prevoty-rails 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 48d11a869e27de35006a6d786687f2fa71e7c06b
-  data.tar.gz: dde0330df03439b25e19366c398c197613cac55d
+  metadata.gz: fae2d6e01221c36ff45ba152eede2c64b5f4f4b7
+  data.tar.gz: be8752aae18c0174af54b8250d81d6c655eb314d
 SHA512:
-  metadata.gz: e331e0d3dafb950a791a0fbee556d814a586d376d78e2cfd9b1ea8fb3b719e09c267fc9b3dd88b48456e5244b1dc54a81909ea134668ea28d8f8142d035b599c
-  data.tar.gz: a16b402f892a9fd125505446805600b63000024a6470fd7c6f00b5e19f8835d3d10933dd54412fe4d3255579f06c61f6f726f6d88cf17b0363008cd90fb1d20e
+  metadata.gz: b5112c11f4b68d9954f638341d701bbfb824f758ff75b2d4e59500c4966c02f2cebd83c9d1b957f34fceebba36e9c1bd0d1f499c363ec5848ad1e5ea9ad19821
+  data.tar.gz: 3267c43c2df47e6b90945766e58763deefe38c69526f0938f27c5aff30d9a274db63c55e6dd5cfadda688628f61644fedc3e824a23fb9bb827d1e646a377bb05

data/lib/generators/prevoty/rails/templates/prevoty_rails.rb

@@ -49,7 +49,7 @@ query_handler = ->(name, start, finish, id, payload) do
       if res.processed and not res.compliant
         case options[:log_destination]
         when 'log'
-          ::Prevoty::LOGGER << build_result(options[:mode], payload[:sql], res).to_json
+          ::Prevoty::LOGGER << build_result(options[:mode], payload[:sql], res).to_json + "\n"
         when 'callback'
           options[:after_callback].call(build_result(options[:mode], payload[:sql], res).to_json) if options[:after_callback].respond_to? :call
         end
@@ -57,7 +57,7 @@ query_handler = ->(name, start, finish, id, payload) do
       elsif res.processed and res.compliant
         case options[:log_destination]
         when 'log'
-          ::Prevoty::LOGGER << build_result(options[:mode], payload[:sql], res).to_json
+          ::Prevoty::LOGGER << build_result(options[:mode], payload[:sql], res).to_json + "\n"
         when 'callback'
           options[:after_callback].call(build_result(options[:mode], payload[:sql], res).to_json) if options[:after_callback].respond_to? :call
         end

data/lib/prevoty/content_monitor.rb

@@ -14,7 +14,7 @@ module Prevoty
             res.each_with_index do |r, i|
               case @log_destination
               when 'log'
-                ::Prevoty::LOGGER << ::Rack::Prevoty::Interceptor.build_result(cloned[i][:mode], cloned[i][:request], cloned[i][:input], r).to_json if r.javascript_attributes > 0 || r.javascript_protocols > 0 || r.javascript_tags > 0
+                ::Prevoty::LOGGER << ::Rack::Prevoty::Interceptor.build_result(cloned[i][:mode], cloned[i][:request], cloned[i][:input], r).to_json + "\n" if r.javascript_attributes > 0 || r.javascript_protocols > 0 || r.javascript_tags > 0
               when 'callback'
                 @callback.call(::Rack::Prevoty::Interceptor.build_result(cloned[i][:mode], cloned[i][:request], cloned[i][:input], r).to_json) if !@callback.nil? && (r.javascript_attributes > 0 || r.javascript_protocols > 0 || r.javascript_tags > 0)
               end

data/lib/prevoty/query_monitor.rb

@@ -17,7 +17,7 @@ module Prevoty
             res.each_with_index do |r, i|
               case @log_destination
               when 'log'
-                Prevoty::LOGGER << build_result('monitor', cloned[i][:query], r).to_json if r.processed
+                Prevoty::LOGGER << build_result('monitor', cloned[i][:query], r).to_json + "\n" if r.processed
               when 'callback'
                 @after_callback.call(build_result('monitor', cloned[i][:query], r).to_json) if @after_callback.respond_to?(:call) && r.processed
               end

data/lib/prevoty/rails/version.rb

@@ -1,5 +1,5 @@
 module Prevoty
   module Rails
-    VERSION = '0.6.1'
+    VERSION = '0.6.2'
   end
 end

data/lib/rack/protect_interceptor.rb

@@ -21,14 +21,14 @@ module Rack
         case req.request_method
         when "GET", "DELETE"
           unless env['QUERY_STRING'] === ''
-            querystring = URI.unescape(env['QUERY_STRING'])
+            querystring = env['QUERY_STRING']
             begin
               Timeout::timeout(@timeout) do
                 resp = @client.bulk_filter(querystring, @configuration_key)
-                env['QUERY_STRING'] = URI.escape(resp.output)
+                env['QUERY_STRING'] = resp.output
                 case @log_destination
                 when 'log'
-                  ::Prevoty::LOGGER << self.class.build_result(@mode, req, querystring, resp).to_json if resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0
+                  ::Prevoty::LOGGER << self.class.build_result(@mode, req, querystring, resp).to_json + "\n" if resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0
                 when 'callback'
                   @callback.call(self.class.build_result(@mode, req, querystring, resp).to_json) if !@callback.nil? && (resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0)
                 end
@@ -42,9 +42,10 @@ module Rack
           if req.media_type === 'multipart/form-data'
             # TODO: implement support for multipart. The Rack multipart
             # implementation doesn't support parsing and re-creating the
-            # mutlipart data so a custom implementation needs to be written
+            # multipart data so a custom implementation needs to be written
           else
-            body = URI.unescape(req.body.read.encode('utf-8'))
+            # First, clean the request body
+            body = req.body.read.encode('utf-8')
             unless body === ''
               begin
                 Timeout::timeout(@timeout) do
@@ -52,7 +53,7 @@ module Rack
                   env['rack.input'] = StringIO.new(resp.output)
                   case @log_destination
                   when 'log'
-                    ::Prevoty::LOGGER << self.class.build_result(@mode, req, body, resp).to_json if resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0
+                    ::Prevoty::LOGGER << self.class.build_result(@mode, req, body, resp).to_json + "\n" if resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0
                   when 'callback'
                     @callback.call(self.class.build_result(@mode, req, body, resp).to_json) if !@callback.nil? && (resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0)
                   end
@@ -64,16 +65,16 @@ module Rack
             end
           end
 
-          # clean any GET data passed
+          # Second, clean any data passed in the query string
           unless env['QUERY_STRING'] === ''
-            querystring = URI.unescape(env['QUERY_STRING'])
+            querystring = env['QUERY_STRING']
             begin
               Timeout::timeout(@timeout) do
                 resp = @client.bulk_filter(querystring, @configuration_key)
-                env['QUERY_STRING'] = URI.escape(resp.output)
+                env['QUERY_STRING'] = resp.output
                 case @log_destination
                 when 'log'
-                  ::Prevoty::LOGGER << self.class.build_result(@mode, req, querystring, resp).to_json if resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0
+                  ::Prevoty::LOGGER << self.class.build_result(@mode, req, querystring, resp).to_json + "\n" if resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0
                 when 'callback'
                   @callback.call(self.class.build_result(@mode, req, querystring, resp).to_json) if !@callback.nil? && (resp.statistics.javascript_attributes > 0 || resp.statistics.javascript_protocols > 0 || resp.statistics.javascript_tags > 0)
                 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: prevoty-rails
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.2
 platform: ruby
 authors:
 - Joe Rozner
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-04 00:00:00.000000000 Z
+date: 2016-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: prevoty