bot-away 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +7 -0
- data/History.txt +12 -2
- data/LICENSE +20 -0
- data/README.rdoc +124 -67
- data/Rakefile +57 -0
- data/VERSION +1 -0
- data/bot-away.gemspec +96 -0
- data/lib/bot-away.rb +67 -7
- data/lib/bot-away/action_dispatch/request.rb +20 -0
- data/lib/bot-away/action_view/helpers/instance_tag.rb +13 -4
- data/lib/bot-away/param_parser.rb +25 -12
- data/lib/bot-away/spinner.rb +0 -2
- data/spec/controllers/test_controller_spec.rb +82 -35
- data/spec/rspec_version.rb +19 -0
- data/spec/spec_helper.rb +103 -2
- data/spec/support/obfuscation_helper.rb +102 -47
- data/spec/support/rails/mock_logger.rb +21 -0
- data/spec/support/test_controller.rb +28 -0
- data/spec/{lib → views/lib}/action_view/helpers/instance_tag_spec.rb +28 -22
- data/spec/views/lib/disabled_for_spec.rb +101 -0
- data/spec/{lib/builder_spec.rb → views/lib/form_builder_spec.rb} +5 -12
- data/spec/{lib → views/lib}/param_parser_spec.rb +10 -4
- metadata +66 -32
- data/lib/bot-away/action_controller/request.rb +0 -19
- data/spec/support/controllers/test_controller.rb +0 -18
@@ -1,13 +1,5 @@
|
|
1
|
-
###
|
2
|
-
# The original implementation of BotAway extended ActionView::Helpers::FormBuilder, and these tests were written
|
3
|
-
# for it. This approach has since been abandoned in favor of a direct override of ActionView::Helpers::InstanceTag for
|
4
|
-
# reasons of efficiency. The FormBuilder tests have been kept around simply for an extra layer of functional testing.
|
5
|
-
###
|
6
|
-
|
7
1
|
require 'spec_helper'
|
8
2
|
|
9
|
-
class MockObject; attr_accessor :method_name; def initialize; @method_name = 'method_value'; end; end
|
10
|
-
|
11
3
|
describe ActionView::Helpers::FormBuilder do
|
12
4
|
subject { builder }
|
13
5
|
|
@@ -26,7 +18,7 @@ describe ActionView::Helpers::FormBuilder do
|
|
26
18
|
|
27
19
|
it "should not obfuscate names that have been explicitly ignored" do
|
28
20
|
BotAway.accepts_unfiltered_params 'method_name'
|
29
|
-
builder.text_field('method_name').should_not match(/name="
|
21
|
+
builder.text_field('method_name').should_not match(/name="#{obfuscated_name}/)
|
30
22
|
BotAway.unfiltered_params.delete 'method_name'
|
31
23
|
end
|
32
24
|
|
@@ -39,7 +31,7 @@ describe ActionView::Helpers::FormBuilder do
|
|
39
31
|
#grouped_collection_select(method, collection, group_method, group_label_method, option_key_method,
|
40
32
|
# option_value_method, options = {}, html_options = {})
|
41
33
|
obfuscates(:grouped_collection_select) do
|
42
|
-
builder.grouped_collection_select method_name, [MockObject.new],
|
34
|
+
builder.grouped_collection_select method_name, [MockObject.new], object_name, method_name, method_name, :to_s
|
43
35
|
end
|
44
36
|
|
45
37
|
