rack-attack 5.2.0 → 5.3.0

data/lib/rack/attack/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class Attack
-    VERSION = '5.2.0'
+    VERSION = '5.3.0'
   end
 end

data/spec/acceptance/cache_store_config_for_allow2ban_spec.rb

@@ -81,11 +81,11 @@ describe "Cache store config when using allow2ban" do
         @backend[key]
       end
 
-      def write(key, value, options = {})
+      def write(key, value, _options = {})
         @backend[key] = value
       end
 
-      def increment(key, count, options = {})
+      def increment(key, _count, _options = {})
         @backend[key] ||= 0
         @backend[key] += 1
       end

data/spec/acceptance/cache_store_config_for_fail2ban_spec.rb

@@ -81,11 +81,11 @@ describe "Cache store config when using fail2ban" do
         @backend[key]
       end
 
-      def write(key, value, options = {})
+      def write(key, value, _options = {})
         @backend[key] = value
       end
 
-      def increment(key, count, options = {})
+      def increment(key, _count, _options = {})
         @backend[key] ||= 0
         @backend[key] += 1
       end

data/spec/acceptance/cache_store_config_for_throttle_spec.rb

@@ -29,7 +29,7 @@ describe "Cache store config when throttling without Rails" do
         @counts = {}
       end
 
-      def increment(key, count, options)
+      def increment(key, _count, _options)
         @counts[key] ||= 0
         @counts[key] += 1
       end

data/spec/acceptance/customizing_blocked_response_spec.rb

@@ -12,7 +12,7 @@ describe "Customizing block responses" do
 
     assert_equal 403, last_response.status
 
-    Rack::Attack.blocklisted_response = lambda do |env|
+    Rack::Attack.blocklisted_response = lambda do |_env|
       [503, {}, ["Blocked"]]
     end
 

data/spec/acceptance/customizing_throttled_response_spec.rb

@@ -18,7 +18,7 @@ describe "Customizing throttled response" do
 
     assert_equal 429, last_response.status
 
-    Rack::Attack.throttled_response = lambda do |env|
+    Rack::Attack.throttled_response = lambda do |_env|
       [503, {}, ["Throttled"]]
     end
 

data/spec/acceptance/safelisting_ip_spec.rb

@@ -46,4 +46,3 @@ describe "Safelist an IP" do
     assert_equal :safelist, notification_type
   end
 end
-

data/spec/acceptance/stores/mem_cache_store_spec.rb

@@ -0,0 +1,38 @@
+require_relative "../../spec_helper"
+require_relative "../../support/cache_store_helper"
+
+require "timecop"
+
+describe "MemCacheStore as a cache backend" do
+  before do
+    Rack::Attack.cache.store = ActiveSupport::Cache::MemCacheStore.new
+  end
+
+  after do
+    Rack::Attack.cache.store.flush_all
+  end
+
+  it_works_for_cache_backed_features
+
+  it "doesn't leak keys" do
+    Rack::Attack.throttle("by ip", limit: 1, period: 1) do |request|
+      request.ip
+    end
+
+    key = nil
+
+    # Freeze time during these statement to be sure that the key used by rack attack is the same
+    # we pre-calculate in local variable `key`
+    Timecop.freeze do
+      key = "rack::attack:#{Time.now.to_i}:by ip:1.2.3.4"
+
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+    end
+
+    assert Rack::Attack.cache.store.get(key)
+
+    sleep 2.1
+
+    assert_nil Rack::Attack.cache.store.get(key)
+  end
+end

data/spec/acceptance/stores/redis_cache_store_spec.rb

@@ -0,0 +1,41 @@
+require_relative "../../spec_helper"
+require_relative "../../support/cache_store_helper"
+
+require "timecop"
+
+if ActiveSupport.version >= Gem::Version.new("5.2.0")
+  describe "RedisCacheStore as a cache backend" do
+    before do
+      Rack::Attack.cache.store = ActiveSupport::Cache::RedisCacheStore.new
+    end
+
+    after do
+      Rack::Attack.cache.store.clear
+    end
+
+    it_works_for_cache_backed_features
+
+    it "doesn't leak keys" do
+      Rack::Attack.throttle("by ip", limit: 1, period: 1) do |request|
+        request.ip
+      end
+
+      key = nil
+
+      # Freeze time during these statement to be sure that the key used by rack attack is the same
+      # we pre-calculate in local variable `key`
+      Timecop.freeze do
+        key = "rack::attack:#{Time.now.to_i}:by ip:1.2.3.4"
+
+        # puts key
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      end
+
+      assert Rack::Attack.cache.store.fetch(key)
+
+      sleep 2.1
+
+      assert_nil Rack::Attack.cache.store.fetch(key)
+    end
+  end
+end

