owasp-esapi-ruby 0.30.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/AUTHORS +5 -0
- data/ChangeLog +69 -0
- data/ISSUES +0 -0
- data/LICENSE +24 -0
- data/README +51 -0
- data/Rakefile +63 -0
- data/VERSION +1 -0
- data/lib/codec/base_codec.rb +99 -0
- data/lib/codec/css_codec.rb +101 -0
- data/lib/codec/encoder.rb +330 -0
- data/lib/codec/html_codec.rb +424 -0
- data/lib/codec/javascript_codec.rb +119 -0
- data/lib/codec/mysql_codec.rb +131 -0
- data/lib/codec/oracle_codec.rb +46 -0
- data/lib/codec/os_codec.rb +78 -0
- data/lib/codec/percent_codec.rb +53 -0
- data/lib/codec/pushable_string.rb +114 -0
- data/lib/codec/vbscript_codec.rb +64 -0
- data/lib/codec/xml_codec.rb +173 -0
- data/lib/esapi.rb +68 -0
- data/lib/exceptions.rb +37 -0
- data/lib/executor.rb +20 -0
- data/lib/owasp-esapi-ruby.rb +13 -0
- data/lib/sanitizer/xss.rb +59 -0
- data/lib/validator/base_rule.rb +90 -0
- data/lib/validator/date_rule.rb +92 -0
- data/lib/validator/email.rb +29 -0
- data/lib/validator/float_rule.rb +76 -0
- data/lib/validator/generic_validator.rb +26 -0
- data/lib/validator/integer_rule.rb +61 -0
- data/lib/validator/string_rule.rb +146 -0
- data/lib/validator/validator_error_list.rb +48 -0
- data/lib/validator/zipcode.rb +27 -0
- data/spec/codec/css_codec_spec.rb +61 -0
- data/spec/codec/html_codec_spec.rb +87 -0
- data/spec/codec/javascript_codec_spec.rb +45 -0
- data/spec/codec/mysql_codec_spec.rb +44 -0
- data/spec/codec/oracle_codec_spec.rb +23 -0
- data/spec/codec/os_codec_spec.rb +51 -0
- data/spec/codec/percent_codec_spec.rb +34 -0
- data/spec/codec/vbcript_codec_spec.rb +23 -0
- data/spec/codec/xml_codec_spec.rb +83 -0
- data/spec/owasp_esapi_encoder_spec.rb +226 -0
- data/spec/owasp_esapi_executor_spec.rb +9 -0
- data/spec/owasp_esapi_ruby_email_validator_spec.rb +39 -0
- data/spec/owasp_esapi_ruby_xss_sanitizer_spec.rb +66 -0
- data/spec/owasp_esapi_ruby_zipcode_validator_spec.rb +42 -0
- data/spec/spec_helper.rb +10 -0
- data/spec/validator/base_rule_spec.rb +29 -0
- data/spec/validator/date_rule_spec.rb +40 -0
- data/spec/validator/float_rule_spec.rb +31 -0
- data/spec/validator/integer_rule_spec.rb +51 -0
- data/spec/validator/string_rule_spec.rb +103 -0
- data/spec/validator_skeleton.rb +150 -0
- metadata +235 -0
@@ -0,0 +1,31 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '../../spec_helper')
|
2
|
+
|
3
|
+
module Owasp
|
4
|
+
module Esapi
|
5
|
+
module Validator
|
6
|
+
describe FloatRule do
|
7
|
+
|
8
|
+
it "should validate 4.3214 as valid within range of -10 to 10" do
|
9
|
+
rule = Owasp::Esapi::Validator::FloatRule.new("test",nil,-10,10)
|
10
|
+
rule.valid?("","4.3214").should be_true
|
11
|
+
end
|
12
|
+
|
13
|
+
it "should fail to validate -1 for range of 0 to 100" do
|
14
|
+
rule = Owasp::Esapi::Validator::FloatRule.new("test",nil,0,100)
|
15
|
+
rule.valid?("","-1").should be_false
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should not validate 1e-6 as valid within range of -999999999 to 999999999" do
|
19
|
+
rule = Owasp::Esapi::Validator::FloatRule.new("test",nil,-999999999,999999999)
|
20
|
+
rule.valid?("","1e-6").should be_true
|
21
|
+
end
|
22
|
+
|
23
|
+
it "should raise an error when a non string is passed in" do
|
24
|
+
rule = Owasp::Esapi::Validator::FloatRule.new("test",nil,0,300)
|
25
|
+
lambda{ rule.valid("","#{Float::INFINITY}") }.should raise_error(ValidationException)
|
26
|
+
end
|
27
|
+
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '../../spec_helper')
|
2
|
+
|
3
|
+
module Owasp
|
4
|
+
