non_printable_sanitization 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e788de9464ae1da90ea6bbd9450ff2f53ed01c5
|
|
4
|
+
data.tar.gz: 4bd7f0057d26a3ad9096ea864cef9558d2ad6a16
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bcff60eb6beefb429e2329d9c7c073ac46530eeac737ed3feff345b8b76c07bd7f2a421f3d2f627e10f8d33110f26292546266ed66b2b98b275609153fbcfd01
|
|
7
|
+
data.tar.gz: 76b355402a41efd0fa1d4d0e4cd84c78e392ac8cf81961aa67ae2df7b5f32bcb292b50ccf102b1ea260ace4fab3ab92516c6568318329b0c89084d126ba69e37
|
|
@@ -5,6 +5,10 @@ require 'uri'
|
|
|
5
5
|
require "non_printable_sanitization/version"
|
|
6
6
|
|
|
7
7
|
class NonPrintableSanitization
|
|
8
|
+
def self.skip_paths
|
|
9
|
+
@skip_paths ||= []
|
|
10
|
+
end
|
|
11
|
+
|
|
8
12
|
def initialize(app, options = {})
|
|
9
13
|
@app = app
|
|
10
14
|
@options = options
|
|
@@ -13,10 +17,12 @@ class NonPrintableSanitization
|
|
|
13
17
|
def call(env)
|
|
14
18
|
request = ::Rack::Request.new(env)
|
|
15
19
|
|
|
16
|
-
|
|
17
|
-
if
|
|
18
|
-
|
|
19
|
-
|
|
20
|
+
unless skip_path?(env)
|
|
21
|
+
if request.content_length.to_i > 0 # check we even have data
|
|
22
|
+
if !request.get? && !request.delete? # make sure it's not a GET/DELETE request
|
|
23
|
+
unless request_is_file_upload?(env) # make sure we don't want binary data
|
|
24
|
+
remove_non_printable_characters!(env)
|
|
25
|
+
end
|
|
20
26
|
end
|
|
21
27
|
end
|
|
22
28
|
end
|
|
@@ -49,4 +55,9 @@ class NonPrintableSanitization
|
|
|
49
55
|
content_type = env["CONTENT_TYPE"] || "none"
|
|
50
56
|
content_type.downcase.include?("form-data")
|
|
51
57
|
end
|
|
58
|
+
|
|
59
|
+
def skip_path?(env)
|
|
60
|
+
path_info = env['PATH_INFO'] || ""
|
|
61
|
+
::NonPrintableSanitization.skip_paths.any? { |skip_path| path_info =~ skip_path }
|
|
62
|
+
end
|
|
52
63
|
end
|
|
@@ -24,8 +24,12 @@ describe ::NonPrintableSanitization do
|
|
|
24
24
|
|
|
25
25
|
context "when called with a binary body POST request" do
|
|
26
26
|
let(:request) { Rack::MockRequest.new(start_app) }
|
|
27
|
+
let(:path) { "/some/path" }
|
|
28
|
+
|
|
27
29
|
before(:each) do
|
|
28
|
-
|
|
30
|
+
::NonPrintableSanitization.skip_paths << /skippable/i
|
|
31
|
+
request.post(path, :input => post_data, "CONTENT_TYPE" => content_type)
|
|
32
|
+
::NonPrintableSanitization.skip_paths.clear
|
|
29
33
|
end
|
|
30
34
|
|
|
31
35
|
context "with text/plain content" do
|
|
@@ -46,6 +50,18 @@ describe ::NonPrintableSanitization do
|
|
|
46
50
|
end
|
|
47
51
|
end
|
|
48
52
|
|
|
53
|
+
context "when path is skipped" do
|
|
54
|
+
context "with text/plain content" do
|
|
55
|
+
let(:path) { "/skippable" }
|
|
56
|
+
let(:post_data) { "derp derp derp\0" }
|
|
57
|
+
let(:content_type) { "text/plain" }
|
|
58
|
+
|
|
59
|
+
it "skips sanitize of the non-printable \0" do
|
|
60
|
+
expect(app.request_body).to eq(post_data)
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
49
65
|
context "with multipart/form-data content" do
|
|
50
66
|
let(:post_data) { "derp derp derp\0" }
|
|
51
67
|
let(:content_type) { "multipart/form-data" }
|