', {}, "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest")).not_to be_ok
+ end
+
+ it "allows for a custom authenticity token param" do
+@@ -38,11 +38,11 @@
+ end
+
+ post('/', {"csrf_param" => "a"}, 'rack.session' => {:csrf => "a"})
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "sets a new csrf token for the session in env, even after a 'safe' request" do
+ get('/', {}, {})
+- env['rack.session'][:csrf].should_not be_nil
++ expect(env['rack.session'][:csrf]).not_to be_nil
+ end
+ end
+--- a/spec/base_spec.rb
++++ b/spec/base_spec.rb
+@@ -6,35 +6,35 @@
+
+ describe "#random_string" do
+ it "outputs a string of 32 characters" do
+- subject.random_string.length.should == 32
++ expect(subject.random_string.length).to eq(32)
+ end
+ end
+
+ describe "#referrer" do
+ it "Reads referrer from Referer header" do
+ env = {"HTTP_HOST" => "foo.com", "HTTP_REFERER" => "http://bar.com/valid"}
+- subject.referrer(env).should == "bar.com"
++ expect(subject.referrer(env)).to eq("bar.com")
+ end
+
+ it "Reads referrer from Host header when Referer header is relative" do
+ env = {"HTTP_HOST" => "foo.com", "HTTP_REFERER" => "/valid"}
+- subject.referrer(env).should == "foo.com"
++ expect(subject.referrer(env)).to eq("foo.com")
+ end
+
+ it "Reads referrer from Host header when Referer header is missing" do
+ env = {"HTTP_HOST" => "foo.com"}
+- subject.referrer(env).should == "foo.com"
++ expect(subject.referrer(env)).to eq("foo.com")
+ end
+
+ it "Returns nil when Referer header is missing and allow_empty_referrer is false" do
+ env = {"HTTP_HOST" => "foo.com"}
+ subject.options[:allow_empty_referrer] = false
+- subject.referrer(env).should be_nil
++ expect(subject.referrer(env)).to be_nil
+ end
+
+ it "Returns nil when Referer header is invalid" do
+ env = {"HTTP_HOST" => "foo.com", "HTTP_REFERER" => "http://bar.com/bad|uri"}
+- subject.referrer(env).should be_nil
++ expect(subject.referrer(env)).to be_nil
+ end
+ end
+ end
+--- a/spec/escaped_params_spec.rb
++++ b/spec/escaped_params_spec.rb
+@@ -10,7 +10,7 @@
+ [200, {'Content-Type' => 'text/plain'}, [request.params['foo']]]
+ end
+ get '/', :foo => "<bar>"
+- body.should == '<bar>'
++ expect(body).to eq('<bar>')
+ end
+
+ it 'leaves normal params untouched' do
+@@ -19,7 +19,7 @@
+ [200, {'Content-Type' => 'text/plain'}, [request.params['foo']]]
+ end
+ get '/', :foo => "bar"
+- body.should == 'bar'
++ expect(body).to eq('bar')
+ end
+
+ it 'copes with nested arrays' do
+@@ -28,7 +28,7 @@
+ [200, {'Content-Type' => 'text/plain'}, [request.params['foo']['bar']]]
+ end
+ get '/', :foo => {:bar => "<bar>"}
+- body.should == '<bar>'
++ expect(body).to eq('<bar>')
+ end
+
+ it 'leaves cache-breaker params untouched' do
+@@ -37,7 +37,7 @@
+ end
+
+ get '/?95df8d9bf5237ad08df3115ee74dcb10'
+- body.should == 'hi'
++ expect(body).to eq('hi')
+ end
+ end
+ end
+--- a/spec/form_token_spec.rb
++++ b/spec/form_token_spec.rb
+@@ -4,30 +4,30 @@
+ it_behaves_like "any rack application"
+
+ it "denies post requests without any token" do
+- post('/').should_not be_ok
++ expect(post('/')).not_to be_ok
+ end
+
+ it "accepts post requests with correct X-CSRF-Token header" do
+ post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a")
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "denies post requests with wrong X-CSRF-Token header" do
+ post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b")
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it "accepts post form requests with correct authenticity_token field" do
+ post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "a"})
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "denies post form requests with wrong authenticity_token field" do