module Esapi
|
5
|
+
module Validator
|
6
|
+
describe IntegerRule do
|
7
|
+
|
8
|
+
it "should validate 89745 as valid within range of 0 to 1000000" do
|
9
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,0,10000000)
|
10
|
+
rule.valid?("","89745").should be_true
|
11
|
+
end
|
12
|
+
|
13
|
+
it "should fail to validate -1 for range of 0 to 100" do
|
14
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,0,100)
|
15
|
+
rule.valid?("","-1").should be_false
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should validate 0x100 as valid within range of 0 to 300" do
|
19
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,0,300)
|
20
|
+
rule.valid("","0x100").should == 256
|
21
|
+
end
|
22
|
+
|
23
|
+
it "should raise an error when a non string is passed in" do
|
24
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,0,300)
|
25
|
+
lambda{ rule.valid("",100) }.should raise_error(TypeError)
|
26
|
+
end
|
27
|
+
|
28
|
+
it "should validate 0100 as an octal and with range for 0 to 65" do
|
29
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,0,65)
|
30
|
+
rule.valid("","0100").should == 64
|
31
|
+
end
|
32
|
+
|
33
|
+
it "should validate a bit string 0b0001 as 1 within range of 0 to 2" do
|
34
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,0,2)
|
35
|
+
rule.valid("","0b0001").should == 1
|
36
|
+
end
|
37
|
+
|
38
|
+
it "should fail to validate testme as a number within any range" do
|
39
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,0,2)
|
40
|
+
rule.valid?("","testme").should be_false
|
41
|
+
end
|
42
|
+
|
43
|
+
it "should validate -1 within range of -5 t0 5" do
|
44
|
+
rule = Owasp::Esapi::Validator::IntegerRule.new("test",nil,-5,5)
|
45
|
+
rule.valid?("","-1").should be_true
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,103 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '../../spec_helper')
|
2
|
+
|
3
|
+
module Owasp
|
4
|
+
module Esapi
|
5
|
+
module Validator
|
6
|
+
describe StringRule do
|
7
|
+
let(:rule) {Owasp::Esapi::Validator::StringRule.new("test")}
|
8
|
+
# We will reset teh rule before every test so previous white/blacklist entries dont affect the other
|
9
|
+
# test begin executed
|
10
|
+
before(:all) { @@rule = Owasp::Esapi::Validator::StringRule.new("test")}
|
11
|
+
|
12
|
+
describe "Pattern rules" do
|
13
|
+
it "should fail to add a nil white list rule" do
|
14
|
+
lambda { rule.add_whitelist(nil)}.should raise_error(ArgumentError)
|
15
|
+
end
|
16
|
+
|
17
|
+
it "should fail with an invalid regex" do
|
18
|
+
lambda { rule.add_whitelist("_][0}[")}.should raise_error(RegexpError)
|
19
|
+
end
|
20
|
+
|
21
|
+
it "should fail to add a nil black list rule" do
|
22
|
+
lambda { rule.add_blacklist(nil)}.should raise_error(ArgumentError)
|
23
|
+
end
|
24
|
+
|
25
|
+
it "should fail with an invalid regex" do
|
26
|
+
lambda { rule.add_blacklist("_][0}[")}.should raise_error(RegexpError)
|
27
|
+
end
|
28
|
+
|
29
|
+
it "should reject beg<script>end with blacklist pattern ^.*(<|>).*" do
|
30
|
+
beg = "beg <script> end"
|
31
|
+
rule.valid("",beg).should == beg
|
32
|
+
rule.add_blacklist("^.*(<|>).*")
|
33
|
+
lambda { rule.valid("",beg)}.should raise_error(Owasp::Esapi::ValidationException)
|
34
|
+
rule.valid("","beg script end").should == "beg script end"
|
35
|
+
end
|
36
|
+
|
37
|
+
it "should accept Magnum44 with whitelist ^[a-zA-Z]*" do
|
38
|
+
gun = "Magnum44"
|
39
|
+
rule.valid("",gun).should == gun
|
40
|
+
rule.add_whitelist("^[a-zA-Z]*")
|
41
|
+