#time_zone_select(method, priority_zones = nil, options = {}, html_options = {})
|
@@ -51,13 +43,14 @@ describe ActionView::Helpers::FormBuilder do
|
|
51
43
|
obfuscates(field) { builder.send(field, method_name) }
|
52
44
|
end
|
53
45
|
|
54
|
-
obfuscates(:radio_button,
|
46
|
+
obfuscates(:radio_button, RAILS_VERSION >= "3.0" ? "767c870add970ab6d64803043c4ccfbb" :
|
47
|
+
"53640013be550817d040597218884288") { builder.radio_button method_name, :value }
|
55
48
|
|
56
49
|
context "#label" do
|
57
50
|
subject { dump { builder.label(method_name) } }
|
58
51
|
|
59
52
|
it "links labels to their obfuscated elements" do
|
60
|
-
subject.should match(/for=\"
|
53
|
+
subject.should match(/for=\"#{obfuscated_id}\"/)
|
61
54
|
end
|
62
55
|
end
|
63
56
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
1
3
|
describe BotAway::ParamParser do
|
2
4
|
def params(honeypots)
|
3
5
|
@params = { 'authenticity_token' => '1234',
|
@@ -13,7 +15,11 @@ describe BotAway::ParamParser do
|
|
13
15
|
@params = params('test' => { 'name' => '', 'posts' => [] })
|
14
16
|
end
|
15
17
|
|
16
|
-
subject {
|
18
|
+
subject { dump { BotAway::ParamParser.new(@ip, @params) } }
|
19
|
+
|
20
|
+
it "should default BotAway.dump_params => false" do
|
21
|
+
(!!BotAway.dump_params).should == false
|
22
|
+
end
|
17
23
|
|
18
24
|
context "with dump_params == true" do
|
19
25
|
before(:each) { BotAway.dump_params = true }
|
@@ -21,7 +27,7 @@ describe BotAway::ParamParser do
|
|
21
27
|
|
22
28
|
it "should dump params as debug to Rails logger" do
|
23
29
|
@params = { 'test' => "hello", :posts => [1] }
|
24
|
-
Rails.logger.should_receive(:debug).with(@params.inspect)
|
30
|
+
Rails.logger.should_receive(:debug).exactly(3).times #with(@params.inspect)
|
25
31
|
subject
|
26
32
|
end
|
27
33
|
end
|
@@ -48,7 +54,7 @@ describe BotAway::ParamParser do
|
|
48
54
|
|
49
55
|
context "with a filled honeypot" do
|
50
56
|
before(:each) { @params = params({'test' => {'name' => 'colin', 'posts' => []}}) }
|
51
|
-
subject {
|
57
|
+
subject { dump { BotAway::ParamParser.new(@ip, @params) } }
|
52
58
|
|
53
59
|
it "drops all parameters" do
|
54
60
|
subject.params.should == { "suspected_bot" => true }
|
@@ -57,7 +63,7 @@ describe BotAway::ParamParser do
|
|
57
63
|
|
58
64
|
context "with a filled sub-honeypot" do
|
59
65
|
before(:each) { @params = params({'test' => {'name' => '', 'posts' => [1, 2]}}) }
|
60
|
-
subject {
|
66
|
+
subject { dump { BotAway::ParamParser.new(@ip, @params) } }
|
61
67
|
|
62
68
|
it "drops all parameters" do
|
63
69
|
subject.params.should == { "suspected_bot" => true }
|
metadata
CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease: false
|
5
5
|
segments:
|
6
6
|
- 1
|
7
|
-
-
|
7
|
+
- 2
|
8
8
|
- 0
|
9
|
-
version: 1.