+ post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "b"})
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it "accepts ajax requests without a valid token" do
+- post('/', {}, "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest").should be_ok
++ expect(post('/', {}, "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest")).to be_ok
+ end
+ end
+--- a/spec/frame_options_spec.rb
++++ b/spec/frame_options_spec.rb
+@@ -4,11 +4,11 @@
+ it_behaves_like "any rack application"
+
+ it 'should set the X-Frame-Options' do
+- get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "SAMEORIGIN"
++ expect(get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"]).to eq("SAMEORIGIN")
+ end
+
+ it 'should not set the X-Frame-Options for other content types' do
+- get('/', {}, 'wants' => 'text/foo').headers["X-Frame-Options"].should be_nil
++ expect(get('/', {}, 'wants' => 'text/foo').headers["X-Frame-Options"]).to be_nil
+ end
+
+ it 'should allow changing the protection mode' do
+@@ -18,7 +18,7 @@
+ run DummyApp
+ end
+
+- get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "DENY"
++ expect(get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"]).to eq("DENY")
+ end
+
+
+@@ -29,11 +29,11 @@
+ run DummyApp
+ end
+
+- get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "ALLOW-FROM foo"
++ expect(get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"]).to eq("ALLOW-FROM foo")
+ end
+
+ it 'should not override the header if already set' do
+ mock_app with_headers("X-Frame-Options" => "allow")
+- get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"].should == "allow"
++ expect(get('/', {}, 'wants' => 'text/html').headers["X-Frame-Options"]).to eq("allow")
+ end
+ end
+--- a/spec/http_origin_spec.rb
++++ b/spec/http_origin_spec.rb
+@@ -12,19 +12,19 @@
+
+ %w(GET HEAD POST PUT DELETE).each do |method|
+ it "accepts #{method} requests with no Origin" do
+- send(method.downcase, '/').should be_ok
++ expect(send(method.downcase, '/')).to be_ok
+ end
+ end
+
+ %w(GET HEAD).each do |method|
+ it "accepts #{method} requests with non-whitelisted Origin" do
+- send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com').should be_ok
++ expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).to be_ok
+ end
+ end
+
+ %w(POST PUT DELETE).each do |method|
+ it "denies #{method} requests with non-whitelisted Origin" do
+- send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com').should_not be_ok
++ expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://malicious.com')).not_to be_ok
+ end
+
+ it "accepts #{method} requests with whitelisted Origin" do
+@@ -32,7 +32,7 @@
+ use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://www.friend.com']
+ run DummyApp
+ end
+- send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com').should be_ok
++ expect(send(method.downcase, '/', {}, 'HTTP_ORIGIN' => 'http://www.friend.com')).to be_ok
+ end
+ end
+ end
+--- a/spec/ip_spoofing_spec.rb
++++ b/spec/ip_spoofing_spec.rb
+@@ -5,24 +5,24 @@
+
+ it 'accepts requests without X-Forward-For header' do
+ get('/', {}, 'HTTP_CLIENT_IP' => '1.2.3.4', 'HTTP_X_REAL_IP' => '4.3.2.1')
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it 'accepts requests with proper X-Forward-For header' do
+ get('/', {}, 'HTTP_CLIENT_IP' => '1.2.3.4',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.1.20, 1.2.3.4, 127.0.0.1')
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it 'denies requests where the client spoofs X-Forward-For but not the IP' do
+ get('/', {}, 'HTTP_CLIENT_IP' => '1.2.3.4', 'HTTP_X_FORWARDED_FOR' => '1.2.3.5')
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it 'denies requests where the client spoofs the IP but not X-Forward-For' do
