Skip to content

Instantly share code, notes, and snippets.

@beanieboi

beanieboi/gist:9fe9892842820b8ec915

Created December 3, 2015 13:48
Show Gist options
  • Save beanieboi/9fe9892842820b8ec915 to your computer and use it in GitHub Desktop.
Save beanieboi/9fe9892842820b8ec915 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
NoMethodError at /merchants/xxx/transparent_redirect_requests
undefined method `[]' for nil:NilClass
file:
base.rb
location: html?
line:
117
BACKTRACE
(expand)
JUMP TO:
GET
POST
COOKIES
ENV
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb in
html?
options[:encryptor].hexdigest value.to_s
end
alias default_reaction deny
def html?(headers)
return false unless header = headers.detect { |k,v| k.downcase == 'content-type' }
options[:html_types].include? header.last[/^\w+\/\w+/]
end
end
end
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb in
call
# Options:
# xss_mode:: How the browser should prevent the attack (default: :block)
class XSSHeader < Base
default_options :xss_mode => :block, :nosniff => true
def call(env)
status, headers, body = @app.call(env)
headers['X-XSS-Protection'] ||= "1; mode=#{options[:xss_mode]}" if html? headers
headers['X-Content-Type-Options'] ||= 'nosniff' if options[:nosniff]
[status, headers, body]
end
end
end
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb in
call
#
# Unescapes '/' and '.', expands +path_info+.
# Thus <tt>GET /foo/%2e%2e%2fbar</tt> becomes <tt>GET /bar</tt>.
class PathTraversal < Base
def call(env)
path_was = env["PATH_INFO"]
env["PATH_INFO"] = cleanup path_was if path_was && !path_was.empty?
app.call env
ensure
env["PATH_INFO"] = path_was
end
def cleanup(path)
if path.respond_to?(:encoding)
# Ruby 1.9+ M17N
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb in
call
# Array prototype has been patched to track data. Checks the referrer
# even on GET requests if the content type is JSON.
class JsonCsrf < Base
alias react deny
def call(env)
request = Request.new(env)
status, headers, body = app.call(env)
if has_vector? request, headers
warn env, "attack prevented by #{self.class}"
react(env) or [status, headers, body]
else
[status, headers, body]
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb in
call
end
def call(env)
unless accepts? env
instrument env
result = react env
end
result or app.call(env)
end
def react(env)
result = send(options[:reaction], env)
result if Array === result and result.size == 3
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb in
call
end
def call(env)
unless accepts? env
instrument env
result = react env
end
result or app.call(env)
end
def react(env)
result = send(options[:reaction], env)
result if Array === result and result.size == 3
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-1.6.4/lib/rack/logger.rb in
call
end
def call(env)
logger = ::Logger.new(env['rack.errors'])
logger.level = @level
env['rack.logger'] = logger
@app.call(env)
end
end
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-1.6.4/lib/rack/commonlogger.rb in
call
def initialize(app, logger=nil)
@app = app
@logger = logger
end
def call(env)
began_at = Time.now
status, header, body = @app.call(env)
header = Utils::HeaderHash.new(header)
body = BodyProxy.new(body) { log(env, status, header, began_at) }
[status, header, body]
end
private
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/base.rb in
call
env['sinatra.commonlogger'] ? @app.call(env) : super
end
superclass.class_eval do
alias call_without_check call unless method_defined? :call_without_check
def call(env)
env['sinatra.commonlogger'] = true
call_without_check(env)
end
end
end
class NotFound < NameError #:nodoc:
def http_status; 404 end
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/base.rb in
call
end
end
# Behaves exactly like Rack::CommonLogger with the notable exception that it does nothing,
# if another CommonLogger is already in the middleware chain.
class CommonLogger < Rack::CommonLogger
def call(env)
env['sinatra.commonlogger'] ? @app.call(env) : super
end
superclass.class_eval do
alias call_without_check call unless method_defined? :call_without_check
def call(env)
env['sinatra.commonlogger'] = true
call_without_check(env)
