handle_invalid_percent_encoding_requests 1.0.2 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: eb049a64fb48ed3fd17247b81b6c6de6335d8269
4
- data.tar.gz: 6f7d893f18c24d6b1e593dfe465e3070d7ed518e
3
+ metadata.gz: d1c2fc0a8379091dd76dfe1081b449ae2863e185
4
+ data.tar.gz: bbb2b4b5a6e82bd2d633a3be54c10186b790469e
5
5
  SHA512:
6
- metadata.gz: 0a73ac5e8a4d7c769d2573e1778922c4eaf0364f8dd47edd3a89fb98d00fc6d6e820d9b265ec4360d4472d5a97c8b611bf859b6f5382cb243a310fdcac164714
7
- data.tar.gz: f07afec281ef61f5f95eeebdae40089378935a8e51663a49d02e3416c199ce738a89fd9324d2061e6a233b0908c50943ca5d79fb2948a7d72b27ec5676e33520
6
+ metadata.gz: 82e9afd76efb3e504c92351f99a6e1878c4434c9af3503dc0be5a6e464ffb3dc63d2fa02021501d6d2727ade561de082f82818a1c4fdf7dba1b2fe1f3802f6b5
7
+ data.tar.gz: 3eba4ad39247fb19c886062b7cb9a87395c566540548b82b1a8823967393e955803843f4ae89e8e81d43e40bcb4286c53690258dd0581809080e113cf097e562
data/README.md CHANGED
@@ -1,20 +1,28 @@
1
1
  Handle Invalid Percent Encoding Requests
2
2
  =======================================
3
3
 
4
- Rails Engine that renders 400 error whenever a request's
5
- percent-encoding is malformed.
4
+ Rails Engine that protects your app against malformed requests.
6
5
 
7
- This happens notably a lot for the chinese [EasouSpider](http://www.easou.com/search/spider.html).
6
+ This middleware renders a 400 error instead of raising exceptions for the
7
+ following errors:
8
8
 
9
- See http://stackoverflow.com/q/24648206/311657
9
+ - `invalid byte sequence in UTF-8`
10
+ - `string contains null byte`
10
11
 
11
- Install
12
- -------
12
+ Installation
13
+ ------------
13
14
 
14
- In your Rails app, add this line to your `Gemfile`:
15
+ In your Rails app, add these lines to your `Gemfile`:
15
16
 
16
17
  ```rb
18
+ # Helps against "invalid byte sequence" exceptions.
17
19
  gem "handle_invalid_percent_encoding_requests"
18
20
  ```
19
21
 
20
- Then type `bundle`.
22
+ Then type `bundle install`.
23
+
24
+ See also
25
+ --------
26
+
27
+ See also [Ruby on Rails “invalid byte sequence in UTF-8” due to
28
+ bot](http://stackoverflow.com/q/24648206/311657) on StackOverflow.
@@ -2,6 +2,7 @@ require "rack/utf8_sanitizer"
2
2
 
3
3
  module HandleInvalidPercentEncodingRequests
4
4
 
5
+ # Rails Engine that inserts the Middleware at the top of the Rack queue
5
6
  class Engine < Rails::Engine
6
7
  initializer "handle_invalid_percent_encoding_requests.add_middleware" do |app|
7
8
  # Via http://stackoverflow.com/a/24727310/311657
@@ -1,13 +1,35 @@
1
1
  # Via https://gist.github.com/bf4/d26259acfa29f3b9882b#file-exception_app-rb
2
-
3
2
  module HandleInvalidPercentEncodingRequests
3
+ module InvalidPercentEncodingErrorMatcher
4
+ def self.===(error)
5
+ error.is_a?(ArgumentError) &&
6
+ error.message =~ /invalid %-encoding/
7
+ end
8
+ end
9
+
10
+ module InvalidByteSequenceErrorMatcher
11
+ def self.===(error)
12
+ error.is_a?(ArgumentError) &&
13
+ error.message == "invalid byte sequence in UTF-8"
14
+ end
15
+ end
4
16
 
17
+ module NullByteErrorMatcher
18
+ def self.===(error)
19
+ error.is_a?(ArgumentError) &&
20
+ error.message == "string contains null byte"
21
+ end
22
+ end
23
+
24
+ # Rack Middleware inserted before the request that detects an encoding error
25
+ # and returns an appropriate response.
5
26
  class Middleware
6
- def initialize(app, stdout=STDOUT)
27
+ def initialize(app, stdout = STDOUT)
7
28
  @app = app
8
29
  @logger = defined?(Rails.logger) ? Rails.logger : Logger.new(stdout)
9
30
  end
10
31
 
32
+ # Called by Rack when a request comes through
11
33
  def call(env)
12
34
  # calling env.dup here prevents bad things from happening
13
35
  request = Rack::Request.new(env.dup)
@@ -15,23 +37,26 @@ module HandleInvalidPercentEncodingRequests
15
37
  # calling request.params is sufficient to trigger the error see
16
38
  # https://github.com/rack/rack/issues/337#issuecomment-46453404
17
39
  request.params
40
+
18
41
  @app.call(env)
19
42
 
20
- # Rescue from that specific ArgumentError
21
- rescue ArgumentError => e
22
- raise unless e.message =~ /invalid %-encoding/
43
+ rescue InvalidPercentEncodingErrorMatcher,
44
+ InvalidByteSequenceErrorMatcher,
45
+ NullByteErrorMatcher
23
46
 
24
- @logger.info "Bad request. Returning 400 due to #{e.message} from request with env #{request.inspect}"
47
+ @logger.info "Bad request. Returning 400 due to #{e.class.name} " \
48
+ "#{e.message.inspect} from request with env " \
49
+ "#{request.inspect}"
25
50
  error_response
26
51
  end
27
52
 
53
+
28
54
  private
29
55
 
30
56
  def error_response
31
- headers = { 'Content-Type' => "text/plain; charset=utf-8" }
57
+ headers = { "Content-Type" => "text/plain; charset=utf-8" }
32
58
  text = "Bad Request"
33
59
  [400, headers, [text]]
34
60
  end
35
61
  end
36
-
37
62
  end
@@ -1,4 +1,4 @@
1
1
  # Uses Semantic Versionning
2
2
  module HandleInvalidPercentEncodingRequests
3
- VERSION = "1.0.2"
3
+ VERSION = "1.1.0"
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: handle_invalid_percent_encoding_requests
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sunny Ripert
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-07-24 00:00:00.000000000 Z
11
+ date: 2019-12-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -59,13 +59,13 @@ executables: []
59
59
  extensions: []
60
60
  extra_rdoc_files: []
61
61
  files:
62
+ - MIT-LICENSE
63
+ - README.md
64
+ - Rakefile
65
+ - lib/handle_invalid_percent_encoding_requests.rb
62
66
  - lib/handle_invalid_percent_encoding_requests/engine.rb
63
67
  - lib/handle_invalid_percent_encoding_requests/middleware.rb
64
68
  - lib/handle_invalid_percent_encoding_requests/version.rb
65
- - lib/handle_invalid_percent_encoding_requests.rb
66
- - MIT-LICENSE
67
- - Rakefile
68
- - README.md
69
69
  homepage: http://github.com/sunny/handle_invalid_percent_encoding_requests
70
70
  licenses:
71
71
  - MIT
@@ -86,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
86
86
  version: '0'
87
87
  requirements: []
88
88
  rubyforge_project:
89
- rubygems_version: 2.1.11
89
+ rubygems_version: 2.5.2.3
90
90
  signing_key:
91
91
  specification_version: 4
92
92
  summary: Handle invalid percent in encoding from requests in Rails