data/spec/allow2ban_spec.rb

@@ -7,10 +7,10 @@ describe 'Rack::Attack.Allow2Ban' do
     @findtime = 60
     @bantime  = 60
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-    @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
+    @f2b_options = { :bantime => @bantime, :findtime => @findtime, :maxretry => 2 }
 
     Rack::Attack.blocklist('pentest') do |req|
-      Rack::Attack::Allow2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
+      Rack::Attack::Allow2Ban.filter(req.ip, @f2b_options) { req.query_string =~ /OMGHAX/ }
     end
   end
 
@@ -31,7 +31,7 @@ describe 'Rack::Attack.Allow2Ban' do
         end
 
         it 'increases fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:allow2ban:count:1.2.3.4"
+          key = "rack::attack:#{Time.now.to_i / @findtime}:allow2ban:count:1.2.3.4"
           @cache.store.read(key).must_equal 1
         end
 
@@ -53,7 +53,7 @@ describe 'Rack::Attack.Allow2Ban' do
         end
 
         it 'increases fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:allow2ban:count:1.2.3.4"
+          key = "rack::attack:#{Time.now.to_i / @findtime}:allow2ban:count:1.2.3.4"
           @cache.store.read(key).must_equal 2
         end
 
@@ -89,7 +89,7 @@ describe 'Rack::Attack.Allow2Ban' do
       end
 
       it 'does not increase fail count' do
-        key = "rack::attack:#{Time.now.to_i/@findtime}:allow2ban:count:1.2.3.4"
+        key = "rack::attack:#{Time.now.to_i / @findtime}:allow2ban:count:1.2.3.4"
         @cache.store.read(key).must_equal 2
       end
 
@@ -109,7 +109,7 @@ describe 'Rack::Attack.Allow2Ban' do
       end
 
       it 'does not increase fail count' do
-        key = "rack::attack:#{Time.now.to_i/@findtime}:allow2ban:count:1.2.3.4"
+        key = "rack::attack:#{Time.now.to_i / @findtime}:allow2ban:count:1.2.3.4"
         @cache.store.read(key).must_equal 2
       end
 

data/spec/fail2ban_spec.rb

@@ -7,10 +7,10 @@ describe 'Rack::Attack.Fail2Ban' do
     @findtime = 60
     @bantime  = 60
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-    @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
+    @f2b_options = { :bantime => @bantime, :findtime => @findtime, :maxretry => 2 }
 
     Rack::Attack.blocklist('pentest') do |req|
-      Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
+      Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options) { req.query_string =~ /OMGHAX/ }
     end
   end
 
@@ -31,7 +31,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'increases fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+          key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
           @cache.store.read(key).must_equal 1
         end
 
@@ -53,7 +53,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'increases fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+          key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
           @cache.store.read(key).must_equal 2
         end
 
@@ -75,7 +75,7 @@ describe 'Rack::Attack.Fail2Ban' do
         end
 
         it 'resets fail count' do
-          key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+          key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
           assert_nil @cache.store.read(key)
         end
 
@@ -110,7 +110,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'does not increase fail count' do
-        key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+        key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
         @cache.store.read(key).must_equal 2
       end
 
@@ -130,7 +130,7 @@ describe 'Rack::Attack.Fail2Ban' do
       end
 
       it 'does not increase fail count' do
-        key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+        key = "rack::attack:#{Time.now.to_i / @findtime}:fail2ban:count:1.2.3.4"
         @cache.store.read(key).must_equal 2
       end
 

data/spec/integration/rack_attack_cache_spec.rb

@@ -2,7 +2,7 @@ require_relative '../spec_helper'
 
 describe Rack::Attack::Cache do
   # A convenience method for deleting a key from cache.
-  # Slightly differnet than @cache.delete, which adds a prefix.
+  # Slightly different than @cache.delete, which adds a prefix.
   def delete(key)
     if @cache.store.respond_to?(:delete)
       @cache.store.delete(key)
@@ -18,6 +18,7 @@ describe Rack::Attack::Cache do
   require 'active_support/cache/dalli_store'
   require 'active_support/cache/mem_cache_store'
   require 'active_support/cache/redis_store'
+  require 'active_support/cache/redis_cache_store' if ActiveSupport.version.to_s.to_f >= 5.2
   require 'connection_pool'
 
   cache_stores = [
@@ -30,6 +31,8 @@ describe Rack::Attack::Cache do
     Redis::Store.new
   ]
 
