protect_via_honeypots 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/LICENSE +20 -0
- data/README.textile +49 -0
- data/Rakefile +55 -0
- data/VERSION +1 -0
- data/init.rb +1 -0
- data/lib/protect_via_honeypots/form_tag_helper_extensions.rb +42 -0
- data/lib/protect_via_honeypots.rb +35 -0
- data/pkg/protect_via_honeypots-0.1.0.gem +0 -0
- data/pkg/protect_via_honeypots-0.1.1.gem +0 -0
- data/protect_via_honeypots.gemspec +57 -0
- data/test/helper.rb +10 -0
- metadata +95 -0
data/.gitignore
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 Roy van der Meij
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.textile
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
h1. protect_via_honeypots
|
2
|
+
|
3
|
+
In the never ending battle with the form bots, here's my attempt to mislead them.
|
4
|
+
protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
|
5
|
+
So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)
|
6
|
+
|
7
|
+
h2. Installation
|
8
|
+
|
9
|
+
Install the protect_via_honeypots gem:
|
10
|
+
|
11
|
+
<pre>
|
12
|
+
sudo gem install protect_via_honeypots
|
13
|
+
</pre>
|
14
|
+
|
15
|
+
Add protect_via_honeypots in environment.rb as a gem dependency:
|
16
|
+
|
17
|
+
<pre>
|
18
|
+
config.gem "protect_via_honeypots"
|
19
|
+
</pre>
|
20
|
+
|
21
|
+
Or place it in your Gemfile
|
22
|
+
|
23
|
+
<pre>
|
24
|
+
gem "protect_via_honeypots"
|
25
|
+
</pre>
|
26
|
+
|
27
|
+
h2. Usage
|
28
|
+
|
29
|
+
Place the following in your application_controller.rb
|
30
|
+
|
31
|
+
<pre>
|
32
|
+
protect_via_honeypots
|
33
|
+
</pre>
|
34
|
+
|
35
|
+
And your done!
|
36
|
+
|
37
|
+
h1. Note on Patches/Pull Requests
|
38
|
+
|
39
|
+
* Fork the project.
|
40
|
+
* Make your feature addition or bug fix.
|
41
|
+
* Add tests for it. This is important so I don't break it in a
|
42
|
+
future version unintentionally.
|
43
|
+
* Commit, do not mess with rakefile, version, or history.
|
44
|
+
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
|
45
|
+
* Send me a pull request. Bonus points for topic branches.
|
46
|
+
|
47
|
+
h1. Copyright
|
48
|
+
|
49
|
+
Copyright (c) 2010 Roy van der Meij. See LICENSE for details.
|
data/Rakefile
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
|
4
|
+
begin
|
5
|
+
require 'jeweler'
|
6
|
+
Jeweler::Tasks.new do |gem|
|
7
|
+
gem.name = "protect_via_honeypots"
|
8
|
+
gem.summary = %Q{Protect your apps for bots via honeypots}
|
9
|
+
gem.description = %Q{In the never ending battle with the form bots, here's my attempt to mislead them.
|
10
|
+
protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
|
11
|
+
So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)}
|
12
|
+
gem.email = "roy@royapps.nl"
|
13
|
+
gem.homepage = "http://github.com/roy/hello-gem"
|
14
|
+
gem.authors = ["Roy van der Meij"]
|
15
|
+
gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
|
16
|
+
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
17
|
+
end
|
18
|
+
Jeweler::GemcutterTasks.new
|
19
|
+
rescue LoadError
|
20
|
+
puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
|
21
|
+
end
|
22
|
+
|
23
|
+
require 'rake/testtask'
|
24
|
+
Rake::TestTask.new(:test) do |test|
|
25
|
+
test.libs << 'lib' << 'test'
|
26
|
+
test.pattern = 'test/**/test_*.rb'
|
27
|
+
test.verbose = true
|
28
|
+
end
|
29
|
+
|
30
|
+
begin
|
31
|
+
require 'rcov/rcovtask'
|
32
|
+
Rcov::RcovTask.new do |test|
|
33
|
+
test.libs << 'test'
|
34
|
+
test.pattern = 'test/**/test_*.rb'
|
35
|
+
test.verbose = true
|
36
|
+
end
|
37
|
+
rescue LoadError
|
38
|
+
task :rcov do
|
