invalid_utf8_rejector 0.0.1 → 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3a17f73dd60c6ba59fa575894284aef13a3ca1eb
+  data.tar.gz: 6ce15f5f73ed3819194f63075f3daf32dcb91e98
+SHA512:
+  metadata.gz: 3845821becaa77b57e7cae3e40742166eb8d8064d60eebe33ffe27dfc5ff695f1f4d467625ab1084e9d72fce4ab24c63b93a41e1cbbcd2e182530bf11ca5ca44
+  data.tar.gz: df226c3dba393f1f09a66231e059fd29c7f0e07bad1ff7f4584f2618fd07c2d833c019a2218d6768d0b330db22c9991df71f154f29fe2566391d19ebd587f7b2

data/.rspec

@@ -1,2 +1,2 @@
 --color
---format progress
+--require spec_helper

data/.travis.yml

@@ -1,3 +1,5 @@
 language: ruby
 rvm:
   - "1.9.3"
+  - "2.1"
+  - "2.2"

data/LICENCE.txt

@@ -19,4 +19,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/invalid_utf8_rejector.gemspec

@@ -10,7 +10,8 @@ Gem::Specification.new do |spec|
   spec.email         = ["alex@tomlins.org.uk"]
   spec.description   = %q{rack middleware to reject invalid UTF8 in requests.  It will return a 400 if the decoded path or query string contain invalid UTF-8 chars.}
   spec.summary       = %q{rack middleware to reject invalid UTF8 in requests}
-  spec.homepage      = ""
+  spec.homepage      = "https://github.com/alext/invalid_utf8_rejector"
+  spec.license       = "MIT"
 
   spec.files         = `git ls-files`.split($/)
   spec.executables   = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -22,5 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rack-test", "0.6.2"
-  spec.add_development_dependency "rspec", "2.14.1"
+  spec.add_development_dependency "rspec", "~> 3.2"
 end

data/lib/invalid_utf8_rejector/middleware.rb

@@ -1,4 +1,4 @@
-require 'cgi'
+require 'uri'
 
 module InvalidUTF8Rejector
   class Middleware
@@ -21,7 +21,10 @@ module InvalidUTF8Rejector
     end
 
     def clean_utf8?(str)
-      CGI.unescape(str).force_encoding('UTF-8').valid_encoding?
+      return true if str.nil?
+      URI.decode_www_form_component(str).force_encoding('UTF-8').valid_encoding?
+    rescue ArgumentError # triggered by an invalid % encoded string.
+      false
     end
   end
 end

data/lib/invalid_utf8_rejector/version.rb

@@ -1,3 +1,3 @@
 module InvalidUTF8Rejector
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/spec/middleware_spec.rb

@@ -1,9 +1,8 @@
-require 'spec_helper'
 require 'rack/test'
 
 require 'invalid_utf8_rejector'
 
-describe InvalidUTF8Rejector::Middleware do
+RSpec.describe InvalidUTF8Rejector::Middleware do
   include Rack::Test::Methods
 
   def app
@@ -13,39 +12,69 @@ describe InvalidUTF8Rejector::Middleware do
   before :each do
     @inner_app_called = false
   end
-  
+
   it "should pass a valid request to the inner app" do
     get "/foo?bar=baz"
     expect(last_response.status).to eq(200)
     expect(last_response.body).to match(/Inner app response/)
-    expect(@inner_app_called).to be_true
+    expect(@inner_app_called).to eq(true)
   end
 
-  it "should reject invalid UTF-8 chars in the path without calling the app" do
-    get "/foo%A0bar"
-    expect(last_response.status).to eq(400)
-    expect(@inner_app_called).to be_false
-  end
+  describe "handling invalid UTF-8 in requests" do
+
+    it "should reject invalid UTF-8 chars in the path without calling the app" do
+      get "/foo%A0bar"
+      expect(last_response.status).to eq(400)
+      expect(@inner_app_called).to eq(false)
+    end
 