|
9
|
+
version: 1.2.0
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Colin MacKenzie IV
|
@@ -14,13 +14,14 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-
|
17
|
+
date: 2010-10-14 00:00:00 -04:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: actionpack
|
22
22
|
prerelease: false
|
23
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
none: false
|
24
25
|
requirements:
|
25
26
|
- - ">="
|
26
27
|
- !ruby/object:Gem::Version
|
@@ -35,6 +36,7 @@ dependencies:
|
|
35
36
|
name: sc-core-ext
|
36
37
|
prerelease: false
|
37
38
|
requirement: &id002 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
38
40
|
requirements:
|
39
41
|
- - ">="
|
40
42
|
- !ruby/object:Gem::Version
|
@@ -46,53 +48,70 @@ dependencies:
|
|
46
48
|
type: :runtime
|
47
49
|
version_requirements: *id002
|
48
50
|
- !ruby/object:Gem::Dependency
|
49
|
-
name:
|
51
|
+
name: jeweler
|
50
52
|
prerelease: false
|
51
53
|
requirement: &id003 !ruby/object:Gem::Requirement
|
54
|
+
none: false
|
52
55
|
requirements:
|
53
56
|
- - ">="
|
54
57
|
- !ruby/object:Gem::Version
|
55
58
|
segments:
|
56
|
-
-
|
57
|
-
- 0
|
59
|
+
- 1
|
58
60
|
- 4
|
59
|
-
|
61
|
+
- 0
|
62
|
+
version: 1.4.0
|
60
63
|
type: :development
|
61
64
|
version_requirements: *id003
|
62
65
|
- !ruby/object:Gem::Dependency
|
63
|
-
name:
|
66
|
+
name: rspec
|
64
67
|
prerelease: false
|
65
68
|
requirement: &id004 !ruby/object:Gem::Requirement
|
69
|
+
none: false
|
66
70
|
requirements:
|
67
71
|
- - ">="
|
68
72
|
- !ruby/object:Gem::Version
|
69
73
|
segments:
|
70
|
-
-
|
71
|
-
-
|
74
|
+
- 1
|
75
|
+
- 3
|
72
76
|
- 0
|
73
|
-
version:
|
77
|
+
version: 1.3.0
|
74
78
|
type: :development
|
75
79
|
version_requirements: *id004
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
80
|
+
- !ruby/object:Gem::Dependency
|
81
|
+
name: rspec-rails
|
82
|
+
prerelease: false
|
83
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
84
|
+
none: false
|
85
|
+
requirements:
|
86
|
+
- - ">="
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
segments:
|
89
|
+
- 1
|
90
|
+
- 3
|
91
|
+
- 2
|
92
|
+
version: 1.3.2
|
93
|
+
type: :development
|
94
|
+
version_requirements: *id005
|
95
|
+
description: Unobtrusively detects form submissions made by spambots, and silently drops those submissions.
|
96
|
+
email: sinisterchipmunk@gmail.com
|
82
97
|
executables: []
|
83
98
|
|
84
99
|
extensions: []
|
85
100
|
|
86
101
|
extra_rdoc_files:
|
87
|
-
-
|
88
|
-
-
|
102
|
+
- LICENSE
|
103
|
+
- README.rdoc
|
89
104
|
files:
|
105
|
+
- .gitignore
|
90
106
|
- History.txt
|
107
|
+
- LICENSE
|
91
108
|
- Manifest.txt
|
92
109
|
- README.rdoc
|
93
110
|
- Rakefile
|
111
|
+
- VERSION
|
112
|
+
- bot-away.gemspec
|
94
113
|
- lib/bot-away.rb
|
95
|
-
- lib/bot-away/
|
114
|
+
- lib/bot-away/action_dispatch/request.rb
|
96
115
|
- lib/bot-away/action_view/helpers/instance_tag.rb
|
97
116
|
- lib/bot-away/param_parser.rb
|
98
117
|
- lib/bot-away/spinner.rb
|
@@ -100,27 +119,30 @@ files:
|
|
100
119
|
- script/destroy
|
101
120
|
- script/generate
|
102
121
|
- spec/controllers/test_controller_spec.rb
|
103
|
-
- spec/
|
104
|
-
- spec/lib/builder_spec.rb
|
105
|
-
- spec/lib/param_parser_spec.rb
|
122
|
+
- spec/rspec_version.rb
|
106
123
|
- spec/spec_helper.rb
|
107
|
-
- spec/support/controllers/test_controller.rb
|
108
124
|
- spec/support/honeypot_matcher.rb
|
109
125
|
- spec/support/obfuscation_helper.rb
|
110
126
|
- spec/support/obfuscation_matcher.rb
|
127
|
+
- spec/support/rails/mock_logger.rb
|
128
|
+
- spec/support/test_controller.rb
|
111
129
|
- spec/support/views/test/index.html.erb
|
112
130
|
- spec/support/views/test/model_form.html.erb
|
131
|
+
- spec/views/lib/action_view/helpers/instance_tag_spec.rb
|
132
|
+
- spec/views/lib/disabled_for_spec.rb
|
133
|
+
- spec/views/lib/form_builder_spec.rb
|
134
|
+
- spec/views/lib/param_parser_spec.rb
|
113
135
|
has_rdoc: true
|
114
|
-
homepage: http://
|
136
|
+
homepage: http://www.thoughtsincomputation.com
|
115
137
|
licenses: []
|
116
138
|
|
117
139
|
post_install_message:
|
118
140
|
rdoc_options:
|
119
|
-
- --
|
120
|
-
- README.rdoc
|
141
|
+
- --charset=UTF-8
|
121
142
|
require_paths:
|
122
143
|
- lib
|
123
144
|
required_ruby_version: !ruby/object:Gem::Requirement
|
145
|
+
none: false
|
124
146
|
requirements:
|
125
147
|
- - ">="
|
126
148
|
- !ruby/object:Gem::Version
|
@@ -128,6 +150,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
128
150
|
- 0
|
129
151
|
version: "0"
|
130
152
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
153
|
+
none: false
|
131
154
|
requirements:
|
132
155
|
- - ">="
|
133
156
|
- !ruby/object:Gem::Version
|
@@ -136,10 +159,21 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
136
159
|
version: "0"
|
137
160
|
requirements: []
|
138
161
|
|
139
|
-
rubyforge_project:
|
140
|
-
rubygems_version: 1.3.
