rack-attack 4.3.1 → 5.4.2

data/spec/fail2ban_spec.rb

@@ -1,4 +1,5 @@
 require_relative 'spec_helper'
+
 describe 'Rack::Attack.Fail2Ban' do
   before do
     # Use a long findtime; failures due to cache key rotation less likely
@@ -6,9 +7,10 @@ describe 'Rack::Attack.Fail2Ban' do
     @findtime = 60
     @bantime  = 60
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-    @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
-    Rack::Attack.blacklist('pentest') do |req|
-      Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
+    @f2b_options = { :bantime => @bantime, :findtime => @findtime, :maxretry => 2 }
+
+    Rack::Attack.blocklist('pentest') do |req|
+      Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options) { req.query_string =~ /OMGHAX/ }
     end
   end
 
@@ -23,12 +25,13 @@ describe 'Rack::Attack.Fail2Ban' do
     describe 'making failing request' do
       describe 'when not at maxretry' do
         before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
         it 'fails' do
           last_response.status.must_equal 403
         end
 
         it 'increases fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+          key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
           @cache.store.read(key).must_equal 1
         end
 
@@ -50,7 +53,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'increases fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+          key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
           @cache.store.read(key).must_equal 2
         end
 
@@ -72,8 +75,8 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'resets fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
-          @cache.store.read(key).must_equal nil
+          key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
+          assert_nil @cache.store.read(key)
         end
 
         it 'IP is not banned' do
@@ -107,7 +110,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'does not increase fail count' do
-        key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+        key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
         @cache.store.read(key).must_equal 2
       end
 
@@ -127,7 +130,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'does not increase fail count' do
-        key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+        key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
         @cache.store.read(key).must_equal 2
       end
 
@@ -136,6 +139,5 @@ describe 'Rack::Attack.Fail2Ban' do
         @cache.store.read(key).must_equal 1
       end
     end
-
   end
 end

data/spec/integration/offline_spec.rb

@@ -1,10 +1,7 @@
 require 'active_support/cache'
-require 'active_support/cache/redis_store'
-require 'dalli'
 require_relative '../spec_helper'
 
 OfflineExamples = Minitest::SharedExamples.new do
-
   it 'should write' do
     @cache.write('cache-test-key', 'foobar', 1)
   end
@@ -16,32 +13,33 @@ OfflineExamples = Minitest::SharedExamples.new do
   it 'should count' do
     @cache.send(:do_count, 'rack::attack::cache-test-key', 1)
   end
-
 end
 
-describe 'when Redis is offline' do
-  include OfflineExamples
-
-  before {
-    @cache = Rack::Attack::Cache.new
-    # Use presumably unused port for Redis client
-    @cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333)
-  }
+if defined?(::ActiveSupport::Cache::RedisStore)
+  describe 'when Redis is offline' do
+    include OfflineExamples
 
+    before do
+      @cache = Rack::Attack::Cache.new
+      # Use presumably unused port for Redis client
+      @cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333)
+    end
+  end
 end
 
-describe 'when Memcached is offline' do
-  include OfflineExamples
-
-  before {
-    Dalli.logger.level = Logger::FATAL
+if defined?(::Dalli)
+  describe 'when Memcached is offline' do
+    include OfflineExamples
 
-    @cache = Rack::Attack::Cache.new
-    @cache.store = Dalli::Client.new('127.0.0.1:22122')
-  }
+    before do
+      Dalli.logger.level = Logger::FATAL
 
-  after {
-    Dalli.logger.level = Logger::INFO
-  }
+      @cache = Rack::Attack::Cache.new
+      @cache.store = Dalli::Client.new('127.0.0.1:22122')
+    end
 
+    after do
+      Dalli.logger.level = Logger::INFO
+    end
+  end
 end

data/spec/rack_attack_dalli_proxy_spec.rb

@@ -1,10 +1,8 @@
 require_relative 'spec_helper'
 
 describe Rack::Attack::StoreProxy::DalliProxy do
-
   it 'should stub Dalli::Client#with on older clients' do
     proxy = Rack::Attack::StoreProxy::DalliProxy.new(Class.new)
     proxy.with {} # will not raise an error
   end
-
 end

data/spec/rack_attack_request_spec.rb

@@ -9,11 +9,11 @@ describe 'Rack::Attack' do
         end
       end
 
-      Rack::Attack.whitelist('valid IP') do |req|
+      Rack::Attack.safelist('valid IP') do |req|
         req.remote_ip == "127.0.0.1"
       end
     end
 
