bot-away 2.0.0 → 2.0.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -3,12 +3,16 @@ rvm:
3
3
  - 1.9.2
4
4
  - 1.9.3
5
5
  - ree
6
- - jruby
6
+ # rails 3.2 doesn't build on these right now
7
+ # TODO enable again when rails 3.2 works
8
+ # - jruby
9
+ # - rbx-2.0
7
10
  - ruby-head
8
- - rbx-2.0
9
11
 
10
12
  gemfile:
11
13
  # No longer developing against Rails 2.3
12
14
  # - gemfiles/Gemfile.rails-2.3.x
13
15
  - gemfiles/Gemfile.rails-3.0.x
14
16
  - gemfiles/Gemfile.rails-3.1.x
17
+ - gemfiles/Gemfile.rails-3.1.1
18
+ - gemfiles/Gemfile.rails-3.2.x
@@ -1,3 +1,9 @@
1
+ === 2.0.1 2012-01-20
2
+ * Bugfix
3
+ * Params always emty (#2). In certain situations, BotAway would prefill the request.parameters hash and this
4
+ was conflicting with Rails because once the parameters hash exists, Rails won't add path parameters (such
5
+ as :id) to it. Now, BotAway checks request.POST directly so that Rails can fill request.parameters as usual.
6
+
1
7
  === 2.0.0 2012-01-13
2
8
  * Bumped major version number to signify that the version for Rails v2.x is no longer under active development.
3
9
  Use v1.2.x under Rails 2. BotAway now officially supports only Rails 3.0.x and up.
@@ -0,0 +1,8 @@
1
+ source "http://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in bot-away.gemspec
4
+ gemspec :path => ".."
5
+
6
+ gem 'rails', '= 3.1.1'
7
+ gem 'rspec', '~> 2.6.0'
8
+ gem 'rspec-rails', '~> 2.6.1'
@@ -0,0 +1,131 @@
1
+ PATH
2
+ remote: /Users/colin/projects/gems/bot-away
3
+ specs:
4
+ bot-away (2.0.0)
5
+ actionpack (>= 2.3.5)
6
+
7
+ GEM
8
+ remote: http://rubygems.org/
9
+ specs:
10
+ actionmailer (3.1.1)
11
+ actionpack (= 3.1.1)
12
+ mail (~> 2.3.0)
13
+ actionpack (3.1.1)
14
+ activemodel (= 3.1.1)
15
+ activesupport (= 3.1.1)
16
+ builder (~> 3.0.0)
17
+ erubis (~> 2.7.0)
18
+ i18n (~> 0.6)
19
+ rack (~> 1.3.2)
20
+ rack-cache (~> 1.1)
21
+ rack-mount (~> 0.8.2)
22
+ rack-test (~> 0.6.1)
23
+ sprockets (~> 2.0.2)
24
+ activemodel (3.1.1)
25
+ activesupport (= 3.1.1)
26
+ builder (~> 3.0.0)
27
+ i18n (~> 0.6)
28
+ activerecord (3.1.1)
29
+ activemodel (= 3.1.1)
30
+ activesupport (= 3.1.1)
31
+ arel (~> 2.2.1)
32
+ tzinfo (~> 0.3.29)
33
+ activeresource (3.1.1)
34
+ activemodel (= 3.1.1)
35
+ activesupport (= 3.1.1)
36
+ activesupport (3.1.1)
