firewall_constraint 0.0.2 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/.travis.yml +6 -0
- data/README.md +9 -1
- data/Rakefile +19 -1
- data/firewall_constraint.gemspec +3 -3
- data/lib/firewall_constraint.rb +25 -7
- data/lib/firewall_constraint/version.rb +1 -1
- data/spec/rails_app/app/controllers/dummy_controller.rb +8 -0
- data/spec/rails_app/config/routes.rb +8 -0
- data/spec/requests/dummy_controller_spec.rb +60 -0
- data/spec/spec_helper.rb +0 -1
- metadata +30 -36
- data/spec/rails_app/app/views/payment/info_for_cc.html.erb +0 -1
- data/spec/rails_app/app/views/payment/info_for_ec.html.erb +0 -1
- data/spec/rails_app/app/views/payment/process_cc_payment.html.erb +0 -1
- data/spec/rails_app/app/views/payment/process_from_session.html.erb +0 -1
data/.gitignore
CHANGED
data/.travis.yml
ADDED
data/README.md
CHANGED
@@ -24,6 +24,10 @@ config/routes.rb:
|
|
24
24
|
get 'dummy/blocked_by_dynamic' => 'dummy#blocked_by_dynamic'
|
25
25
|
end
|
26
26
|
|
27
|
+
constraints FirewallConstraint::Constraint.new(Proc.new{['127.0.0.1']}) do
|
28
|
+
get 'dummy/blocked_by_proc'
|
29
|
+
end
|
30
|
+
|
27
31
|
----
|
28
32
|
|
29
33
|
Uses a config file if ips not present in routes
|
@@ -33,4 +37,8 @@ config/firewall_constraint.yml:
|
|
33
37
|
test:
|
34
38
|
- 10.0.0.0/8
|
35
39
|
|
36
|
-
----
|
40
|
+
----
|
41
|
+
|
42
|
+
You should be able to do DB-based whitelisting using the Proc whitelisting and an activerecord lookup or something similar to:
|
43
|
+
|
44
|
+
constraints FirewallConstraint::Constraint.new(Proc.new{ValidIps.all.map{|x| x.ip}})
|
data/Rakefile
CHANGED
@@ -10,4 +10,22 @@ desc 'Run specs'
|
|
10
10
|
RSpec::Core::RakeTask.new(:spec) do |spec|
|
11
11
|
# spec.libs << 'lib' << 'spec'
|
12
12
|
# spec.spec_files = FileList['spec/**/*_spec.rb']
|
13
|
-
|
13
|
+
# spec.rcov = true
|
14
|
+
# spec.rcov_opts = %w{--rails --exclude osx\/objc,gems\/,spec\/,features\/}
|
15
|
+
end
|
16
|
+
|
17
|
+
task :cleanup_rcov_files do
|
18
|
+
rm_rf 'coverage'
|
19
|
+
end
|
20
|
+
|
21
|
+
desc "Run all examples using rcov"
|
22
|
+
RSpec::Core::RakeTask.new :rcov => :cleanup_rcov_files do |t|
|
23
|
+
t.rcov = true
|
24
|
+
t.rcov_opts = %[-Ilib -Ispec --exclude "gems/*,features"]
|
25
|
+
t.rcov_opts << %[--text-report --sort coverage --html]
|
26
|
+
end
|
27
|
+
|
28
|
+
# desc "Run all specs with rcov"
|
29
|
+
# RSpec::Core::RakeTask.new(:rcov => spec_prereq) do |t|
|
30
|
+
#
|
31
|
+
# end
|
data/firewall_constraint.gemspec
CHANGED
@@ -14,11 +14,11 @@ Gem::Specification.new do |s|
|
|
14
14
|
|
15
15
|
s.rubyforge_project = "firewallconstraint"
|
16
16
|
|
17
|
+
s.add_development_dependency(%q<rails>, ["3.0.5"])
|
17
18
|
s.add_dependency(%q<rails>, ["~> 3.0.0"])
|
18
19
|
s.add_dependency(%q<ipaddress>)
|
19
|
-
|
20
|
-
|
21
|
-
s.add_development_dependency(%q<rspec-rails>, [">= 2.5.0"])
|
20
|
+
s.add_development_dependency(%q<shoulda>, "~> 3.0.0")
|
21
|
+
s.add_development_dependency(%q<rspec-rails>, ["~> 2.5.0"])
|
22
22
|
|
23
23
|
s.files = `git ls-files`.split("\n")
|
24
24
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
data/lib/firewall_constraint.rb
CHANGED
@@ -2,17 +2,21 @@ module FirewallConstraint
|
|
2
2
|
require 'ipaddress'
|
3
3
|
class Constraint
|
4
4
|
def initialize(ips = [])
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
ips
|
5
|
+
if ips.respond_to? :call
|
6
|
+
@ips = ips
|
7
|
+
else
|
8
|
+
ips = [ips].flatten
|
9
|
+
@config = !ips.empty? ? ips :
|
10
|
+
YAML.load_file(Rails.root.join('config','firewall_constraint.yml'))[Rails.env]
|
11
|
+
|
9
12
|
|
10
|
-
|
13
|
+
@ips = @config
|
14
|
+
end
|
11
15
|
end
|
12
16
|
|
13
17
|
def matches?(request)
|
14
18
|
client_ip = IPAddress::parse(request.env["HTTP_X_FORWARDED_FOR"] ? request.env["HTTP_X_FORWARDED_FOR"] : request.remote_ip)
|
15
|
-
|
19
|
+
parsed_ips.each do |ip|
|
16
20
|
begin
|
17
21
|
return true if ip.include?(client_ip)
|
18
22
|
rescue NoMethodError => nme
|
@@ -20,6 +24,20 @@ module FirewallConstraint
|
|
20
24
|
end
|
21
25
|
false
|
22
26
|
end
|
27
|
+
|
28
|
+
def parsed_ips
|
29
|
+
cur_ips = ips
|
30
|
+
if cur_ips == @old_ips
|
31
|
+
@cached_parsed_ips
|
32
|
+
else
|
33
|
+
@old_ips = cur_ips
|
34
|
+
@cached_parsed_ips = cur_ips.map{|c| IPAddress::parse(c)}
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
38
|
+
|
39
|
+
def ips
|
40
|
+
@ips.respond_to?(:call) ? @ips.call : @ips
|
41
|
+
end
|
23
42
|
end
|
24
|
-
# Your code goes here...
|
25
43
|
end
|
@@ -11,4 +11,12 @@ RailsApp::Application.routes.draw do
|
|
11
11
|
end
|
12
12
|
|
13
13
|
root :to => 'dummy#index'
|
14
|
+
|
15
|
+
constraints FirewallConstraint::Constraint.new('fe80::d69a:20ff:fe0d:45fe') do
|
16
|
+
get 'dummy/blocked_by_ipv6'
|
17
|
+
end
|
18
|
+
|
19
|
+
constraints FirewallConstraint::Constraint.new(Proc.new{['127.0.0.1']}) do
|
20
|
+
get 'dummy/blocked_by_proc'
|
21
|
+
end
|
14
22
|
end
|
@@ -18,6 +18,56 @@ describe "dummy stuff" do
|
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
21
|
+
it 'should get procced constraint' do
|
22
|
+
get root_path, nil, "REMOTE_ADDR" => "127.0.0.1"
|
23
|
+
open_session do |sess|
|
24
|
+
sess.remote_addr = '127.0.0.1'
|
25
|
+
get '/dummy/blocked_by_proc'
|
26
|
+
response.should be_success
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
it 'should get ipv6 constraint' do
|
31
|
+
ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
|
32
|
+
get root_path, nil, "REMOTE_ADDR" => ipv6
|
33
|
+
open_session do |sess|
|
34
|
+
sess.remote_addr = ipv6
|
35
|
+
get '/dummy/blocked_by_ipv6'
|
36
|
+
response.should be_success
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
context 'given a bad ipv6 ip' do
|
41
|
+
around do |example|
|
42
|
+
ipv6 = 'fe80::d69a:20ff:fe0d:45ff'
|
43
|
+
get root_path, nil, "REMOTE_ADDR" => ipv6
|
44
|
+
open_session do |sess|
|
45
|
+
sess.remote_addr = ipv6
|
46
|
+
example.run
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
it 'should not vomit on an ipv4 rule' do
|
51
|
+
get '/dummy/blocked_by_block'
|
52
|
+
response.status.should eql 404
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should block on an ipv6 rule' do
|
56
|
+
get '/dummy/blocked_by_ipv6'
|
57
|
+
response.status.should eql 404
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