+ get('/', {}, 'HTTP_CLIENT_IP' => '1.2.3.5',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.1.20, 1.2.3.4, 127.0.0.1')
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it 'denies requests where IP and X-Forward-For are spoofed but not X-Real-IP' do
+@@ -30,6 +30,6 @@
+ 'HTTP_CLIENT_IP' => '1.2.3.5',
+ 'HTTP_X_FORWARDED_FOR' => '1.2.3.5',
+ 'HTTP_X_REAL_IP' => '1.2.3.4')
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+ end
+--- a/spec/json_csrf_spec.rb
++++ b/spec/json_csrf_spec.rb
+@@ -9,27 +9,27 @@
+ end
+
+ it "denies get requests with json responses with a remote referrer" do
+- get('/', {}, 'HTTP_REFERER' => 'http://evil.com').should_not be_ok
++ expect(get('/', {}, 'HTTP_REFERER' => 'http://evil.com')).not_to be_ok
+ end
+
+ it "accepts requests with json responses with a remote referrer when there's an origin header set" do
+- get('/', {}, 'HTTP_REFERER' => 'http://good.com', 'HTTP_ORIGIN' => 'http://good.com').should be_ok
++ expect(get('/', {}, 'HTTP_REFERER' => 'http://good.com', 'HTTP_ORIGIN' => 'http://good.com')).to be_ok
+ end
+
+ it "accepts requests with json responses with a remote referrer when there's an x-origin header set" do
+- get('/', {}, 'HTTP_REFERER' => 'http://good.com', 'HTTP_X_ORIGIN' => 'http://good.com').should be_ok
++ expect(get('/', {}, 'HTTP_REFERER' => 'http://good.com', 'HTTP_X_ORIGIN' => 'http://good.com')).to be_ok
+ end
+
+ it "accepts get requests with json responses with a local referrer" do
+- get('/', {}, 'HTTP_REFERER' => '/').should be_ok
++ expect(get('/', {}, 'HTTP_REFERER' => '/')).to be_ok
+ end
+
+ it "accepts get requests with json responses with no referrer" do
+- get('/', {}).should be_ok
++ expect(get('/', {})).to be_ok
+ end
+
+ it "accepts XHR requests" do
+- get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest').should be_ok
++ expect(get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')).to be_ok
+ end
+
+ end
+@@ -38,7 +38,7 @@
+
+ it "accepts get requests with 304 headers" do
+ mock_app { |e| [304, {}, []]}
+- get('/', {}).status.should == 304
++ expect(get('/', {}).status).to eq(304)
+ end
+
+ end
+@@ -52,7 +52,7 @@
+
+ session = {:foo => :bar}
+ get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+ end
+ end
+--- a/spec/path_traversal_spec.rb
++++ b/spec/path_traversal_spec.rb
+@@ -9,7 +9,7 @@
+ end
+
+ %w[/foo/bar /foo/bar/ / /.f /a.x].each do |path|
+- it("does not touch #{path.inspect}") { get(path).body.should == path }
++ it("does not touch #{path.inspect}") { expect(get(path).body).to eq(path) }
+ end
+
+ { # yes, this is ugly, feel free to change that
+@@ -17,12 +17,12 @@
+ '/%2e.' => '/', '/a/%2E%2e/b' => '/b', '/a%2f%2E%2e%2Fb/' => '/b/',
+ '//' => '/', '/%2fetc%2Fpasswd' => '/etc/passwd'
+ }.each do |a, b|
+- it("replaces #{a.inspect} with #{b.inspect}") { get(a).body.should == b }
++ it("replaces #{a.inspect} with #{b.inspect}") { expect(get(a).body).to eq(b) }
+ end
+
+ it 'should be able to deal with PATH_INFO = nil (fcgi?)' do
+ app = Rack::Protection::PathTraversal.new(proc { 42 })
+- app.call({}).should be == 42
++ expect(app.call({})).to eq(42)
+ end
+ end
+
+@@ -34,7 +34,7 @@
+
+ it 'should remain unchanged as ASCII-8BIT' do
+ body = @app.call({ 'PATH_INFO' => '/'.encode('ASCII-8BIT') })[2][0]
+- body.should == 'ASCII-8BIT'
++ expect(body).to eq('ASCII-8BIT')
+ end
+ end
+ end
+--- a/spec/protection_spec.rb
++++ b/spec/protection_spec.rb
+@@ -12,10 +12,10 @@
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
+- session[:foo].should be == :bar
++ expect(session[:foo]).to eq(:bar)
+
+ get '/', {}, 'rack.session' => session, 'HTTP_FOO' => 'BAR'
