activesupport 4.1.14 → 4.1.14.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/active_support/callbacks.rb +1 -1
- data/lib/active_support/gem_version.rb +1 -1
- data/lib/active_support/security_utils.rb +27 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: af4674cf0e9c1dffb648e7eea1ee78a010964830
|
4
|
+
data.tar.gz: ed2df818a8e607aa96d1fe3c9c8629a070f33ae6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8d7301a93af6e2b7b016a1e8e46962d0754b71d54a9dcd1d74f33a78ff8882e1387dad714266d3dc6ef48a1eb57596d8b4cf0a6d3ebf4e4e1d15f7f04d74b13c
|
7
|
+
data.tar.gz: 85396f4c6cb6e6f4aaf75ea71cc8f1925375fa10edf04e2c9c065aca782bfab507a5867da985ee1bdb2a268613d180079a42bd86ccf92ce15fd67b3453b7b3da
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'digest'
|
2
|
+
|
3
|
+
module ActiveSupport
|
4
|
+
module SecurityUtils
|
5
|
+
# Constant time string comparison.
|
6
|
+
#
|
7
|
+
# The values compared should be of fixed length, such as strings
|
8
|
+
# that have already been processed by HMAC. This should not be used
|
9
|
+
# on variable length plaintext strings because it could leak length info
|
10
|
+
# via timing attacks.
|
11
|
+
def secure_compare(a, b)
|
12
|
+
return false unless a.bytesize == b.bytesize
|
13
|
+
|
14
|
+
l = a.unpack "C#{a.bytesize}"
|
15
|
+
|
16
|
+
res = 0
|
17
|
+
b.each_byte { |byte| res |= byte ^ l.shift }
|
18
|
+
res == 0
|
19
|
+
end
|
20
|
+
module_function :secure_compare
|
21
|
+
|
22
|
+
def variable_size_secure_compare(a, b) # :nodoc:
|
23
|
+
secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))
|
24
|
+
end
|
25
|
+
module_function :variable_size_secure_compare
|
26
|
+
end
|
27
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activesupport
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.1.14
|
4
|
+
version: 4.1.14.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-01-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: i18n
|
@@ -289,6 +289,7 @@ files:
|
|
289
289
|
- lib/active_support/rails.rb
|
290
290
|
- lib/active_support/railtie.rb
|
291
291
|
- lib/active_support/rescuable.rb
|
292
|
+
- lib/active_support/security_utils.rb
|
292
293
|
- lib/active_support/string_inquirer.rb
|
293
294
|
- lib/active_support/subscriber.rb
|
294
295
|
- lib/active_support/tagged_logging.rb
|
@@ -336,7 +337,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
336
337
|
version: '0'
|
337
338
|
requirements: []
|
338
339
|
rubyforge_project:
|
339
|
-
rubygems_version: 2.
|
340
|
+
rubygems_version: 2.5.1
|
340
341
|
signing_key:
|
341
342
|
specification_version: 4
|
342
343
|
summary: A toolkit of support libraries and Ruby core extensions extracted from the
|