37
+ multi_json (~> 1.0)
38
+ arel (2.2.1)
39
+ builder (3.0.0)
40
+ capybara (1.1.2)
41
+ mime-types (>= 1.16)
42
+ nokogiri (>= 1.3.3)
43
+ rack (>= 1.0.0)
44
+ rack-test (>= 0.5.4)
45
+ selenium-webdriver (~> 2.0)
46
+ xpath (~> 0.1.4)
47
+ childprocess (0.3.0)
48
+ ffi (~> 1.0.6)
49
+ diff-lcs (1.1.3)
50
+ erubis (2.7.0)
51
+ ffi (1.0.11)
52
+ hike (1.2.1)
53
+ i18n (0.6.0)
54
+ json (1.6.5)
55
+ mail (2.3.0)
56
+ i18n (>= 0.4.0)
57
+ mime-types (~> 1.16)
58
+ treetop (~> 1.4.8)
59
+ mime-types (1.17.2)
60
+ multi_json (1.0.4)
61
+ nokogiri (1.5.0)
62
+ polyglot (0.3.3)
63
+ rack (1.3.6)
64
+ rack-cache (1.1)
65
+ rack (>= 0.4)
66
+ rack-mount (0.8.3)
67
+ rack (>= 1.0.0)
68
+ rack-ssl (1.3.2)
69
+ rack
70
+ rack-test (0.6.1)
71
+ rack (>= 1.0)
72
+ rails (3.1.1)
73
+ actionmailer (= 3.1.1)
74
+ actionpack (= 3.1.1)
75
+ activerecord (= 3.1.1)
76
+ activeresource (= 3.1.1)
77
+ activesupport (= 3.1.1)
78
+ bundler (~> 1.0)
79
+ railties (= 3.1.1)
80
+ railties (3.1.1)
81
+ actionpack (= 3.1.1)
82
+ activesupport (= 3.1.1)
83
+ rack-ssl (~> 1.3.2)
84
+ rake (>= 0.8.7)
85
+ rdoc (~> 3.4)
86
+ thor (~> 0.14.6)
87
+ rake (0.9.2.2)
88
+ rdoc (3.12)
89
+ json (~> 1.4)
90
+ rspec (2.6.0)
91
+ rspec-core (~> 2.6.0)
92
+ rspec-expectations (~> 2.6.0)
93
+ rspec-mocks (~> 2.6.0)
94
+ rspec-core (2.6.4)
95
+ rspec-expectations (2.6.0)
96
+ diff-lcs (~> 1.1.2)
97
+ rspec-mocks (2.6.0)
98
+ rspec-rails (2.6.1)
99
+ actionpack (~> 3.0)
100
+ activesupport (~> 3.0)
101
+ railties (~> 3.0)
102
+ rspec (~> 2.6.0)
103
+ rubyzip (0.9.5)
104
+ selenium-webdriver (2.17.0)
105
+ childprocess (>= 0.2.5)
106
+ ffi (~> 1.0.9)
107
+ multi_json (~> 1.0.4)
108
+ rubyzip
109
+ sprockets (2.0.3)
110
+ hike (~> 1.2)
111
+ rack (~> 1.0)
112
+ tilt (~> 1.1, != 1.3.0)
113
+ thor (0.14.6)
114
+ tilt (1.3.3)
115
+ treetop (1.4.10)
116
+ polyglot
117
+ polyglot (>= 0.3.1)
118
+ tzinfo (0.3.31)
119
+ xpath (0.1.4)
120
+ nokogiri (~> 1.3)
121
+
122
+ PLATFORMS
123
+ ruby
124
+
125
+ DEPENDENCIES
126
+ bot-away!
127
+ capybara (~> 1.1.2)
128
+ rails (= 3.1.1)
129
+ rake (~> 0.9.2)
130
+ rspec (~> 2.6.0)
131
+ rspec-rails (~> 2.6.1)
@@ -0,0 +1,8 @@
1
+ source "http://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in bot-away.gemspec
4
+ gemspec :path => ".."