+- session.should be_empty
++ expect(session).to be_empty
+ end
+
+ it 'passes errors through if :reaction => :report is used' do
+@@ -26,8 +26,8 @@
+
+ session = {:foo => :bar}
+ post('/', {}, 'rack.session' => session, 'HTTP_ORIGIN' => 'http://malicious.com')
+- last_response.should be_ok
+- body.should == "true"
++ expect(last_response).to be_ok
++ expect(body).to eq("true")
+ end
+
+ describe "#react" do
+@@ -38,7 +38,7 @@
+ run DummyApp
+ end
+ post('/', {}, 'rack.session' => {}, 'HTTP_ORIGIN' => 'http://malicious.com')
+- io.string.should match /prevented.*Origin/
++ expect(io.string).to match /prevented.*Origin/
+ end
+
+ it 'reports attacks if reaction is to report' do
+@@ -48,8 +48,8 @@
+ run DummyApp
+ end
+ post('/', {}, 'rack.session' => {}, 'HTTP_ORIGIN' => 'http://malicious.com')
+- io.string.should match /reported.*Origin/
+- io.string.should_not match /prevented.*Origin/
++ expect(io.string).to match /reported.*Origin/
++ expect(io.string).not_to match /prevented.*Origin/
+ end
+
+ it 'passes errors to reaction method if specified' do
+@@ -60,25 +60,25 @@
+ run DummyApp
+ end
+ post('/', {}, 'rack.session' => {}, 'HTTP_ORIGIN' => 'http://malicious.com')
+- io.string.should match /HTTP_ORIGIN.*malicious.com/
+- io.string.should_not match /reported|prevented/
++ expect(io.string).to match /HTTP_ORIGIN.*malicious.com/
++ expect(io.string).not_to match /reported|prevented/
+ end
+ end
+
+ describe "#html?" do
+ context "given an appropriate content-type header" do
+ subject { Rack::Protection::Base.new(nil).html? 'content-type' => "text/html" }
+- it { should be_true }
++ it { is_expected.to be_truthy }
+ end
+
+ context "given an inappropriate content-type header" do
+ subject { Rack::Protection::Base.new(nil).html? 'content-type' => "image/gif" }
+- it { should be_false }
++ it { is_expected.to be_falsey }
+ end
+
+ context "given no content-type header" do
+ subject { Rack::Protection::Base.new(nil).html?({}) }
+- it { should be_false }
++ it { is_expected.to be_falsey }
+ end
+ end
+
+@@ -93,13 +93,13 @@
+ context 'with an instrumenter specified' do
+ let(:app) { Rack::Protection::Base.new(nil, :instrumenter => instrumenter) }
+
+- it { instrumenter.should_receive(:instrument).with('rack.protection', env) }
++ it { expect(instrumenter).to receive(:instrument).with('rack.protection', env) }
+ end
+
+ context 'with no instrumenter specified' do
+ let(:app) { Rack::Protection::Base.new(nil) }
+
+- it { instrumenter.should_not_receive(:instrument) }
++ it { expect(instrumenter).not_to receive(:instrument) }
+ end
+ end
+ end
+--- a/spec/remote_referrer_spec.rb
++++ b/spec/remote_referrer_spec.rb
+@@ -4,7 +4,7 @@
+ it_behaves_like "any rack application"
+
+ it "accepts post requests with no referrer" do
+- post('/').should be_ok
++ expect(post('/')).to be_ok
+ end
+
+ it "does not accept post requests with no referrer if allow_empty_referrer is false" do
+@@ -12,20 +12,20 @@
+ use Rack::Protection::RemoteReferrer, :allow_empty_referrer => false
+ run DummyApp
+ end
+- post('/').should_not be_ok
++ expect(post('/')).not_to be_ok
+ end
+
+ it "should allow post request with a relative referrer" do
+- post('/', {}, 'HTTP_REFERER' => '/').should be_ok
++ expect(post('/', {}, 'HTTP_REFERER' => '/')).to be_ok
+ end
+
+ it "accepts post requests with the same host in the referrer" do
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.com')
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "denies post requests with a remote referrer" do
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org')
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+ end
+--- a/spec/remote_token_spec.rb
++++ b/spec/remote_token_spec.rb
