handle_invalid_percent_encoding_requests 1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +23 -4
  3. data/lib/handle_invalid_percent_encoding_requests/engine.rb +1 -0
  4. data/lib/handle_invalid_percent_encoding_requests/middleware.rb +33 -10
  5. data/lib/handle_invalid_percent_encoding_requests/version.rb +2 -1
  6. metadata +11 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 56cab74c5a0e7f605b50f13c78b65b8269195089
4
- data.tar.gz: b1565f7d1b34e9d0af3956294cc0d73494fde8f7
2
+ SHA256:
3
+ metadata.gz: 55d974e3fa4170de9c984b121d1e51f2c044206745fee018792503f0f0a14731
4
+ data.tar.gz: e90ccf94c95c2dda14a2e0702d14fe3c61c1956cf09f3b7251d77145247343b4
5
5
  SHA512:
6
- metadata.gz: ce964bf003c3381d3910e6b31ac100211a2359d1478294db128b6605ac9b6e10e0b6f0dfe6818ff939d1db4aaff25a4ceafc18c92553778bdc96731997c4d999
7
- data.tar.gz: 8a4bbeb963cf8e7478ef1053f332a99b07af08b6015af8af7a282797105849f5d900afdeb355fa9611f29ac9f2ed0d0a1335720b6034ea366e6f1314d56d7112
6
+ metadata.gz: b3ca91d7033ad2490901c33446e5457fd7c27920187efd241677e1478715e3e7fd3c3ce9c0c9817d9087604f94b4dec9335877e00e300920e4c6f2c1ef114304
7
+ data.tar.gz: 153849e5a033d14ecac4afc94fcff4d6b90094acad14246c17a2a143d35d01d51f0872070791c20ef98f5965106cf7559130c199054775c9d7d33f718343e9ac
data/README.md CHANGED
@@ -1,9 +1,28 @@
1
1
  Handle Invalid Percent Encoding Requests
2
2
  =======================================
3
3
 
4
- Rails Engine that renders 400 error whenever a request's
5
- percent-encoding is malformed.
4
+ Rails Engine that protects your app against malformed requests.
6
5
 
7
- This happens notably a lot for the chinese [EasouSpider](http://www.easou.com/search/spider.html).
6
+ This middleware renders a 400 error instead of raising exceptions for the
7
+ following errors:
8
8
 
9
- See http://stackoverflow.com/q/24648206/311657
9
+ - `invalid byte sequence in UTF-8`
10
+ - `string contains null byte`
11
+
12
+ Installation
13
+ ------------
14
+
15
+ In your Rails app, add these lines to your `Gemfile`:
16
+
17
+ ```rb
18
+ # Helps against "invalid byte sequence" exceptions.
19
+ gem "handle_invalid_percent_encoding_requests"
20
+ ```
21
+
22
+ Then type `bundle install`.
23
+
24
+ See also
25
+ --------
26
+
27
+ See also [Ruby on Rails “invalid byte sequence in UTF-8” due to
28
+ bot](http://stackoverflow.com/q/24648206/311657) on StackOverflow.
data/lib/handle_invalid_percent_encoding_requests/engine.rb CHANGED
@@ -2,6 +2,7 @@ require "rack/utf8_sanitizer"
2
2
 
3
3
  module HandleInvalidPercentEncodingRequests
4
4
 
5
+ # Rails Engine that inserts the Middleware at the top of the Rack queue
5
6
  class Engine < Rails::Engine
6
7
  initializer "handle_invalid_percent_encoding_requests.add_middleware" do |app|
7
8
  # Via http://stackoverflow.com/a/24727310/311657
data/lib/handle_invalid_percent_encoding_requests/middleware.rb CHANGED
@@ -1,13 +1,35 @@
1
1
  # Via https://gist.github.com/bf4/d26259acfa29f3b9882b#file-exception_app-rb
2
-
3
2
  module HandleInvalidPercentEncodingRequests
3
+ module InvalidPercentEncodingErrorMatcher
4
+ def self.===(error)
5
+ error.is_a?(ArgumentError) &&
6
+ error.message =~ /invalid %-encoding/
7
+ end
8
+ end
4
9
 
