RubyGems - handle_invalid_percent_encoding_requests - Versions diffs - 1.0 - Mend

handle_invalid_percent_encoding_requests 1.0

Files changed (9) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/README.md +9 -0
data/Rakefile +3 -0
data/lib/handle_invalid_percent_encoding_requests.rb +2 -0
data/lib/handle_invalid_percent_encoding_requests/engine.rb +16 -0
data/lib/handle_invalid_percent_encoding_requests/middleware.rb +39 -0
data/lib/handle_invalid_percent_encoding_requests/version.rb +3 -0
metadata +93 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 56cab74c5a0e7f605b50f13c78b65b8269195089
+  data.tar.gz: b1565f7d1b34e9d0af3956294cc0d73494fde8f7
+SHA512:
+  metadata.gz: ce964bf003c3381d3910e6b31ac100211a2359d1478294db128b6605ac9b6e10e0b6f0dfe6818ff939d1db4aaff25a4ceafc18c92553778bdc96731997c4d999
+  data.tar.gz: 8a4bbeb963cf8e7478ef1053f332a99b07af08b6015af8af7a282797105849f5d900afdeb355fa9611f29ac9f2ed0d0a1335720b6034ea366e6f1314d56d7112

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright 2014 Sunny Ripert
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,9 @@
+Handle Invalid Percent Encoding Requests
+=======================================
+Rails Engine that renders 400 error whenever a request's
+percent-encoding is malformed.
+This happens notably a lot for the chinese [EasouSpider](http://www.easou.com/search/spider.html).
+See http://stackoverflow.com/q/24648206/311657

data/Rakefile ADDED Viewed

@@ -0,0 +1,3 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/lib/handle_invalid_percent_encoding_requests.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require "handle_invalid_percent_encoding_requests/middleware"
2	+ require "handle_invalid_percent_encoding_requests/engine"

data/lib/handle_invalid_percent_encoding_requests/engine.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require "rack/utf8_sanitizer"
+module HandleInvalidPercentEncodingRequests
+  class Engine < Rails::Engine
+    initializer "handle_invalid_percent_encoding_requests.add_middleware" do |app|
+      # Via http://stackoverflow.com/a/24727310/311657
+      # NOTE: These must be in this order relative to each other.
+      # The middleware just raises for encoding errors it doesn't cover,
+      # so it must run after (= be inserted before) Rack::UTF8Sanitizer.
+      app.middleware.insert 0, Middleware
+      app.middleware.insert 0, Rack::UTF8Sanitizer
+    end
+  end
+end

data/lib/handle_invalid_percent_encoding_requests/middleware.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# Via https://gist.github.com/bf4/d26259acfa29f3b9882b#file-exception_app-rb
+module HandleInvalidPercentEncodingRequests
+  class Middleware
+    def initialize(app, stdout=STDOUT)
+      @app = app
+      @logger = defined?(Rails.logger) ? Rails.logger : Logger.new(stdout)
+    end
+    def call(env)
+      # calling env.dup here prevents bad things from happening
+      request = Rack::Request.new(env.dup)
+      # calling request.params is sufficient to trigger the error see
+      # https://github.com/rack/rack/issues/337#issuecomment-46453404
+      request.params
+      @app.call(env)
+    # Rescue from that specific ArgumentError
+    rescue ArgumentError => e
+      raise unless e.message =~ /invalid %-encoding/
+      error_response
+    end
+    private
+    def error_response
+      @logger.info "Bad request. Returning 400 due to #{e.message}" + \
+                  " from request with env #{request.inspect}"
+      headers = { 'Content-Type' => "text/plain; charset=utf-8" }
+      text = "Bad Request"
+      [400, headers, [text]]
+    end
+  end
+end

data/lib/handle_invalid_percent_encoding_requests/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module HandleInvalidPercentEncodingRequests
+  VERSION = 1.0
+end

metadata ADDED Viewed

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification
+name: handle_invalid_percent_encoding_requests
+version: !ruby/object:Gem::Version
+  version: '1.0'
+platform: ruby
+authors:
+- Sunny Ripert
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-07-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.1.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.1.4
+- !ruby/object:Gem::Dependency
+  name: rack-utf8_sanitizer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Render 400 error whenever a request's %-encoding is malformed
+email:
+- sunny@sunfox.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/handle_invalid_percent_encoding_requests/engine.rb
+- lib/handle_invalid_percent_encoding_requests/middleware.rb
+- lib/handle_invalid_percent_encoding_requests/version.rb
+- lib/handle_invalid_percent_encoding_requests.rb
+- MIT-LICENSE
+- Rakefile
+- README.md
+homepage: http://github.com/sunny/handle_invalid_percent_encoding_requests
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.1.11
+signing_key:
+specification_version: 4
+summary: Handle invalid percent in encoding from requests in Rails
+test_files: []