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-1.6.4/lib/rack/head.rb in
call
# Rack::Head returns an empty body for all HEAD requests. It leaves
# all other requests unchanged.
def initialize(app)
@app = app
end
def call(env)
status, headers, body = @app.call(env)
if env[REQUEST_METHOD] == HEAD
[
status, headers, Rack::BodyProxy.new([]) do
body.close if body.respond_to? :close
end
]
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/show_exceptions.rb in
call
def initialize(app)
@app = app
@template = ERB.new(TEMPLATE)
end
def call(env)
@app.call(env)
rescue Exception => e
errors, env["rack.errors"] = env["rack.errors"], @@eats_errors
if prefers_plain_text?(env)
content_type = "text/plain"
exception_string = dump_exception(e)
else
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/base.rb in
call
# Some Rack handlers (Thin, Rainbows!) implement an extended body object protocol, however,
# some middleware (namely Rack::Lint) will break it by not mirroring the methods in question.
# This middleware will detect an extended body object and will make sure it reaches the
# handler directly. We do this here, so our middleware and middleware set up by the app will
# still be able to run.
class ExtendedRack < Struct.new(:app)
def call(env)
result, callback = app.call(env), env['async.callback']
return result unless callback and async?(*result)
after_response { callback.call result }
setup_close(env, *result)
throw :async
end
private
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/base.rb in
call
end
def helpers
@instance
end
def call(env)
@stack.call(env)
end
def inspect
"#<#{@instance.class} app_file=#{settings.app_file.inspect}>"
end
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/base.rb in
block in call
setup_default_middleware builder
setup_middleware builder
builder.run app
builder
end
def call(env)
synchronize { prototype.call(env) }
end
# Like Kernel#caller but excluding certain magic entries and without
# line / method information; the resulting array contains filenames only.
def caller_files
cleaned_caller(1).flatten
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/base.rb in
synchronize
end
@@mutex = Mutex.new
def synchronize(&block)
if lock?
@@mutex.synchronize(&block)
else
yield
end
end
# used for deprecation warnings
def warn(message)
super message + "\n\tfrom #{cleaned_caller.first.join(':')}"
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/sinatra-1.4.6/lib/sinatra/base.rb in
call
setup_default_middleware builder
setup_middleware builder
builder.run app
builder
end
def call(env)
synchronize { prototype.call(env) }
end
# Like Kernel#caller but excluding certain magic entries and without
# line / method information; the resulting array contains filenames only.
def caller_files
cleaned_caller(1).flatten
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/capybara-2.5.0/lib/capybara/server.rb in
call
end
def call(env)
if env["PATH_INFO"] == "/__identify__"
[200, {}, [@app.object_id.to_s]]
else
begin
@app.call(env)
rescue *Capybara.server_errors => e
@error = e unless @error
raise e
end
end
end
end
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-1.6.4/lib/rack/handler/webrick.rb in
service
env[QUERY_STRING] ||= ""
unless env[PATH_INFO] == ""
path, n = req.request_uri.path, env["SCRIPT_NAME"].length
env[PATH_INFO] = path[n, path.length-n]
end
env["REQUEST_PATH"] ||= [env["SCRIPT_NAME"], env[PATH_INFO]].join
status, headers, body = @app.call(env)
begin
res.status = status.to_i
headers.each { |k, vs|
next if k.downcase == "rack.hijack"
if k.downcase == "set-cookie"
res.cookies.concat vs.split("\n")
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/2.2.0/webrick/httpserver.rb in
service
servlet, options, script_name, path_info = search_servlet(req.path)
raise HTTPStatus::NotFound, "`#{req.path}' not found." unless servlet
req.script_name = script_name
req.path_info = path_info
si = servlet.get_instance(self, *options)
@logger.debug(format("%s is invoked.", si.class.name))
si.service(req, res)
