rack-attack 5.1.0 → 5.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +164 -79
- data/lib/rack/attack.rb +30 -8
- data/lib/rack/attack/cache.rb +24 -10
- data/lib/rack/attack/check.rb +1 -0
- data/lib/rack/attack/version.rb +1 -1
- data/spec/acceptance/allow2ban_spec.rb +71 -0
- data/spec/acceptance/blocking_ip_spec.rb +38 -0
- data/spec/acceptance/blocking_spec.rb +20 -0
- data/spec/acceptance/blocking_subnet_spec.rb +44 -0
- data/spec/acceptance/cache_store_config_for_allow2ban_spec.rb +111 -0
- data/spec/acceptance/cache_store_config_for_fail2ban_spec.rb +108 -0
- data/spec/acceptance/cache_store_config_for_throttle_spec.rb +48 -0
- data/spec/acceptance/cache_store_config_with_rails_spec.rb +31 -0
- data/spec/acceptance/customizing_blocked_response_spec.rb +41 -0
- data/spec/acceptance/customizing_throttled_response_spec.rb +59 -0
- data/spec/acceptance/extending_request_object_spec.rb +34 -0
- data/spec/acceptance/fail2ban_spec.rb +76 -0
- data/spec/acceptance/safelisting_ip_spec.rb +49 -0
- data/spec/acceptance/safelisting_spec.rb +16 -0
- data/spec/acceptance/safelisting_subnet_spec.rb +48 -0
- data/spec/acceptance/throttling_spec.rb +130 -1
- data/spec/acceptance/track_spec.rb +27 -0
- data/spec/acceptance/track_throttle_spec.rb +53 -0
- data/spec/spec_helper.rb +12 -0
- metadata +60 -4
- data/spec/rack_attack_store_config_spec.rb +0 -20
@@ -0,0 +1,27 @@
|
|
1
|
+
require_relative "../spec_helper"
|
2
|
+
|
3
|
+
describe "#track" do
|
4
|
+
it "notifies when track block returns true" do
|
5
|
+
Rack::Attack.track("ip 1.2.3.4") do |request|
|
6
|
+
request.ip == "1.2.3.4"
|
7
|
+
end
|
8
|
+
|
9
|
+
notification_matched = nil
|
10
|
+
notification_type = nil
|
11
|
+
|
12
|
+
ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, request|
|
13
|
+
notification_matched = request.env["rack.attack.matched"]
|
14
|
+
notification_type = request.env["rack.attack.match_type"]
|
15
|
+
end
|
16
|
+
|
17
|
+
get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
|
18
|
+
|
19
|
+
assert_nil notification_matched
|
20
|
+
assert_nil notification_type
|
21
|
+
|
22
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
23
|
+
|
24
|
+
assert_equal "ip 1.2.3.4", notification_matched
|
25
|
+
assert_equal :track, notification_type
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require_relative "../spec_helper"
|
2
|
+
require "timecop"
|
3
|
+
|
4
|
+
describe "#track with throttle-ish options" do
|
5
|
+
it "notifies when throttle goes over the limit without actually throttling requests" do
|
6
|
+
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
|
7
|
+
|
8
|
+
Rack::Attack.track("by ip", limit: 1, period: 60) do |request|
|
9
|
+
request.ip
|
10
|
+
end
|
11
|
+
|
12
|
+
notification_matched = nil
|
13
|
+
notification_type = nil
|
14
|
+
|
15
|
+
ActiveSupport::Notifications.subscribe("rack.attack") do |_name, _start, _finish, _id, request|
|
16
|
+
notification_matched = request.env["rack.attack.matched"]
|
17
|
+
notification_type = request.env["rack.attack.match_type"]
|
18
|
+
end
|
19
|
+
|
20
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
21
|
+
|
22
|
+
assert_nil notification_matched
|
23
|
+
assert_nil notification_type
|
24
|
+
|
25
|
+
assert_equal 200, last_response.status
|
26
|
+
|
27
|
+
get "/", {}, "REMOTE_ADDR" => "5.6.7.8"