-  it "should reject malformed UTF-8 chars in the path without calling the app" do
-    get "/br54ba%9CAQ%C4%FD%928owse"
-    expect(last_response.status).to eq(400)
-    expect(@inner_app_called).to be_false
+    it "should reject malformed UTF-8 chars in the path without calling the app" do
+      get "/br54ba%9CAQ%C4%FD%928owse"
+      expect(last_response.status).to eq(400)
+      expect(@inner_app_called).to eq(false)
+    end
+
+    it "should reject invalid UTF-8 chars in the query_string without calling the app" do
+      # Set params to nil.  Without this, it defaults to empty hash, and rack-test tries to merge this with 
+      # the given params which blows up with an invalid UTF-8 error before reaching our code
+      get "/foo?ba%a0r", nil
+      expect(last_response.status).to eq(400)
+      expect(@inner_app_called).to eq(false)
+    end
+
+    it "should reject malformed UTF-8 chars in the query_string without calling the app" do
+      # Set params to nil.  Without this, it defaults to empty hash, and rack-test tries to merge this with 
+      # the given params which blows up with an invalid UTF-8 error before reaching our code
+      get "/foo?bar=br54ba%9CAQ%C4%FD%928owse", nil
+      expect(last_response.status).to eq(400)
+      expect(@inner_app_called).to eq(false)
+    end
   end
 
-  it "should reject invalid UTF-8 chars in the query_string without calling the app" do
-    # Set params to nil.  Without this, it defaults to empty hash, and rack-test tries to merge this with 
-    # the given params which blows up with an invalid UTF-8 error before reaching our code
-    get "/foo?ba%a0r", nil
-    expect(last_response.status).to eq(400)
-    expect(@inner_app_called).to be_false
+  describe "handling invalid % encoded requests" do
+    it "should reject invalid % encoding in the path without calling the app" do
+      status, headers, body = raw_rack_get('/foo%+bar')
+      expect(status).to eq(400)
+      expect(@inner_app_called).to eq(false)
+    end
+
+    it "should reject invalid % encoding in the query_string without calling the app" do
+      status, headers, body = raw_rack_get('/foo', 'bar%=baz')
+      expect(status).to eq(400)
+      expect(@inner_app_called).to eq(false)
+    end
   end
 
-  it "should reject malformed UTF-8 chars in the query_string without calling the app" do
-    # Set params to nil.  Without this, it defaults to empty hash, and rack-test tries to merge this with 
-    # the given params which blows up with an invalid UTF-8 error before reaching our code
-    get "/foo?bar=br54ba%9CAQ%C4%FD%928owse", nil
-    expect(last_response.status).to eq(400)
-    expect(@inner_app_called).to be_false
+  # helper to bypass rack-test which errors when attempting to parse the invalid URLs
+  def raw_rack_get(path, query = nil)
+    env = {
+      'REQUEST_METHOD' => 'GET',
+      'SCRIPT_NAME' => '',
+      'PATH_INFO' => path,
+      'QUERY_STRING' => query,
+      'SERVER_NAME' => 'example.org',
+      'SERVER_PORT' => 80,
+    }
+    status, headers, body = app.call(env)
   end
 end

data/spec/spec_helper.rb

@@ -1,17 +1,87 @@
 # This file was generated by the `rspec --init` command. Conventionally, all
 # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# Require this file using `require "spec_helper"` to ensure that it is only
-# loaded once.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
 #
 # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
 RSpec.configure do |config|
-  config.treat_symbols_as_metadata_keys_with_true_values = true
-  config.run_all_when_everything_filtered = true
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
   config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  #config.profile_examples = 10
 
   # Run specs in random order to surface order dependencies. If you find an
   # order dependency and want to debug it, you can fix the order by providing
   # the seed, which is printed after each run.
   #     --seed 1234
-  config.order = 'random'
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
 end

metadata

@@ -1,68 +1,60 @@
 --- !ruby/object:Gem::Specification
 name: invalid_utf8_rejector
 version: !ruby/object:Gem::Version
-  version: 0.0.1
-  prerelease: 
+  version: 0.0.2
 platform: ruby
 authors:
 - Alex Tomlins
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-13 00:00:00.000000000 Z
+date: 2015-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - '='
       - !ruby/object:Gem::Version
@@ -78,19 +69,17 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.14.1
+        version: '3.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.14.1
+        version: '3.2'
 description: rack middleware to reject invalid UTF8 in requests.  It will return a
   400 if the decoded path or query string contain invalid UTF-8 chars.
 email:
@@ -99,9 +88,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENCE.txt
 - README.md
@@ -113,35 +102,29 @@ files:
 - lib/invalid_utf8_rejector/version.rb
 - spec/middleware_spec.rb
 - spec/spec_helper.rb
-homepage: ''
-licenses: []
+homepage: https://github.com/alext/invalid_utf8_rejector
+licenses:
+- MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 4593929028848301
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 4593929028848301
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: rack middleware to reject invalid UTF8 in requests
 test_files:
 - spec/middleware_spec.rb