RubyGems - rack-address_munging - Versions diffs - 0.1.1 - Mend

rack-address_munging 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rspec +2 -0
data/.rubocop.yml +5 -0
data/.travis.yml +11 -0
data/Gemfile +6 -0
data/Gemfile.lock +57 -0
data/LICENSE +13 -0
data/README.md +63 -0
data/Rakefile +11 -0
data/lib/rack/address_munging/detection.rb +60 -0
data/lib/rack/address_munging/strategy/hex.rb +41 -0
data/lib/rack/address_munging/strategy/rot13js.rb +49 -0
data/lib/rack/address_munging/strategy.rb +16 -0
data/lib/rack/address_munging/version.rb +7 -0
data/lib/rack/address_munging.rb +46 -0
data/rack-address_munging.gemspec +36 -0
metadata +145 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: '0009c47a3ddb287023fd4a5fa33d7829862b8b97'
+  data.tar.gz: dc0c58999b312febe87685f553ca042a6c4cb667
+SHA512:
+  metadata.gz: 579dc7548505cc0adf879989cf0a6729d3c2693e0526d03974dc965e9c37ff154471f8c78bfa7795ae1fe80d81862a0c33ec0a16a0e13f0dcd8687c9c5913ae8
+  data.tar.gz: 7b0a2e00f16816470029a9bd01c26d8a9cdcda1f3f6aab76bb09f804653359d0b8a3838bba5eaf5b0fdcaf3d65ea5b3cd885f20c35a504bc0bc69673b3276b36

data/.gitignore ADDED Viewed

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --color
2	+ --require spec_helper

data/.rubocop.yml ADDED Viewed

@@ -0,0 +1,5 @@
+Metrics/LineLength:
+  Max: 150
+Style/Semicolon:
+  Enabled: false

data/.travis.yml ADDED Viewed

@@ -0,0 +1,11 @@
+language: ruby
+sudo: false
+script: "bundle exec rake clean spec"
+rvm:
+  - 2.2
+  - 2.3
+  - 2.4
+gemfile:
+  - Gemfile

data/Gemfile ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+# Specify your gem's dependencies in rack-address_munging.gemspec
+gemspec

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,57 @@
+PATH
+  remote: .
+  specs:
+    rack-address_munging (0.1.1)
+      mail (> 2.5.0)
+      rack (>= 0.9.1)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.0)
+    diff-lcs (1.3)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    mini_mime (1.0.0)
+    parallel (1.12.1)
+    parser (2.5.0.3)
+      ast (~> 2.4.0)
+    powerpack (0.1.1)
+    rack (2.0.4)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rubocop (0.53.0)
+      parallel (~> 1.10)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.9.0)
+    unicode-display_width (1.3.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 1.16)
+  rack-address_munging!
+  rake (~> 10.0)
+  rspec (~> 3.7.0)
+  rubocop
+BUNDLED WITH
+   1.16.1

data/LICENSE ADDED Viewed

@@ -0,0 +1,13 @@
+Copyright 2018 notus.sh
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md ADDED Viewed

@@ -0,0 +1,63 @@
+# Rack::AddressMunging
+[![Build Status](https://travis-ci.org/notus-sh/rack-address_munging.svg?branch=master)](https://travis-ci.org/notus-sh/rack-address_munging)
+`Rack::AddressMunging` is a Rack middleware for automatic [e-mail addresses munging](https://en.wikipedia.org/wiki/Address_munging).
+Once added to your middleware stack, `Rack::AddressMunging` will parse the body of any HTML response and mung it to obfuscate email addresses, in hope to prevent spambots to collect them too easily.
+## Installation
+`Rack::AddressMunging` is distributed as a gem and available on [rubygems.org](https://rubygems.org/gems/rack-address_munging) so you can add it to your `Gemfile` or install it manually with:
+```ruby
+gem install rack-address_munging
+```
+## Usage
+To use the middleware with it's default configuration, just drop it in your middleware stack:
+```ruby
+# In config.ru or wherever your stack is defined
+require 'rack/address_munging'
+use Rack::AddressMunging
+```
+If you want to use another munging strategy, precise it as an argument:
+```ruby
+# In a Rails initializer
+require 'rack/address_munging'
+module YourRailsAppName
+  class Application
+    config.middleware.use Rack::AddressMunging, strategy: :hex
+  end
+end
+```
+## Supported Strategies
+### `:Hex`
+Replace email addresses and mailto href attributes values with an hexadecimal entities alternative.
+    Input:  email@example.com
+    Output: &#101;&#109;&#97;&#105;&#108;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;
+`:Hex` is the default strategy.
+### `:Rot13JS`
+Replace email addresses and full mailto links with a `<script>` tag that will print it back into the page, based on a [ROT13](https://en.wikipedia.org/wiki/ROT13) version.
+    Input:  email@example.com
+    Output: <script type="text/javascript">document.write("rznvy(at)rknzcyr.pbz".replace(/(at)/, '@').replace(/[a-z]/gi,function(c){return String.fromCharCode((c<="Z"?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);});))</script>
+For more informations about the exact behavior of each strategy, please refer to the [strategies specs data](https://github.com/notus-sh/rack-address_munging/blob/master/spec/data/strategy.yml).
+## Contributing
+Bug reports and pull requests are welcome on GitHub at <https://github.com/notus-sh/rack-address_munging>.