5
+
6
+ gem 'rails', '~> 3.2.0.rc2'
7
+ gem 'rspec', '~> 2.6.0'
8
+ gem 'rspec-rails', '~> 2.6.1'
@@ -0,0 +1,129 @@
1
+ PATH
2
+ remote: /Users/colin/projects/gems/bot-away
3
+ specs:
4
+ bot-away (2.0.0)
5
+ actionpack (>= 2.3.5)
6
+
7
+ GEM
8
+ remote: http://rubygems.org/
9
+ specs:
10
+ actionmailer (3.2.0.rc2)
11
+ actionpack (= 3.2.0.rc2)
12
+ mail (~> 2.3.0)
13
+ actionpack (3.2.0.rc2)
14
+ activemodel (= 3.2.0.rc2)
15
+ activesupport (= 3.2.0.rc2)
16
+ builder (~> 3.0.0)
17
+ erubis (~> 2.7.0)
18
+ journey (~> 1.0.0.rc1)
19
+ rack (~> 1.4.0)
20
+ rack-cache (~> 1.1)
21
+ rack-test (~> 0.6.1)
22
+ sprockets (~> 2.1.2)
23
+ activemodel (3.2.0.rc2)
24
+ activesupport (= 3.2.0.rc2)
25
+ builder (~> 3.0.0)
26
+ activerecord (3.2.0.rc2)
27
+ activemodel (= 3.2.0.rc2)
28
+ activesupport (= 3.2.0.rc2)
29
+ arel (~> 3.0.0.rc1)
30
+ tzinfo (~> 0.3.29)
31
+ activeresource (3.2.0.rc2)
32
+ activemodel (= 3.2.0.rc2)
33
+ activesupport (= 3.2.0.rc2)
34
+ activesupport (3.2.0.rc2)
35
+ i18n (~> 0.6)
36
+ multi_json (~> 1.0)
37
+ arel (3.0.0)
38
+ builder (3.0.0)
39
+ capybara (1.1.2)
40
+ mime-types (>= 1.16)
41
+ nokogiri (>= 1.3.3)
42
+ rack (>= 1.0.0)
43
+ rack-test (>= 0.5.4)
44
+ selenium-webdriver (~> 2.0)
45
+ xpath (~> 0.1.4)
46
+ childprocess (0.3.0)
47
+ ffi (~> 1.0.6)
48
+ diff-lcs (1.1.3)
49
+ erubis (2.7.0)
50
+ ffi (1.0.11)
51
+ hike (1.2.1)
52
+ i18n (0.6.0)
53
+ journey (1.0.0)
54
+ json (1.6.5)
55
+ mail (2.3.0)
56
+ i18n (>= 0.4.0)
57
+ mime-types (~> 1.16)
58
+ treetop (~> 1.4.8)
59
+ mime-types (1.17.2)
60
+ multi_json (1.0.4)
61
+ nokogiri (1.5.0)
62
+ polyglot (0.3.3)
63
+ rack (1.4.0)
64
+ rack-cache (1.1)
65
+ rack (>= 0.4)
66
+ rack-ssl (1.3.2)
67
+ rack
68
+ rack-test (0.6.1)
69
+ rack (>= 1.0)
70
+ rails (3.2.0.rc2)
71
+ actionmailer (= 3.2.0.rc2)
72
+ actionpack (= 3.2.0.rc2)
73
+ activerecord (= 3.2.0.rc2)
74
+ activeresource (= 3.2.0.rc2)
75
+ activesupport (= 3.2.0.rc2)
76
+ bundler (~> 1.0)
77
+ railties (= 3.2.0.rc2)
78
+ railties (3.2.0.rc2)
79
+ actionpack (= 3.2.0.rc2)
80
+ activesupport (= 3.2.0.rc2)
81
+ rack-ssl (~> 1.3.2)
82
+ rake (>= 0.8.7)
83
+ rdoc (~> 3.4)
84
+ thor (~> 0.14.6)
85
+ rake (0.9.2.2)
86
+ rdoc (3.12)
87
+ json (~> 1.4)
88
+ rspec (2.6.0)
89
+ rspec-core (~> 2.6.0)
90
+ rspec-expectations (~> 2.6.0)
91
+ rspec-mocks (~> 2.6.0)
92
+ rspec-core (2.6.4)
93
+ rspec-expectations (2.6.0)
94
+ diff-lcs (~> 1.1.2)
95
+ rspec-mocks (2.6.0)
96
+ rspec-rails (2.6.1)
97
+ actionpack (~> 3.0)
98
+ activesupport (~> 3.0)
99
+ railties (~> 3.0)
100
+ rspec (~> 2.6.0)
101
+ rubyzip (0.9.5)
102
+ selenium-webdriver (2.17.0)
103
+ childprocess (>= 0.2.5)
104
+ ffi (~> 1.0.9)
105
+ multi_json (~> 1.0.4)
106
+ rubyzip
107
+ sprockets (2.1.2)
108
+ hike (~> 1.2)
109
+ rack (~> 1.0)
110
+ tilt (~> 1.1, != 1.3.0)
111
+ thor (0.14.6)
112
+ tilt (1.3.3)
113
+ treetop (1.4.10)
114
+ polyglot
115
+ polyglot (>= 0.3.1)
116
+ tzinfo (0.3.31)
117
+ xpath (0.1.4)
118
+ nokogiri (~> 1.3)
119
+
120
+ PLATFORMS
121
+ ruby
122
+
123
+ DEPENDENCIES
124
+ bot-away!
