net-http-paranoid 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog +7 -0
- data/lib/net/http/paranoid.rb +19 -16
- data/spec/net-http-paranoid_spec.rb +32 -5
- metadata +3 -3
data/ChangeLog
CHANGED
data/lib/net/http/paranoid.rb
CHANGED
@@ -1,18 +1,20 @@
|
|
1
1
|
|
2
2
|
require "net/http"
|
3
|
+
require "ostruct"
|
3
4
|
|
4
5
|
class Net::HTTP::Paranoid
|
5
|
-
VERSION = "0.0.
|
6
|
+
VERSION = "0.0.2"
|
6
7
|
|
7
8
|
class ParanoidError < StandardError; end
|
8
9
|
class NotAllowedHostError < ParanoidError; end
|
9
10
|
|
10
|
-
|
11
|
-
|
11
|
+
attr_accessor :blacklist
|
12
|
+
attr_accessor :whitelist
|
12
13
|
|
13
|
-
def initialize
|
14
|
-
|
15
|
-
@
|
14
|
+
def initialize(opts={})
|
15
|
+
opts = OpenStruct.new(opts)
|
16
|
+
@blacklist = opts.blacklist || []
|
17
|
+
@whitelist = opts.whitelist || []
|
16
18
|
end
|
17
19
|
|
18
20
|
def wrap(http)
|
@@ -23,13 +25,14 @@ class Net::HTTP::Paranoid
|
|
23
25
|
end
|
24
26
|
|
25
27
|
def allow?(address)
|
28
|
+
name, _, _, ip = TCPSocket.gethostbyname(address)
|
29
|
+
|
26
30
|
[
|
27
31
|
[@whitelist, true], [@blacklist, false]
|
28
32
|
].each do |list, ret|
|
29
|
-
list.each do |a|
|
33
|
+
(list || []).each do |a|
|
30
34
|
return ret if a === address
|
31
35
|
|
32
|
-
name, _, _, ip = TCPSocket.gethostbyname(address)
|
33
36
|
return ret if a === name
|
34
37
|
return ret if a === ip
|
35
38
|
end
|
@@ -49,14 +52,14 @@ class Net::HTTP::Paranoid
|
|
49
52
|
|
50
53
|
ret = false
|
51
54
|
# From LWPx::ParanoidAgent written by Brad Fitzpatrick.
|
52
|
-
if (address & 0xFF000000) == 0x00000000 || # 0.0.0.0/8
|
53
|
-
(address & 0xFF000000) == 0x0A000000 || # 10.0.0.0/8
|
54
|
-
(address & 0xFF000000) == 0x7F000000 || # 127.0.0.0/8
|
55
|
-
(address & 0xFFF00000) == 0xAC100000 || # 172.16.0.0/12
|
56
|
-
(address & 0xFFFF0000) == 0xA9FE0000 || # 169.254.0.0/16
|
57
|
-
(address & 0xFFFF0000) == 0xC0A80000 || # 192.168.0.0/16
|
58
|
-
|
59
|
-
(address &
|
55
|
+
if (address & 0xFF000000) == 0x00000000 || # 0.0.0.0/8 "This" network
|
56
|
+
(address & 0xFF000000) == 0x0A000000 || # 10.0.0.0/8 Class A private
|
57
|
+
(address & 0xFF000000) == 0x7F000000 || # 127.0.0.0/8 Loopback
|
58
|
+
(address & 0xFFF00000) == 0xAC100000 || # 172.16.0.0/12 Class B private
|
59
|
+
(address & 0xFFFF0000) == 0xA9FE0000 || # 169.254.0.0/16 Link local
|
60
|
+
(address & 0xFFFF0000) == 0xC0A80000 || # 192.168.0.0/16 Class C private
|
61
|
+
(address & 0xFFFFFF00) == 0xC0000200 || # 192.0.2.0/24 TEST-NET
|
62
|
+
(address & 0xE0000000) == 0xE0000000 # 224.0.0.0/3 Multicast and Reserved for future use
|
60
63
|
|
61
64
|
ret = true
|
62
65
|
end
|
@@ -9,13 +9,12 @@ require "net/http/paranoid"
|
|
9
9
|
|
10
10
|
