glib-web 5.1.3 → 5.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/concerns/glib/params/allowlist.rb +26 -4
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d834dc054cfc079edbcf57609a2d05b4ad8837a8abfea74f3d75d75d546235a6
|
|
4
|
+
data.tar.gz: 850b0614ff17f7b436c49593bcfc28d2559dcf19505b543093f498f1c255817f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 859713dca4f2084b66389beadfcac6468d94b9d93006a1dedc7bf238eb68ce9e98ba1cbe89871e563a2e63c627624291778d811ae29c3f4a263badae8277adaf
|
|
7
|
+
data.tar.gz: 8c25c1f91953477464b2fd238c06c8ee8ddbb0d943ef2848c14b359a6ce137c79e35d7c4591812fe312785664a072cc101be04f6fd14f664a3ab108368a015d8
|
|
@@ -2,6 +2,13 @@ module Glib::Params
|
|
|
2
2
|
module Allowlist
|
|
3
3
|
extend ActiveSupport::Concern
|
|
4
4
|
|
|
5
|
+
# Raised when a MUTATING request submits a present-but-unrecognised value:
|
|
6
|
+
# real clients only submit values the UI offered, so a mismatch means a
|
|
7
|
+
# value was forgotten from the allow-list or the client is broken — both
|
|
8
|
+
# must surface (via the consumer's 500/reporting pipeline), not silently
|
|
9
|
+
# degrade into the wrong behavior.
|
|
10
|
+
class UnrecognizedValue < StandardError; end
|
|
11
|
+
|
|
5
12
|
# Resolve a stringly-typed request param (or any boundary string) to one
|
|
6
13
|
# symbol drawn from a closed allow-list (+allowed_symbols+), returning
|
|
7
14
|
# +default+ when the value is missing, blank, or not recognised.
|
|
@@ -13,9 +20,15 @@ module Glib::Params
|
|
|
13
20
|
# +allowed_symbols+ (or +default+), so attacker input can never create a new
|
|
14
21
|
# symbol regardless of what is sent.
|
|
15
22
|
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
23
|
+
# Degrade-vs-raise is decided by the REQUEST METHOD:
|
|
24
|
+
# - GET/HEAD: unrecognised values quietly degrade to +default+ — crawlers
|
|
25
|
+
# and bots probe read endpoints with garbage, and a filter page must not
|
|
26
|
+
# 500 on `?mode=garbage`.
|
|
27
|
+
# - Mutating requests (POST/PATCH/PUT/DELETE): a PRESENT-but-unrecognised
|
|
28
|
+
# value raises UnrecognizedValue (see above) — this is how a forgotten
|
|
29
|
+
# allow-list entry announces itself instead of hiding.
|
|
30
|
+
# Blank/missing values fall through to +default+ quietly on EVERY method
|
|
31
|
+
# (forms legitimately post no value; no symbol's string form is blank).
|
|
19
32
|
#
|
|
20
33
|
# +allowed_symbols+ may also contain strings (e.g. a Rails enum's `.keys`)
|
|
21
34
|
# — the matched entry is symbolized on the way out, so the return value is
|
|
@@ -23,7 +36,16 @@ module Glib::Params
|
|
|
23
36
|
# developer-controlled list entry, never on +value+, so the DoS-safety
|
|
24
37
|
# above is unaffected.
|
|
25
38
|
def glib_allowlist_symbol_param(value, allowed_symbols, default:)
|
|
26
|
-
allowed_symbols.find { |symbol| symbol.to_s == value.to_s }&.to_sym
|
|
39
|
+
match = allowed_symbols.find { |symbol| symbol.to_s == value.to_s }&.to_sym
|
|
40
|
+
return match if match
|
|
41
|
+
|
|
42
|
+
if value.present? && !request.get? && !request.head?
|
|
43
|
+
raise UnrecognizedValue,
|
|
44
|
+
"Unrecognised #{request.request_method} param value #{value.to_s.truncate(80).inspect} " \
|
|
45
|
+
"(allowed: #{allowed_symbols.map(&:to_sym).inspect})"
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
default
|
|
27
49
|
end
|
|
28
50
|
end
|
|
29
51
|
end
|