+@@ -4,39 +4,39 @@
+ it_behaves_like "any rack application"
+
+ it "accepts post requests with no referrer" do
+- post('/').should be_ok
++ expect(post('/')).to be_ok
+ end
+
+ it "accepts post requests with a local referrer" do
+- post('/', {}, 'HTTP_REFERER' => '/').should be_ok
++ expect(post('/', {}, 'HTTP_REFERER' => '/')).to be_ok
+ end
+
+ it "denies post requests with a remote referrer and no token" do
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org')
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it "accepts post requests with a remote referrer and correct X-CSRF-Token header" do
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org',
+ 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a")
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "denies post requests with a remote referrer and wrong X-CSRF-Token header" do
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org',
+ 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b")
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+
+ it "accepts post form requests with a remote referrer and correct authenticity_token field" do
+ post('/', {"authenticity_token" => "a"}, 'HTTP_REFERER' => 'http://example.com/foo',
+ 'HTTP_HOST' => 'example.org', 'rack.session' => {:csrf => "a"})
+- last_response.should be_ok
++ expect(last_response).to be_ok
+ end
+
+ it "denies post form requests with a remote referrer and wrong authenticity_token field" do
+ post('/', {"authenticity_token" => "a"}, 'HTTP_REFERER' => 'http://example.com/foo',
+ 'HTTP_HOST' => 'example.org', 'rack.session' => {:csrf => "b"})
+- last_response.should_not be_ok
++ expect(last_response).not_to be_ok
+ end
+ end
+--- a/spec/session_hijacking_spec.rb
++++ b/spec/session_hijacking_spec.rb
+@@ -7,14 +7,14 @@
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session
+ get '/', {}, 'rack.session' => session
+- session[:foo].should == :bar
++ expect(session[:foo]).to eq(:bar)
+ end
+
+ it "denies requests with a changing User-Agent header" do
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'b'
+- session.should be_empty
++ expect(session).to be_empty
+ end
+
+ it "accepts requests with a changing Accept-Encoding header" do
+@@ -22,34 +22,34 @@
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
+- session.should_not be_empty
++ expect(session).not_to be_empty
+ end
+
+ it "denies requests with a changing Accept-Language header" do
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'b'
+- session.should be_empty
++ expect(session).to be_empty
+ end
+
+ it "accepts requests with the same Accept-Language header" do
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
+- session.should_not be_empty
++ expect(session).not_to be_empty
+ end
+
+ it "comparison of Accept-Language header is not case sensitive" do
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'A'
+- session.should_not be_empty
++ expect(session).not_to be_empty
+ end
+
+ it "accepts requests with a changing Version header"do
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
+ get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
+- session[:foo].should == :bar
++ expect(session[:foo]).to eq(:bar)
+ end
+ end
+--- a/spec/spec_helper.rb
++++ b/spec/spec_helper.rb
+@@ -3,6 +3,7 @@
+ require 'rack'
+ require 'forwardable'
+ require 'stringio'
++require 'rspec'
+
+ if defined? Gem.loaded_specs and Gem.loaded_specs.include? 'rack'
+ version = Gem.loaded_specs['rack'].version.to_s
+@@ -93,19 +94,19 @@
+ end
+
+ RSpec.configure do |config|
+- config.expect_with :rspec, :stdlib
++ config.expect_with :rspec
+ config.include Rack::Test::Methods
+ config.include TestHelpers
+ end
+