describe Net::HTTP::Paranoid do
|
11
11
|
|
12
|
-
before do
|
13
|
-
@paranoid = Net::HTTP::Paranoid.new
|
14
|
-
end
|
15
|
-
|
16
12
|
it "should not allow to access LAN" do
|
13
|
+
@paranoid = Net::HTTP::Paranoid.new
|
17
14
|
should_be_blocked = %w(
|
18
|
-
localhost
|
15
|
+
localhost
|
16
|
+
0.0.0.0 10.0.0.1 127.0.0.1 169.254.0.1 172.16.0.1
|
17
|
+
192.0.2.1 192.168.0.1 224.0.0.1 255.255.255.255
|
19
18
|
::1
|
20
19
|
)
|
21
20
|
|
@@ -31,6 +30,7 @@ describe Net::HTTP::Paranoid do
|
|
31
30
|
end
|
32
31
|
|
33
32
|
it "shoud allow global IP address" do
|
33
|
+
@paranoid = Net::HTTP::Paranoid.new
|
34
34
|
host = "64.233.187.99"
|
35
35
|
proc {
|
36
36
|
@paranoid.wrap(Net::HTTP.new(host))
|
@@ -38,6 +38,7 @@ describe Net::HTTP::Paranoid do
|
|
38
38
|
end
|
39
39
|
|
40
40
|
it "should treat blacklist/whitelist" do
|
41
|
+
@paranoid = Net::HTTP::Paranoid.new
|
41
42
|
@paranoid.whitelist << "localhost"
|
42
43
|
@paranoid.blacklist << "google.com"
|
43
44
|
|
@@ -53,5 +54,31 @@ describe Net::HTTP::Paranoid do
|
|
53
54
|
@paranoid.wrap(http)
|
54
55
|
}.should raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
55
56
|
end
|
57
|
+
|
58
|
+
it "should accept opts for initialize" do
|
59
|
+
@paranoid = Net::HTTP::Paranoid.new({
|
60
|
+
:whitelist => "localhost",
|
61
|
+
"blacklist" => "google.com",
|
62
|
+
})
|
63
|
+
proc {
|
64
|
+
@paranoid.wrap(Net::HTTP.new("localhost"))
|
65
|
+
}.should_not raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
66
|
+
|
67
|
+
proc {
|
68
|
+
@paranoid.wrap(Net::HTTP.new("google.com"))
|
69
|
+
}.should raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
70
|
+
end
|
71
|
+
|
72
|
+
it "should accept nil for list" do
|
73
|
+
@paranoid = Net::HTTP::Paranoid.new
|
74
|
+
@paranoid.whitelist = nil
|
75
|
+
@paranoid.blacklist = nil
|
76
|
+
|
77
|
+
proc {
|
78
|
+
uri = URI("http://localhost/")
|
79
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
80
|
+
@paranoid.wrap(http)
|
81
|
+
}.should raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
82
|
+
end
|
56
83
|
end
|
57
84
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: net-http-paranoid
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- cho45
|
@@ -9,7 +9,7 @@ autorequire: ""
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-
|
12
|
+
date: 2008-05-04 00:00:00 +09:00
|
13
13
|
default_executable:
|
14
14
|
dependencies: []
|
15
15
|
|
@@ -64,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
64
64
|
requirements: []
|
65
65
|
|
66
66
|
rubyforge_project: lowreal
|
67
|
-
rubygems_version: 1.
|
67
|
+
rubygems_version: 1.1.1
|
68
68
|
signing_key:
|
69
69
|
specification_version: 2
|
70
70
|
summary: Safety Net::HTTP
|