anti_offensive_string 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b3328bf29438834b1be2bbcf20e696bfc5f1c825
4
+ data.tar.gz: 5ba983728fec080c611783a869ea137efd7842a9
5
+ SHA512:
6
+ metadata.gz: d6e6a77c8e506633ea3699dd6e3b07853683475cf8a62aa080933a58fd5759290b053cabbfc189ad97d19da2a4a03d3c39f7570428d723e88b437c6b942768cb
7
+ data.tar.gz: 0396ce0c977ad05f32846c688020a422fe605aa616e53e340af47e2716730fe34bbe5413e9f6a6fbe235f29a520de41df336a730ae2484003eaed98f943d1192
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in anti_offensive_string.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Shota Fukumori
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,61 @@
1
+ # AntiOffensiveString
2
+
3
+ Respond error for requests include some offensive string, that may crash browsers
4
+
5
+ http://techcrunch.com/2013/08/29/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps/
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ gem 'anti_offensive_string'
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install anti_offensive_string
20
+
21
+ ## Usage
22
+
23
+ ### Rails
24
+
25
+ ``` ruby
26
+ # config/application.rb
27
+
28
+ config.middleware.insert(0, AntiOffensiveString)
29
+ ```
30
+
31
+ ### Other
32
+
33
+ ``` ruby
34
+ # config.ru
35
+
36
+ use AntiOffensiveString
37
+ run ...
38
+ ```
39
+
40
+ ## Customize error response
41
+
42
+ ``` ruby
43
+ # respond with fixed value
44
+ AntiOffensiveString.error_response = [400, {'Content-Type' => "text/html"}, ['<h1>Error</h1>']]
45
+
46
+ # respond with block
47
+ AntiOffensiveString.on_offensive_request do |env|
48
+ p env # => rack env
49
+ [400, {'Content-Type' => "text/html"}, ['<h1>Error</h1>']]
50
+ end
51
+ ```
52
+
53
+ See also: http://rack.rubyforge.org/doc/SPEC.html
54
+
55
+ ## Contributing
56
+
57
+ 1. Fork it
58
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
59
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
60
+ 4. Push to the branch (`git push origin my-new-feature`)
61
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1 @@
1
+ require "bundler/gem_tasks"
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'anti_offensive_string/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "anti_offensive_string"
8
+ spec.version = AntiOffensiveString::VERSION
9
+ spec.authors = ["Shota Fukumori (sora_h)"]
10
+ spec.email = ["her@sorah.jp"]
11
+ spec.description = %q{Respond error for requests include some offensive string, that may crash browsers}
12
+ spec.summary = %q{Respond error for requests include some offensive string, that may crash browsers http://techcrunch.com/2013/08/29/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps/}
13
+ spec.homepage = "https://github.com/sorah/anti_offensive_string"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_dependency "rack"
22
+
23
+ spec.add_development_dependency "bundler"
24
+ spec.add_development_dependency "rake"
25
+ spec.add_development_dependency "minitest", '~> 5.0.6'
26
+ spec.add_development_dependency "rack-test"
27
+ end
@@ -0,0 +1,61 @@
1
+ require "anti_offensive_string/version"
2
+ require 'rack'
3
+ require 'stringio'
4
+
5
+ class AntiOffensiveString
6
+ class InsecureRequest < Exception; end
7
+
8
+ TARGET_REGEXPS = [
9
+ /\u0647\u0020\u0488\u0488\u0488|%D9%87[ +]%D2%88%D2%88%D2%88/
10
+ ].freeze
11
+ TARGET_REGEXPS.each(&:freeze)
12
+
13
+ DEFAULT_HANDLER = proc { [400, {'Content-Type' => 'text/plain'}, ['400 Bad Request']] }
14
+
15
+ class << self
16
+ def on_offensive_request(&block)
17
+ @handler = block
18
+ end
19
+
20
+ def handler=(proc_or_obj)
21
+ @handler = if proc_or_obj.kind_of?(Proc)
22
+ proc_or_obj
23
+ else
24
+ proc { proc_or_obj }
25
+ end
26
+ end
27
+
28
+ alias error_response= handler=
29
+
30
+ def handler
31
+ @handler ||= DEFAULT_HANDLER
32
+ end
33
+ end
34
+
35
+ def initialize(app)
36
+ @app = app
37
+ end
38
+
39
+ def call(env)
40
+ input = env['rack.input'].read
41
+ if TARGET_REGEXPS.any? { |r| r === input }
42
+ raise InsecureRequest
43
+ end
44
+
45
+ env.each do |k, v|
46
+ if v.kind_of?(String) && TARGET_REGEXPS.any? { |r| r === v }
47
+ raise InsecureRequest
48
+ end
49
+ end
50
+
51
+ begin
52
+ env['rack.input'].rewind
53
+ rescue Errno::ESPIPE
54
+ env['rack.input'] = StringIO.new(inpuit, "r")
55
+ end
56
+
57
+ @app.call(env)
58
+ rescue InsecureRequest
59
+ return self.class.handler.call(env)
60
+ end
61
+ end
@@ -0,0 +1,3 @@
1
+ class AntiOffensiveString
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1,87 @@
1
+ $:.unshift File.expand_path('../../lib', __FILE__)
2
+ gem 'minitest'
3
+ require "minitest/autorun"
4
+ require 'rack/test'
5
+ require 'anti_offensive_string'
6
+
7
+ class DummyApp
8
+ def initialize(*)
9
+ @called = false
10
+ end
11
+
12
+ def called?
