mascot 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/mascot/version.rb +1 -1
- data/lib/mascot.rb +19 -1
- data/mascot.gemspec +1 -0
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d18ef5037dc7af6b3f592ed65bf3b67f5099854
|
|
4
|
+
data.tar.gz: 0bd16879741ce6a7f936e5156e22b6055e196717
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 342b222a5a1f7ad3624611039b892fbf0a2c95f8e7e18132e55577fd17e3c0c8f6926da069dd750995789eb155f117c2560dd733e550703882b0fd506ab11d1f
|
|
7
|
+
data.tar.gz: 9712af3200ea7ad081b6e4c5996ac0aca96e5cae4857e3cf5a048556fd57952beeec0472effabf1e795307f2e0d0cb9c31ba769275422243e4c677ac66d2ae97
|
data/lib/mascot/version.rb
CHANGED
data/lib/mascot.rb
CHANGED
|
@@ -6,6 +6,9 @@ require "yaml"
|
|
|
6
6
|
require "mime/types"
|
|
7
7
|
|
|
8
8
|
module Mascot
|
|
9
|
+
# Raised if a user attempts to access a resource outside of the sitemap path.
|
|
10
|
+
InsecurePathAccessError = Class.new(SecurityError)
|
|
11
|
+
|
|
9
12
|
# Parses metadata from the header of the page.
|
|
10
13
|
class Frontmatter
|
|
11
14
|
DELIMITER = "---".freeze
|
|
@@ -91,13 +94,14 @@ module Mascot
|
|
|
91
94
|
|
|
92
95
|
# Lazy stream of resources.
|
|
93
96
|
def resources(glob = DEFAULT_GLOB)
|
|
94
|
-
Dir[@file_path.join(glob)].select(&File.method(:file?)).lazy.map do |path|
|
|
97
|
+
Dir[validate_path(@file_path.join(glob))].select(&File.method(:file?)).lazy.map do |path|
|
|
95
98
|
Resource.new request_path: request_path(path), file_path: path
|
|
96
99
|
end
|
|
97
100
|
end
|
|
98
101
|
|
|
99
102
|
# Find the page with a path.
|
|
100
103
|
def find_by_request_path(request_path)
|
|
104
|
+
return if request_path.nil?
|
|
101
105
|
resources.find { |r| r.request_path == File.join("/", request_path) }
|
|
102
106
|
end
|
|
103
107
|
|
|
@@ -110,6 +114,20 @@ module Mascot
|
|
|
110
114
|
end
|
|
111
115
|
|
|
112
116
|
private
|
|
117
|
+
|
|
118
|
+
# Make sure the user is accessing a file within the root path of the
|
|
119
|
+
# sitemap.
|
|
120
|
+
def validate_path(path)
|
|
121
|
+
root_path = @file_path.expand_path.to_s
|
|
122
|
+
resource_path = path.expand_path.to_s
|
|
123
|
+
|
|
124
|
+
if resource_path.start_with? root_path
|
|
125
|
+
path
|
|
126
|
+
else
|
|
127
|
+
raise Mascot::InsecurePathAccessError, "#{resource_path} outside sitemap #{root_path} directory"
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
113
131
|
# Given a @file_path of `/hi`, this method changes `/hi/there/friend.html.erb`
|
|
114
132
|
# to an absolute `/there/friend` format by removing the file extensions
|
|
115
133
|
def request_path(path)
|
data/mascot.gemspec
CHANGED
|
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.add_development_dependency "bundler", "~> 1.11"
|
|
21
21
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
22
22
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
23
|
+
spec.add_development_dependency "pry"
|
|
23
24
|
|
|
24
25
|
spec.add_runtime_dependency "mime-types", ">= 2.99"
|
|
25
26
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mascot
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brad Gessler
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-07-
|
|
11
|
+
date: 2016-07-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -52,6 +52,20 @@ dependencies:
|
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '3.0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: pry
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - ">="
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '0'
|
|
55
69
|
- !ruby/object:Gem::Dependency
|
|
56
70
|
name: mime-types
|
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|