|
28
|
+
|
29
|
+
assert_nil notification_matched
|
30
|
+
assert_nil notification_type
|
31
|
+
|
32
|
+
assert_equal 200, last_response.status
|
33
|
+
|
34
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
35
|
+
|
36
|
+
assert_equal "by ip", notification_matched
|
37
|
+
assert_equal :track, notification_type
|
38
|
+
|
39
|
+
assert_equal 200, last_response.status
|
40
|
+
|
41
|
+
Timecop.travel(60) do
|
42
|
+
notification_matched = nil
|
43
|
+
notification_type = nil
|
44
|
+
|
45
|
+
get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
|
46
|
+
|
47
|
+
assert_nil notification_matched
|
48
|
+
assert_nil notification_type
|
49
|
+
|
50
|
+
assert_equal 200, last_response.status
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -15,13 +15,25 @@ rescue LoadError
|
|
15
15
|
#nothing to do here
|
16
16
|
end
|
17
17
|
|
18
|
+
if RUBY_ENGINE == "ruby"
|
19
|
+
require "byebug"
|
20
|
+
end
|
21
|
+
|
18
22
|
class MiniTest::Spec
|
19
23
|
|
20
24
|
include Rack::Test::Methods
|
21
25
|
|
26
|
+
before do
|
27
|
+
@_original_throttled_response = Rack::Attack.throttled_response
|
28
|
+
@_original_blocklisted_response = Rack::Attack.blocklisted_response
|
29
|
+
end
|
30
|
+
|
22
31
|
after do
|
23
32
|
Rack::Attack.clear!
|
24
33
|
Rack::Attack.instance_variable_set(:@cache, nil)
|
34
|
+
|
35
|
+
Rack::Attack.throttled_response = @_original_throttled_response
|
36
|
+
Rack::Attack.blocklisted_response = @_original_blocklisted_response
|
25
37
|
end
|
26
38
|
|
27
39
|
def app
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-attack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aaron Suggs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-03-
|
11
|
+
date: 2018-03-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: minitest-stub-const
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: rack-test
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -220,6 +234,20 @@ dependencies:
|
|
220
234
|
- - ">="
|
221
235
|
- !ruby/object:Gem::Version
|
222
236
|
version: '0'
|
237
|
+
- !ruby/object:Gem::Dependency
|
238
|
+
name: byebug
|
239
|
+
requirement: !ruby/object:Gem::Requirement
|
240
|
+
requirements:
|
241
|
+
- - ">="
|
242
|
+
- !ruby/object:Gem::Version
|
243
|
+
version: '0'
|
244
|
+
type: :development
|
245
|
+
prerelease: false
|
246
|
+
version_requirements: !ruby/object:Gem::Requirement
|
247
|
+
requirements:
|
248
|
+
- - ">="
|
249
|
+
- !ruby/object:Gem::Version
|
250
|
+
version: '0'
|
223
251
|
description: A rack middleware for throttling and blocking abusive requests
|
224
252
|
email: aaron@ktheory.com
|
225
253
|
executables: []
|
@@ -244,9 +272,24 @@ files:
|
|
244
272
|
- lib/rack/attack/throttle.rb
|
245
273
|
- lib/rack/attack/track.rb
|
246
274
|
- lib/rack/attack/version.rb
|
275
|
+
- spec/acceptance/allow2ban_spec.rb
|
276
|
+
- spec/acceptance/blocking_ip_spec.rb
|
247
277
|
- spec/acceptance/blocking_spec.rb
|
278
|
+
- spec/acceptance/blocking_subnet_spec.rb
|
279
|
+
- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
|
280
|
+
- spec/acceptance/cache_store_config_for_fail2ban_spec.rb
|
281
|
+
- spec/acceptance/cache_store_config_for_throttle_spec.rb
|
282
|
+
- spec/acceptance/cache_store_config_with_rails_spec.rb
|
283
|
+
- spec/acceptance/customizing_blocked_response_spec.rb