39
|
+
abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
task :test => :check_dependencies
|
44
|
+
|
45
|
+
task :default => :test
|
46
|
+
|
47
|
+
require 'rake/rdoctask'
|
48
|
+
Rake::RDocTask.new do |rdoc|
|
49
|
+
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
50
|
+
|
51
|
+
rdoc.rdoc_dir = 'rdoc'
|
52
|
+
rdoc.title = "protect_via_honeypots #{version}"
|
53
|
+
rdoc.rdoc_files.include('README*')
|
54
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
55
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.1.1
|
data/init.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "lib", "protect_via_honeypots")
|
@@ -0,0 +1,42 @@
|
|
1
|
+
=begin
|
2
|
+
module ProtectViaHoneypots::FormTagHelperExtensions
|
3
|
+
#alias_method :old_extra_tags_for_form, :extra_tags_for_form
|
4
|
+
#def extra_tags_for_form(html_options)
|
5
|
+
# tags = ProtectViaHoneypots.honeypot_tags.collect do |tag|
|
6
|
+
# tag(:input, :type => "hidden", :name => tag, :value => "")
|
7
|
+
# end
|
8
|
+
|
9
|
+
# old_extra_tags_for_form(html_options) + content_tag(:div, tags, :style => 'margin:0;padding:0;display:inline')
|
10
|
+
#end
|
11
|
+
|
12
|
+
def extra_tags_for_form(html_options)
|
13
|
+
raise "ERROR"
|
14
|
+
tags = ProtectViaHoneypots.honeypot_tags.collect do |tag|
|
15
|
+
tag(:input, :type => "hidden", :name => tag, :value => "")
|
16
|
+
end
|
17
|
+
|
18
|
+
super + content_tag(:div, tags, :style => 'margin:0;padding:0;display:inline')
|
19
|
+
end
|
20
|
+
end
|
21
|
+
=end
|
22
|
+
|
23
|
+
module ActionView
|
24
|
+
module Helpers
|
25
|
+
module FormTagHelper
|
26
|
+
alias_method :old_extra_tags_for_form, :extra_tags_for_form
|
27
|
+
def extra_tags_for_form(html_options)
|
28
|
+
tags = ProtectViaHoneypots::HONEYPOT_TAGS.collect do |tag|
|
29
|
+
tag(:input, :type => "text", :name => tag, :value => "")
|
30
|
+
end
|
31
|
+
|
32
|
+
old_extra_tags_for_form(html_options) + content_tag(:div, tags, :style => 'margin:0;padding:0;display:none')
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
module ActionController #:nodoc:
|
40
|
+
class InvalidHoneyPots < ActionControllerError #:nodoc:
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
|
2
|
+
module ProtectViaHoneypots
|
3
|
+
HONEYPOT_TAGS = [:email_pot, :name_pot]
|
4
|
+
|
5
|
+
def self.included(base)
|
6
|
+
base.extend ClassMethods
|
7
|
+
end
|
8
|
+
|
9
|
+
module ClassMethods
|
10
|
+
def protect_via_honeypots
|
11
|
+
include InstanceMethods
|
12
|
+
|
13
|
+
before_filter :verify_honeypots
|
14
|
+
require 'protect_via_honeypots/form_tag_helper_extensions'
|
15
|
+
#ActionView::Helpers::FormTagHelper.send(:include, ProtectViaHoneypots::FormTagHelperExtensions)
|
16
|
+
end
|
17
|
+
|
18
|
+
end
|
19
|
+
|
20
|
+
module InstanceMethods
|
21
|
+
def verify_honeypots
|
22
|
+
verified_request? || raise (ActionController::InvalidHoneyPots)
|
23
|
+
end
|
24
|
+
|
25
|
+
def verified_request?
|
26
|
+
ProtectViaHoneypots::HONEYPOT_TAGS.all?{ |x| params[x].blank? }
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
|
32
|
+
# Set it all up
|
33
|
+
if Object.const_defined?("ActionController")
|
34
|
+
ActionController::Base.send(:include, ProtectViaHoneypots)
|
35
|
+
end
|
Binary file
|
Binary file
|
@@ -0,0 +1,57 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{protect_via_honeypots}
|
8
|
+
s.version = "0.1.1"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Roy van der Meij"]
|
12
|
+
s.date = %q{2010-10-28}
|
13
|
+
s.description = %q{In the never ending battle with the form bots, here's my attempt to mislead them.