end
##
# The default OPTIONS request handler says GET, HEAD, POST and OPTIONS
# requests are allowed.
def do_OPTIONS(req, res)
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/2.2.0/webrick/httpserver.rb in
run
if callback = server[:RequestCallback]
callback.call(req, res)
elsif callback = server[:RequestHandler]
msg = ":RequestHandler is deprecated, please use :RequestCallback"
@logger.warn(msg)
callback.call(req, res)
end
server.service(req, res)
rescue HTTPStatus::EOFError, HTTPStatus::RequestTimeout => ex
res.set_error(ex)
rescue HTTPStatus::Error => ex
@logger.error(ex.message)
res.set_error(ex)
rescue HTTPStatus::Status => ex
res.status = ex.code
/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/2.2.0/webrick/server.rb in
block in start_thread
addr = sock.peeraddr
@logger.debug "accept: #{addr[3]}:#{addr[1]}"
rescue SocketError
@logger.debug "accept: <address unknown>"
raise
end
call_callback(:AcceptCallback, sock)
block ? block.call(sock) : run(sock)
rescue Errno::ENOTCONN
@logger.debug "Errno::ENOTCONN raised"
rescue ServerError => ex
msg = "#{ex.class}: #{ex.message}\n\t#{ex.backtrace[0]}"
@logger.error msg
rescue Exception => ex
@logger.error ex
GET
No GET data.
POST
Variable
Value
customer
{"credit_card"=>{"number"=>"5555555555554444", "expiration_month"=>"01", "expiration_year"=>"2015", "cvv"=>""}}
tr_data
"5f5863ce86c02fc3be3d8882870eeb9d4a52f4b2|api_version=4&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bcompany%5D=&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bcountry_code_alpha2%5D=US&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bextended_address%5D=&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bfirst_name%5D=John&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Blast_name%5D=Doe&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Blocality%5D=Boston&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bpostal_code%5D=12345&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bregion%5D=MA&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bstreet_address%5D=1+Main+Street&customer%5Bcustom_fields%5D%5Bvat_number%5D=&customer%5Bfirst_name%5D=John&customer%5Blast_name%5D=Doe&kind=create_customer&public_key=xxx&redirect_url=http%3A%2F%2F127.0.0.1%3A58252%2Fsubscription%2Fconfirm%3Faccount_id%3D1&time=20151203032407"
utf8
"✓"
COOKIES
No cookie data.
Rack ENV
Variable
Value
CONTENT_LENGTH
1349
CONTENT_TYPE
application/x-www-form-urlencoded
GATEWAY_INTERFACE
CGI/1.1
HTTP_ACCEPT
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING
gzip
HTTP_ACCEPT_LANGUAGE
en-US,*
HTTP_CONNECTION
Keep-Alive
HTTP_HOST
localhost:42928
HTTP_ORIGIN
http://127.0.0.1:58252
HTTP_REFERER
http://127.0.0.1:58252/subscription
HTTP_USER_AGENT
Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/534.34 (KHTML, like Gecko) PhantomJS/1.9.7 Safari/534.34
HTTP_VERSION
HTTP/1.1
PATH_INFO
/merchants/xxx/transparent_redirect_requests
QUERY_STRING
REMOTE_ADDR
127.0.0.1
REMOTE_HOST
localhost
REQUEST_METHOD
POST
REQUEST_PATH
/merchants/xxx/transparent_redirect_requests
REQUEST_URI
http://localhost:42928/merchants/xxx/transparent_redirect_requests
SCRIPT_NAME
SERVER_NAME
localhost
SERVER_PORT
42928
SERVER_PROTOCOL
HTTP/1.1
SERVER_SOFTWARE
WEBrick/1.3.1 (Ruby/2.2.3/2015-08-18)
rack.errors
#<Object:0x007f78f8912f58>
rack.hijack
#<Proc:0x007f78b8582068@/home/ubuntu/.rbenv/versions/2.2.3/lib/ruby/gems/2.2.0/gems/rack-1.6.4/lib/rack/handler/webrick.rb:76 (lambda)>
rack.hijack?
