coercive 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 867918b9a3ee09bdfc89a10e802032e229fdf4ab250f80727a68197f8144d615
-  data.tar.gz: 9d1dcfcc05db65d1669049c87f36bf9a252fe91ce68b9298a7578ce630aeae50
+  metadata.gz: 3eee84a8970b92e6b5d1b0e01e51a40c66cc0c7298b0fe37a6ea44aecd7b9064
+  data.tar.gz: 9504d35e8ce6376fd821110a15d079783f723af1ae78606fa7fd2e565c053487
 SHA512:
-  metadata.gz: 2dc34142c2553b747290451db7ca631dd12b31e9e7488502e4a54b3fc1cf372a7dd498c951498f8c3b86d519172bb879fb7f650e97448260dd8fad2c5c5c8662
-  data.tar.gz: 513cb240285c58fbf784d3a61fae066bf7c768836cdc06281357b92f8c7a62ad72ea2c0114f3ba6645da29b4ed01fbabff616f10db91f93b8194c587d2f9c623
+  metadata.gz: 41fef05cb7a8c6a1d2f9b7f0f3737d76c5756a36903d6e2c45d028fb539d4de50f9ac0720b07e4262b97df2ff187638e0cf6d5fef4692d470ddc9484e00a9b57
+  data.tar.gz: 94c3e1e38e740c7089d8913977fbd1feea04d1df592d918c76b46be18c53787c95d36fed451a39191781db63718a941f31d53b4ac56d960384e1e854ed4d6066

data/README.md

@@ -212,4 +212,45 @@ CoerceFoo.call("foo" => {"barrrr" => "0.1"})
 
 ### `uri`
 
-The `uri` coercion validates 
+The `uri` coercion function really showcases how it's very easy to build custom logic to validate and coerce any kind of input. `uri` is meant to verify IP and URLs and has a variety of options.
+
+```ruby
+module CoerceFoo
+  extend Coercive
+
+  attribute :foo, uri(string), optional
+end
+
+CoerceFoo.call("foo" => "http://github.com")
+# => {"foo"=>"http://github.com"}
+
+CoerceFoo.call("foo" => "not a url")
+# => Coercive::Error: {"foo"=>"not_valid"}
+```
+
+#### Requiring a specific URI schema
+
+The `schema_fn` option allows you to compose additional coercion functions to verify the schema.
+
+```ruby
+module CoerceFoo
+  extend Coercive
+
+  attribute :foo, uri(string, schema_fn: member(%w{http https})), optional
+end
+
+CoerceFoo.call("foo" => "https://github.com")
+# => {"foo"=>"https://github.com"}
+
+CoerceFoo.call("foo" => "ftp://github.com")
+# => Coercive::Error: {"foo"=>"unsupported_schema"}
+```
+
+#### Requiring URI elements
+
+There's a number of boolean options to enforce the presence of parts of a URI to be present. By default they're all false.
+
+* `require_path`: for example, `"https://github.com/Theorem"`
+* `require_port`: for example, `"https://github.com:433"`
+* `require_user`: for example, `"https://user@github.com"`
+* `require_password`: for example, `"https://:password@github.com"`

data/coercive.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "coercive"
-  s.version = "1.0.1"
+  s.version = "1.1.0"
   s.summary = "Coercive is a library to validate and coerce user input"
   s.description = s.summary
   s.authors = ["Joe McIlvain", "Lucas Tolchinsky"]

data/lib/coercive/uri.rb

@@ -3,27 +3,6 @@ require "uri"
 
 module Coercive
   module URI
-    # The IP ranges below are considered private and by default not permitted by the `uri`
-    # coercion function. To allow connecting to local services (in development, for example)
-    # users can set the `allow_private_ip` option, which ignores if the URI resolves to a public
-    # address or not.
-    PRIVATE_IP_RANGES = [
-      IPAddr.new("0.0.0.0/8"),       # Broadcasting to the current network. RFC 1700.
-      IPAddr.new("10.0.0.0/8"),      # Local private network. RFC 1918.
-      IPAddr.new("127.0.0.0/8"),     # Loopback addresses to the localhost. RFC 990.
-      IPAddr.new("169.254.0.0/16"),  # link-local addresses between two hosts on a single link. RFC 3927.
-      IPAddr.new("172.16.0.0/12"),   # Local private network. RFC 1918.
-      IPAddr.new("192.168.0.0/16"),  # Local private network. RFC 1918.
-      IPAddr.new("198.18.0.0/15"),   # Testing of inter-network communications between two separate subnets. RFC 2544.
-      IPAddr.new("198.51.100.0/24"), # Assigned as "TEST-NET-2" in RFC 5737.
-      IPAddr.new("203.0.113.0/24"),  # Assigned as "TEST-NET-3" in RFC 5737.
-      IPAddr.new("240.0.0.0/4"),     # Reserved for future use, as specified by RFC 6890
-      IPAddr.new("::1/128"),         # Loopback addresses to the localhost. RFC 5156.
-      IPAddr.new("2001:20::/28"),    # Non-routed IPv6 addresses used for Cryptographic Hash Identifiers. RFC 7343.
-      IPAddr.new("fc00::/7"),        # Unique Local Addresses (ULAs). RFC 1918.
-      IPAddr.new("fe80::/10"),       # link-local addresses between two hosts on a single link. RFC 3927.
-    ].freeze
-
     # Public DSL: Return a coercion function to coerce input to a URI.
     # Used when declaring an attribute. See documentation for attr_coerce_fns.
     #
@@ -34,8 +13,7 @@ module Coercive
     # require_user     - set true to make the URI user a required element
     # require_password - set true to make the URI password a required element
     def self.coerce_fn(string_coerce_fn, schema_fn: nil, require_path: false,
-            require_port: false, require_user: false, require_password: false,
-            allow_private_ip: false)
+            require_port: false, require_user: false, require_password: false)
       ->(input) do
         uri = begin
           ::URI.parse(string_coerce_fn.call(input))
@@ -44,7 +22,6 @@ module Coercive
         end
 