lambda { rule.valid("",gun)}.should raise_error(Owasp::Esapi::ValidationException)
|
42
|
+
rule.valid("","MagnumPI").should == "MagnumPI"
|
43
|
+
end
|
44
|
+
|
45
|
+
it "should match ^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$ with sal.scotto@gmail.com" do
|
46
|
+
rule.add_whitelist("^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$")
|
47
|
+
rule.valid?("Email test","sal.scotto@gmail.com").should be_true
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
|
52
|
+
describe "Length rules" do
|
53
|
+
[
|
54
|
+
"12",
|
55
|
+
"123456",
|
56
|
+
"ABCDEFGHIJKL"
|
57
|
+
].each do |input|
|
58
|
+
it "should check valid length for #{input} with min 2 max 12" do
|
59
|
+
rule.min = 2
|
60
|
+
rule.max = 12
|
61
|
+
rule.valid?("",input).should be_true
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
[
|
66
|
+
"1",
|
67
|
+
"ABCDEFGHIJKLM"
|
68
|
+
].each do |input|
|
69
|
+
it "should check invalid lengths for #{input} with min2 max 12" do
|
70
|
+
rule.min = 2
|
71
|
+
rule.max = 12
|
72
|
+
rule.valid?("",input).should be_false
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
it "should add error for invalid lengths" do
|
77
|
+
list = Owasp::Esapi::Validator::ValidatorErrorList.new
|
78
|
+
rule.min = 2
|
79
|
+
rule.max = 12
|
80
|
+
rule.validate("","1234567890",list)
|
81
|
+
list.errors.should be_empty
|
82
|
+
rule.validate("",nil,list)
|
83
|
+
list.errors.should have_exactly(1).items
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
describe "Null Rules" do
|
88
|
+
it "should allow nil for valid? when set to allow_nil" do
|
89
|
+
rule.allow_nil = true
|
90
|
+
rule.valid?("",nil).should be_true
|
91
|
+
end
|
92
|
+
|
93
|
+
it "should not allow nil for valid? when allow_nil is false" do
|
94
|
+
rule.valid?("",nil).should be_false
|
95
|
+
end
|
96
|
+
|
97
|
+
end
|
98
|
+
|
99
|
+
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
@@ -0,0 +1,150 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
2
|
+
|
3
|
+
##############
|
4
|
+
#
|
5
|
+
# Validator Rspec
|
6
|
+
# Validation checks that a given input is valid, as as part of the request
|
7
|
+
# canicolize the input f requested to check if an item is not only valid but also return the valid input
|
8
|
+
# validator, under the covers should use the codec configuration to process underlying encodings
|
9
|
+
# example:
|
10
|
+
# given input string my<script%20alert('test')%20/>value
|
11
|
+
# it canicalization is requested should be first decoded
|
12
|
+
# so the input becomes my<script alert('test')/>value BEFORE any validation tests are processed
|
13
|
+
# This more generic method means it can be applied to ANY input and doesnt require specific sub classing
|
14
|
+
# to handle different classes of string. We apply rules equally on all input going into the application
|
15
|
+
# contining the example
|
16
|
+
# Owasp::Esapi::Validator.get_valid_input(context,input,type,maxlen,allowNull,canonicalize)
|
17
|
+
# would raise a ValidatorError or IntrustionError
|
18
|
+
# IntrustionError in this case could be generated by the value encoder during canonicalization
|
19
|
+
|
20
|
+
module Owasp
|
21
|
+
module Esapi
|
22
|
+
module Validator
|
23
|
+
describe Validator do
|
24
|
+
let(:validator) { Owasp::Esapi::Validator}
|
25
|
+
let(:allow_null) { false }
|
26
|
+
it "should load my validator rules" do
|
27
|
+
Owasp::Esapi.load_config("path to my config")
|
28
|
+
validator.rule_set.include?("Project.Safe.String")
|
29
|
+
end
|
30
|
+
|
31
|
+
# Valid dates are dates that can be
|
