mini_defender 0.6.5 → 0.6.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 12e38770ec94ea06cf7c9a6f40af0cc37fc2017deb30161c2804c9e3024d7ad4
4
- data.tar.gz: 36738ff2ca0ad2316dbb0f68fee90ad921690fab463cf4050103789edb975212
3
+ metadata.gz: '0766463845ff12b982d3230cbd2d62a4506d5b470160256a2ec0684146f4e8bc'
4
+ data.tar.gz: d24329e0981cb6dabe1d42a85e2c0bec719610a829dc2eb6d2dab480faace668
5
5
  SHA512:
6
- metadata.gz: 94d2291d0f17296b246ae67f96685f20dd7c7316d7ed329d89fc2141d76af57c538ca3909b52be177b9d08663448c2941669668861ba0408d40bdb10f75ad462
7
- data.tar.gz: d5f5aab2a675b44ce991573938eea9ca9782e954971365d71102ba6e8081b802d76cffa4f3382354bbf04695028e88cede5686146c28003ef1c1ee4f8f33e30a
6
+ metadata.gz: 3a232eba0c84024e5248cabcc3f324af4c86956eb494c5f8fb4c1531f76965a32de4b1b674584b1008d4f566b2752712498b600646bf1a1ed94770d5ddeacfa9
7
+ data.tar.gz: 5afafaa73bd774d094540de2db462f1b2d0c840bf8fda34a5ff9c9959b0d1d6a9dfd0999343ac14d1ce31f1c94de2ff4a255f6650611fbe4d02cee63eb89f8e8
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'action_dispatch'
4
+ require 'marcel'
4
5
 
5
6
  class MiniDefender::Rules::Image < MiniDefender::Rule
6
7
  MIMES = %w[image/jpeg image/png image/gif image/bmp image/png image/svg+xml image/webp]
@@ -10,7 +11,10 @@ class MiniDefender::Rules::Image < MiniDefender::Rule
10
11
  end
11
12
 
12
13
  def passes?(attribute, value, validator)
13
- value.is_a?(ActionDispatch::Http::UploadedFile) && MIMES.include?(value.content_type)
14
+ content_type = Marcel::MimeType.for(value.read)
15
+ value.rewind
16
+
17
+ value.is_a?(ActionDispatch::Http::UploadedFile) && MIMES.include?(content_type)
14
18
  end
15
19
 
16
20
  def message(attribute, value, validator)
@@ -54,9 +54,10 @@ class MiniDefender::Rules::Integer < MiniDefender::Rule
54
54
  end
55
55
 
56
56
  # Remove leading zero so Integer will not treat it as octal
57
+ # Handle leading zeros while preserving both + and - signs
57
58
  value = value
58
59
  .to_s
59
- .gsub(/^0+/, '')
60
+ .gsub(/^([+-])?0+(?=\d)/, '\1')
60
61
 
61
62
  if @mode == 'relaxed'
62
63
  value = normalize_digits(value)
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'action_dispatch'
4
+ require 'marcel'
4
5
 
5
6
  class MiniDefender::Rules::MimeTypes < MiniDefender::Rule
6
7
  def initialize(types)
@@ -26,7 +27,10 @@ class MiniDefender::Rules::MimeTypes < MiniDefender::Rule
26
27
 
27
28
  def passes?(attribute, value, validator)
28
29
  @file = value.is_a?(ActionDispatch::Http::UploadedFile)
29
- @file && @types.include?(value.content_type)
30
+ content_type = Marcel::MimeType.for(value.read)
31
+ value.rewind
32
+
33
+ @file && @types.include?(content_type)
30
34
  end
31
35
 
32
36
  def message(attribute, value, validator)
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ class MiniDefender::Rules::NotLocalURL < MiniDefender::Rule
4
+ LOCALHOST_PATTERNS = [
5
+ /^localhost$/i, # localhost, LOCALHOST
6
+ /^127\./, # 127.x.x.x
7
+ /^::1$/, # IPv6 localhost
8
+ /^0\.0\.0\.0$/, # All interfaces IPv4
9
+ /^::$/, # IPv6 unspecified
10
+ /\.local$/i, # domain.local
11
+ /^local\./i, # local.domain
12
+ /^localhost\./i, # localhost.anything
13
+ ]
14
+
15
+ def self.signature
16
+ 'not_local_url'
17
+ end
18
+
19
+ def passes?(attribute, value, validator)
20
+ uri = URI.parse(value.to_s)
21
+ host = uri.host.to_s.downcase
22
+
23
+ !LOCALHOST_PATTERNS.any? { |pattern| host.match?(pattern) }
24
+ rescue URI::InvalidURIError
25
+ false
26
+ end
27
+
28
+ def message(attribute, value, validator)
29
+ 'URL cannot point to localhost or local domain.'
30
+ end
31
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module MiniDefender
4
- VERSION = "0.6.5"
4
+ VERSION = "0.6.7"
5
5
  end
@@ -33,4 +33,5 @@ Gem::Specification.new do |spec|
33
33
  spec.add_runtime_dependency 'actionpack', '>= 6.0'
34
34
  spec.add_runtime_dependency 'countries'
35
35
  spec.add_runtime_dependency 'money'
36
+ spec.add_runtime_dependency 'marcel'
36
37
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mini_defender
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.5
4
+ version: 0.6.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ali Alhoshaiyan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-08-29 00:00:00.000000000 Z
11
+ date: 2024-11-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -80,6 +80,20 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: marcel
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
83
97
  description: A small and efficient validation library for Rails and anything that
84
98
  uses Ruby.
85
99
  email:
@@ -167,6 +181,7 @@ files:
167
181
  - lib/mini_defender/rules/national_id.rb
168
182
  - lib/mini_defender/rules/not_ending_with.rb
169
183
  - lib/mini_defender/rules/not_in.rb
184
+ - lib/mini_defender/rules/not_local_url.rb
170
185
  - lib/mini_defender/rules/not_regex.rb
171
186
  - lib/mini_defender/rules/not_starting_with.rb
172
187
  - lib/mini_defender/rules/numeric.rb
@@ -219,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
219
234
  - !ruby/object:Gem::Version
220
235
  version: '0'
221
236
  requirements: []
222
- rubygems_version: 3.4.10
237
+ rubygems_version: 3.5.11
223
238
  signing_key:
224
239
  specification_version: 4
225
240
  summary: A small and efficient validation library for Rails and anything that uses