         fail Coercive::Error.new("no_host") unless uri.host
-        fail Coercive::Error.new("not_resolvable") unless allow_private_ip || resolvable_public_ip?(uri)
         fail Coercive::Error.new("no_path") if require_path && uri.path.empty?
         fail Coercive::Error.new("no_port") if require_port && !uri.port
         fail Coercive::Error.new("no_user") if require_user && !uri.user
@@ -61,40 +38,5 @@ module Coercive
         uri.to_s
       end
     end
-
-    # Internal: Return true if the given URI is resolvable to a non-private IP.
-    #
-    # uri - the URI to check.
-    def self.resolvable_public_ip?(uri)
-      begin
-        _, _, _, *resolved_addresses = Socket.gethostbyname(uri.host)
-      rescue SocketError
-        return false
-      end
-
-      resolved_addresses.none? do |bytes|
-        ip = ip_from_bytes(bytes)
-
-        ip.nil? || PRIVATE_IP_RANGES.any? { |range| range.include?(ip) }
-      end
-    end
-
-    # Internal: Return an IPAddr built from the given address bytes.
-    #
-    # bytes - the binary-encoded String returned by Socket.gethostbyname.
-    def self.ip_from_bytes(bytes)
-      octets = bytes.unpack("C*")
-
-      string =
-        if octets.length == 4 # IPv4
-          octets.join(".")
-        else # IPv6
-          octets.map { |i| "%02x" % i }.each_slice(2).map(&:join).join(":")
-        end
-
-      IPAddr.new(string)
-    rescue IPAddr::InvalidAddressError
-      nil
-    end
   end
 end

data/test/uri.rb

@@ -39,10 +39,6 @@ describe "Coercive::URI" do
       attribute :require_password,
         uri(string(min: 1, max: 255), require_password: true),
         optional
-
-      attribute :allow_private_ip,
-        uri(string(min: 1, max: 255), allow_private_ip: true),
-        optional
     end
   end
 
@@ -127,61 +123,12 @@ describe "Coercive::URI" do
     assert_coercion_error(expected_errors) { @coercion.call(attributes) }
   end
 
-  Coercive::URI::PRIVATE_IP_RANGES.each do |range|
-    range = range.to_range
-    first = range.first
-    last  = range.last
-    first = first.ipv6? ? "[#{first}]" : first.to_s
-    last  = last.ipv6?  ? "[#{last}]"  : last.to_s
-
-    it "errors when the URI host is an IP in the range #{first}..#{last}" do
-      attributes_first = { "schema" => "http://#{first}/path" }
-      attributes_last  = { "schema" => "http://#{last}/path" }
-      expected_errors  = { "schema" => "not_resolvable" }
-
-      assert_coercion_error(expected_errors) { @coercion.call(attributes_first) }
-      assert_coercion_error(expected_errors) { @coercion.call(attributes_last) }
-    end
-
-    it "allows overriding private IP address checks" do
-      attributes_first = { "allow_private_ip" => "http://#{first}/path" }
-      attributes_last  = { "allow_private_ip" => "http://#{last}/path" }
-
-      assert_equal attributes_first, @coercion.call(attributes_first)
-      assert_equal attributes_last,  @coercion.call(attributes_last)
-    end
-  end
-
-  it "errors when the URI host is not resolvable" do
-    attributes = {
-      "schema" => "http://bogus-host-that-cant-possibly-exist-here/path"
-    }
-
-    expected_errors = { "schema" => "not_resolvable" }
-
-    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
-  end
-
-  it "errors when the URI host resolves to an IP in a private range" do
-    attributes = { "schema" => "http://localhost/path" }
-
-    expected_errors = { "schema" => "not_resolvable" }
-
-    assert_coercion_error(expected_errors) { @coercion.call(attributes) }
-  end
-
-  it "allows a URI host to be IP that isn't in a private range" do
+  it "allows a URI host to be an IP" do
     attributes = { "schema" => "http://8.8.8.8/path" }
 
     assert_equal attributes, @coercion.call(attributes)
   end
 
-  it "allows a URI host that resolves to an IP not in a private range" do
-    attributes = { "schema" => "http://www.example.com/path" }
-
-    assert_equal attributes, @coercion.call(attributes)
-  end
-
   it "allows a URI with no explicit path component" do
     attributes = { "schema" => "http://www.example.com" }
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: coercive
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Joe McIlvain
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-05 00:00:00.000000000 Z
+date: 2020-08-13 00:00:00.000000000 Z
 dependencies: []
 description: Coercive is a library to validate and coerce user input
 email: