Naming conflict with sinatra-support causes exception when using Sinatra::UserAgentHelpers

[anglinb]

tl;dr An optional package that provides helpers for Sinatra implements a class called UserAgent which conflicts with the useragent gem that secureheaders relies on. This causes an exception leading to a 500.

---

Bug Report

Error: ArgumentError: wrong number of arguments (given 3, expected 1)

Expected outcome

Describe what you expected to happen

• I expected to be able to use Sinatra with sinatra-support and secureheadres.

Actual outcome

• I encountered an exception resulting in a 500 on every request that leveraged Sinatra::UserAgentHelpers and SecureHeaders::Middleware

Config

• I am using the default config.

Generated headers

• N/A - Got a 500

Example Code

require 'secure_headers'
require 'sinatra'
require 'sinatra/support'

set :bind, '0.0.0.0'

SecureHeaders::Configuration.default

class App < Sinatra::Base
  helpers Sinatra::UserAgentHelpers
  use SecureHeaders::Middleware

  # Config to get a stack trace
  configure do
    set :dump_errors, false
    set :raise_errors, true
    set :show_exceptions, false
  end

  get '/' do
    "OK"
  end
end

Gemfile

source "https://rubygems.org"

gem "sinatra", "~> 1.4.7"
gem "sinatra-support", "~> 1.2.2"
gem "secure_headers", "~> 3.5.1"
gem "unicorn", "~> 5.1.0"

Stack Trace

127.0.0.1 - - [23/Jun/2017:13:50:21 -0700] "GET / HTTP/1.1" 500 138041 0.0266
ArgumentError: wrong number of arguments (given 3, expected 1)
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sinatra-support-1.2.2/lib/sinatra/support/useragenthelpers.rb:37:in `initialize'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/useragent-0.16.8/lib/user_agent.rb:24:in `new'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/useragent-0.16.8/lib/user_agent.rb:24:in `parse'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/secure_headers-3.5.1/lib/secure_headers.rb:166:in `header_hash_for'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/secure_headers-3.5.1/lib/secure_headers/middleware.rb:20:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/nulllogger.rb:9:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/head.rb:13:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sinatra-1.4.8/lib/sinatra/base.rb:182:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sinatra-1.4.8/lib/sinatra/base.rb:2013:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in `block in call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sinatra-1.4.8/lib/sinatra/base.rb:1787:in `synchronize'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/tempfile_reaper.rb:15:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/lint.rb:49:in `_call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/lint.rb:37:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/showexceptions.rb:24:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/commonlogger.rb:33:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sinatra-1.4.8/lib/sinatra/base.rb:219:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/chunked.rb:54:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/rack-1.6.8/lib/rack/content_length.rb:15:in `call'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/unicorn-5.1.0/lib/unicorn/http_server.rb:562:in `process_client'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/unicorn-5.1.0/lib/unicorn/http_server.rb:658:in `worker_loop'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/unicorn-5.1.0/lib/unicorn/http_server.rb:508:in `spawn_missing_workers'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/unicorn-5.1.0/lib/unicorn/http_server.rb:132:in `start'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/unicorn-5.1.0/bin/unicorn:126:in `<top (required)>'
        /Users/github/.rbenv/versions/2.4.0/bin/unicorn:22:in `load'
        /Users/github/.rbenv/versions/2.4.0/bin/unicorn:22:in `<top (required)>'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/cli/exec.rb:74:in `load'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/cli/exec.rb:74:in `kernel_load'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/cli/exec.rb:27:in `run'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/cli.rb:360:in `exec'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/vendor/thor/lib/thor.rb:369:in `dispatch'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/cli.rb:20:in `dispatch'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/vendor/thor/lib/thor/base.rb:444:in `start'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/cli.rb:10:in `start'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/exe/bundle:35:in `block in <top (required)>'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/lib/bundler/friendly_errors.rb:121:in `with_friendly_errors'
        /Users/github/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/bundler-1.15.1/exe/bundle:27:in `<top (required)>'
        /Users/github/.rbenv/versions/2.4.0/bin/bundle:22:in `load'
        /Users/github/.rbenv/versions/2.4.0/bin/bundle:22:in `<main>'

Fix

If you don't really need to use Sinatra::UserAgentHelpers don't and this error will go away. Could also change the sinatra-support gem to namespace their UserAgent class.

[jacobbednarz]

Could also change the sinatra-support gem to namespace their UserAgent class.

This sounds like the correct place to do it since secureheaders is just using an existing (and correctly namespaced) gem for this functionality.

[anglinb]

@jacobbednarz Agreed. Doesn't look the library is very active but I submitted a PR anyways. Closing this issue for now. Will update this if sinatra-support gets updated.

[jacobbednarz]

appreciate it! 🙇