-    allow_ok_requests
+    it_allows_ok_requests
   end
 end

data/spec/rack_attack_spec.rb

@@ -1,11 +1,11 @@
 require_relative 'spec_helper'
 
 describe 'Rack::Attack' do
-  allow_ok_requests
+  it_allows_ok_requests
 
   describe 'normalizing paths' do
     before do
-      Rack::Attack.blacklist("banned_path") {|req| req.path == '/foo' }
+      Rack::Attack.blocklist("banned_path") { |req| req.path == '/foo' }
     end
 
     it 'blocks requests with trailing slash' do
@@ -14,50 +14,85 @@ describe 'Rack::Attack' do
     end
   end
 
-  describe 'blacklist' do
+  describe 'blocklist' do
     before do
       @bad_ip = '1.2.3.4'
-      Rack::Attack.blacklist("ip #{@bad_ip}") {|req| req.ip == @bad_ip }
+      Rack::Attack.blocklist("ip #{@bad_ip}") { |req| req.ip == @bad_ip }
     end
 
-    it('has a blacklist') {
-      Rack::Attack.blacklists.key?("ip #{@bad_ip}").must_equal true
+    it('has a blocklist') {
+      Rack::Attack.blocklists.key?("ip #{@bad_ip}").must_equal true
+    }
+
+    it('has a blacklist with a deprication warning') {
+      _, stderror = capture_io do
+        Rack::Attack.blacklists.key?("ip #{@bad_ip}").must_equal true
+      end
+      assert_match "[DEPRECATION] 'Rack::Attack.blacklists' is deprecated.  Please use 'blocklists' instead.", stderror
     }
 
     describe "a bad request" do
       before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
-      it "should return a blacklist response" do
-        get '/', {}, 'REMOTE_ADDR' => @bad_ip
+
+      it "should return a blocklist response" do
         last_response.status.must_equal 403
         last_response.body.must_equal "Forbidden\n"
       end
+
       it "should tag the env" do
         last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"
-        last_request.env['rack.attack.match_type'].must_equal :blacklist
+        last_request.env['rack.attack.match_type'].must_equal :blocklist
       end
 
-      allow_ok_requests
+      it_allows_ok_requests
     end
 
-    describe "and whitelist" do
+    describe "and safelist" do
       before do
         @good_ua = 'GoodUA'
-        Rack::Attack.whitelist("good ua") {|req| req.user_agent == @good_ua }
+        Rack::Attack.safelist("good ua") { |req| req.user_agent == @good_ua }
       end
 
-      it('has a whitelist'){ Rack::Attack.whitelists.key?("good ua") }
-      describe "with a request match both whitelist & blacklist" do
+      it('has a safelist') { Rack::Attack.safelists.key?("good ua") }
+
+      it('has a whitelist with a deprication warning') {
+        _, stderror = capture_io do
+          Rack::Attack.whitelists.key?("good ua")
+        end
+        assert_match "[DEPRECATION] 'Rack::Attack.whitelists' is deprecated.  Please use 'safelists' instead.", stderror
+      }
+
+      describe "with a request match both safelist & blocklist" do
         before { get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua }
-        it "should allow whitelists before blacklists" do
-          get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua
+
+        it "should allow safelists before blocklists" do
           last_response.status.must_equal 200
         end
+
         it "should tag the env" do
           last_request.env['rack.attack.matched'].must_equal 'good ua'
-          last_request.env['rack.attack.match_type'].must_equal :whitelist
+          last_request.env['rack.attack.match_type'].must_equal :safelist
         end
       end
     end
-  end
 
+    describe '#blocklisted_response' do
+      it 'should exist' do
+        Rack::Attack.blocklisted_response.must_respond_to :call
+      end
+
+      it 'should give a deprication warning for blacklisted_response' do
+        _, stderror = capture_io do
+          Rack::Attack.blacklisted_response
+        end
+        assert_match "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated.  Please use 'blocklisted_response' instead.", stderror
+      end
+    end
+
+    describe '#throttled_response' do
+      it 'should exist' do
+        Rack::Attack.throttled_response.must_respond_to :call
+      end
+    end
+  end
 end

data/spec/rack_attack_throttle_spec.rb

@@ -1,4 +1,5 @@
 require_relative 'spec_helper'
+
 describe 'Rack::Attack.throttle' do
   before do
     @period = 60 # Use a long period; failures due to cache key rotation less likely
@@ -6,34 +7,40 @@ describe 'Rack::Attack.throttle' do
     Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |req| req.ip }
   end
 