true
rack.hijack_io
nil
rack.input
#<StringIO:0x007f78b8582310>
rack.logger
#<Logger:0x007f78ca560f78 @progname=nil, @level=1, @default_formatter=#<Logger::Formatter:0x007f78ca560f50 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x007f78ca560e88 @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<IO:<STDERR>>, @mutex=#<Logger::LogDevice::LogDeviceMutex:0x007f78ca560e60 @mon_owner=nil, @mon_count=0, @mon_mutex=#<Mutex:0x007f78ca560de8>>>>
rack.multiprocess
false
rack.multithread
true
rack.request.cookie_hash
{}
rack.request.form_hash
{"utf8"=>"✓", "customer"=>{"credit_card"=>{"number"=>"5555555555554444", "expiration_month"=>"01", "expiration_year"=>"2015", "cvv"=>""}}, "tr_data"=>"5f5863ce86c02fc3be3d8882870eeb9d4a52f4b2|api_version=4&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bcompany%5D=&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bcountry_code_alpha2%5D=US&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bextended_address%5D=&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bfirst_name%5D=John&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Blast_name%5D=Doe&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Blocality%5D=Boston&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bpostal_code%5D=12345&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bregion%5D=MA&customer%5Bcredit_card%5D%5Bbilling_address%5D%5Bstreet_address%5D=1+Main+Street&customer%5Bcustom_fields%5D%5Bvat_number%5D=&customer%5Bfirst_name%5D=John&customer%5Blast_name%5D=Doe&kind=create_customer&public_key=xxx&redirect_url=http%3A%2F%2F127.0.0.1%3A58252%2Fsubscription%2Fconfirm%3Faccount_id%3D1&time=20151203032407"}
rack.request.form_input
#<StringIO:0x007f78b8582310>
rack.request.form_vars
utf8=%E2%9C%93&customer%5Bcredit_card%5D%5Bnumber%5D=5555555555554444&customer%5Bcredit_card%5D%5Bexpiration_month%5D=01&customer%5Bcredit_card%5D%5Bexpiration_year%5D=2015&customer%5Bcredit_card%5D%5Bcvv%5D=&tr_data=5f5863ce86c02fc3be3d8882870eeb9d4a52f4b2%7Capi_version%3D4%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Bcompany%255D%3D%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Bcountry_code_alpha2%255D%3DUS%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Bextended_address%255D%3D%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Bfirst_name%255D%3DJohn%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Blast_name%255D%3DDoe%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Blocality%255D%3DBoston%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Bpostal_code%255D%3D12345%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Bregion%255D%3DMA%26customer%255Bcredit_card%255D%255Bbilling_address%255D%255Bstreet_address%255D%3D1%2BMain%2BStreet%26customer%255Bcustom_fields%255D%255Bvat_number%255D%3D%26customer%255Bfirst_name%255D%3DJohn%26customer%255Blast_name%255D%3DDoe%26kind%3Dcreate_customer%26public_key%3Dxxx%26redirect_url%3Dhttp%253A%252F%252F127.0.0.1%253A58252%252Fsubscription%252Fconfirm%253Faccount_id%253D1%26time%3D20151203032407
rack.request.query_hash
{}
rack.request.query_string
rack.run_once
false
rack.url_scheme
http
rack.version
[1, 3]
sinatra.accept
[#<Sinatra::Request::AcceptEntry:0x007f78cadb2488 @entry="text/html", @type="text/html", @params={}, @q=1.0>, #<Sinatra::Request::AcceptEntry:0x007f78cadb2230 @entry="application/xhtml+xml", @type="application/xhtml+xml", @params={}, @q=1.0>, #<Sinatra::Request::AcceptEntry:0x007f78cadb1d80 @entry="application/xml;q=0.9", @type="application/xml", @params={}, @q=0.9>, #<Sinatra::Request::AcceptEntry:0x007f78cadb1510 @entry="*/*;q=0.8", @type="*/*", @params={}, @q=0.8>]
sinatra.commonlogger
true
sinatra.route
POST /merchants/:merchant_id/transparent_redirect_requests
You're seeing this error because you have
enabled the show_exceptions setting.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment