gibbon 3.4.0 → 3.4.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/LICENSE.txt +1 -1
- data/README.markdown +6 -4
- data/gibbon.gemspec +1 -1
- data/lib/gibbon/api_request.rb +7 -1
- data/lib/gibbon/gibbon_helpers.rb +6 -2
- data/lib/gibbon/request.rb +4 -0
- data/lib/gibbon/version.rb +1 -1
- data/spec/gibbon/gibbon_spec.rb +10 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a078fe9c806ec8909a1f808a6d6983de6f1d1414c361a9b54156b66f8a796bb3
|
4
|
+
data.tar.gz: d0ded539be8f09eae933da1d20cace7ee804529668add90f8c892e672c61c362
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9963ae0173d0189cfe674e1547313ad6570f3dc6f502198e77118e67f067bb842478b36dc46ed72bd675f692b42067f1bda0db59c47e43f8f215364818ac1d33
|
7
|
+
data.tar.gz: 6f855c6ad7a73d447ed9c3219ba6383cd624dfa33abf3effbb655207b888e4eb2006297413aabb62f481f0adfde56dc67c863c47eb287a599c9f907db5c29aa9
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,16 @@
|
|
1
1
|
## [Unreleased][unreleased]
|
2
2
|
|
3
|
+
## [3.4.4] - 2022-02-24
|
4
|
+
- Remove non-alpha characters when parsing datacenter from API keys to prevent potential attackers from injecting a domain via the API key. This would only be possible if one were using user-provided API keys (e.g. from a form, etc.).
|
5
|
+
|
6
|
+
## [3.4.3] - 2022-01-19
|
7
|
+
- Support for Faraday 2.0, which requires new syntax for basic auth
|
8
|
+
|
9
|
+
## [3.4.2] - 2021-09-21
|
10
|
+
- Fixing the deprecation warning in version 3.4.2 requires moving to a minimum version of Faraday 1.0.0 (more than 2 years old).
|
11
|
+
|
12
|
+
## [3.4.1] - 2021-09-12
|
13
|
+
- Fix deprecation warning for upcoming versions of Faraday (2.x.x)
|
3
14
|
|
4
15
|
## [3.4.0] - 2021-03-12
|
5
16
|
- Support for Faraday 1.x.x and higer
|
data/LICENSE.txt
CHANGED
data/README.markdown
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gibbon is an API wrapper for MailChimp's [API](http://kb.mailchimp.com/api/).
|
4
4
|
|
5
|
-
[![Build Status](https://travis-ci.com/amro/gibbon.svg?branch=master)](https://travis-ci.com/amro/gibbon)
|
5
|
+
[![Build Status](https://travis-ci.com/amro/gibbon.svg?branch=master)](https://app.travis-ci.com/github/amro/gibbon)
|
6
6
|
|
7
7
|
## Important Notes
|
8
8
|
|
@@ -38,7 +38,7 @@ gibbon.open_timeout = 30
|
|
38
38
|
You can read about `timeout` and `open_timeout` in the [Net::HTTP](https://ruby-doc.org/stdlib-2.3.3/libdoc/net/http/rdoc/Net/HTTP.html) doc.
|
39
39
|
|
40
40
|
Now you can make requests using the resources defined in [MailChimp's docs](http://kb.mailchimp.com/api/resources). Resource IDs
|
41
|
-
are specified inline and a `CRUD` (`create`, `retrieve
|
41
|
+
are specified inline and a `CRUD` (`create`, `retrieve` (or `get`), `update`, `upsert`, or `delete`) verb initiates the request. `upsert` lets you update a record, if it exists, or insert it otherwise where supported by MailChimp's API.
|
42
42
|
|
43
43
|
***Note*** `upsert` requires Gibbon version 2.1.0 or newer!
|
44
44
|
|
@@ -48,6 +48,8 @@ You can specify `headers`, `params`, and `body` when calling a `CRUD` method. Fo
|
|
48
48
|
gibbon.lists.retrieve(headers: {"SomeHeader": "SomeHeaderValue"}, params: {"query_param": "query_param_value"})
|
49
49
|
```
|
50
50
|
|
51
|
+
***Note*** `get` can be substituted for `retrieve` as of Gibbon version 3.4.1 or newer!
|
52
|
+
|
51
53
|
Of course, `body` is only supported on `create`, `update`, and `upsert` calls. Those map to HTTP `POST`, `PATCH`, and `PUT` verbs respectively.
|
52
54
|
|
53
55
|
You can set `api_key`, `timeout`, `open_timeout`, `faraday_adapter`, `proxy`, `symbolize_keys`, `logger`, and `debug` globally:
|
@@ -506,5 +508,5 @@ Thanks to everyone who has [contributed](https://github.com/amro/gibbon/contribu
|
|
506
508
|
|
507
509
|
## Copyright
|
508
510
|
|
509
|
-
* Copyright (c) 2010-
|
510
|
-
* MailChimp (c) 2001-
|
511
|
+
* Copyright (c) 2010-2022 Amro Mousa. See LICENSE.txt for details.
|
512
|
+
* MailChimp (c) 2001-2022 The Rocket Science Group.
|
data/gibbon.gemspec
CHANGED
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
|
|
19
19
|
s.require_paths = ["lib"]
|
20
20
|
s.required_ruby_version = '>= 2.4.0'
|
21
21
|
|
22
|
-
s.add_dependency('faraday', '>=
|
22
|
+
s.add_dependency('faraday', '>= 1.0')
|
23
23
|
s.add_dependency('multi_json', '>= 1.11.0')
|
24
24
|
|
25
25
|
s.add_development_dependency 'rake'
|
data/lib/gibbon/api_request.rb
CHANGED
@@ -152,8 +152,14 @@ module Gibbon
|
|
152
152
|
if @request_builder.debug
|
153
153
|
faraday.response :logger, @request_builder.logger, bodies: true
|
154
154
|
end
|
155
|
+
|
156
|
+
if Faraday::VERSION.to_i >= 2
|
157
|
+
faraday.request :authorization, :basic, 'apikey', self.api_key
|
158
|
+
else
|
159
|
+
faraday.request :basic_auth, 'apikey', self.api_key
|
160
|
+
end
|
155
161
|
end
|
156
|
-
|
162
|
+
|
157
163
|
client
|
158
164
|
end
|
159
165
|
|
@@ -5,8 +5,12 @@ module Gibbon
|
|
5
5
|
data_center = ""
|
6
6
|
|
7
7
|
if api_key && api_key["-"]
|
8
|
-
#
|
9
|
-
|
8
|
+
# Remove all non-alphanumberic characters in case someone attempts to inject
|
9
|
+
# a different domain into the API key (e.g. when consuming user form-provided keys)
|
10
|
+
# This approach avoids assuming a 3 letter prefix (e.g. is MC were to create
|
11
|
+
# a us10 DC, this would continue to work), and will continue to hit MC's server
|
12
|
+
# rather than a would-be attacker's servers.
|
13
|
+
data_center = "#{api_key.split('-').last.gsub(/[^0-9a-z ]/i, '')}."
|
10
14
|
end
|
11
15
|
|
12
16
|
data_center
|
data/lib/gibbon/request.rb
CHANGED
data/lib/gibbon/version.rb
CHANGED
data/spec/gibbon/gibbon_spec.rb
CHANGED
@@ -14,6 +14,7 @@ describe Gibbon do
|
|
14
14
|
@gibbon = Gibbon::Request.new
|
15
15
|
expect(@gibbon.api_key).to be_nil
|
16
16
|
end
|
17
|
+
|
17
18
|
it "sets an API key in the constructor" do
|
18
19
|
@gibbon = Gibbon::Request.new(api_key: @api_key)
|
19
20
|
expect(@gibbon.api_key).to eq(@api_key)
|
@@ -162,6 +163,14 @@ describe Gibbon do
|
|
162
163
|
@request = Gibbon::APIRequest.new(builder: @gibbon)
|
163
164
|
expect {@request.validate_api_key}.not_to raise_error
|
164
165
|
end
|
166
|
+
|
167
|
+
it "removes non-alpha characters from datacenter prefix" do
|
168
|
+
@api_key = "123-attacker.net/test/?"
|
169
|
+
@gibbon.api_key = @api_key
|
170
|
+
@gibbon.try
|
171
|
+
@request = Gibbon::APIRequest.new(builder: @gibbon)
|
172
|
+
expect(@request.api_url).to eq("https://attackernettest.api.mailchimp.com/3.0/try")
|
173
|
+
end
|
165
174
|
end
|
166
175
|
|
167
176
|
describe "class variables" do
|
@@ -213,7 +222,7 @@ describe Gibbon do
|
|
213
222
|
it "set debug on new instances" do
|
214
223
|
expect(Gibbon::Request.new.debug).to eq(Gibbon::Request.debug)
|
215
224
|
end
|
216
|
-
|
225
|
+
|
217
226
|
it "set faraday_adapter on new instances" do
|
218
227
|
expect(Gibbon::Request.new.faraday_adapter).to eq(Gibbon::Request.faraday_adapter)
|
219
228
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: gibbon
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.4.
|
4
|
+
version: 3.4.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amro Mousa
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: '1.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: '1.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: multi_json
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -131,7 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
131
|
- !ruby/object:Gem::Version
|
132
132
|
version: '0'
|
133
133
|
requirements: []
|
134
|
-
rubygems_version: 3.2.
|
134
|
+
rubygems_version: 3.2.27
|
135
135
|
signing_key:
|
136
136
|
specification_version: 4
|
137
137
|
summary: A wrapper for MailChimp API 3.0 and Export API
|