125
+ capybara (~> 1.1.2)
126
+ rails (~> 3.2.0.rc2)
127
+ rake (~> 0.9.2)
128
+ rspec (~> 2.6.0)
129
+ rspec-rails (~> 2.6.1)
@@ -2,7 +2,7 @@ require 'action_controller'
2
2
  require 'action_view'
3
3
 
4
4
  require 'bot-away/param_parser'
5
- require 'bot-away/action_dispatch/params_parser'
5
+ require 'bot-away/middleware'
6
6
  require 'bot-away/action_view/helpers/instance_tag'
7
7
  require 'bot-away/spinner'
8
8
  require 'bot-away/version'
@@ -0,0 +1,18 @@
1
+ module BotAway
2
+ class Middleware
3
+ def initialize(app)
4
+ @app = app
5
+ end
6
+
7
+ def call(env)
8
+ request = ActionDispatch::Request.new(env)
9
+
10
+ # ignore GET params
11
+ unless (post = request.POST).empty?
12
+ post.merge! BotAway::ParamParser.new(request.ip, post).params
13
+ end
14
+
15
+ @app.call env
16
+ end
17
+ end
18
+ end
@@ -7,4 +7,8 @@ class BotAway::Railtie < Rails::Engine
7
7
  else
8
8
  paths["config/locales"] = File.expand_path("../locale/honeypots.yml", File.dirname(__FILE__))
9
9
  end
10
+
11
+ initializer "bot_away.use_middleware" do |app|
12
+ app.middleware.use BotAway::Middleware
13
+ end
10
14
  end
@@ -2,7 +2,7 @@ module BotAway
2
2
  module Version
3
3
  MAJOR = 2
4
4
  MINOR = 0
5
- PATCH = 0
5
+ PATCH = 1
6
6
  BUILD = nil
7
7
 
8
8
  STRING = BUILD ? [MAJOR, MINOR, PATCH, BUILD].join('.') : [MAJOR, MINOR, PATCH].join('.')
