RubyGems - rack-address_munging - Versions diffs - 0.1.1 - Mend

rack-address_munging 0.1.1

Files changed (18) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rspec +2 -0
data/.rubocop.yml +5 -0
data/.travis.yml +11 -0
data/Gemfile +6 -0
data/Gemfile.lock +57 -0
data/LICENSE +13 -0
data/README.md +63 -0
data/Rakefile +11 -0
data/lib/rack/address_munging/detection.rb +60 -0
data/lib/rack/address_munging/strategy/hex.rb +41 -0
data/lib/rack/address_munging/strategy/rot13js.rb +49 -0
data/lib/rack/address_munging/strategy.rb +16 -0
data/lib/rack/address_munging/version.rb +7 -0
data/lib/rack/address_munging.rb +46 -0
data/rack-address_munging.gemspec +36 -0
metadata +145 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: '0009c47a3ddb287023fd4a5fa33d7829862b8b97'
+  data.tar.gz: dc0c58999b312febe87685f553ca042a6c4cb667
+SHA512:
+  metadata.gz: 579dc7548505cc0adf879989cf0a6729d3c2693e0526d03974dc965e9c37ff154471f8c78bfa7795ae1fe80d81862a0c33ec0a16a0e13f0dcd8687c9c5913ae8
+  data.tar.gz: 7b0a2e00f16816470029a9bd01c26d8a9cdcda1f3f6aab76bb09f804653359d0b8a3838bba5eaf5b0fdcaf3d65ea5b3cd885f20c35a504bc0bc69673b3276b36

data/.gitignore ADDED Viewed

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --color
2	+ --require spec_helper

data/.rubocop.yml ADDED Viewed

@@ -0,0 +1,5 @@
+Metrics/LineLength:
+  Max: 150
+Style/Semicolon:
+  Enabled: false

data/.travis.yml ADDED Viewed

@@ -0,0 +1,11 @@
+language: ruby
+sudo: false
+script: "bundle exec rake clean spec"
+rvm:
+  - 2.2
+  - 2.3
+  - 2.4
+gemfile:
+  - Gemfile

data/Gemfile ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+# Specify your gem's dependencies in rack-address_munging.gemspec
+gemspec

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,57 @@
+PATH
+  remote: .
+  specs:
+    rack-address_munging (0.1.1)
+      mail (> 2.5.0)
+      rack (>= 0.9.1)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.0)
+    diff-lcs (1.3)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    mini_mime (1.0.0)
+    parallel (1.12.1)
+    parser (2.5.0.3)
+      ast (~> 2.4.0)
+    powerpack (0.1.1)
+    rack (2.0.4)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rubocop (0.53.0)
+      parallel (~> 1.10)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    unicode-display_width (1.3.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 1.16)
+  rack-address_munging!
+  rake (~> 10.0)
+  rspec (~> 3.7.0)
+  rubocop
+BUNDLED WITH
+   1.16.1

data/LICENSE ADDED Viewed

@@ -0,0 +1,13 @@
+Copyright 2018 notus.sh
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md ADDED Viewed

@@ -0,0 +1,63 @@
+# Rack::AddressMunging
+[![Build Status](https://travis-ci.org/notus-sh/rack-address_munging.svg?branch=master)](https://travis-ci.org/notus-sh/rack-address_munging)
+`Rack::AddressMunging` is a Rack middleware for automatic [e-mail addresses munging](https://en.wikipedia.org/wiki/Address_munging).
+Once added to your middleware stack, `Rack::AddressMunging` will parse the body of any HTML response and mung it to obfuscate email addresses, in hope to prevent spambots to collect them too easily.
+## Installation
+`Rack::AddressMunging` is distributed as a gem and available on [rubygems.org](https://rubygems.org/gems/rack-address_munging) so you can add it to your `Gemfile` or install it manually with:
+```ruby
+gem install rack-address_munging
+```
+## Usage
+To use the middleware with it's default configuration, just drop it in your middleware stack:
+```ruby
+# In config.ru or wherever your stack is defined
+require 'rack/address_munging'
+use Rack::AddressMunging
+```
+If you want to use another munging strategy, precise it as an argument:
+```ruby
+# In a Rails initializer
+require 'rack/address_munging'
+module YourRailsAppName
+  class Application
+    config.middleware.use Rack::AddressMunging, strategy: :hex
+  end
+end
+```
+## Supported Strategies
+### `:Hex`
+Replace email addresses and mailto href attributes values with an hexadecimal entities alternative.
+    Input:  email@example.com
+    Output: &#101;&#109;&#97;&#105;&#108;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;
+`:Hex` is the default strategy.
+### `:Rot13JS`
+Replace email addresses and full mailto links with a `<script>` tag that will print it back into the page, based on a [ROT13](https://en.wikipedia.org/wiki/ROT13) version.
+    Input:  email@example.com
+    Output: <script type="text/javascript">document.write("rznvy(at)rknzcyr.pbz".replace(/(at)/, '@').replace(/[a-z]/gi,function(c){return String.fromCharCode((c<="Z"?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);});))</script>
+For more informations about the exact behavior of each strategy, please refer to the [strategies specs data](https://github.com/notus-sh/rack-address_munging/blob/master/spec/data/strategy.yml).
+## Contributing
+Bug reports and pull requests are welcome on GitHub at <https://github.com/notus-sh/rack-address_munging>.