10
+ module InvalidByteSequenceErrorMatcher
11
+ def self.===(error)
12
+ error.is_a?(ArgumentError) &&
13
+ error.message == "invalid byte sequence in UTF-8"
14
+ end
15
+ end
16
+
17
+ module NullByteErrorMatcher
18
+ def self.===(error)
19
+ error.is_a?(ArgumentError) &&
20
+ error.message == "string contains null byte"
21
+ end
22
+ end
23
+
24
+ # Rack Middleware inserted before the request that detects an encoding error
25
+ # and returns an appropriate response.
5
26
  class Middleware
6
- def initialize(app, stdout=STDOUT)
27
+ def initialize(app, stdout = STDOUT)
7
28
  @app = app
8
29
  @logger = defined?(Rails.logger) ? Rails.logger : Logger.new(stdout)
9
30
  end
10
31
 
32
+ # Called by Rack when a request comes through
11
33
  def call(env)
12
34
  # calling env.dup here prevents bad things from happening
13
35
  request = Rack::Request.new(env.dup)
@@ -15,11 +37,16 @@ module HandleInvalidPercentEncodingRequests
15
37
  # calling request.params is sufficient to trigger the error see
16
38
  # https://github.com/rack/rack/issues/337#issuecomment-46453404
17
39
  request.params
40
+
18
41
  @app.call(env)
19
42
 
20
- # Rescue from that specific ArgumentError
21
- rescue ArgumentError => e
22
- raise unless e.message =~ /invalid %-encoding/
43
+ rescue InvalidPercentEncodingErrorMatcher,
44
+ InvalidByteSequenceErrorMatcher,
45
+ NullByteErrorMatcher => e
46
+
47
+ @logger.info "Bad request. Returning 400 due to #{e.class.name} " \
48
+ "#{e.message.inspect} from request with env " \
49
+ "#{request.inspect}"
23
50
  error_response
24
51
  end
25
52
 
@@ -27,13 +54,9 @@ module HandleInvalidPercentEncodingRequests
27
54
  private
28
55
 
29
56
  def error_response
30
- @logger.info "Bad request. Returning 400 due to #{e.message}" + \
31
- " from request with env #{request.inspect}"
32
-
33
- headers = { 'Content-Type' => "text/plain; charset=utf-8" }
57
+ headers = { "Content-Type" => "text/plain; charset=utf-8" }
34
58
  text = "Bad Request"
35
59
  [400, headers, [text]]
36
60
  end
37
61
  end
38
-
39
62
  end
data/lib/handle_invalid_percent_encoding_requests/version.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # Uses Semantic Versionning
1
2
  module HandleInvalidPercentEncodingRequests
2
- VERSION = 1.0
3
+ VERSION = "1.1.1"
3
4
  end
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: handle_invalid_percent_encoding_requests
3
3
  version: !ruby/object:Gem::Version
4
- version: '1.0'
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sunny Ripert
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-07-22 00:00:00.000000000 Z
11
+ date: 2022-02-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 4.1.4
19
+ version: '3.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 4.1.4
26
+ version: '3.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rack-utf8_sanitizer
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -59,13 +59,13 @@ executables: []
59
59
  extensions: []
60
60
  extra_rdoc_files: []
61
61
  files:
62
+ - MIT-LICENSE
63
+ - README.md
64
+ - Rakefile
65
+ - lib/handle_invalid_percent_encoding_requests.rb
62
66
  - lib/handle_invalid_percent_encoding_requests/engine.rb
63
67
  - lib/handle_invalid_percent_encoding_requests/middleware.rb
64
68
  - lib/handle_invalid_percent_encoding_requests/version.rb
65
- - lib/handle_invalid_percent_encoding_requests.rb
66
- - MIT-LICENSE
67
- - Rakefile
68
- - README.md
69
69
  homepage: http://github.com/sunny/handle_invalid_percent_encoding_requests
70
70
  licenses:
71
71
  - MIT
@@ -85,8 +85,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
85
85
  - !ruby/object:Gem::Version
86
86
  version: '0'
87
87
  requirements: []
88
- rubyforge_project:
89
- rubygems_version: 2.1.11
88
+ rubygems_version: 3.1.6
90
89
  signing_key:
91
90
  specification_version: 4
92
91
  summary: Handle invalid percent in encoding from requests in Rails