32
|
+
# interrupted as real date numbers
|
33
|
+
it "should validate my date" do
|
34
|
+
date = '2010-13-02'
|
35
|
+
validator.get_valid_date("Date input #{date}",date,format,allow_null)
|
36
|
+
validator.is_valid_date("Date input #{date}",date,format,allow_null)
|
37
|
+
end
|
38
|
+
|
39
|
+
# Valid credit card is any card number that passes
|
40
|
+
# the check digit check
|
41
|
+
it "should validate my credit card number" do
|
42
|
+
amex = '378282246310005'
|
43
|
+
mc = '5105105105105100'
|
44
|
+
visa = '4111111111111111'
|
45
|
+
validator.get_valid_credit_card("Credit card #{credit}",amex,allow_null)
|
46
|
+
validator.is_valid_credit_card("Credit card #{credit}",vis,allow_null)
|
47
|
+
end
|
48
|
+
|
49
|
+
# Validates the request contains the required parameters for a given request
|
50
|
+
# and any optional ones indicated
|
51
|
+
it "should validate my http request parameters" do
|
52
|
+
parms = { :name => :required, :date=>:required, :age=>:optional}
|
53
|
+
input = { :name=>"joe",:age=>"15",:date=>'2010-03-11'}
|
54
|
+
validator.is_valid_http_params("HTTP Request check #{parms}",parms,input,allow_null)
|
55
|
+
validator.get_valid_http_params("HTTP Request check #{parms}",parms,input,allow_null)
|
56
|
+
end
|
57
|
+
|
58
|
+
# escape and properly encode a URI and be safe of css
|
59
|
+
it "should validate my uri" do
|
60
|
+
uri = "http://www.google.com/my/path"
|
61
|
+
validator.is_valid_uri("URI check #{uri}",uri,allow_null)
|
62
|
+
validator.get_valid_uri("URI check #{uri}",uri,allow_null)
|
63
|
+
end
|
64
|
+
|
65
|
+
# Should be safe html that is free of scripts/css/attributes/urls/dom manipulation
|
66
|
+
it "should validate my html is safe" do
|
67
|
+
html = "<head><body>test</body></html>"
|
68
|
+
max_len = 50
|
69
|
+
validator.is_safe_html("HTML",html,max_len,allow_null)
|
70
|
+
validator.get_safe_html("HTML",html,max_len,allow_null)
|
71
|
+
end
|
72
|
+
|
73
|
+
# validte a path on the host
|
74
|
+
it "should validate my directory path" do
|
75
|
+
path = "/my/path"
|
76
|
+
root = "/my"
|
77
|
+
validator.is_valid_directory("PATH",path,root,allow_null)
|
78
|
+
validator.get_valid_directory("PATH",path,root,allow_null)
|
79
|
+
end
|
80
|
+
|
81
|
+
# validate the filename os valid
|
82
|
+
it "should validate my filename" do
|
83
|
+
file = "myfile"
|
84
|
+
validator.is_valid_filename("File name #{file}",file,allow_null)
|
85
|
+
validator.get_valid_filename("File name #{file}",file,allow_null)
|
86
|
+
end
|
87
|
+
|
88
|
+
# validate a number in between a min and max
|
89
|
+
it "should validate my number" do
|
90
|
+
number = 1.0
|
91
|
+
min = 0
|
92
|
+
max = 100
|
93
|
+
validator.is_valid_number("Number #{number}",number,min,max,allow_null)
|
94
|
+
validator.get_valid_number("Number #{number}",number,min,max_allow_null)
|
95
|
+
end
|
96
|
+
|
97
|
+
# check the file contents are valid in the expected encoding, check length
|
98
|
+
# run virus scanner
|
99
|
+
it "should validate my file contents" do
|
100
|
+
file = "myFile"
|
101
|
+
mime = "image/*"
|
102
|
+
max_len = 100
|
103
|
+
validator.is_valid_file_contents("File Contents #{file}",file,mime,max_len)
|
104
|
+
validator.get_valid_file_contents("File Contents #{file}",file,mime,max_len)
|
105
|
+
end
|
106
|
+
|
107
|
+
# validate the path, name and contents
|
108
|
+
it "should validate my fle upload" do
|
109
|
+
file = "test"
|
110
|
+
mime = "image/*"
|
111
|
+
max_len = 50
|
112
|
+
validator.is_valid_upload("Upload #{file}",file,mime,max_len,allow_null)