it 'should not vomit given a bad ipv6 ip' do
|
62
|
+
ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
|
63
|
+
get root_path, nil, "REMOTE_ADDR" => ipv6
|
64
|
+
open_session do |sess|
|
65
|
+
sess.remote_addr = ipv6
|
66
|
+
get '/dummy/blocked_by_block'
|
67
|
+
response.status.should eql 404
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
21
71
|
context 'given a good ip' do
|
22
72
|
around do |example|
|
23
73
|
get root_path, nil, "REMOTE_ADDR" => "10.0.0.45"
|
@@ -47,10 +97,20 @@ describe "dummy stuff" do
|
|
47
97
|
end
|
48
98
|
end
|
49
99
|
|
100
|
+
it 'should not vomit on an ipv4 rule' do
|
101
|
+
get '/dummy/blocked_by_ipv6'
|
102
|
+
response.status.should eql 404
|
103
|
+
end
|
104
|
+
|
50
105
|
it 'should not get inline constraint' do
|
51
106
|
get '/dummy/blocked_by_inline'
|
52
107
|
response.status.should eql 404
|
53
108
|
end
|
109
|
+
|
110
|
+
it 'should not get procced constraint' do
|
111
|
+
get '/dummy/blocked_by_proc'
|
112
|
+
response.status.should eql 404
|
113
|
+
end
|
54
114
|
|
55
115
|
it 'should not get block constraint' do
|
56
116
|
get '/dummy/blocked_by_block'
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: firewall_constraint
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
5
|
-
prerelease:
|
4
|
+
hash: 23
|
5
|
+
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 4
|
10
|
+
version: 0.0.4
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Mike Auclair
|
@@ -15,8 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date:
|
19
|
-
default_executable:
|
18
|
+
date: 2012-03-20 00:00:00 Z
|
20
19
|
dependencies:
|
21
20
|
- !ruby/object:Gem::Dependency
|
22
21
|
name: rails
|
@@ -24,45 +23,45 @@ dependencies:
|
|
24
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
25
24
|
none: false
|
26
25
|
requirements:
|
27
|
-
- -
|
26
|
+
- - "="
|
28
27
|
- !ruby/object:Gem::Version
|
29
|
-
hash:
|
28
|
+
hash: 13
|
30
29
|
segments:
|
31
30
|
- 3
|
32
31
|
- 0
|
33
|
-
-
|
34
|
-
version: 3.0.
|
35
|
-
type: :
|
32
|
+
- 5
|
33
|
+
version: 3.0.5
|
34
|
+
type: :development
|
36
35
|
version_requirements: *id001
|
37
36
|
- !ruby/object:Gem::Dependency
|
38
|
-
name:
|
37
|
+
name: rails
|
39
38
|
prerelease: false
|
40
39
|
requirement: &id002 !ruby/object:Gem::Requirement
|
41
40
|
none: false
|
42
41
|
requirements:
|
43
|
-
- -
|
42
|
+
- - ~>
|
44
43
|
- !ruby/object:Gem::Version
|
45
|
-
hash:
|
44
|
+
hash: 7
|
46
45
|
segments:
|
46
|
+
- 3
|
47
47
|
- 0
|
48
|
-
|
48
|
+
- 0
|
49
|
+
version: 3.0.0
|
49
50
|
type: :runtime
|
50
51
|
version_requirements: *id002
|
51
52
|
- !ruby/object:Gem::Dependency
|
52
|
-
name:
|
53
|
+
name: ipaddress
|
53
54
|
prerelease: false
|
54
55
|
requirement: &id003 !ruby/object:Gem::Requirement
|
55
56
|
none: false
|
56
57
|
requirements:
|
57
|
-
- - "
|
58
|
+
- - ">="
|
58
59
|
- !ruby/object:Gem::Version
|
59
|
-
hash:
|
60
|
+
hash: 3
|
60
61
|
segments:
|
61
|
-
- 3
|
62
62
|
- 0
|
63
|
-
|
64
|
-
|
65
|
-
type: :development
|
63
|
+
version: "0"
|
64
|
+
type: :runtime
|
66
65
|
version_requirements: *id003
|
67
66
|
- !ruby/object:Gem::Dependency
|
68
67
|
name: shoulda
