private_address_check 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +8 -1
- data/README.md +2 -2
- data/Rakefile +2 -0
- data/lib/private_address_check/tcpsocket_ext.rb +2 -2
- data/lib/private_address_check/version.rb +1 -1
- data/test/private_address_check/tcpsocket_ext_test.rb +14 -0
- metadata +5 -65
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 80f91ab01d128b94694e76560baf0806989361b3b7d309114a1f67d11bb6a4b2
|
|
4
|
+
data.tar.gz: ca825b1679b5fa3399234bb375573943710040ece8a8950abef4ac95b2242f3b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7cbfd3ce2cd5175a8355431b89597b9111a55382f38258db4da5f10d5b41665f89f88cf75693e04296976ba2948a937421ef90668ddb03054f1455ccb94d4bf
|
|
7
|
+
data.tar.gz: b947a5af3ffde319e3e1391218bbcc020c354ba461e46261a4e972d05fae3957b8e843c62065641198ab94ee5eedf732078c093bfc70d38daedbffa5eb51f2f1
|
data/Gemfile
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
source "https://rubygems.org"
|
|
2
4
|
|
|
3
|
-
# Specify your gem's dependencies in private_address_check.gemspec
|
|
4
5
|
gemspec
|
|
6
|
+
|
|
7
|
+
gem "minitest", "~> 6.0"
|
|
8
|
+
gem "rake", "~> 13.0"
|
|
9
|
+
gem "rubocop", "~> 1.12"
|
|
10
|
+
gem "rubocop-minitest", "~> 0.39.1"
|
|
11
|
+
gem "rubocop-rake", "~> 0.7.1"
|
data/README.md
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
# PrivateAddressCheck
|
|
2
2
|
|
|
3
|
-
[](https://github.com/jtdowney/private_address_check/actions/workflows/ci.yml)
|
|
4
4
|
[](https://codeclimate.com/github/jtdowney/private_address_check)
|
|
5
5
|
|
|
6
6
|
Checks if a URL or hostname would cause a request to a private network (RFC 1918). This is useful in preventing attacks like [Server Side Request Forgery](https://cwe.mitre.org/data/definitions/918.html).
|
|
7
7
|
|
|
8
8
|
## Requirements
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
- Ruby >= 2.7
|
|
11
11
|
|
|
12
12
|
## Installation
|
|
13
13
|
|
data/Rakefile
CHANGED
|
@@ -14,8 +14,8 @@ end
|
|
|
14
14
|
TCPSocket.class_eval do
|
|
15
15
|
alias_method :initialize_without_private_address_check, :initialize
|
|
16
16
|
|
|
17
|
-
def initialize(
|
|
18
|
-
initialize_without_private_address_check(
|
|
17
|
+
def initialize(...)
|
|
18
|
+
initialize_without_private_address_check(...)
|
|
19
19
|
if Thread.current[:private_address_check] && PrivateAddressCheck.resolves_to_private_address?(remote_address.ip_address)
|
|
20
20
|
raise PrivateAddressCheck::PrivateConnectionAttemptedError
|
|
21
21
|
end
|
|
@@ -31,4 +31,18 @@ class TCPSocketExtTest < Minitest::Test
|
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
33
|
end
|
|
34
|
+
|
|
35
|
+
# Ruby 4 added an open_timeout kwarg to TCPSocket.new/open.
|
|
36
|
+
# This is the same check used in https://github.com/ruby/net-http/blob/d7103a1b2c48addb22f87e8ad6713fa4e4f931c4/lib/net/http.rb#L1783
|
|
37
|
+
if Socket.method(:tcp).parameters.include?([:key, :open_timeout])
|
|
38
|
+
def test_public_address_with_timeout
|
|
39
|
+
connected = false
|
|
40
|
+
PrivateAddressCheck.only_public_connections do
|
|
41
|
+
TCPSocket.new("example.com", 80, open_timeout: 30)
|
|
42
|
+
connected = true
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
assert connected
|
|
46
|
+
end
|
|
47
|
+
end
|
|
34
48
|
end
|
metadata
CHANGED
|
@@ -1,71 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: private_address_check
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- John Downey
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
-
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: bundler
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - "~>"
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1.12'
|
|
20
|
-
type: :development
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - "~>"
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '1.12'
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: rake
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - "~>"
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '10.0'
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - "~>"
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '10.0'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: minitest
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - "~>"
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: '5.0'
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - "~>"
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '5.0'
|
|
55
|
-
- !ruby/object:Gem::Dependency
|
|
56
|
-
name: rubocop
|
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
|
58
|
-
requirements:
|
|
59
|
-
- - "~>"
|
|
60
|
-
- !ruby/object:Gem::Version
|
|
61
|
-
version: 0.50.0
|
|
62
|
-
type: :development
|
|
63
|
-
prerelease: false
|
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
-
requirements:
|
|
66
|
-
- - "~>"
|
|
67
|
-
- !ruby/object:Gem::Version
|
|
68
|
-
version: 0.50.0
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
11
|
+
dependencies: []
|
|
69
12
|
description: Checks if a IP or hostname would cause a request to a private network
|
|
70
13
|
(RFC 1918)
|
|
71
14
|
email:
|
|
@@ -89,7 +32,6 @@ homepage: https://github.com/jtdowney/private_address_check
|
|
|
89
32
|
licenses:
|
|
90
33
|
- MIT
|
|
91
34
|
metadata: {}
|
|
92
|
-
post_install_message:
|
|
93
35
|
rdoc_options: []
|
|
94
36
|
require_paths:
|
|
95
37
|
- lib
|
|
@@ -97,16 +39,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
97
39
|
requirements:
|
|
98
40
|
- - ">="
|
|
99
41
|
- !ruby/object:Gem::Version
|
|
100
|
-
version: 2.0
|
|
42
|
+
version: 3.2.0
|
|
101
43
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
102
44
|
requirements:
|
|
103
45
|
- - ">="
|
|
104
46
|
- !ruby/object:Gem::Version
|
|
105
47
|
version: '0'
|
|
106
48
|
requirements: []
|
|
107
|
-
|
|
108
|
-
rubygems_version: 2.7.6
|
|
109
|
-
signing_key:
|
|
49
|
+
rubygems_version: 4.0.3
|
|
110
50
|
specification_version: 4
|
|
111
51
|
summary: Prevent Server Side Request Forgery attacks by checking the destination
|
|
112
52
|
test_files: []
|