Avoid mutating global STDOUT & STDERR (#1837)

[MitchLewis930]

User description

PR_051

---

PR Type

Bug fix

---

Description

• Duplicate stdout/stderr to prevent global mutation

• Update tests to verify duplication behavior

• Ensure sync flag independence between instances

---

Diagram Walkthrough

flowchart LR
  A["Global STDOUT/STDERR"] -->|dup| B["Puma::Events @stdout/@stderr"]
  B -->|independent sync flag| C["Prevents global mutation"]
  D["Test verification"] -->|inspect comparison| E["Validates duplication"]
  F["Subprocess capture"] -->|instance variable| G["Restores reference"]

Loading

File Walkthrough

	Relevant files
Bug fix	events.rb Duplicate stdout/stderr to avoid global mutation                  lib/puma/events.rb Changed @stdout and @stderr assignments to use .dup method Prevents mutations to global STDOUT/STDERR objects Maintains separate Ruby object instances while referencing same file handle +2/-2
Tests	test_events.rb Update tests for stdout/stderr duplication                              test/test_events.rb Removed assertion checking stdout/stderr equality in null test Updated stdio test to compare inspect output instead of object equality Added new test test_stdio_respects_sync to verify sync flag independence Ensures duped objects maintain separate sync state from globals +11/-3    test_tcp_logger.rb Restore stdout reference for subprocess capture                    test/test_tcp_logger.rb Added instance variable assignment to restore original stdout reference Ensures capture_subprocess_io can access logger output correctly Maintains test compatibility with duped stdout behavior +1/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Unhandled dup failure: The new .dup calls on stdout/stderr could raise (e.g., if a non-duplicable IO-like object is passed) and there is no explicit handling or fallback visible in the diff. Referred Code @stdout = stdout.dup @stderr = stderr.dup Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Avoid crash by checking for dup To prevent a potential NoMethodError, check if stdout and stderr respond to the dup method before calling it, falling back to the original object if they do not. lib/puma/events.rb [32-33] -@stdout = stdout.dup -@stderr = stderr.dup +@stdout = stdout.respond_to?(:dup) ? stdout.dup : stdout +@stderr = stderr.respond_to?(:dup) ? stderr.dup : stderr Apply / Chat Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a NoMethodError bug introduced by the PR when using IO-like objects that do not implement dup, such as Puma::NullIO, and provides a robust fix.	High
General	Initialize logger with correct output streams Refactor the test by initializing Puma::Events with $stdout and $stderr instead of STDOUT and STDERR, which eliminates the need for the instance_variable_set workaround. test/test_tcp_logger.rb [20-21] -logger = Puma::Events.new(STDOUT, STDERR) -logger.instance_variable_set(:@stdout, $stdout) # ensure capture_process_io has access to the loggers output +logger = Puma::Events.new($stdout, $stderr) Apply / Chat Suggestion importance[1-10]: 7 __ Why: This suggestion significantly improves the test code's clarity and robustness by replacing a brittle instance_variable_set hack with a much cleaner approach of initializing the logger with the correct, redirectable streams ($stdout, $stderr).	Medium
More