handle_invalid_percent_encoding_requests 1.0.2 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1c2fc0a8379091dd76dfe1081b449ae2863e185
|
|
4
|
+
data.tar.gz: bbb2b4b5a6e82bd2d633a3be54c10186b790469e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 82e9afd76efb3e504c92351f99a6e1878c4434c9af3503dc0be5a6e464ffb3dc63d2fa02021501d6d2727ade561de082f82818a1c4fdf7dba1b2fe1f3802f6b5
|
|
7
|
+
data.tar.gz: 3eba4ad39247fb19c886062b7cb9a87395c566540548b82b1a8823967393e955803843f4ae89e8e81d43e40bcb4286c53690258dd0581809080e113cf097e562
|
data/README.md
CHANGED
|
@@ -1,20 +1,28 @@
|
|
|
1
1
|
Handle Invalid Percent Encoding Requests
|
|
2
2
|
=======================================
|
|
3
3
|
|
|
4
|
-
Rails Engine that
|
|
5
|
-
percent-encoding is malformed.
|
|
4
|
+
Rails Engine that protects your app against malformed requests.
|
|
6
5
|
|
|
7
|
-
This
|
|
6
|
+
This middleware renders a 400 error instead of raising exceptions for the
|
|
7
|
+
following errors:
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
- `invalid byte sequence in UTF-8`
|
|
10
|
+
- `string contains null byte`
|
|
10
11
|
|
|
11
|
-
|
|
12
|
-
|
|
12
|
+
Installation
|
|
13
|
+
------------
|
|
13
14
|
|
|
14
|
-
In your Rails app, add
|
|
15
|
+
In your Rails app, add these lines to your `Gemfile`:
|
|
15
16
|
|
|
16
17
|
```rb
|
|
18
|
+
# Helps against "invalid byte sequence" exceptions.
|
|
17
19
|
gem "handle_invalid_percent_encoding_requests"
|
|
18
20
|
```
|
|
19
21
|
|
|
20
|
-
Then type `bundle`.
|
|
22
|
+
Then type `bundle install`.
|
|
23
|
+
|
|
24
|
+
See also
|
|
25
|
+
--------
|
|
26
|
+
|
|
27
|
+
See also [Ruby on Rails “invalid byte sequence in UTF-8” due to
|
|
28
|
+
bot](http://stackoverflow.com/q/24648206/311657) on StackOverflow.
|
|
@@ -2,6 +2,7 @@ require "rack/utf8_sanitizer"
|
|
|
2
2
|
|
|
3
3
|
module HandleInvalidPercentEncodingRequests
|
|
4
4
|
|
|
5
|
+
# Rails Engine that inserts the Middleware at the top of the Rack queue
|
|
5
6
|
class Engine < Rails::Engine
|
|
6
7
|
initializer "handle_invalid_percent_encoding_requests.add_middleware" do |app|
|
|
7
8
|
# Via http://stackoverflow.com/a/24727310/311657
|
|
@@ -1,13 +1,35 @@
|
|
|
1
1
|
# Via https://gist.github.com/bf4/d26259acfa29f3b9882b#file-exception_app-rb
|
|
2
|
-
|
|
3
2
|
module HandleInvalidPercentEncodingRequests
|
|
3
|
+
module InvalidPercentEncodingErrorMatcher
|
|
4
|
+
def self.===(error)
|
|
5
|
+
error.is_a?(ArgumentError) &&
|
|
6
|
+
error.message =~ /invalid %-encoding/
|
|
7
|
+
end
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
module InvalidByteSequenceErrorMatcher
|
|
11
|
+
def self.===(error)
|
|
12
|
+
error.is_a?(ArgumentError) &&
|
|
13
|
+
error.message == "invalid byte sequence in UTF-8"
|
|
14
|
+
end
|
|
15
|
+
end
|
|
4
16
|
|
|
17
|
+
module NullByteErrorMatcher
|
|
18
|
+
def self.===(error)
|
|
19
|
+
error.is_a?(ArgumentError) &&
|
|
20
|
+
error.message == "string contains null byte"
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Rack Middleware inserted before the request that detects an encoding error