|
113
|
+
validator.get_valid_upload("Upload #{file}",file,mime,max_len,allow_null)
|
114
|
+
end
|
115
|
+
|
116
|
+
# validate the choice is in a given lsit
|
117
|
+
it "should validate my list items" do
|
118
|
+
list = [:a,:b,:c]
|
119
|
+
input = :a
|
120
|
+
validator.is_valid_choice("Choice list",input,list,allow_null)
|
121
|
+
validator.get_valid_choice("Choice list",input,list,allow_null)
|
122
|
+
end
|
123
|
+
|
124
|
+
# validate the input doesnt contain any non printable characters
|
125
|
+
it "should validate my input is printable" do
|
126
|
+
input = "ABCDEFGHIJKLMNOP"
|
127
|
+
max = 50
|
128
|
+
validator.is_valid_printable("Input of some printables",input,max,allow_null)
|
129
|
+
validator.get_valid_printable("Input of some printables",input,max,allow_null)
|
130
|
+
end
|
131
|
+
|
132
|
+
# Validate the redirection URI is properly encoded
|
133
|
+
it "should validate my redirection" do
|
134
|
+
validator.is_valid_redirection("Login redirect",path,allow_null)
|
135
|
+
validator.get_valid_redirection("Login redirect",path,allow_null)
|
136
|
+
end
|
137
|
+
|
138
|
+
# Validate some input based on params
|
139
|
+
it "should validate my input" do
|
140
|
+
input = "bogus"
|
141
|
+
input_type = "InputRule"
|
142
|
+
canonicalize = true
|
143
|
+
max_len = 50
|
144
|
+
validator.is_valid_input("Login user name",input,input_type,max_len,allow_null,canonicalize)
|
145
|
+
validator.get_valid_input("Login user name",input,input_type,max_len,allow_null,canonicalize)
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
metadata
ADDED
@@ -0,0 +1,235 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: owasp-esapi-ruby
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 30
|
8
|
+
- 0
|
9
|
+
version: 0.30.0
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- |-
|
13
|
+
Owasp Esapi Ruby core
|
14
|
+
---------------------
|
15
|
+
|
16
|
+
* Paolo Perego <thesp0nge@owasp.org>
|
17
|
+
* Sal Scotto <sal.scotto@gmail.com>
|
18
|
+
autorequire:
|
19
|
+
bindir: bin
|
20
|
+
cert_chain: []
|
21
|
+
|
22
|
+
date: 2011-03-09 00:00:00 +01:00
|
23
|
+
default_executable:
|
24
|
+
dependencies:
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: rspec
|
27
|
+
prerelease: false
|
28
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
29
|
+
none: false
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
segments:
|
34
|
+
- 1
|
35
|
+
- 2
|
36
|
+
- 9
|
37
|
+
version: 1.2.9
|
38
|
+
type: :development
|
39
|
+
version_requirements: *id001
|
40
|
+
- !ruby/object:Gem::Dependency
|
41
|
+
name: yard
|
42
|
+
prerelease: false
|
43
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
44
|
+
none: false
|
45
|
+
requirements:
|
46
|
+
- - ">="
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
segments:
|
49
|
+
- 0
|
50
|
+
version: "0"
|
51
|
+
type: :development
|
52
|
+
version_requirements: *id002
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
name: nokogiri
|
55
|
+
prerelease: false
|
56
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
segments:
|
62
|
+
- 1
|
63
|
+
- 4
|
64
|
+
- 4
|
65
|
+
version: 1.4.4
|
66
|
+
type: :development
|
67
|
+
version_requirements: *id003
|
68
|
+
- !ruby/object:Gem::Dependency
|
69
|
+
name: nokogiri
|
70
|
+
prerelease: false
|
71
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
segments:
|
77
|
+
- 1
|
78
|
+
- 4
|
79
|
+
- 4
|
80
|
+
version: 1.4.4
|
81
|
+
type: :runtime
|
82
|
+
version_requirements: *id004
|
83
|
+
description: "= The Owasp ESAPI Ruby project\n\n\
|
84
|
+
