non_printable_sanitization 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e788de9464ae1da90ea6bbd9450ff2f53ed01c5
|
|
4
|
+
data.tar.gz: 4bd7f0057d26a3ad9096ea864cef9558d2ad6a16
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bcff60eb6beefb429e2329d9c7c073ac46530eeac737ed3feff345b8b76c07bd7f2a421f3d2f627e10f8d33110f26292546266ed66b2b98b275609153fbcfd01
|
|
7
|
+
data.tar.gz: 76b355402a41efd0fa1d4d0e4cd84c78e392ac8cf81961aa67ae2df7b5f32bcb292b50ccf102b1ea260ace4fab3ab92516c6568318329b0c89084d126ba69e37
|
|
@@ -5,6 +5,10 @@ require 'uri'
|
|
|
5
5
|
require "non_printable_sanitization/version"
|
|
6
6
|
|
|
7
7
|
class NonPrintableSanitization
|
|
8
|
+
def self.skip_paths
|
|
9
|
+
@skip_paths ||= []
|
|
10
|
+
end
|
|
11
|
+
|
|
8
12
|
def initialize(app, options = {})
|
|
9
13
|
@app = app
|
|
10
14
|
@options = options
|
|
@@ -13,10 +17,12 @@ class NonPrintableSanitization
|
|
|
13
17
|
def call(env)
|
|
14
18
|
request = ::Rack::Request.new(env)
|
|
15
19
|
|
|
16
|
-
|
|
17
|
-
if
|
|
18
|
-
|
|
19
|
-
|
|
20
|
+
unless skip_path?(env)
|
|
21
|
+
if request.content_length.to_i > 0 # check we even have data
|
|
22
|
+
if !request.get? && !request.delete? # make sure it's not a GET/DELETE request
|
|
23
|
+
unless request_is_file_upload?(env) # make sure we don't want binary data
|
|
24
|
+
remove_non_printable_characters!(env)
|
|
25
|
+
end
|
|
20
26
|
end
|
|
21
27
|
end
|
|
22
28
|
end
|
|
@@ -49,4 +55,9 @@ class NonPrintableSanitization
|
|
|
49
55
|
content_type = env["CONTENT_TYPE"] || "none"
|
|
50
56
|
content_type.downcase.include?("form-data")
|
|
51
57
|
end
|
|
58
|
+
|
|
59
|
+
def skip_path?(env)
|
|
60
|
+
path_info = env['PATH_INFO'] || ""
|
|
61
|
+
::NonPrintableSanitization.skip_paths.any? { |skip_path| path_info =~ skip_path }
|
|
62
|
+
end
|
|
52
63
|
end
|
|
@@ -24,8 +24,12 @@ describe ::NonPrintableSanitization do
|
|
|
24
24
|
|
|
25
25
|
context "when called with a binary body POST request" do
|
|
26
26
|
let(:request) { Rack::MockRequest.new(start_app) }
|
|
27
|
+
let(:path) { "/some/path" }
|
|
28
|
+
|
|
27
29
|
before(:each) do
|
|
28
|
-
|
|
30
|
+
::NonPrintableSanitization.skip_paths << /skippable/i
|
|
31
|
+
request.post(path, :input => post_data, "CONTENT_TYPE" => content_type)
|
|
32
|
+
::NonPrintableSanitization.skip_paths.clear
|
|
29
33
|
end
|
|
30
34
|
|
|
31
35
|
context "with text/plain content" do
|
|
@@ -46,6 +50,18 @@ describe ::NonPrintableSanitization do
|
|
|
46
50
|
end
|
|
47
51
|
end
|
|
48
52
|
|
|
53
|
+
context "when path is skipped" do
|
|
54
|
+
context "with text/plain content" do
|
|
55
|
+
let(:path) { "/skippable" }
|
|
56
|
+
let(:post_data) { "derp derp derp\0" }
|
|
57
|
+
let(:content_type) { "text/plain" }
|
|
58
|
+
|
|
59
|
+
it "skips sanitize of the non-printable \0" do
|
|
60
|
+
expect(app.request_body).to eq(post_data)
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
49
65
|
context "with multipart/form-data content" do
|
|
50
66
|
let(:post_data) { "derp derp derp\0" }
|
|
51
67
|
let(:content_type) { "multipart/form-data" }
|