net-http-paranoid 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog +2 -0
- data/README +55 -0
- data/Rakefile +134 -0
- data/lib/net/http/paranoid.rb +65 -0
- data/spec/net-http-paranoid_spec.rb +57 -0
- data/spec/spec.opts +1 -0
- metadata +72 -0
data/ChangeLog
ADDED
data/README
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
|
2
|
+
= net-http-paranoid
|
3
|
+
|
4
|
+
This package is port of LWPx::ParanoidAgent
|
5
|
+
written by Brad Fitzpatrick.
|
6
|
+
|
7
|
+
|
8
|
+
== Description
|
9
|
+
|
10
|
+
If you want to access a host which passed by
|
11
|
+
unstrusted person, you should be careful not to
|
12
|
+
access your LAN computer.
|
13
|
+
|
14
|
+
This enables to control Net::HTTP ACL.
|
15
|
+
|
16
|
+
== Installation
|
17
|
+
|
18
|
+
=== Archive Installation
|
19
|
+
|
20
|
+
rake install
|
21
|
+
|
22
|
+
=== Gem Installation
|
23
|
+
|
24
|
+
gem install nethttpparanoid
|
25
|
+
|
26
|
+
|
27
|
+
== Features/Problems
|
28
|
+
|
29
|
+
* DNS resolv (atodeyaru)
|
30
|
+
|
31
|
+
|
32
|
+
== Synopsis
|
33
|
+
|
34
|
+
require "net/http"
|
35
|
+
require "net/http/paranoid"
|
36
|
+
|
37
|
+
paranoid = Net::HTTP::Paranoid.new
|
38
|
+
paranoid.whitelist << "localhost"
|
39
|
+
paranoid.blacklist << "google.com"
|
40
|
+
|
41
|
+
uri = URI("http://google.com/")
|
42
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
43
|
+
|
44
|
+
# paranoid.wrap raise NotAllowedHostError
|
45
|
+
# if the host is blacklisted or LAN.
|
46
|
+
paranoid.wrap(http).start do |http|
|
47
|
+
# if the host is allowed
|
48
|
+
http.get
|
49
|
+
end
|
50
|
+
|
51
|
+
== Copyright
|
52
|
+
|
53
|
+
Author:: cho45 <cho45@lowreal.net>
|
54
|
+
Copyright:: Copyright (c) 2008 cho45
|
55
|
+
License:: Ruby's
|
data/Rakefile
ADDED
@@ -0,0 +1,134 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require "shipit"
|
3
|
+
require 'rake'
|
4
|
+
require 'rake/clean'
|
5
|
+
require 'rake/testtask'
|
6
|
+
require 'rake/packagetask'
|
7
|
+
require 'rake/gempackagetask'
|
8
|
+
require 'rake/rdoctask'
|
9
|
+
require 'rake/contrib/rubyforgepublisher'
|
10
|
+
require 'rake/contrib/sshpublisher'
|
11
|
+
require 'spec/rake/spectask'
|
12
|
+
require 'fileutils'
|
13
|
+
include FileUtils
|
14
|
+
|
15
|
+
$LOAD_PATH.unshift "lib"
|
16
|
+
require "net/http/paranoid"
|
17
|
+
|
18
|
+
NAME = "net-http-paranoid"
|
19
|
+
AUTHOR = "cho45"
|
20
|
+
EMAIL = "cho45@lowreal.net"
|
21
|
+
DESCRIPTION = "Safety Net::HTTP"
|
22
|
+
