mini_defender 0.6.5 → 0.6.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mini_defender/rules/image.rb +5 -1
- data/lib/mini_defender/rules/integer.rb +2 -1
- data/lib/mini_defender/rules/mime_types.rb +5 -1
- data/lib/mini_defender/rules/not_local_url.rb +31 -0
- data/lib/mini_defender/version.rb +1 -1
- data/mini_defender.gemspec +1 -0
- metadata +18 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0766463845ff12b982d3230cbd2d62a4506d5b470160256a2ec0684146f4e8bc'
|
4
|
+
data.tar.gz: d24329e0981cb6dabe1d42a85e2c0bec719610a829dc2eb6d2dab480faace668
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a232eba0c84024e5248cabcc3f324af4c86956eb494c5f8fb4c1531f76965a32de4b1b674584b1008d4f566b2752712498b600646bf1a1ed94770d5ddeacfa9
|
7
|
+
data.tar.gz: 5afafaa73bd774d094540de2db462f1b2d0c840bf8fda34a5ff9c9959b0d1d6a9dfd0999343ac14d1ce31f1c94de2ff4a255f6650611fbe4d02cee63eb89f8e8
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'action_dispatch'
|
4
|
+
require 'marcel'
|
4
5
|
|
5
6
|
class MiniDefender::Rules::Image < MiniDefender::Rule
|
6
7
|
MIMES = %w[image/jpeg image/png image/gif image/bmp image/png image/svg+xml image/webp]
|
@@ -10,7 +11,10 @@ class MiniDefender::Rules::Image < MiniDefender::Rule
|
|
10
11
|
end
|
11
12
|
|
12
13
|
def passes?(attribute, value, validator)
|
13
|
-
|
14
|
+
content_type = Marcel::MimeType.for(value.read)
|
15
|
+
value.rewind
|
16
|
+
|
17
|
+
value.is_a?(ActionDispatch::Http::UploadedFile) && MIMES.include?(content_type)
|
14
18
|
end
|
15
19
|
|
16
20
|
def message(attribute, value, validator)
|
@@ -54,9 +54,10 @@ class MiniDefender::Rules::Integer < MiniDefender::Rule
|
|
54
54
|
end
|
55
55
|
|
56
56
|
# Remove leading zero so Integer will not treat it as octal
|
57
|
+
# Handle leading zeros while preserving both + and - signs
|
57
58
|
value = value
|
58
59
|
.to_s
|
59
|
-
.gsub(/^0
|
60
|
+
.gsub(/^([+-])?0+(?=\d)/, '\1')
|
60
61
|
|
61
62
|
if @mode == 'relaxed'
|
62
63
|
value = normalize_digits(value)
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'action_dispatch'
|
4
|
+
require 'marcel'
|
4
5
|
|
5
6
|
class MiniDefender::Rules::MimeTypes < MiniDefender::Rule
|
6
7
|
def initialize(types)
|
@@ -26,7 +27,10 @@ class MiniDefender::Rules::MimeTypes < MiniDefender::Rule
|
|
26
27
|
|
27
28
|
def passes?(attribute, value, validator)
|
28
29
|
@file = value.is_a?(ActionDispatch::Http::UploadedFile)
|
29
|
-
|
30
|
+
content_type = Marcel::MimeType.for(value.read)
|
31
|
+
value.rewind
|
32
|
+
|
33
|
+
@file && @types.include?(content_type)
|
30
34
|
end
|
31
35
|
|
32
36
|
def message(attribute, value, validator)
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class MiniDefender::Rules::NotLocalURL < MiniDefender::Rule
|
4
|
+
LOCALHOST_PATTERNS = [
|
5
|
+
/^localhost$/i, # localhost, LOCALHOST
|
6
|
+
/^127\./, # 127.x.x.x
|
7
|
+
/^::1$/, # IPv6 localhost
|
8
|
+
/^0\.0\.0\.0$/, # All interfaces IPv4
|
9
|
+
/^::$/, # IPv6 unspecified
|
10
|
+
/\.local$/i, # domain.local
|
11
|
+
/^local\./i, # local.domain
|
12
|
+
/^localhost\./i, # localhost.anything
|
13
|
+
]
|
14
|
+
|
15
|
+
def self.signature
|
16
|
+
'not_local_url'
|
17
|
+
end
|
18
|
+
|
19
|
+
def passes?(attribute, value, validator)
|
20
|
+
uri = URI.parse(value.to_s)
|
21
|
+
host = uri.host.to_s.downcase
|
22
|
+
|
23
|
+
!LOCALHOST_PATTERNS.any? { |pattern| host.match?(pattern) }
|
24
|
+
rescue URI::InvalidURIError
|
25
|
+
false
|
26
|
+
end
|
27
|
+
|
28
|
+
def message(attribute, value, validator)
|
29
|
+
'URL cannot point to localhost or local domain.'
|
30
|
+
end
|
31
|
+
end
|
data/mini_defender.gemspec
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mini_defender
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ali Alhoshaiyan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-11-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: marcel
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
83
97
|
description: A small and efficient validation library for Rails and anything that
|
84
98
|
uses Ruby.
|
85
99
|
email:
|
@@ -167,6 +181,7 @@ files:
|
|
167
181
|
- lib/mini_defender/rules/national_id.rb
|
168
182
|
- lib/mini_defender/rules/not_ending_with.rb
|
169
183
|
- lib/mini_defender/rules/not_in.rb
|
184
|
+
- lib/mini_defender/rules/not_local_url.rb
|
170
185
|
- lib/mini_defender/rules/not_regex.rb
|
171
186
|
- lib/mini_defender/rules/not_starting_with.rb
|
172
187
|
- lib/mini_defender/rules/numeric.rb
|
@@ -219,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
219
234
|
- !ruby/object:Gem::Version
|
220
235
|
version: '0'
|
221
236
|
requirements: []
|
222
|
-
rubygems_version: 3.
|
237
|
+
rubygems_version: 3.5.11
|
223
238
|
signing_key:
|
224
239
|
specification_version: 4
|
225
240
|
summary: A small and efficient validation library for Rails and anything that uses
|