+  cache_stores << ActiveSupport::Cache::RedisCacheStore.new if defined?(ActiveSupport::Cache::RedisCacheStore)
+
   cache_stores.each do |store|
     store = Rack::Attack::StoreProxy.build(store)
 

data/spec/rack_attack_dalli_proxy_spec.rb

@@ -1,10 +1,8 @@
 require_relative 'spec_helper'
 
 describe Rack::Attack::StoreProxy::DalliProxy do
-
   it 'should stub Dalli::Client#with on older clients' do
     proxy = Rack::Attack::StoreProxy::DalliProxy.new(Class.new)
     proxy.with {} # will not raise an error
   end
-
 end

data/spec/rack_attack_spec.rb

@@ -5,7 +5,7 @@ describe 'Rack::Attack' do
 
   describe 'normalizing paths' do
     before do
-      Rack::Attack.blocklist("banned_path") {|req| req.path == '/foo' }
+      Rack::Attack.blocklist("banned_path") { |req| req.path == '/foo' }
     end
 
     it 'blocks requests with trailing slash' do
@@ -17,7 +17,7 @@ describe 'Rack::Attack' do
   describe 'blocklist' do
     before do
       @bad_ip = '1.2.3.4'
-      Rack::Attack.blocklist("ip #{@bad_ip}") {|req| req.ip == @bad_ip }
+      Rack::Attack.blocklist("ip #{@bad_ip}") { |req| req.ip == @bad_ip }
     end
 
     it('has a blocklist') {
@@ -25,7 +25,7 @@ describe 'Rack::Attack' do
     }
 
     it('has a blacklist with a deprication warning') {
-      _, stderror  = capture_io do
+      _, stderror = capture_io do
         Rack::Attack.blacklists.key?("ip #{@bad_ip}").must_equal true
       end
       assert_match "[DEPRECATION] 'Rack::Attack.blacklists' is deprecated.  Please use 'blocklists' instead.", stderror
@@ -50,13 +50,13 @@ describe 'Rack::Attack' do
     describe "and safelist" do
       before do
         @good_ua = 'GoodUA'
-        Rack::Attack.safelist("good ua") {|req| req.user_agent == @good_ua }
+        Rack::Attack.safelist("good ua") { |req| req.user_agent == @good_ua }
       end
 
       it('has a safelist') { Rack::Attack.safelists.key?("good ua") }
 
       it('has a whitelist with a deprication warning') {
-        _, stderror  = capture_io do
+        _, stderror = capture_io do
           Rack::Attack.whitelists.key?("good ua")
         end
         assert_match "[DEPRECATION] 'Rack::Attack.whitelists' is deprecated.  Please use 'safelists' instead.", stderror
@@ -82,7 +82,7 @@ describe 'Rack::Attack' do
       end
 
       it 'should give a deprication warning for blacklisted_response' do
-        _, stderror  = capture_io do
+        _, stderror = capture_io do
           Rack::Attack.blacklisted_response
         end
         assert_match "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated.  Please use 'blocklisted_response' instead.", stderror

data/spec/rack_attack_throttle_spec.rb

@@ -15,7 +15,7 @@ describe 'Rack::Attack.throttle' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
 
     it 'should set the counter for one request' do
-      key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
     end
 
@@ -37,7 +37,7 @@ describe 'Rack::Attack.throttle' do
     it 'should tag the env' do
       last_request.env['rack.attack.matched'].must_equal 'ip/sec'
       last_request.env['rack.attack.match_type'].must_equal :throttle
-      last_request.env['rack.attack.match_data'].must_equal({:count => 2, :limit => 1, :period => @period})
+      last_request.env['rack.attack.match_data'].must_equal({ :count => 2, :limit => 1, :period => @period })
       last_request.env['rack.attack.match_discriminator'].must_equal('1.2.3.4')
     end
 