RUBYFORGE_PROJECT = "lowreal"
|
23
|
+
HOMEPATH = "http://#{RUBYFORGE_PROJECT}.rubyforge.org"
|
24
|
+
BIN_FILES = %w( )
|
25
|
+
VERS = Net::HTTP::Paranoid::VERSION
|
26
|
+
|
27
|
+
REV = File.read(".svn/entries")[/committed-rev="(d+)"/, 1] rescue nil
|
28
|
+
CLEAN.include ['**/.*.sw?', '*.gem', '.config']
|
29
|
+
RDOC_OPTS = [
|
30
|
+
'--title', "#{NAME} documentation",
|
31
|
+
"--charset", "utf-8",
|
32
|
+
"--opname", "index.html",
|
33
|
+
"--line-numbers",
|
34
|
+
"--main", "README",
|
35
|
+
"--inline-source",
|
36
|
+
]
|
37
|
+
|
38
|
+
task :default => [:spec]
|
39
|
+
task :package => [:clean]
|
40
|
+
|
41
|
+
Spec::Rake::SpecTask.new do |t|
|
42
|
+
t.spec_opts = ['--options', "spec/spec.opts"]
|
43
|
+
t.spec_files = FileList['spec/*_spec.rb']
|
44
|
+
t.rcov = true
|
45
|
+
end
|
46
|
+
|
47
|
+
spec = Gem::Specification.new do |s|
|
48
|
+
s.name = NAME
|
49
|
+
s.version = VERS
|
50
|
+
s.platform = Gem::Platform::RUBY
|
51
|
+
s.has_rdoc = true
|
52
|
+
s.extra_rdoc_files = ["README", "ChangeLog"]
|
53
|
+
s.rdoc_options += RDOC_OPTS + ['--exclude', '^(examples|extras)/']
|
54
|
+
s.summary = DESCRIPTION
|
55
|
+
s.description = DESCRIPTION
|
56
|
+
s.author = AUTHOR
|
57
|
+
s.email = EMAIL
|
58
|
+
s.homepage = HOMEPATH
|
59
|
+
s.executables = BIN_FILES
|
60
|
+
s.rubyforge_project = RUBYFORGE_PROJECT
|
61
|
+
s.bindir = "bin"
|
62
|
+
s.require_path = "lib"
|
63
|
+
s.autorequire = ""
|
64
|
+
s.test_files = Dir["test/test_*.rb"]
|
65
|
+
|
66
|
+
#s.add_dependency('activesupport', '>=1.3.1')
|
67
|
+
#s.required_ruby_version = '>= 1.8.2'
|
68
|
+
|
69
|
+
s.files = %w(README ChangeLog Rakefile) +
|
70
|
+
Dir.glob("{bin,doc,spec,test,lib,templates,generator,extras,website,script}/**/*") +
|
71
|
+
Dir.glob("ext/**/*.{h,c,rb}") +
|
72
|
+
Dir.glob("examples/**/*.rb") +
|
73
|
+
Dir.glob("tools/*.rb")
|
74
|
+
|
75
|
+
s.extensions = FileList["ext/**/extconf.rb"].to_a
|
76
|
+
end
|
77
|
+
|
78
|
+
Rake::GemPackageTask.new(spec) do |p|
|
79
|
+
p.need_tar = true
|
80
|
+
p.gem_spec = spec
|
81
|
+
end
|
82
|
+
|
83
|
+
task :install do
|
84
|
+
name = "#{NAME}-#{VERS}.gem"
|
85
|
+
sh %{rake package}
|
86
|
+
sh %{sudo gem install pkg/#{name}}
|
87
|
+
end
|
88
|
+
|
89
|
+
task :uninstall => [:clean] do
|
90
|
+
sh %{sudo gem uninstall #{NAME}}
|
91
|
+
end
|
92
|
+
|
93
|
+
|
94
|
+
Rake::RDocTask.new do |rdoc|
|
95
|
+
rdoc.rdoc_dir = 'html'
|
96
|
+
rdoc.options += RDOC_OPTS
|
97
|
+