data/Rakefile ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+require 'rubocop/rake_task'
+RuboCop::RakeTask.new
+task default: :spec

data/lib/rack/address_munging/detection.rb ADDED Viewed

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+require 'mail'
+require 'ipaddr'
+module Rack
+  class AddressMunging
+    # This module contains email address detection and validation methods.
+    # It is meant to be included in any munging strategy.
+    module Detection
+      REGEXP_EMAIL  = /[a-z0-9][^@\s'":<>]+@[^@\s'":<>]+[a-z0-9]/i
+      REGEXP_MAILTO = /mailto:#{REGEXP_EMAIL}/i
+      REGEXP_LINK   = %r{<a[^>]+?href="#{REGEXP_MAILTO}"[^>]*?>.+?</a>}i
+      def email?(string)
+        m = ::Mail::Address.new(string)
+        return false unless m.address == string
+        return false unless valid_local?(m.local)
+        return false unless valid_domain?(m.domain)
+        true
+      rescue StandardError
+        false
+      end
+      private
+      def valid_local?(local)
+        return false if local.include?('..')      # Can't contain ..
+        return false if local.include?('@')       # Can't contain an @
+        return false unless local !~ /^"?\s+"?$/  # Can't be blank
+        true
+      end
+      def valid_domain?(domain)
+        return false if ip_address?(domain)
+        return false if local_domain?(domain)
+        return false if hires_image?(domain)
+        return false if domain.include?('..') # Can't contain ..
+        true
+      end
+      def ip_address?(domain)
+        ip = IpAddr.new(domain)
+        ip.to_s == domain
+      rescue StandardError
+        false
+      end
+      def local_domain?(domain)
+        !domain.include?('.') # Must contain at least a .
+      end
+      # /path/to/image@2x.format should not be matched as a valid email
+      # Hashed version of the path shouldn't match either
+      def hires_image?(domain)
+        !(domain !~ /^\dx\.(jpe?g|gif|png|webp)$/ && domain !~ /^\dx-[0-9a-f]{32}\.(jpe?g|gif|png|webp)$/)
+      end
+    end
+  end
+end

data/lib/rack/address_munging/strategy/hex.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    module Strategy
+      # The <tt>:Hex</tt> munging strategy
+      #
+      # Will replace email addresses and mailto href attributes values with
+      # an hexadecimal HTML entities alternative.
+      class Hex
+        include Detection
+        def apply(munged, original)
+          original.each do |part|
+            part = part.dup if part.frozen?
+            part.gsub!(REGEXP_MAILTO) { |m| maybe_encode(m) }
+            part.gsub!(REGEXP_EMAIL)  { |m| maybe_encode(m) }
+            munged.write part
+          end
+        end
+        private
+        def maybe_encode(string)
+          s = to_s(string)
+          email?(s.gsub(/^mailto:/, '')) ? encode(s) : s
+        end
+        def encode(str)
+          to_s(str).unpack('C*').map { |c| format('&#%<c>d;', c: c) }.join
+        end
+        # Normalize a match as a string
+        # (gsub return ActiveSupport::SafeBuffer when ActiveSupport is loaded)
+        def to_s(string)
+          string.respond_to?(:to_str) ? string.to_str : string.try(:to_s)
+        end
+      end
+    end
+  end
+end

