honey_pot_engine 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/README.md +28 -0
- data/Rakefile +8 -0
- data/app/views/errors/forbidden.html.erb +2 -0
- data/lib/honey_pot_engine/controller_guard.rb +34 -0
- data/lib/honey_pot_engine/engine.rb +18 -0
- data/lib/honey_pot_engine/form_injector.rb +38 -0
- data/lib/honey_pot_engine/version.rb +3 -0
- data/lib/honey_pot_engine.rb +6 -0
- metadata +68 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 9356e9d220987df822a501a622944843a02cb789d9cdd31fab8b884f9d730b75
|
|
4
|
+
data.tar.gz: f24de1cde9b7b725952383e6236dfc8784cc4343ba15948ae555112fadc2e1c3
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 35d59ae3e20c3d1ee360ffd08b633312d37419f746c070dba184ee94b99711b0985b2d34c939326456d449e7ba3a05e089550c29cec4d015dd3726feb8af57fb
|
|
7
|
+
data.tar.gz: 2402792af2abd584bd822b5c8fb1f1f981dfba2660776ce6e100d45793ca272158f0cd48e5804d70b8ec51c5f829a7628f636f22d2e535a05dca532c5ca509cf
|
data/README.md
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# HoneyPotEngine
|
|
2
|
+
An engine for deploying honeypots in Rails applications.
|
|
3
|
+
|
|
4
|
+
## Usage
|
|
5
|
+
How to use my plugin.
|
|
6
|
+
|
|
7
|
+
## Installation
|
|
8
|
+
Add this line to your application's Gemfile:
|
|
9
|
+
|
|
10
|
+
```ruby
|
|
11
|
+
gem "honey_pot_engine"
|
|
12
|
+
```
|
|
13
|
+
|
|
14
|
+
And then execute:
|
|
15
|
+
```bash
|
|
16
|
+
$ bundle
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
Or install it yourself as:
|
|
20
|
+
```bash
|
|
21
|
+
$ gem install honey_pot_engine
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
## Contributing
|
|
25
|
+
Contribution directions go here.
|
|
26
|
+
|
|
27
|
+
## License
|
|
28
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
module HoneyPotEngine
|
|
2
|
+
module ControllerGuard
|
|
3
|
+
extend ActiveSupport::Concern
|
|
4
|
+
|
|
5
|
+
def self.prepended(base)
|
|
6
|
+
# prepend の時点でクラスに特異メソッドを定義
|
|
7
|
+
base.class_eval do
|
|
8
|
+
@skip_honeypot_check = false
|
|
9
|
+
|
|
10
|
+
def self.skip_honeypot!
|
|
11
|
+
@skip_honeypot_check = true
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def self.honeypot_skipped?
|
|
15
|
+
@skip_honeypot_check == true
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
base.before_action :check_honeypot
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
|
|
24
|
+
# ハニーポットフィールドに値が入っていたら bot と判断してブロック
|
|
25
|
+
def check_honeypot
|
|
26
|
+
return if self.class.honeypot_skipped?
|
|
27
|
+
if params[:honeypot].present?