@@ -0,0 +1,13 @@
1
+ require 'spec_helper'
2
+
3
+ describe "GET params" do
4
+ before do
5
+ visit '/tests/proc_form/1?one=1'
6
+ end
7
+
8
+ it "should show the params" do
9
+ page.body.should match(/id: ['"]1["']/)
10
+ page.body.should match(/one: ['"]1["']/)
11
+ page.should_not have_content("suspected_bot")
12
+ end
13
+ end
@@ -0,0 +1,49 @@
1
+ require 'spec_helper'
2
+
3
+ describe "PUT params" do
4
+ before do
5
+ visit '/tests/model_form/1'
6
+ end
7
+
8
+ describe "filling in a honeypot" do
9
+ before do
10
+ fill_in 'post[subject]', :with => "this is a subject"
11
+ click_button 'submit'
12
+ end
13
+
14
+ it "should be considered a bot" do
15
+ page.should have_content('suspected_bot')
16
+ end
17
+
18
+ it "should not include legit params" do
19
+ page.should_not have_content("subject:")
20
+ end
21
+
22
+ it "should drop data from the honeypots" do
23
+ page.should_not have_content("this is a subject")
24
+ end
25
+
26
+ it "should drop the hidden value" do
27
+ page.should_not have_content('hidden_value')
28
+ end
29
+ end
30
+
31
+ describe "filling in a legit field" do
32
+ before do
33
+ fill_in '00a1168ac1379bdbe9b59e678fe486b1', :with => "this is a subject"
34
+ click_button 'submit'
35
+ end
36
+
37
+ it "should include the hidden value" do
38
+ page.should have_content('hidden_value')
39
+ end
40
+
41
+ it "should have kept legit data" do
42
+ page.should have_content('this is a subject')
43
+ end
44
+
45
+ it "should not be considered a bot" do
46
+ page.should_not have_content('suspected_bot')
47
+ end
48
+ end
49
+ end
@@ -5,12 +5,15 @@ Bundler.setup
5
5
  ENV['RAILS_ENV'] = 'development'
6
6
 
7
7
  require 'rails'
8
- require 'active_support/secure_random'
8
+ require 'active_support'
9
9
  require 'action_controller/railtie'
10
10
  require 'action_mailer/railtie'
11
11
  require 'active_resource/railtie'
12
12
  require 'bot-away'
13
13
 
14
+ # only for Rails 3.0.x
15
+ begin; require 'active_support/secure_random'; rescue LoadError; end
16
+
14
17
  class BotAway::TestRailsApp < Rails::Application
15
18
  base = File.expand_path("test_rails_app", File.dirname(__FILE__))
16
19
  config.secret_token = "some secret phrase of at least 30 characters" * 30
@@ -22,10 +25,11 @@ class BotAway::TestRailsApp < Rails::Application
22
25
  config.paths.app.views = File.join(base, 'app/views')
23
26
  config.paths.config.locales = File.join(base, 'config/locales/bot-away-overrides.yml')
24
27
  end
28
+ config.action_dispatch.show_exceptions = false
25
29
  end
26
30
 
27
31
  BotAway::TestRailsApp.initialize!
28
- Rails.application.routes.draw { match '/:controller/:action' }
32
+ Rails.application.routes.draw { match '/:controller/:action(/:id)' }
29
33
  Rails.application.routes.finalize!
30
34
  Dir[File.expand_path('test_rails_app/**/*.rb', File.dirname(__FILE__))].each { |f| require f }
31
35
 
@@ -2,7 +2,7 @@ class TestsController < ActionController::Base
2
2
  protect_from_forgery
3
3
 
4
4
  def model_form
5
- @post = Post.new
5
+ @post = Post.new(:persisted => !!params[:id])
6
6
  end
7
7
 
8
8
  def proc_form
@@ -10,4 +10,12 @@ class Post
10
10
  def to_key
11
11
  [1]
12
12
  end
13
+
14
+ def persisted?
15
+ @persisted
16
+ end
17
+
18
+ def initialize(options = {})
19
+ @persisted = options.delete(:persisted)
20
+ end
13
21
  end
@@ -1,4 +1,6 @@
1
- <%= form_for @post, :url => url_for('proc_form') do |f| %>
1
+ <%= form_for @post, :url => url_for(:action => 'proc_form') do |f| %>
2
+ <input type="hidden" name="hidden_name" value="hidden_value" />
3
+
2
4
  <p>
3
5
  <%= f.label :subject %><br/>
4
6
  <%= f.text_field :subject %>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bot-away
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.0.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-01-14 00:00:00.000000000Z
12
+ date: 2012-01-20 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: actionpack
16
- requirement: &2156004240 !ruby/object:Gem::Requirement
16
+ requirement: &2153647860 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 2.3.5
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *2156004240
24
+ version_requirements: *2153647860
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: rake
27
- requirement: &2156001080 !ruby/object:Gem::Requirement
27
+ requirement: &2153647140 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ~>
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 0.9.2
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *2156001080
35
+ version_requirements: *2153647140
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: capybara
38
- requirement: &2155998940 !ruby/object:Gem::Requirement
38
+ requirement: &2153646660 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ~>
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: 1.1.2
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *2155998940
46
+ version_requirements: *2153646660
47
47
  description: Unobtrusively detects form submissions made by spambots, and silently
48
48
  drops those submissions.