== Introduction\n\n\
|
85
|
+
The Owasp ESAPI Ruby is a port for outstanding release quality Owasp ESAPI\n\
|
86
|
+
project to the Ruby programming language. \n\n\
|
87
|
+
Ruby is now a famous programming language due to its Rails framework developed by David Heinemeier Hansson (http://twitter.com/dhh) that simplify the creation of a web application using a convention over configuration approach to simplify programmers' life.\n\n\
|
88
|
+
Despite Rails diffusion, there are a lot of Web framework out there that allow people to write web apps in Ruby (merb, sinatra, vintage) [http://accidentaltechnologist.com/ruby/10-alternative-ruby-web-frameworks/]. Owasp Esapi Ruby wants to bring all Ruby deevelopers a gem full of Secure APIs they can use whatever the framework they choose.\n\n\
|
89
|
+
== Why supporting only Ruby 1.9.2 and beyond?\n\n\
|
90
|
+
The OWASP Esapi Ruby gem will require at least version 1.9.2 of Ruby interpreter to make sure to have full advantages of the newer language APIs.\n\n\
|
91
|
+
In particular version 1.9.2 introduces radical changes in the following areas:\n\n\
|
92
|
+
=== Regular expression engine\n\
|
93
|
+
(to be written)\n\n\
|
94
|
+
=== UTF-8 support\n\
|
95
|
+
Unicode support in 1.9.2 is much better and provides better support for character set encoding/decoding\n\
|
96
|
+
* All strings have an additional chunk of info attached: Encoding\n\
|
97
|
+
* String#size takes encoding into account \xE2\x80\x93 returns the encoded character count\n\
|
98
|
+
* You can get the raw datasize\n\
|
99
|
+
* Indexed access is by encoded data \xE2\x80\x93 characters, not bytes\n\
|
100
|
+
* You can change encoding by force but it doesn\xE2\x80\x99t convert the data\n\n\
|
101
|
+
=== Dates and Time\n\
|
102
|
+
From \"Programming Ruby 1.9\"\n\n\
|
103
|
+
\"As of Ruby 1.9.2, the range of dates that can be represented is no longer limited by the under- lying operating system\xE2\x80\x99s time representation (so there\xE2\x80\x99s no year 2038 problem). As a result, the year passed to the methods gm, local, new, mktime, and utc must now include the century\xE2\x80\x94a year of 90 now represents 90 and not 1990.\"\n\n\
|
104
|
+
== Roadmap\n\n\
|
105
|
+
Please see ChangeLog file. \n\n\
|
106
|
+
== Note on Patches/Pull Requests\n \n\
|
107
|
+
* Fork the project.\n\
|
108
|
+
* Create documentation with rake yard task\n\
|
109
|
+
* Make your feature addition or bug fix.\n\
|
110
|
+
* Add tests for it. This is important so I don't break it in a\n future version unintentionally.\n\
|
111
|
+
* Commit, do not mess with rakefile, version, or history.\n (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)\n\
|
112
|
+
* Send me a pull request. Bonus points for topic branches.\n\n\
|
113
|
+
== Copyright\n\n\
|
114
|
+
Copyright (c) 2011 the OWASP Foundation. See LICENSE for details.\n"
|
115
|
+
email: thesp0nge@owasp.org
|
116
|
+
executables: []
|
117
|
+
|
118
|
+
extensions: []
|
119
|
+
|
120
|
+
extra_rdoc_files:
|
121
|
+
- ChangeLog
|
122
|
+
- LICENSE
|
123
|
+
- README
|
124
|
+
files:
|
125
|
+
- .document
|
126
|
+
- AUTHORS
|
127
|
+
- ChangeLog
|
128
|
+
- ISSUES
|
129
|
+
- LICENSE
|
130
|
+
- README
|
131
|
+
- Rakefile
|
132
|
+
- VERSION
|
133
|
+
- lib/codec/base_codec.rb
|
134
|
+
- lib/codec/css_codec.rb
|
135
|
+
- lib/codec/encoder.rb
|
136
|
+
- lib/codec/html_codec.rb
|
137
|
+
- lib/codec/javascript_codec.rb
|
138
|
+
- lib/codec/mysql_codec.rb
|
139
|
+
- lib/codec/oracle_codec.rb
|
140
|
+
- lib/codec/os_codec.rb
|
141