|
|
28
|
+
Rails.logger.warn "[HONEYPOT] Blocked spam submission: #{request.remote_ip}"
|
|
29
|
+
# head :forbidden
|
|
30
|
+
render template: "errors/forbidden", status: :forbidden
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module HoneyPotEngine
|
|
2
|
+
class Engine < ::Rails::Engine
|
|
3
|
+
isolate_namespace HoneyPotEngine
|
|
4
|
+
initializer "honey_pot_engine.auto_guard" do
|
|
5
|
+
ActiveSupport.on_load(:action_controller) do
|
|
6
|
+
require_relative "controller_guard"
|
|
7
|
+
ActionController::Base.prepend(HoneyPotEngine::ControllerGuard)
|
|
8
|
+
end
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
initializer "honey_pot_engine.inject_form_hook" do
|
|
12
|
+
ActiveSupport.on_load(:action_view) do
|
|
13
|
+
require_relative "form_injector" # 相対パスでもOK
|
|
14
|
+
ActionView::Base.prepend(HoneyPotEngine::FormInjector)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
module HoneyPotEngine
|
|
2
|
+
module FormInjector
|
|
3
|
+
# Railsのform_withをオーバーライドし、最初に隠しフィールドを挿入
|
|
4
|
+
def form_with(**options, &block)
|
|
5
|
+
super(**options) do |form|
|
|
6
|
+
concat hidden_honeypot_field
|
|
7
|
+
block.call(form)
|
|
8
|
+
end
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# Railsのform_forにも同様の拡張を適用(レガシー対応用)
|
|
12
|
+
def form_for(record, options = {}, &block)
|
|
13
|
+
super(record, options) do |form|
|
|
14
|
+
concat hidden_honeypot_field
|
|
15
|
+
block.call(form)
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# form_tag(非モデルベース)に対してもハニーポットを自動挿入
|
|
20
|
+
def form_tag(url_for_options = {}, options = {}, &block)
|
|
21
|
+
super(url_for_options, options) do
|
|
22
|
+
concat hidden_honeypot_field
|
|
23
|
+
block.call
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
def hidden_honeypot_field
|
|
29
|
+
# このコントローラが honeypot チェックをスキップする設定になっている場合は、入力フィールドも出力しない
|
|
30
|
+
# controller.class は現在のビューをレンダリングしているコントローラクラス
|
|
31
|
+
# respond_to? によってメソッド存在確認を行い、安全に動作させる
|
|
32
|
+
return "".html_safe if controller.class.respond_to?(:honeypot_skipped?) && controller.class.honeypot_skipped?
|
|
33
|
+
|
|
34
|
+
# ボットによる自動入力を検知するためのハニーポットフィールドを出力
|
|
35
|
+
tag.input type: "text", name: "honeypot", style: "display:none", autocomplete: "off"
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: honey_pot_engine
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- teratai3
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2025-06-01 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rails
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 8.0.2
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 8.0.2
|
|
27
|
+
description: A lightweight Rails engine that inserts honeypot fields into forms and
|
|
28
|
+
automatically blocks spammy submissions.
|
|
29
|
+
email:
|
|
30
|
+
- ''
|
|
31
|
+
executables: []
|
|
32
|
+
extensions: []
|
|
33
|
+
extra_rdoc_files: []
|
|
34
|
+
files:
|
|
35
|
+
- README.md
|
|
36
|
+
- Rakefile
|
|
37
|
+
- app/views/errors/forbidden.html.erb
|
|
38
|
+
- lib/honey_pot_engine.rb
|
|
39
|
+
- lib/honey_pot_engine/controller_guard.rb
|
|
40
|
+
- lib/honey_pot_engine/engine.rb
|
|
41
|
+
- lib/honey_pot_engine/form_injector.rb
|
|
42
|
+
- lib/honey_pot_engine/version.rb
|
|
43
|
+
homepage: https://github.com/teratai3/honey_pot_engine
|
|
44
|
+
licenses: []
|
|
45
|
+
metadata:
|
|
46
|
+
homepage_uri: https://github.com/teratai3/honey_pot_engine
|
|
47
|
+
source_code_uri: https://github.com/teratai3/honey_pot_engine
|
|
48
|
+
changelog_uri: https://github.com/teratai3/honey_pot_engine
|
|
49
|
+
post_install_message:
|
|
50
|
+
rdoc_options: []
|
|
51
|
+
require_paths:
|
|
52
|
+
- lib
|
|
53
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
54
|
+
requirements:
|
|
55
|
+
- - ">="
|
|
56
|
+
- !ruby/object:Gem::Version
|
|
57
|
+
version: '0'
|
|
58
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
59
|
+
requirements:
|
|
60
|
+
- - ">="
|
|
61
|
+
- !ruby/object:Gem::Version
|
|
62
|
+
version: '0'
|
|
63
|
+
requirements: []
|
|
64
|
+
rubygems_version: 3.4.19
|
|
65
|
+
signing_key:
|
|
66
|
+
specification_version: 4
|
|
67
|
+
summary: Honeypot anti-spam field for Rails forms
|
|
68
|
+
test_files: []
|