-  it('should have a throttle'){ Rack::Attack.throttles.key?('ip/sec') }
-  allow_ok_requests
+  it('should have a throttle') { Rack::Attack.throttles.key?('ip/sec') }
+
+  it_allows_ok_requests
 
   describe 'a single request' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
     it 'should set the counter for one request' do
-      key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
     end
 
     it 'should populate throttle data' do
-      data = { :count => 1, :limit => 1, :period => @period }
+      data = { :count => 1, :limit => 1, :period => @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i }
       last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
     end
   end
+
   describe "with 2 requests" do
     before do
       2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
     end
+
     it 'should block the last request' do
       last_response.status.must_equal 429
     end
+
     it 'should tag the env' do
       last_request.env['rack.attack.matched'].must_equal 'ip/sec'
       last_request.env['rack.attack.match_type'].must_equal :throttle
-      last_request.env['rack.attack.match_data'].must_equal({:count => 2, :limit => 1, :period => @period})
+      last_request.env['rack.attack.match_data'].must_equal(:count => 2, :limit => 1, :period => @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i)
       last_request.env['rack.attack.match_discriminator'].must_equal('1.2.3.4')
     end
+
     it 'should set a Retry-After header' do
       last_response.headers['Retry-After'].must_equal @period.to_s
     end
@@ -44,20 +51,21 @@ describe 'Rack::Attack.throttle with limit as proc' do
   before do
     @period = 60 # Use a long period; failures due to cache key rotation less likely
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-    Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => @period) { |req| req.ip }
+    Rack::Attack.throttle('ip/sec', :limit => lambda { |_req| 1 }, :period => @period) { |req| req.ip }
   end
 
-  allow_ok_requests
+  it_allows_ok_requests
 
   describe 'a single request' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
     it 'should set the counter for one request' do
-      key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
     end
 
     it 'should populate throttle data' do
-      data = { :count => 1, :limit => 1, :period => @period }
+      data = { :count => 1, :limit => 1, :period => @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i }
       last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
     end
   end
@@ -67,21 +75,45 @@ describe 'Rack::Attack.throttle with period as proc' do
   before do
     @period = 60 # Use a long period; failures due to cache key rotation less likely
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-    Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => lambda { |req| @period }) { |req| req.ip }
+    Rack::Attack.throttle('ip/sec', :limit => lambda { |_req| 1 }, :period => lambda { |_req| @period }) { |req| req.ip }
   end
 
-  allow_ok_requests
+  it_allows_ok_requests
 
   describe 'a single request' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
     it 'should set the counter for one request' do
-      key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
     end
 
     it 'should populate throttle data' do
-      data = { :count => 1, :limit => 1, :period => @period }
+      data = { :count => 1, :limit => 1, :period => @period, epoch_time: Rack::Attack.cache.last_epoch_time.to_i }
       last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
     end
   end
 end
+
+describe 'Rack::Attack.throttle with block retuning nil' do
+  before do
+    @period = 60
+    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+    Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |_| nil }
+  end
+
+  it_allows_ok_requests
+
+  describe 'a single request' do
+    before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+
+    it 'should not set the counter' do
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
+      assert_nil Rack::Attack.cache.store.read(key)
+    end
+
+    it 'should not populate throttle data' do
+      assert_nil last_request.env['rack.attack.throttle_data']
+    end
+  end
+end

data/spec/rack_attack_track_spec.rb

@@ -16,9 +16,11 @@ describe 'Rack::Attack.track' do
   end
 
   before do
-    Rack::Attack.track("everything"){ |req| true }
+    Rack::Attack.track("everything") { |_req| true }
   end
-  allow_ok_requests
+
+  it_allows_ok_requests
+
   it "should tag the env" do
     get '/'
     last_request.env['rack.attack.matched'].must_equal 'everything'
@@ -29,11 +31,12 @@ describe 'Rack::Attack.track' do
     before do
       Counter.reset
       # A second track
-      Rack::Attack.track("homepage"){ |req| req.path == "/"}
+      Rack::Attack.track("homepage") { |req| req.path == "/" }
 
-      ActiveSupport::Notifications.subscribe("rack.attack") do |*args|
+      ActiveSupport::Notifications.subscribe("rack.attack") do |*_args|
         Counter.incr
       end
+
       get "/"
     end
 
@@ -44,15 +47,15 @@ describe 'Rack::Attack.track' do
 
   describe "without limit and period options" do
     it "should assign the track filter to a Check instance" do
-      tracker = Rack::Attack.track("homepage") { |req| req.path == "/"}
-      tracker.filter.class.must_equal Rack::Attack::Check
+      track = Rack::Attack.track("homepage") { |req| req.path == "/" }
+      track.filter.class.must_equal Rack::Attack::Check
     end
   end
 
   describe "with limit and period options" do
     it "should assign the track filter to a Throttle instance" do
-      tracker = Rack::Attack.track("homepage", :limit => 10, :period => 10) { |req| req.path == "/"}
-      tracker.filter.class.must_equal Rack::Attack::Throttle
+      track = Rack::Attack.track("homepage", :limit => 10, :period => 10) { |req| req.path == "/" }
+      track.filter.class.must_equal Rack::Attack::Throttle
     end
   end
 end