|
14
|
+
protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
|
15
|
+
So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)}
|
16
|
+
s.email = %q{roy@royapps.nl}
|
17
|
+
s.extra_rdoc_files = [
|
18
|
+
"LICENSE",
|
19
|
+
"README.textile"
|
20
|
+
]
|
21
|
+
s.files = [
|
22
|
+
".gitignore",
|
23
|
+
"LICENSE",
|
24
|
+
"README.textile",
|
25
|
+
"Rakefile",
|
26
|
+
"VERSION",
|
27
|
+
"init.rb",
|
28
|
+
"lib/protect_via_honeypots.rb",
|
29
|
+
"lib/protect_via_honeypots/form_tag_helper_extensions.rb",
|
30
|
+
"pkg/protect_via_honeypots-0.1.0.gem",
|
31
|
+
"pkg/protect_via_honeypots-0.1.1.gem",
|
32
|
+
"protect_via_honeypots.gemspec",
|
33
|
+
"test/helper.rb"
|
34
|
+
]
|
35
|
+
s.homepage = %q{http://github.com/roy/hello-gem}
|
36
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
37
|
+
s.require_paths = ["lib"]
|
38
|
+
s.rubygems_version = %q{1.3.7}
|
39
|
+
s.summary = %q{Protect your apps for bots via honeypots}
|
40
|
+
s.test_files = [
|
41
|
+
"test/helper.rb"
|
42
|
+
]
|
43
|
+
|
44
|
+
if s.respond_to? :specification_version then
|
45
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
46
|
+
s.specification_version = 3
|
47
|
+
|
48
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
49
|
+
s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
|
50
|
+
else
|
51
|
+
s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
|
52
|
+
end
|
53
|
+
else
|
54
|
+
s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
data/test/helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,95 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: protect_via_honeypots
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 25
|
5
|
+
prerelease: false
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 1
|
9
|
+
- 1
|
10
|
+
version: 0.1.1
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Roy van der Meij
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2010-10-28 00:00:00 +02:00
|
19
|
+
default_executable:
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
name: thoughtbot-shoulda
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
hash: 3
|
30
|
+
segments:
|
31
|
+
- 0
|
32
|
+
version: "0"
|
33
|
+
type: :development
|
34
|
+
version_requirements: *id001
|
35
|
+
description: |-
|
36
|
+
In the never ending battle with the form bots, here's my attempt to mislead them.
|
37
|
+
protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
|
38
|
+
So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)
|
39
|
+
email: roy@royapps.nl
|
40
|
+
executables: []
|
41
|
+
|
42
|
+
extensions: []
|
43
|
+
|
44
|
+
extra_rdoc_files:
|
45
|
+
- LICENSE
|
46
|
+
- README.textile
|
47
|
+
files:
|
48
|
+
- .gitignore
|
49
|
+
- LICENSE
|
50
|
+
- README.textile
|
51
|
+
- Rakefile
|
52
|
+
- VERSION
|
53
|
+
- init.rb
|
54
|
+
- lib/protect_via_honeypots.rb
|
55
|
+
- lib/protect_via_honeypots/form_tag_helper_extensions.rb
|
56
|
+
- pkg/protect_via_honeypots-0.1.0.gem
|
57
|
+
- pkg/protect_via_honeypots-0.1.1.gem
|
58
|
+
- protect_via_honeypots.gemspec
|
59
|
+
- test/helper.rb
|
60
|
+
has_rdoc: true
|
61
|
+
homepage: http://github.com/roy/hello-gem
|
62
|
+
licenses: []
|
63
|
+
|
64
|
+
post_install_message:
|
65
|
+
rdoc_options:
|
66
|
+
- --charset=UTF-8
|
67
|
+
require_paths:
|
68
|
+
- lib
|
69
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
70
|
+
none: false
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
hash: 3
|
75
|
+
segments:
|
76
|
+
- 0
|
77
|
+
version: "0"
|
78
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
79
|
+
none: false
|
80
|
+
requirements:
|
81
|
+
- - ">="
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
hash: 3
|
84
|
+
segments:
|
85
|
+
- 0
|
86
|
+
version: "0"
|
87
|
+
requirements: []
|
88
|
+
|
89
|
+
rubyforge_project:
|
90
|
+
rubygems_version: 1.3.7
|
91
|
+
signing_key:
|
92
|
+
specification_version: 3
|
93
|
+
summary: Protect your apps for bots via honeypots
|
94
|
+
test_files:
|
95
|
+
- test/helper.rb
|