13
+ @called
14
+ end
15
+
16
+ def call(env)
17
+ @called = true
18
+ [200, {"Content-Type" => "text/plain"}, [env['rack.input'] ? env['rack.input'].read : '']]
19
+ end
20
+ end
21
+
22
+ class AntiOffensiveStringTest < Minitest::Test
23
+ include Rack::Test::Methods
24
+
25
+ def setup
26
+ @dummy_app = DummyApp.new
27
+ @protector = AntiOffensiveString.new(@dummy_app)
28
+ end
29
+
30
+ def app
31
+ @protector
32
+ end
33
+
34
+ def test_offensive_input
35
+ post "/", "%D9%87 %D2%88%D2%88%D2%88"
36
+
37
+ refute @dummy_app.called?
38
+ assert_equal 400, last_response.status
39
+ end
40
+
41
+ def test_normal_input
42
+ post "/", "hola"
43
+
44
+ assert @dummy_app.called?
45
+ assert_equal 200, last_response.status
46
+ assert_equal 'hola', last_response.body
47
+ end
48
+
49
+ def test_offensive_query
50
+ get "?offensive=%D9%87+%D2%88%D2%88%D2%88"
51
+
52
+ refute @dummy_app.called?
53
+ assert_equal 400, last_response.status
54
+ end
55
+
56
+ def test_normal_params
57
+ get "?normal=hola"
58
+
59
+ assert @dummy_app.called?
60
+ assert_equal 200, last_response.status
61
+ end
62
+
63
+ def test_error_response
64
+ AntiOffensiveString.error_response = [400, {}, "handled"]
65
+ post "/", "%D9%87 %D2%88%D2%88%D2%88"
66
+
67
+ refute @dummy_app.called?
68
+ assert_equal 400, last_response.status
69
+ assert_equal "handled", last_response.body
70
+ ensure
71
+ AntiOffensiveString.handler = AntiOffensiveString::DEFAULT_HANDLER
72
+ end
73
+
74
+ def test_handler
75
+ AntiOffensiveString.on_offensive_request do |env|
76
+ [400, {}, "handled2#{env["PATH_INFO"]}"]
77
+ end
78
+
79
+ post "/", "%D9%87 %D2%88%D2%88%D2%88"
80
+
81
+ refute @dummy_app.called?
82
+ assert_equal 400, last_response.status
83
+ assert_equal "handled2/", last_response.body
84
+ ensure
85
+ AntiOffensiveString.handler = AntiOffensiveString::DEFAULT_HANDLER
86
+ end
87
+ end
metadata ADDED
@@ -0,0 +1,126 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: anti_offensive_string
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Shota Fukumori (sora_h)
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2013-08-30 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - '>='
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '>='
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - '>='
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - '>='
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - '>='
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: minitest
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ~>
60
+ - !ruby/object:Gem::Version
61
+ version: 5.0.6
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ~>
67
+ - !ruby/object:Gem::Version
68
+ version: 5.0.6
69
+ - !ruby/object:Gem::Dependency
70
+ name: rack-test
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - '>='
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ description: Respond error for requests include some offensive string, that may crash
84
+ browsers
85
+ email:
86
+ - her@sorah.jp
87
+ executables: []
88
+ extensions: []
89
+ extra_rdoc_files: []
90
+ files:
91
+ - .gitignore
92
+ - Gemfile
93
+ - LICENSE.txt
94
+ - README.md
95
+ - Rakefile
96
+ - anti_offensive_string.gemspec
97
+ - lib/anti_offensive_string.rb
98
+ - lib/anti_offensive_string/version.rb
99
+ - test/anti_offensive_string_test.rb
100
+ homepage: https://github.com/sorah/anti_offensive_string
101
+ licenses:
102
+ - MIT
103
+ metadata: {}
104
+ post_install_message:
105
+ rdoc_options: []
106
+ require_paths:
107
+ - lib
108
+ required_ruby_version: !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - - '>='
111
+ - !ruby/object:Gem::Version
112
+ version: '0'
113
+ required_rubygems_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - '>='
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ requirements: []
119
+ rubyforge_project:
120
+ rubygems_version: 2.0.3
121
+ signing_key:
122
+ specification_version: 4
123
+ summary: Respond error for requests include some offensive string, that may crash
124
+ browsers http://techcrunch.com/2013/08/29/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps/
125
+ test_files:
126
+ - test/anti_offensive_string_test.rb