|
@@ -70,12 +69,14 @@ dependencies:
|
|
70
69
|
requirement: &id004 !ruby/object:Gem::Requirement
|
71
70
|
none: false
|
72
71
|
requirements:
|
73
|
-
- -
|
72
|
+
- - ~>
|
74
73
|
- !ruby/object:Gem::Version
|
75
|
-
hash:
|
74
|
+
hash: 7
|
76
75
|
segments:
|
76
|
+
- 3
|
77
77
|
- 0
|
78
|
-
|
78
|
+
- 0
|
79
|
+
version: 3.0.0
|
79
80
|
type: :development
|
80
81
|
version_requirements: *id004
|
81
82
|
- !ruby/object:Gem::Dependency
|
@@ -84,7 +85,7 @@ dependencies:
|
|
84
85
|
requirement: &id005 !ruby/object:Gem::Requirement
|
85
86
|
none: false
|
86
87
|
requirements:
|
87
|
-
- -
|
88
|
+
- - ~>
|
88
89
|
- !ruby/object:Gem::Version
|
89
90
|
hash: 27
|
90
91
|
segments:
|
@@ -105,6 +106,7 @@ extra_rdoc_files: []
|
|
105
106
|
|
106
107
|
files:
|
107
108
|
- .gitignore
|
109
|
+
- .travis.yml
|
108
110
|
- Gemfile
|
109
111
|
- README.md
|
110
112
|
- Rakefile
|
@@ -119,10 +121,6 @@ files:
|
|
119
121
|
- spec/rails_app/app/controllers/dummy_controller.rb
|
120
122
|
- spec/rails_app/app/helpers/application_helper.rb
|
121
123
|
- spec/rails_app/app/views/layouts/application.html.erb
|
122
|
-
- spec/rails_app/app/views/payment/info_for_cc.html.erb
|
123
|
-
- spec/rails_app/app/views/payment/info_for_ec.html.erb
|
124
|
-
- spec/rails_app/app/views/payment/process_cc_payment.html.erb
|
125
|
-
- spec/rails_app/app/views/payment/process_from_session.html.erb
|
126
124
|
- spec/rails_app/config.ru
|
127
125
|
- spec/rails_app/config/application.rb
|
128
126
|
- spec/rails_app/config/boot.rb
|
@@ -162,7 +160,6 @@ files:
|
|
162
160
|
- spec/rails_app/vendor/plugins/.gitkeep
|
163
161
|
- spec/requests/dummy_controller_spec.rb
|
164
162
|
- spec/spec_helper.rb
|
165
|
-
has_rdoc: true
|
166
163
|
homepage: http://github.com/mikeauclair/firewall_constraint
|
167
164
|
licenses: []
|
168
165
|
|
@@ -192,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
192
189
|
requirements: []
|
193
190
|
|
194
191
|
rubyforge_project: firewallconstraint
|
195
|
-
rubygems_version: 1.
|
192
|
+
rubygems_version: 1.8.11
|
196
193
|
signing_key:
|
197
194
|
specification_version: 3
|
198
195
|
summary: Rails 3 firewall route constraints
|
@@ -205,10 +202,6 @@ test_files:
|
|
205
202
|
- spec/rails_app/app/controllers/dummy_controller.rb
|
206
203
|
- spec/rails_app/app/helpers/application_helper.rb
|
207
204
|
- spec/rails_app/app/views/layouts/application.html.erb
|
208
|
-
- spec/rails_app/app/views/payment/info_for_cc.html.erb
|
209
|
-
- spec/rails_app/app/views/payment/info_for_ec.html.erb
|
210
|
-
- spec/rails_app/app/views/payment/process_cc_payment.html.erb
|
211
|
-
- spec/rails_app/app/views/payment/process_from_session.html.erb
|
212
205
|
- spec/rails_app/config.ru
|
213
206
|
- spec/rails_app/config/application.rb
|
214
207
|
- spec/rails_app/config/boot.rb
|
@@ -248,3 +241,4 @@ test_files:
|
|
248
241
|
- spec/rails_app/vendor/plugins/.gitkeep
|
249
242
|
- spec/requests/dummy_controller_spec.rb
|
250
243
|
- spec/spec_helper.rb
|
244
|
+
has_rdoc:
|
@@ -1 +0,0 @@
|
|
1
|
-
ASDF
|
@@ -1 +0,0 @@
|
|
1
|
-
ASDF
|
@@ -1 +0,0 @@
|
|
1
|
-
ASDF
|
@@ -1 +0,0 @@
|
|
1
|
-
ASDF
|