data/Rakefile ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+require 'rubocop/rake_task'
+RuboCop::RakeTask.new
+task default: :spec

data/lib/rack/address_munging/detection.rb ADDED Viewed

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+require 'mail'
+require 'ipaddr'
+module Rack
+  class AddressMunging
+    # This module contains email address detection and validation methods.
+    # It is meant to be included in any munging strategy.
+    module Detection
+      REGEXP_EMAIL  = /[a-z0-9][^@\s'":<>]+@[^@\s'":<>]+[a-z0-9]/i
+      REGEXP_MAILTO = /mailto:#{REGEXP_EMAIL}/i
+      REGEXP_LINK   = %r{<a[^>]+?href="#{REGEXP_MAILTO}"[^>]*?>.+?</a>}i
+      def email?(string)
+        m = ::Mail::Address.new(string)
+        return false unless m.address == string
+        return false unless valid_local?(m.local)
+        return false unless valid_domain?(m.domain)
+        true
+      rescue StandardError
+        false
+      end
+      private
+      def valid_local?(local)
+        return false if local.include?('..')      # Can't contain ..
+        return false if local.include?('@')       # Can't contain an @
+        return false unless local !~ /^"?\s+"?$/  # Can't be blank
+        true
+      end
+      def valid_domain?(domain)
+        return false if ip_address?(domain)
+        return false if local_domain?(domain)
+        return false if hires_image?(domain)
+        return false if domain.include?('..') # Can't contain ..
+        true
+      end
+      def ip_address?(domain)
+        ip = IpAddr.new(domain)
+        ip.to_s == domain
+      rescue StandardError
+        false
+      end
+      def local_domain?(domain)
+        !domain.include?('.') # Must contain at least a .
+      end
+      # /path/to/image@2x.format should not be matched as a valid email
+      # Hashed version of the path shouldn't match either
+      def hires_image?(domain)
+        !(domain !~ /^\dx\.(jpe?g|gif|png|webp)$/ && domain !~ /^\dx-[0-9a-f]{32}\.(jpe?g|gif|png|webp)$/)
+      end
+    end
+  end
+end

data/lib/rack/address_munging/strategy/hex.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    module Strategy
+      # The <tt>:Hex</tt> munging strategy
+      #
+      # Will replace email addresses and mailto href attributes values with
+      # an hexadecimal HTML entities alternative.
+      class Hex
+        include Detection
+        def apply(munged, original)
+          original.each do |part|
+            part = part.dup if part.frozen?
+            part.gsub!(REGEXP_MAILTO) { |m| maybe_encode(m) }
+            part.gsub!(REGEXP_EMAIL)  { |m| maybe_encode(m) }
+            munged.write part
+          end
+        end
+        private
+        def maybe_encode(string)
+          s = to_s(string)
+          email?(s.gsub(/^mailto:/, '')) ? encode(s) : s
+        end
+        def encode(str)
+          to_s(str).unpack('C*').map { |c| format('&#%<c>d;', c: c) }.join
+        end
+        # Normalize a match as a string
+        # (gsub return ActiveSupport::SafeBuffer when ActiveSupport is loaded)
+        def to_s(string)
+          string.respond_to?(:to_str) ? string.to_str : string.try(:to_s)
+        end
+      end
+    end
+  end
+end

data/lib/rack/address_munging/strategy/rot13js.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    module Strategy
+      # The <tt>:Rot13JS</tt> munging strategy
+      #
+      # Will replace email addresses and full mailto links with a <tt><script></tt> tag
+      # that will print it back into the page, based on a ROT13 version.
+      #
+      # The ROT13 implementation used here is a bit different as the original one will not
+      # replace <tt>@</tt>. This fix it, applying a second replacement to switch <tt>@</tt>
+      # with <tt>(at)</tt> in the munged string.
+      #
+      # This strategy does not handle email addresses containing UTF-8 entities.
+      class Rot13JS
+        include Detection
+        def apply(munged, original)
+          original.each do |part|
+            part = part.dup if part.frozen?
+            part.gsub!(REGEXP_LINK)   { |m| maybe_encode(m) }
+            part.gsub!(REGEXP_EMAIL)  { |m| maybe_encode(m) }
+            munged.write part
+          end
+        end
+        private
+        def maybe_encode(string)
+          s = to_s(string)
+          s.scan(REGEXP_EMAIL).collect { |m| email?(to_s(m)) }.any? ? encode(s) : s
+        end
+        def encode(str)
+          <<-ENCODED.strip
+          <script type="text/javascript">document.write("#{to_s(str).tr('A-Za-z', 'N-ZA-Mn-za-m').gsub('@', '(at)')}".replace(/\(at\)/, '@').replace(/[a-z]/gi,function(c){return String.fromCharCode((c<="Z"?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);});))</script>
+          ENCODED
+        end
+        # Normalize a match as a string
+        # (gsub return ActiveSupport::SafeBuffer when ActiveSupport is loaded)
+        def to_s(string)
+          string.respond_to?(:to_str) ? string.to_str : string.try(:to_s)
+        end
+      end
+    end
+  end
+end

