invalid_utf8_rejector 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --color
2
+ --format progress
data/.travis.yml ADDED
@@ -0,0 +1,3 @@
1
+ language: ruby
2
+ rvm:
3
+ - "1.9.3"
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in invalid_utf8_rejector.gemspec
4
+ gemspec
data/LICENCE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Alex Tomlins
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,33 @@
1
+ # InvalidUtf8Rejector
2
+
3
+ [![Build Status](https://travis-ci.org/alext/invalid_utf8_rejector.png?branch=master)](https://travis-ci.org/alext/invalid_utf8_rejector)
4
+
5
+ Simple Rack middleware that rejects requests containing invalid UTF-8 byte
6
+ sequences in their path or query params.
7
+
8
+ ## Installation
9
+
10
+ Add this line to your application's Gemfile:
11
+
12
+ gem 'invalid_utf8_rejector'
13
+
14
+ And then execute:
15
+
16
+ $ bundle
17
+
18
+ Or install it yourself as:
19
+
20
+ $ gem install invalid_utf8_rejector
21
+
22
+ ## Usage
23
+
24
+ If you are using Rails, the middleware will automatically be inserted. If not,
25
+ you will need to manually insert it into your middleware stack.
26
+
27
+ ## Contributing
28
+
29
+ 1. Fork it
30
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
31
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
32
+ 4. Push to the branch (`git push origin my-new-feature`)
33
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+
3
+ require "rspec/core/rake_task"
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,26 @@
1
+ # -*- encoding: utf-8 -*-
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'invalid_utf8_rejector/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "invalid_utf8_rejector"
8
+ spec.version = InvalidUTF8Rejector::VERSION
9
+ spec.authors = ["Alex Tomlins"]
10
+ spec.email = ["alex@tomlins.org.uk"]
11
+ spec.description = %q{rack middleware to reject invalid UTF8 in requests. It will return a 400 if the decoded path or query string contain invalid UTF-8 chars.}
12
+ spec.summary = %q{rack middleware to reject invalid UTF8 in requests}
13
+ spec.homepage = ""
14
+
15
+ spec.files = `git ls-files`.split($/)
16
+ spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
17
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
+ spec.require_paths = ["lib"]
19
+
20
+ spec.add_dependency "rack", "~> 1.0"
21
+
22
+ spec.add_development_dependency "bundler"
23
+ spec.add_development_dependency "rake"
24
+ spec.add_development_dependency "rack-test", "0.6.2"
25
+ spec.add_development_dependency "rspec", "2.14.1"
26
+ end
@@ -0,0 +1,27 @@
1
+ require 'cgi'
2
+
3
+ module InvalidUTF8Rejector
4
+ class Middleware
5
+ def initialize(app)
6
+ @app = app
7
+ end
8
+
9
+ def call(env)
10
+ if request_uri_clean?(env)
11
+ @app.call(env)
12
+ else
13
+ [400, {}, [""]]
14
+ end
15
+ end
16
+
17
+ private
18
+
19
+ def request_uri_clean?(env)
20
+ clean_utf8?(env["PATH_INFO"]) and clean_utf8?(env["QUERY_STRING"])
21
+ end
22
+
23
+ def clean_utf8?(str)
24
+ CGI.unescape(str).force_encoding('UTF-8').valid_encoding?
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,7 @@
1
+ module InvalidUTF8Rejector
2
+ class Railtie < Rails::Railtie
3
+ initializer "invalid_utf8_rejector.insert_middleware" do |app|
4
+ app.config.middleware.insert_before 0, "InvalidUTF8Rejector::Middleware"
5
+ end
6
+ end
7
+ end
@@ -0,0 +1,3 @@
1
+ module InvalidUTF8Rejector
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1,3 @@
1
+ require "invalid_utf8_rejector/version"
2
+ require "invalid_utf8_rejector/middleware"
3
+ require "invalid_utf8_rejector/railtie" if defined? Rails
@@ -0,0 +1,51 @@
1
+ require 'spec_helper'
2
+ require 'rack/test'
3
+
4
+ require 'invalid_utf8_rejector'
5
+
6
+ describe InvalidUTF8Rejector::Middleware do
7
+ include Rack::Test::Methods
8
+
9
+ def app
10
+ InvalidUTF8Rejector::Middleware.new( proc {|env| @inner_app_called = true; [200, {}, "Inner app response for env:\n#{env.inspect}"]} )
11
+ end
12
+
13
+ before :each do
14
+ @inner_app_called = false
15
+ end
16
+
17
+ it "should pass a valid request to the inner app" do
18
+ get "/foo?bar=baz"
19
+ expect(last_response.status).to eq(200)
20
+ expect(last_response.body).to match(/Inner app response/)
21
+ expect(@inner_app_called).to be_true
22
+ end
23
+
24
+ it "should reject invalid UTF-8 chars in the path without calling the app" do
25
+ get "/foo%A0bar"
26
+ expect(last_response.status).to eq(400)
27
+ expect(@inner_app_called).to be_false
28
+ end
29
+
30
+ it "should reject malformed UTF-8 chars in the path without calling the app" do
31
+ get "/br54ba%9CAQ%C4%FD%928owse"
32
+ expect(last_response.status).to eq(400)
33
+ expect(@inner_app_called).to be_false
34
+ end
35
+
36
+ it "should reject invalid UTF-8 chars in the query_string without calling the app" do
37
+ # Set params to nil. Without this, it defaults to empty hash, and rack-test tries to merge this with
38
+ # the given params which blows up with an invalid UTF-8 error before reaching our code
39
+ get "/foo?ba%a0r", nil
40
+ expect(last_response.status).to eq(400)
41
+ expect(@inner_app_called).to be_false
42
+ end
43
+
44
+ it "should reject malformed UTF-8 chars in the query_string without calling the app" do
45
+ # Set params to nil. Without this, it defaults to empty hash, and rack-test tries to merge this with
46
+ # the given params which blows up with an invalid UTF-8 error before reaching our code
47
+ get "/foo?bar=br54ba%9CAQ%C4%FD%928owse", nil
48
+ expect(last_response.status).to eq(400)
49
+ expect(@inner_app_called).to be_false
50
+ end
51
+ end
@@ -0,0 +1,17 @@
1
+ # This file was generated by the `rspec --init` command. Conventionally, all
2
+ # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
3
+ # Require this file using `require "spec_helper"` to ensure that it is only
4
+ # loaded once.