49
49
  email:
@@ -64,11 +64,15 @@ files:
64
64
  - bot-away.gemspec
65
65
  - gemfiles/Gemfile.rails-3.0.x
66
66
  - gemfiles/Gemfile.rails-3.0.x.lock
67
+ - gemfiles/Gemfile.rails-3.1.1
68
+ - gemfiles/Gemfile.rails-3.1.1.lock
67
69
  - gemfiles/Gemfile.rails-3.1.x
68
70
  - gemfiles/Gemfile.rails-3.1.x.lock
71
+ - gemfiles/Gemfile.rails-3.2.x
72
+ - gemfiles/Gemfile.rails-3.2.x.lock
69
73
  - lib/bot-away.rb
70
- - lib/bot-away/action_dispatch/params_parser.rb
71
74
  - lib/bot-away/action_view/helpers/instance_tag.rb
75
+ - lib/bot-away/middleware.rb
72
76
  - lib/bot-away/param_parser.rb
73
77
  - lib/bot-away/railtie.rb
74
78
  - lib/bot-away/spinner.rb
@@ -86,7 +90,9 @@ files:
86
90
  - script/generate
87
91
  - spec/controllers/basic_form_view_spec.rb
88
92
  - spec/controllers/tests_controller_spec.rb
93
+ - spec/integration/get_with_params_spec.rb
89
94
  - spec/integration/params_post_spec.rb
95
+ - spec/integration/put_with_params_spec.rb
90
96
  - spec/lib/action_view/helpers/instance_tag_spec.rb
91
97
  - spec/lib/action_view/param_parser_spec.rb
92
98
  - spec/spec_helper.rb
@@ -124,7 +130,9 @@ summary: Unobtrusively detects form submissions made by spambots, and silently d
124
130
  test_files:
125
131
  - spec/controllers/basic_form_view_spec.rb
126
132
  - spec/controllers/tests_controller_spec.rb
133
+ - spec/integration/get_with_params_spec.rb
127
134
  - spec/integration/params_post_spec.rb
135
+ - spec/integration/put_with_params_spec.rb
128
136
  - spec/lib/action_view/helpers/instance_tag_spec.rb
129
137
  - spec/lib/action_view/param_parser_spec.rb
130
138
  - spec/spec_helper.rb
@@ -1,22 +0,0 @@
1
- require 'action_dispatch/middleware/params_parser'
2
-
3
- # We're overriding ActionDispatch::ParamsParser
4
- # instead of just attaching a custom param parser so that others' custom param parsers can do
5
- # their jobs without conflict. Also, overriding the parser allows us to deobfuscate all params,
6
- # not just the ones I'm smart enough to predict will be used.
7
- class ActionDispatch::ParamsParser
8
- def parse_formatted_parameters_with_deobfuscation(env)
9
- request = ActionDispatch::Request.new(env)
10
- params = parse_formatted_parameters_without_deobfuscation(env)
11
- if params
12
- BotAway::ParamParser.new(request.ip, params).params
13
- else
14
- request_parameters = request.parameters.dup
15
- request.parameters.clear
16
- request.parameters.merge! BotAway::ParamParser.new(request.ip, request_parameters).params
17
- params
18
- end
19
- end
20
-
21
- alias_method_chain :parse_formatted_parameters, :deobfuscation
22
- end