|
+
- lib/codec/percent_codec.rb
|
142
|
+
- lib/codec/pushable_string.rb
|
143
|
+
- lib/codec/vbscript_codec.rb
|
144
|
+
- lib/codec/xml_codec.rb
|
145
|
+
- lib/esapi.rb
|
146
|
+
- lib/exceptions.rb
|
147
|
+
- lib/executor.rb
|
148
|
+
- lib/owasp-esapi-ruby.rb
|
149
|
+
- lib/sanitizer/xss.rb
|
150
|
+
- lib/validator/base_rule.rb
|
151
|
+
- lib/validator/date_rule.rb
|
152
|
+
- lib/validator/email.rb
|
153
|
+
- lib/validator/float_rule.rb
|
154
|
+
- lib/validator/generic_validator.rb
|
155
|
+
- lib/validator/integer_rule.rb
|
156
|
+
- lib/validator/string_rule.rb
|
157
|
+
- lib/validator/validator_error_list.rb
|
158
|
+
- lib/validator/zipcode.rb
|
159
|
+
- spec/codec/css_codec_spec.rb
|
160
|
+
- spec/codec/html_codec_spec.rb
|
161
|
+
- spec/codec/javascript_codec_spec.rb
|
162
|
+
- spec/codec/mysql_codec_spec.rb
|
163
|
+
- spec/codec/oracle_codec_spec.rb
|
164
|
+
- spec/codec/os_codec_spec.rb
|
165
|
+
- spec/codec/percent_codec_spec.rb
|
166
|
+
- spec/codec/vbcript_codec_spec.rb
|
167
|
+
- spec/codec/xml_codec_spec.rb
|
168
|
+
- spec/owasp_esapi_encoder_spec.rb
|
169
|
+
- spec/owasp_esapi_executor_spec.rb
|
170
|
+
- spec/owasp_esapi_ruby_email_validator_spec.rb
|
171
|
+
- spec/owasp_esapi_ruby_xss_sanitizer_spec.rb
|
172
|
+
- spec/owasp_esapi_ruby_zipcode_validator_spec.rb
|
173
|
+
- spec/spec_helper.rb
|
174
|
+
- spec/validator/base_rule_spec.rb
|
175
|
+
- spec/validator/date_rule_spec.rb
|
176
|
+
- spec/validator/float_rule_spec.rb
|
177
|
+
- spec/validator/integer_rule_spec.rb
|
178
|
+
- spec/validator/string_rule_spec.rb
|
179
|
+
- spec/validator_skeleton.rb
|
180
|
+
has_rdoc: true
|
181
|
+
homepage: http://github.com/thesp0nge/owasp-esapi-ruby
|
182
|
+
licenses: []
|
183
|
+
|
184
|
+
post_install_message:
|
185
|
+
rdoc_options: []
|
186
|
+
|
187
|
+
require_paths:
|
188
|
+
- lib
|
189
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
190
|
+
none: false
|
191
|
+
requirements:
|
192
|
+
- - ">="
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
segments:
|
195
|
+
- 1
|
196
|
+
- 9
|
197
|
+
- 2
|
198
|
+
version: 1.9.2
|
199
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
200
|
+
none: false
|
201
|
+
requirements:
|
202
|
+
- - ">="
|
203
|
+
- !ruby/object:Gem::Version
|
204
|
+
segments:
|
205
|
+
- 0
|
206
|
+
version: "0"
|
207
|
+
requirements: []
|
208
|
+
|
209
|
+
rubyforge_project:
|
210
|
+
rubygems_version: 1.3.7
|
211
|
+
signing_key:
|
212
|
+
specification_version: 3
|
213
|
+
summary: Owasp Enterprise Security APIs for Ruby language
|
214
|
+
test_files:
|
215
|
+
- spec/codec/css_codec_spec.rb
|
216
|
+
- spec/codec/html_codec_spec.rb
|
217
|
+
- spec/codec/javascript_codec_spec.rb
|
218
|
+
- spec/codec/mysql_codec_spec.rb
|
219
|
+
- spec/codec/oracle_codec_spec.rb
|
220
|
+
- spec/codec/os_codec_spec.rb
|
221
|
+
- spec/codec/percent_codec_spec.rb
|
222
|
+
- spec/codec/vbcript_codec_spec.rb
|
223
|
+
- spec/codec/xml_codec_spec.rb
|
224
|
+
- spec/owasp_esapi_encoder_spec.rb
|
225
|
+
- spec/owasp_esapi_executor_spec.rb
|
226
|
+
- spec/owasp_esapi_ruby_email_validator_spec.rb
|
227
|
+
- spec/owasp_esapi_ruby_xss_sanitizer_spec.rb
|
228
|
+
- spec/owasp_esapi_ruby_zipcode_validator_spec.rb
|
229
|
+
- spec/spec_helper.rb
|
230
|
+
- spec/validator/base_rule_spec.rb
|
231
|
+
- spec/validator/date_rule_spec.rb
|
232
|
+
- spec/validator/float_rule_spec.rb
|
233
|
+
- spec/validator/integer_rule_spec.rb
|
234
|
+
- spec/validator/string_rule_spec.rb
|
235
|
+
- spec/validator_skeleton.rb
|