activesupport 3.2.22 → 3.2.22.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activesupport might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/active_support/security_utils.rb +27 -0
  3. data/lib/active_support/version.rb +1 -1
  4. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a9430f2c7b260f6a3e92fcb72a6bc1f24e4e05e6
4
- data.tar.gz: 91faa7710848ad3250e152c3964d67ff59cababe
3
+ metadata.gz: 6aa4131e5399a33514ac3a65716499454d69b3c1
4
+ data.tar.gz: 313c081fa4954981623e6e5cfa5f9ecd8e30ed5a
5
5
  SHA512:
6
- metadata.gz: e686c722964e68bb04fc372ec3759089d1fd82dc8193a18aae6c71b9bb5901f0d27bd46e1a69980b9a6fe5b464d6627b37cbd1708ff58ba0b11550d3ddb31470
7
- data.tar.gz: 37129f462c828e4fb7a887c1a30368601c3340028255f6366a51f7de1ec06dbcf67d637aa8cb0f0fe50d472a3cc6b6c768bcd24d4be648496ba27a4020bd3106
6
+ metadata.gz: 5d72b1331458064eb84814da1f2eb43827bb1b1697784edb4646a7fc2ef86cab5e759c087c6e8396b746391aea63ddde5d710cc7e25a655b44422145714dbc24
7
+ data.tar.gz: c30d3076e4445f889ffe0bf13f94c01b00bc6502521722f02482bb130edd150a6c4ad3f756aa35586280bcaba3c2b80f9057cb4a844e57bea0b53452751b108b
data/lib/active_support/security_utils.rb ADDED
@@ -0,0 +1,27 @@
1
+ require 'digest'
2
+
3
+ module ActiveSupport
4
+ module SecurityUtils
5
+ # Constant time string comparison.
6
+ #
7
+ # The values compared should be of fixed length, such as strings
8
+ # that have already been processed by HMAC. This should not be used
9
+ # on variable length plaintext strings because it could leak length info
10
+ # via timing attacks.
11
+ def secure_compare(a, b)
12
+ return false unless a.bytesize == b.bytesize
13
+
14
+ l = a.unpack "C#{a.bytesize}"
15
+
16
+ res = 0
17
+ b.each_byte { |byte| res |= byte ^ l.shift }
18
+ res == 0
19
+ end
20
+ module_function :secure_compare
21
+
22
+ def variable_size_secure_compare(a, b) # :nodoc:
23
+ secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))
24
+ end
25
+ module_function :variable_size_secure_compare
26
+ end
27
+ end
data/lib/active_support/version.rb CHANGED
@@ -3,7 +3,7 @@ module ActiveSupport
3
3
  MAJOR = 3
4
4
  MINOR = 2
5
5
  TINY = 22
6
- PRE = nil
6
+ PRE = "1"
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
9
9
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activesupport
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.22
4
+ version: 3.2.22.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-16 00:00:00.000000000 Z
11
+ date: 2016-01-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: i18n
@@ -235,6 +235,7 @@ files:
235
235
  - lib/active_support/railtie.rb
236
236
  - lib/active_support/rescuable.rb
237
237
  - lib/active_support/ruby/shim.rb
238
+ - lib/active_support/security_utils.rb
238
239
  - lib/active_support/string_inquirer.rb
239
240
  - lib/active_support/tagged_logging.rb
240
241
  - lib/active_support/test_case.rb
@@ -287,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
287
288
  version: '0'
288
289
  requirements: []
289
290
  rubyforge_project:
290
- rubygems_version: 2.4.5
291
+ rubygems_version: 2.5.1
291
292
  signing_key:
292
293
  specification_version: 4
293
294
  summary: A toolkit of support libraries and Ruby core extensions extracted from the