data/lib/rack/address_munging/strategy.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    # This module group all available munging strategies.
+    #
+    # When the Rack::AddressMunging middleware is instanciated, the required
+    # strategy is loaded as a child constant of this module. If you want to
+    # write your own munging strategy, you must create it as a subclass of
+    # <tt>Rack::AddressMunging::Strategy</tt> for it to be usable.
+    module Strategy
+      autoload :Hex,      'rack/address_munging/strategy/hex'
+      autoload :Rot13JS,  'rack/address_munging/strategy/rot13js'
+    end
+  end
+end

data/lib/rack/address_munging/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module Rack
+  class AddressMunging
+    VERSION = '0.1.1'
+  end
+end

data/lib/rack/address_munging.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require 'rack/response'
+module Rack
+  # The Rack::AddressMunging middleware, meant to be used in your Rack stack.
+  #
+  # All other modules meant for use in your application are <tt>autoload</tt>ed here,
+  # so it should be enough just to <tt>require 'rack/address_munging'</tt> in your code.
+  #
+  # To add the middleware to your stack, use:
+  # <code>use Rack::AddressMunging</code>
+  #
+  # If you want to use another munging strategy, precise it as an argument:
+  # <code>use Rack::AddressMunging, strategy: :hex</code>
+  class AddressMunging
+    autoload :Strategy,   'rack/address_munging/strategy'
+    autoload :Detection,  'rack/address_munging/detection'
+    attr_reader :strategy
+    def initialize(app, options = {})
+      @app = app
+      @options = { strategy: :Hex }.merge(options)
+      @strategy = Strategy.const_get(@options[:strategy]).new
+    end
+    def call(env)
+      @status, @headers, @response = @app.call(env)
+      mung! if html?
+      [@status, @headers, @response]
+    end
+    private
+    def html?
+      !(@headers['Content-Type'] =~ /html/).nil?
+    end
+    def mung!
+      @response = Response.new([], @status, @headers).tap do |r|
+        @strategy.apply(r, @response)
+      end
+    end
+  end
+end

data/rack-address_munging.gemspec ADDED Viewed

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rack/address_munging/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'rack-address_munging'
+  spec.version       = Rack::AddressMunging::VERSION
+  spec.licenses      = ['Apache-2.0']
+  spec.authors       = ['Gaël-Ian Havard']
+  spec.email         = ['gael-ian@notus.sh']
+  spec.summary       = 'Rack middleware for automatic address munging.'
+  spec.description   = 'A Rack middleware for automatic e-mail addresses munging.'
+  spec.homepage      = 'https://github.com/notus-sh/rack-address_munging'
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = 'https://rubygems.org'
+  else
+    raise "RubyGems 2.0 or newer is required."
+  end
+  spec.require_paths = ['lib']
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.add_dependency 'mail', '> 2.5.0'
+  spec.add_dependency 'rack', '>= 0.9.1'
+  spec.add_development_dependency 'bundler',  '~> 1.16'
+  spec.add_development_dependency 'rake',     '~> 10.0'
+  spec.add_development_dependency 'rspec',    '~> 3.7.0'
+  spec.add_development_dependency 'rubocop'
+end

metadata ADDED Viewed

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: rack-address_munging
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Gaël-Ian Havard
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2018-03-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: mail
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.7.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A Rack middleware for automatic e-mail addresses munging.
+email:
+- gael-ian@notus.sh
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- lib/rack/address_munging.rb
+- lib/rack/address_munging/detection.rb
+- lib/rack/address_munging/strategy.rb
+- lib/rack/address_munging/strategy/hex.rb
+- lib/rack/address_munging/strategy/rot13js.rb
+- lib/rack/address_munging/version.rb
+- rack-address_munging.gemspec
+homepage: https://github.com/notus-sh/rack-address_munging
+licenses:
+- Apache-2.0
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.14
+signing_key:
+specification_version: 4
+summary: Rack middleware for automatic address munging.
+test_files: []