rdoc.template = "resh"
|
98
|
+
#rdoc.template = "#{ENV['template']}.rb" if ENV['template']
|
99
|
+
if ENV['DOC_FILES']
|
100
|
+
rdoc.rdoc_files.include(ENV['DOC_FILES'].split(/,\s*/))
|
101
|
+
else
|
102
|
+
rdoc.rdoc_files.include('README', 'ChangeLog')
|
103
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
104
|
+
rdoc.rdoc_files.include('ext/**/*.c')
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
desc "Publish to RubyForge"
|
109
|
+
task :rubyforge => [:rdoc, :package] do
|
110
|
+
require 'rubyforge'
|
111
|
+
@local_dir = "html"
|
112
|
+
@host = "cho45@rubyforge.org"
|
113
|
+
@remote_dir = "/var/www/gforge-projects/#{RUBYFORGE_PROJECT}/#{NAME}"
|
114
|
+
sh %{rsync -r --delete --verbose #{@local_dir}/ #{@host}:#{@remote_dir}}
|
115
|
+
end
|
116
|
+
|
117
|
+
Rake::ShipitTask.new do |s|
|
118
|
+
s.Step.new {
|
119
|
+
system("svn", "up")
|
120
|
+
}.and {}
|
121
|
+
s.Step.new {
|
122
|
+
raise "changelog-with-hatenastar.rb is not found" unless system("which", "changelog-with-hatenastar.rb")
|
123
|
+
}.and {
|
124
|
+
system("changelog-with-hatenastar.rb > ChangeLog")
|
125
|
+
}
|
126
|
+
s.ChangeVersion "lib/net/http/paranoid.rb", "VERSION"
|
127
|
+
s.Commit
|
128
|
+
s.Task :clean, :package
|
129
|
+
s.RubyForge
|
130
|
+
s.Tag
|
131
|
+
s.Twitter
|
132
|
+
s.Task :rubyforge
|
133
|
+
end
|
134
|
+
|
@@ -0,0 +1,65 @@
|
|
1
|
+
|
2
|
+
require "net/http"
|
3
|
+
|
4
|
+
class Net::HTTP::Paranoid
|
5
|
+
VERSION = "0.0.1"
|
6
|
+
|
7
|
+
class ParanoidError < StandardError; end
|
8
|
+
class NotAllowedHostError < ParanoidError; end
|
9
|
+
|
10
|
+
attr_reader :blacklist
|
11
|
+
attr_reader :whitelist
|
12
|
+
|
13
|
+
def initialize
|
14
|
+
@blacklist = []
|
15
|
+
@whitelist = []
|
16
|
+
end
|
17
|
+
|
18
|
+
def wrap(http)
|
19
|
+
unless allow?(http.address)
|
20
|
+
raise NotAllowedHostError, "#{http.address} is not allowed host"
|
21
|
+
end
|
22
|
+
http
|
23
|
+
end
|
24
|
+
|
25
|
+
def allow?(address)
|
26
|
+
[
|
27
|
+
[@whitelist, true], [@blacklist, false]
|
28
|
+
].each do |list, ret|
|
29
|
+
list.each do |a|
|
30
|
+
return ret if a === address
|
31
|
+
|
32
|
+
name, _, _, ip = TCPSocket.gethostbyname(address)
|
33
|
+
return ret if a === name
|
34
|
+
return ret if a === ip
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
!lan?(address)
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
def lan?(address)
|
43
|
+
address = Socket.gethostbyname(address)[3]