|
284
|
+
- spec/acceptance/customizing_throttled_response_spec.rb
|
285
|
+
- spec/acceptance/extending_request_object_spec.rb
|
286
|
+
- spec/acceptance/fail2ban_spec.rb
|
287
|
+
- spec/acceptance/safelisting_ip_spec.rb
|
248
288
|
- spec/acceptance/safelisting_spec.rb
|
289
|
+
- spec/acceptance/safelisting_subnet_spec.rb
|
249
290
|
- spec/acceptance/throttling_spec.rb
|
291
|
+
- spec/acceptance/track_spec.rb
|
292
|
+
- spec/acceptance/track_throttle_spec.rb
|
250
293
|
- spec/allow2ban_spec.rb
|
251
294
|
- spec/fail2ban_spec.rb
|
252
295
|
- spec/integration/offline_spec.rb
|
@@ -255,7 +298,6 @@ files:
|
|
255
298
|
- spec/rack_attack_path_normalizer_spec.rb
|
256
299
|
- spec/rack_attack_request_spec.rb
|
257
300
|
- spec/rack_attack_spec.rb
|
258
|
-
- spec/rack_attack_store_config_spec.rb
|
259
301
|
- spec/rack_attack_throttle_spec.rb
|
260
302
|
- spec/rack_attack_track_spec.rb
|
261
303
|
- spec/spec_helper.rb
|
@@ -286,7 +328,6 @@ specification_version: 4
|
|
286
328
|
summary: Block & throttle abusive requests
|
287
329
|
test_files:
|
288
330
|
- spec/spec_helper.rb
|
289
|
-
- spec/rack_attack_store_config_spec.rb
|
290
331
|
- spec/rack_attack_throttle_spec.rb
|
291
332
|
- spec/rack_attack_spec.rb
|
292
333
|
- spec/integration/offline_spec.rb
|
@@ -295,8 +336,23 @@ test_files:
|
|
295
336
|
- spec/fail2ban_spec.rb
|
296
337
|
- spec/rack_attack_dalli_proxy_spec.rb
|
297
338
|
- spec/rack_attack_path_normalizer_spec.rb
|
339
|
+
- spec/acceptance/safelisting_subnet_spec.rb
|
340
|
+
- spec/acceptance/track_throttle_spec.rb
|
341
|
+
- spec/acceptance/blocking_ip_spec.rb
|
342
|
+
- spec/acceptance/track_spec.rb
|
343
|
+
- spec/acceptance/fail2ban_spec.rb
|
344
|
+
- spec/acceptance/safelisting_ip_spec.rb
|
345
|
+
- spec/acceptance/cache_store_config_for_fail2ban_spec.rb
|
298
346
|
- spec/acceptance/throttling_spec.rb
|
299
347
|
- spec/acceptance/blocking_spec.rb
|
348
|
+
- spec/acceptance/customizing_blocked_response_spec.rb
|
349
|
+
- spec/acceptance/cache_store_config_for_throttle_spec.rb
|
350
|
+
- spec/acceptance/blocking_subnet_spec.rb
|
351
|
+
- spec/acceptance/customizing_throttled_response_spec.rb
|
352
|
+
- spec/acceptance/allow2ban_spec.rb
|
353
|
+
- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
|
354
|
+
- spec/acceptance/cache_store_config_with_rails_spec.rb
|
355
|
+
- spec/acceptance/extending_request_object_spec.rb
|
300
356
|
- spec/acceptance/safelisting_spec.rb
|
301
357
|
- spec/rack_attack_request_spec.rb
|
302
358
|
- spec/allow2ban_spec.rb
|
@@ -1,20 +0,0 @@
|
|
1
|
-
require_relative 'spec_helper'
|
2
|
-
|
3
|
-
describe 'Store configuration' do
|
4
|
-
it "gives clear error when store it's not configured if it's needed" do
|
5
|
-
Rack::Attack.throttle('ip/sec', limit: 1, period: 60) { |req| req.ip }
|
6
|
-
|
7
|
-
assert_raises(Rack::Attack::MissingStoreError) do
|
8
|
-
get '/'
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
it "gives clear error when store isn't configured properly" do
|
13
|
-
Rack::Attack.cache.store = Object.new
|
14
|
-
Rack::Attack.throttle('ip/sec', limit: 1, period: 60) { |req| req.ip }
|
15
|
-
|
16
|
-
assert_raises(Rack::Attack::MisconfiguredStoreError) do
|
17
|
-
get '/'
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|