data/lib/rack/address_munging/strategy/rot13js.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    module Strategy
+      # The <tt>:Rot13JS</tt> munging strategy
+      #
+      # Will replace email addresses and full mailto links with a <tt><script></tt> tag
+      # that will print it back into the page, based on a ROT13 version.
+      #
+      # The ROT13 implementation used here is a bit different as the original one will not
+      # replace <tt>@</tt>. This fix it, applying a second replacement to switch <tt>@</tt>
+      # with <tt>(at)</tt> in the munged string.
+      #
+      # This strategy does not handle email addresses containing UTF-8 entities.
+      class Rot13JS
+        include Detection
+        def apply(munged, original)
+          original.each do |part|
+            part = part.dup if part.frozen?
+            part.gsub!(REGEXP_LINK)   { |m| maybe_encode(m) }
+            part.gsub!(REGEXP_EMAIL)  { |m| maybe_encode(m) }
+            munged.write part
+          end
+        end
+        private
+        def maybe_encode(string)
+          s = to_s(string)
+          s.scan(REGEXP_EMAIL).collect { |m| email?(to_s(m)) }.any? ? encode(s) : s
+        end
+        def encode(str)
+          <<-ENCODED.strip
+          <script type="text/javascript">document.write("#{to_s(str).tr('A-Za-z', 'N-ZA-Mn-za-m').gsub('@', '(at)')}".replace(/\(at\)/, '@').replace(/[a-z]/gi,function(c){return String.fromCharCode((c<="Z"?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);});))</script>
+          ENCODED
+        end
+        # Normalize a match as a string
+        # (gsub return ActiveSupport::SafeBuffer when ActiveSupport is loaded)
+        def to_s(string)
+          string.respond_to?(:to_str) ? string.to_str : string.try(:to_s)
+        end
+      end
+    end
+  end
+end

data/lib/rack/address_munging/strategy.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    # This module group all available munging strategies.
+    #
+    # When the Rack::AddressMunging middleware is instanciated, the required
+    # strategy is loaded as a child constant of this module. If you want to
+    # write your own munging strategy, you must create it as a subclass of
+    # <tt>Rack::AddressMunging::Strategy</tt> for it to be usable.
+    module Strategy
+      autoload :Hex,      'rack/address_munging/strategy/hex'
+      autoload :Rot13JS,  'rack/address_munging/strategy/rot13js'
+    end
+  end
+end

data/lib/rack/address_munging/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    VERSION = '0.1.1'
+  end
+end

data/lib/rack/address_munging.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require 'rack/response'
+module Rack
+  # The Rack::AddressMunging middleware, meant to be used in your Rack stack.
+  #
+  # All other modules meant for use in your application are <tt>autoload</tt>ed here,
+  # so it should be enough just to <tt>require 'rack/address_munging'</tt> in your code.
+  #
+  # To add the middleware to your stack, use:
+  # <code>use Rack::AddressMunging</code>
+  #
+  # If you want to use another munging strategy, precise it as an argument:
+  # <code>use Rack::AddressMunging, strategy: :hex</code>
+  class AddressMunging
+    autoload :Strategy,   'rack/address_munging/strategy'
+    autoload :Detection,  'rack/address_munging/detection'
+    attr_reader :strategy
+    def initialize(app, options = {})
+      @app = app
+      @options = { strategy: :Hex }.merge(options)
+      @strategy = Strategy.const_get(@options[:strategy]).new
+    end
+    def call(env)
+      @status, @headers, @response = @app.call(env)
+      mung! if html?
+      [@status, @headers, @response]
+    end
+    private
+    def html?
+      !(@headers['Content-Type'] =~ /html/).nil?
+    end
+    def mung!
+      @response = Response.new([], @status, @headers).tap do |r|
+        @strategy.apply(r, @response)
+      end
+    end
+  end
+end

data/rack-address_munging.gemspec ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rack/address_munging/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'rack-address_munging'
+  spec.version       = Rack::AddressMunging::VERSION
+  spec.licenses      = ['Apache-2.0']
+  spec.authors       = ['Gaël-Ian Havard']
+  spec.email         = ['gael-ian@notus.sh']
+  spec.summary       = 'Rack middleware for automatic address munging.'
+  spec.description   = 'A Rack middleware for automatic e-mail addresses munging.'
+  spec.homepage      = 'https://github.com/notus-sh/rack-address_munging'
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = 'https://rubygems.org'
+  else
+    raise "RubyGems 2.0 or newer is required."
+  end
+  spec.require_paths = ['lib']
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.add_dependency 'mail', '> 2.5.0'
+  spec.add_dependency 'rack', '>= 0.9.1'
+  spec.add_development_dependency 'bundler',  '~> 1.16'
+  spec.add_development_dependency 'rake',     '~> 10.0'
+  spec.add_development_dependency 'rspec',    '~> 3.7.0'
+  spec.add_development_dependency 'rubocop'
+end

metadata ADDED Viewed

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: rack-address_munging
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Gaël-Ian Havard
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2018-03-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Rack middleware for automatic e-mail addresses munging.
+email:
+- gael-ian@notus.sh
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- lib/rack/address_munging.rb
+- lib/rack/address_munging/detection.rb
+- lib/rack/address_munging/strategy.rb
+- lib/rack/address_munging/strategy/hex.rb
+- lib/rack/address_munging/strategy/rot13js.rb
+- lib/rack/address_munging/version.rb
+- rack-address_munging.gemspec
+homepage: https://github.com/notus-sh/rack-address_munging
+licenses:
+- Apache-2.0
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.14
+signing_key:
+specification_version: 4
+summary: Rack middleware for automatic address munging.
+test_files: []