5
+ #
6
+ # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
7
+ RSpec.configure do |config|
8
+ config.treat_symbols_as_metadata_keys_with_true_values = true
9
+ config.run_all_when_everything_filtered = true
10
+ config.filter_run :focus
11
+
12
+ # Run specs in random order to surface order dependencies. If you find an
13
+ # order dependency and want to debug it, you can fix the order by providing
14
+ # the seed, which is printed after each run.
15
+ # --seed 1234
16
+ config.order = 'random'
17
+ end
metadata ADDED
@@ -0,0 +1,148 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: invalid_utf8_rejector
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Alex Tomlins
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-11-13 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: '1.0'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ~>
28
+ - !ruby/object:Gem::Version
29
+ version: '1.0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: bundler
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ - !ruby/object:Gem::Dependency
47
+ name: rake
48
+ requirement: !ruby/object:Gem::Requirement
49
+ none: false
50
+ requirements:
51
+ - - ! '>='
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ! '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ - !ruby/object:Gem::Dependency
63
+ name: rack-test
64
+ requirement: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - '='
68
+ - !ruby/object:Gem::Version
69
+ version: 0.6.2
70
+ type: :development
71
+ prerelease: false
72
+ version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - '='
76
+ - !ruby/object:Gem::Version
77
+ version: 0.6.2
78
+ - !ruby/object:Gem::Dependency
79
+ name: rspec
80
+ requirement: !ruby/object:Gem::Requirement
81
+ none: false
82
+ requirements:
83
+ - - '='
84
+ - !ruby/object:Gem::Version
85
+ version: 2.14.1
86
+ type: :development
87
+ prerelease: false
88
+ version_requirements: !ruby/object:Gem::Requirement
89
+ none: false
90
+ requirements:
91
+ - - '='
92
+ - !ruby/object:Gem::Version
93
+ version: 2.14.1
94
+ description: rack middleware to reject invalid UTF8 in requests. It will return a
95
+ 400 if the decoded path or query string contain invalid UTF-8 chars.
96
+ email:
97
+ - alex@tomlins.org.uk
98
+ executables: []
99
+ extensions: []
100
+ extra_rdoc_files: []
101
+ files:
102
+ - .gitignore
103
+ - .rspec
104
+ - .travis.yml
105
+ - Gemfile
106
+ - LICENCE.txt
107
+ - README.md
108
+ - Rakefile
109
+ - invalid_utf8_rejector.gemspec
110
+ - lib/invalid_utf8_rejector.rb
111
+ - lib/invalid_utf8_rejector/middleware.rb
112
+ - lib/invalid_utf8_rejector/railtie.rb
113
+ - lib/invalid_utf8_rejector/version.rb
114
+ - spec/middleware_spec.rb
115
+ - spec/spec_helper.rb
116
+ homepage: ''
117
+ licenses: []
118
+ post_install_message:
119
+ rdoc_options: []
120
+ require_paths:
121
+ - lib
122
+ required_ruby_version: !ruby/object:Gem::Requirement
123
+ none: false
124
+ requirements:
125
+ - - ! '>='
126
+ - !ruby/object:Gem::Version
127
+ version: '0'
128
+ segments:
129
+ - 0
130
+ hash: 4593929028848301
131
+ required_rubygems_version: !ruby/object:Gem::Requirement
132
+ none: false
133
+ requirements:
134
+ - - ! '>='
135
+ - !ruby/object:Gem::Version
136
+ version: '0'
137
+ segments:
138
+ - 0
139
+ hash: 4593929028848301
140
+ requirements: []
141
+ rubyforge_project:
142
+ rubygems_version: 1.8.23
143
+ signing_key:
144
+ specification_version: 3
145
+ summary: rack middleware to reject invalid UTF8 in requests
146
+ test_files:
147
+ - spec/middleware_spec.rb
148
+ - spec/spec_helper.rb