+ shared_examples_for 'any rack application' do
+ it "should not interfere with normal get requests" do
+- get('/').should be_ok
+- body.should == 'ok'
++ expect(get('/')).to be_ok
++ expect(body).to eq('ok')
+ end
+
+ it "should not interfere with normal head requests" do
+- head('/').should be_ok
++ expect(head('/')).to be_ok
+ end
+
+ it 'should not leak changes to env' do
+@@ -130,7 +131,7 @@
+ run DummyApp
+ end
+
+- get('/..', :foo => '<bar>').should be_ok
++ expect(get('/..', :foo => '<bar>')).to be_ok
+ end
+
+ it 'allows passing on values in env' do
+@@ -158,6 +159,6 @@
+ run DummyApp
+ end
+
+- get('/').should be_ok
++ expect(get('/')).to be_ok
+ end
+ end
+--- a/spec/xss_header_spec.rb
++++ b/spec/xss_header_spec.rb
+@@ -4,15 +4,15 @@
+ it_behaves_like "any rack application"
+
+ it 'should set the X-XSS-Protection' do
+- get('/', {}, 'wants' => 'text/html;charset=utf-8').headers["X-XSS-Protection"].should == "1; mode=block"
++ expect(get('/', {}, 'wants' => 'text/html;charset=utf-8').headers["X-XSS-Protection"]).to eq("1; mode=block")
+ end
+
+ it 'should set the X-XSS-Protection for XHTML' do
+- get('/', {}, 'wants' => 'application/xhtml+xml').headers["X-XSS-Protection"].should == "1; mode=block"
++ expect(get('/', {}, 'wants' => 'application/xhtml+xml').headers["X-XSS-Protection"]).to eq("1; mode=block")
+ end
+
+ it 'should not set the X-XSS-Protection for other content types' do
+- get('/', {}, 'wants' => 'application/foo').headers["X-XSS-Protection"].should be_nil
++ expect(get('/', {}, 'wants' => 'application/foo').headers["X-XSS-Protection"]).to be_nil
+ end
+
+ it 'should allow changing the protection mode' do
+@@ -22,21 +22,21 @@
+ run DummyApp
+ end
+
+- get('/', {}, 'wants' => 'application/xhtml').headers["X-XSS-Protection"].should == "1; mode=foo"
++ expect(get('/', {}, 'wants' => 'application/xhtml').headers["X-XSS-Protection"]).to eq("1; mode=foo")
+ end
+
+ it 'should not override the header if already set' do
+ mock_app with_headers("X-XSS-Protection" => "0")
+- get('/', {}, 'wants' => 'text/html').headers["X-XSS-Protection"].should == "0"
++ expect(get('/', {}, 'wants' => 'text/html').headers["X-XSS-Protection"]).to eq("0")
+ end
+
+ it 'should set the X-Content-Type-Options' do
+- get('/', {}, 'wants' => 'text/html').header["X-Content-Type-Options"].should == "nosniff"
++ expect(get('/', {}, 'wants' => 'text/html').header["X-Content-Type-Options"]).to eq("nosniff")
+ end
+
+
+ it 'should set the X-Content-Type-Options for other content types' do
+- get('/', {}, 'wants' => 'application/foo').header["X-Content-Type-Options"].should == "nosniff"
++ expect(get('/', {}, 'wants' => 'application/foo').header["X-Content-Type-Options"]).to eq("nosniff")
+ end
+
+
+@@ -46,11 +46,11 @@
+ run DummyApp
+ end
+
+- get('/').headers["X-Content-Type-Options"].should be_nil
++ expect(get('/').headers["X-Content-Type-Options"]).to be_nil
+ end
+
+ it 'should not override the header if already set X-Content-Type-Options' do
+ mock_app with_headers("X-Content-Type-Options" => "sniff")
+- get('/', {}, 'wants' => 'text/html').headers["X-Content-Type-Options"].should == "sniff"
++ expect(get('/', {}, 'wants' => 'text/html').headers["X-Content-Type-Options"]).to eq("sniff")
+ end
+ end
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..026def5
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+rpsec3-port.patch
diff --git a/debian/ruby-tests.rake.disabled.rspec3 b/debian/ruby-tests.rake
similarity index 100%
rename from debian/ruby-tests.rake.disabled.rspec3
rename to debian/ruby-tests.rake
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-rack-protection.git
More information about the Pkg-ruby-extras-commits
mailing list