|
162
|
+
rubyforge_project:
|
163
|
+
rubygems_version: 1.3.7
|
141
164
|
signing_key:
|
142
165
|
specification_version: 3
|
143
|
-
summary: Unobtrusively detects form submissions made by spambots, and silently drops those submissions
|
144
|
-
test_files:
|
145
|
-
|
166
|
+
summary: Unobtrusively detects form submissions made by spambots, and silently drops those submissions.
|
167
|
+
test_files:
|
168
|
+
- spec/controllers/test_controller_spec.rb
|
169
|
+
- spec/rspec_version.rb
|
170
|
+
- spec/spec_helper.rb
|
171
|
+
- spec/support/honeypot_matcher.rb
|
172
|
+
- spec/support/obfuscation_helper.rb
|
173
|
+
- spec/support/obfuscation_matcher.rb
|
174
|
+
- spec/support/rails/mock_logger.rb
|
175
|
+
- spec/support/test_controller.rb
|
176
|
+
- spec/views/lib/action_view/helpers/instance_tag_spec.rb
|
177
|
+
- spec/views/lib/disabled_for_spec.rb
|
178
|
+
- spec/views/lib/form_builder_spec.rb
|
179
|
+
- spec/views/lib/param_parser_spec.rb
|
@@ -1,19 +0,0 @@
|
|
1
|
-
class ActionController::Request < Rack::Request
|
2
|
-
def parameters_with_deobfuscation
|
3
|
-
@parameters ||= BotAway::ParamParser.new(ip, parameters_without_deobfuscation).params
|
4
|
-
end
|
5
|
-
|
6
|
-
class << self
|
7
|
-
def unfiltered_params(*keys)
|
8
|
-
unfiltered_params = instance_variable_get("@unfiltered_params") || instance_variable_set("@unfiltered_params", [])
|
9
|
-
unfiltered_params.concat keys.flatten.collect { |k| k.to_s }
|
10
|
-
unfiltered_params
|
11
|
-
end
|
12
|
-
|
13
|
-
alias_method :accepts_unfiltered_params, :unfiltered_params
|
14
|
-
end
|
15
|
-
|
16
|
-
delegate :accepts_unfiltered_params, :unfiltered_params, :to => :"self.class"
|
17
|
-
alias_method_chain :parameters, :deobfuscation
|
18
|
-
alias_method :params, :parameters
|
19
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
class Post
|
2
|
-
attr_reader :subject, :body, :subscribers
|
3
|
-
end
|
4
|
-
|
5
|
-
class TestController < ActionController::Base
|
6
|
-
view_paths << File.expand_path(File.join(File.dirname(__FILE__), "../views"))
|
7
|
-
|
8
|
-
def index
|
9
|
-
end
|
10
|
-
|
11
|
-
def model_form
|
12
|
-
@post = Post.new
|
13
|
-
end
|
14
|
-
|
15
|
-
def proc_form
|
16
|
-
render :text => params.to_yaml
|
17
|
-
end
|
18
|
-
end
|