|
|
25
|
+
# and returns an appropriate response.
|
|
5
26
|
class Middleware
|
|
6
|
-
def initialize(app, stdout=STDOUT)
|
|
27
|
+
def initialize(app, stdout = STDOUT)
|
|
7
28
|
@app = app
|
|
8
29
|
@logger = defined?(Rails.logger) ? Rails.logger : Logger.new(stdout)
|
|
9
30
|
end
|
|
10
31
|
|
|
32
|
+
# Called by Rack when a request comes through
|
|
11
33
|
def call(env)
|
|
12
34
|
# calling env.dup here prevents bad things from happening
|
|
13
35
|
request = Rack::Request.new(env.dup)
|
|
@@ -15,23 +37,26 @@ module HandleInvalidPercentEncodingRequests
|
|
|
15
37
|
# calling request.params is sufficient to trigger the error see
|
|
16
38
|
# https://github.com/rack/rack/issues/337#issuecomment-46453404
|
|
17
39
|
request.params
|
|
40
|
+
|
|
18
41
|
@app.call(env)
|
|
19
42
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
43
|
+
rescue InvalidPercentEncodingErrorMatcher,
|
|
44
|
+
InvalidByteSequenceErrorMatcher,
|
|
45
|
+
NullByteErrorMatcher
|
|
23
46
|
|
|
24
|
-
@logger.info "Bad request. Returning 400 due to #{e.
|
|
47
|
+
@logger.info "Bad request. Returning 400 due to #{e.class.name} " \
|
|
48
|
+
"#{e.message.inspect} from request with env " \
|
|
49
|
+
"#{request.inspect}"
|
|
25
50
|
error_response
|
|
26
51
|
end
|
|
27
52
|
|
|
53
|
+
|
|
28
54
|
private
|
|
29
55
|
|
|
30
56
|
def error_response
|
|
31
|
-
headers = {
|
|
57
|
+
headers = { "Content-Type" => "text/plain; charset=utf-8" }
|
|
32
58
|
text = "Bad Request"
|
|
33
59
|
[400, headers, [text]]
|
|
34
60
|
end
|
|
35
61
|
end
|
|
36
|
-
|
|
37
62
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: handle_invalid_percent_encoding_requests
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sunny Ripert
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-12-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -59,13 +59,13 @@ executables: []
|
|
|
59
59
|
extensions: []
|
|
60
60
|
extra_rdoc_files: []
|
|
61
61
|
files:
|
|
62
|
+
- MIT-LICENSE
|
|
63
|
+
- README.md
|
|
64
|
+
- Rakefile
|
|
65
|
+
- lib/handle_invalid_percent_encoding_requests.rb
|
|
62
66
|
- lib/handle_invalid_percent_encoding_requests/engine.rb
|
|
63
67
|
- lib/handle_invalid_percent_encoding_requests/middleware.rb
|
|
64
68
|
- lib/handle_invalid_percent_encoding_requests/version.rb
|
|
65
|
-
- lib/handle_invalid_percent_encoding_requests.rb
|
|
66
|
-
- MIT-LICENSE
|
|
67
|
-
- Rakefile
|
|
68
|
-
- README.md
|
|
69
69
|
homepage: http://github.com/sunny/handle_invalid_percent_encoding_requests
|
|
70
70
|
licenses:
|
|
71
71
|
- MIT
|
|
@@ -86,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
86
86
|
version: '0'
|
|
87
87
|
requirements: []
|
|
88
88
|
rubyforge_project:
|
|
89
|
-
rubygems_version: 2.
|
|
89
|
+
rubygems_version: 2.5.2.3
|
|
90
90
|
signing_key:
|
|
91
91
|
specification_version: 4
|
|
92
92
|
summary: Handle invalid percent in encoding from requests in Rails
|