|
44
|
+
unless address.size == 4
|
45
|
+
# may be IPv6, it is currently denied
|
46
|
+
return true
|
47
|
+
end
|
48
|
+
address = address.unpack("N").first
|
49
|
+
|
50
|
+
ret = false
|
51
|
+
# From LWPx::ParanoidAgent written by Brad Fitzpatrick.
|
52
|
+
if (address & 0xFF000000) == 0x00000000 || # 0.0.0.0/8
|
53
|
+
(address & 0xFF000000) == 0x0A000000 || # 10.0.0.0/8
|
54
|
+
(address & 0xFF000000) == 0x7F000000 || # 127.0.0.0/8
|
55
|
+
(address & 0xFFF00000) == 0xAC100000 || # 172.16.0.0/12
|
56
|
+
(address & 0xFFFF0000) == 0xA9FE0000 || # 169.254.0.0/16
|
57
|
+
(address & 0xFFFF0000) == 0xC0A80000 || # 192.168.0.0/16
|
58
|
+
address == 0xFFFFFFFF || # 255.255.255.255
|
59
|
+
(address & 0xF0000000) == 0xE0000000 # multicast addresses
|
60
|
+
|
61
|
+
ret = true
|
62
|
+
end
|
63
|
+
ret
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "uri"
|
4
|
+
|
5
|
+
$LOAD_PATH << "lib"
|
6
|
+
$LOAD_PATH << "../lib"
|
7
|
+
|
8
|
+
require "net/http/paranoid"
|
9
|
+
|
10
|
+
describe Net::HTTP::Paranoid do
|
11
|
+
|
12
|
+
before do
|
13
|
+
@paranoid = Net::HTTP::Paranoid.new
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should not allow to access LAN" do
|
17
|
+
should_be_blocked = %w(
|
18
|
+
localhost 127.0.0.1 192.168.0.1
|
19
|
+
::1
|
20
|
+
)
|
21
|
+
|
22
|
+
should_be_blocked.each do |host|
|
23
|
+
proc {
|
24
|
+
@paranoid.wrap(Net::HTTP.new(host))
|
25
|
+
}.should raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
26
|
+
end
|
27
|
+
|
28
|
+
proc {
|
29
|
+
@paranoid.wrap(Net::HTTP.new("localhost"))
|
30
|
+
}.should raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
31
|
+
end
|
32
|
+
|
33
|
+
it "shoud allow global IP address" do
|
34
|
+
host = "64.233.187.99"
|
35
|
+
proc {
|
36
|
+
@paranoid.wrap(Net::HTTP.new(host))
|
37
|
+
}.should_not raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
38
|
+
end
|
39
|
+
|
40
|
+
it "should treat blacklist/whitelist" do
|
41
|
+
@paranoid.whitelist << "localhost"
|
42
|
+
@paranoid.blacklist << "google.com"
|
43
|
+
|
44
|
+
proc {
|
45
|
+
uri = URI("http://localhost/")
|
46
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
47
|
+
@paranoid.wrap(http)
|
48
|
+
}.should_not raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
49
|
+
|
50
|
+
proc {
|
51
|
+
uri = URI("http://google.com/")
|
52
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
53
|
+
@paranoid.wrap(http)
|
54
|
+
}.should raise_error(Net::HTTP::Paranoid::NotAllowedHostError)
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
data/spec/spec.opts
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color
|
metadata
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: net-http-paranoid
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- cho45
|
8
|
+
autorequire: ""
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2008-02-10 00:00:00 +09:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description: Safety Net::HTTP
|
17
|
+
email: cho45@lowreal.net
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files:
|
23
|
+
- README
|
24
|
+
- ChangeLog
|
25
|
+
files:
|
26
|
+
- README
|
27
|
+
- ChangeLog
|
28
|
+
- Rakefile
|
29
|
+
- spec/net-http-paranoid_spec.rb
|
30
|
+
- spec/spec.opts
|
31
|
+
- lib/net
|
32
|
+
- lib/net/http
|
33
|
+
- lib/net/http/paranoid.rb
|
34
|
+
has_rdoc: true
|
35
|
+
homepage: http://lowreal.rubyforge.org
|
36
|
+
post_install_message:
|
37
|
+
rdoc_options:
|
38
|
+
- --title
|
39
|
+
- net-http-paranoid documentation
|
40
|
+
- --charset
|
41
|
+
- utf-8
|
42
|
+
- --opname
|
43
|
+
- index.html
|
44
|
+
- --line-numbers
|
45
|
+
- --main
|
46
|
+
- README
|
47
|
+
- --inline-source
|
48
|
+
- --exclude
|
49
|
+
- ^(examples|extras)/
|
50
|
+
require_paths:
|
51
|
+
- lib
|
52
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: "0"
|
57
|
+
version:
|
58
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - ">="
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: "0"
|
63
|
+
version:
|
64
|
+
requirements: []
|
65
|
+
|
66
|
+
rubyforge_project: lowreal
|
67
|
+
rubygems_version: 1.0.1
|
68
|
+
signing_key:
|
69
|
+
specification_version: 2
|
70
|
+
summary: Safety Net::HTTP
|
71
|
+
test_files: []
|
72
|
+
|