@@ -51,7 +51,7 @@ describe 'Rack::Attack.throttle with limit as proc' do
   before do
     @period = 60 # Use a long period; failures due to cache key rotation less likely
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-    Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => @period) { |req| req.ip }
+    Rack::Attack.throttle('ip/sec', :limit => lambda { |_req| 1 }, :period => @period) { |req| req.ip }
   end
 
   it_allows_ok_requests
@@ -60,7 +60,7 @@ describe 'Rack::Attack.throttle with limit as proc' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
 
     it 'should set the counter for one request' do
-      key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
     end
 
@@ -75,7 +75,7 @@ describe 'Rack::Attack.throttle with period as proc' do
   before do
     @period = 60 # Use a long period; failures due to cache key rotation less likely
     Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
-    Rack::Attack.throttle('ip/sec', :limit => lambda { |req| 1 }, :period => lambda { |req| @period }) { |req| req.ip }
+    Rack::Attack.throttle('ip/sec', :limit => lambda { |_req| 1 }, :period => lambda { |_req| @period }) { |req| req.ip }
   end
 
   it_allows_ok_requests
@@ -84,7 +84,7 @@ describe 'Rack::Attack.throttle with period as proc' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
 
     it 'should set the counter for one request' do
-      key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
       Rack::Attack.cache.store.read(key).must_equal 1
     end
 
@@ -108,7 +108,7 @@ describe 'Rack::Attack.throttle with block retuning nil' do
     before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
 
     it 'should not set the counter' do
-      key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
+      key = "rack::attack:#{Time.now.to_i / @period}:ip/sec:1.2.3.4"
       assert_nil Rack::Attack.cache.store.read(key)
     end
 

data/spec/rack_attack_track_spec.rb

@@ -16,7 +16,7 @@ describe 'Rack::Attack.track' do
   end
 
   before do
-    Rack::Attack.track("everything"){ |req| true }
+    Rack::Attack.track("everything") { |_req| true }
   end
 
   it_allows_ok_requests
@@ -31,9 +31,9 @@ describe 'Rack::Attack.track' do
     before do
       Counter.reset
       # A second track
-      Rack::Attack.track("homepage"){ |req| req.path == "/"}
+      Rack::Attack.track("homepage") { |req| req.path == "/" }
 
-      ActiveSupport::Notifications.subscribe("rack.attack") do |*args|
+      ActiveSupport::Notifications.subscribe("rack.attack") do |*_args|
         Counter.incr
       end
 
@@ -47,14 +47,14 @@ describe 'Rack::Attack.track' do
 
   describe "without limit and period options" do
     it "should assign the track filter to a Check instance" do
-      tracker = Rack::Attack.track("homepage") { |req| req.path == "/"}
+      tracker = Rack::Attack.track("homepage") { |req| req.path == "/" }
       tracker.filter.class.must_equal Rack::Attack::Check
     end
   end
 
   describe "with limit and period options" do
     it "should assign the track filter to a Throttle instance" do
-      tracker = Rack::Attack.track("homepage", :limit => 10, :period => 10) { |req| req.path == "/"}
+      tracker = Rack::Attack.track("homepage", :limit => 10, :period => 10) { |req| req.path == "/" }
       tracker.filter.class.must_equal Rack::Attack::Throttle
     end
   end

data/spec/spec_helper.rb

@@ -12,7 +12,7 @@ require "rack/attack"
 begin
   require 'pry'
 rescue LoadError
-  #nothing to do here
+  # nothing to do here
 end
 
 if RUBY_ENGINE == "ruby"
@@ -20,7 +20,6 @@ if RUBY_ENGINE == "ruby"
 end
 
 class MiniTest::Spec
-
   include Rack::Test::Methods
 
   before do
@@ -29,7 +28,7 @@ class MiniTest::Spec
   end
 
   after do
-    Rack::Attack.clear!
+    Rack::Attack.clear_configuration
     Rack::Attack.instance_variable_set(:@cache, nil)
 
     Rack::Attack.throttled_response = @_original_throttled_response
@@ -43,7 +42,7 @@ class MiniTest::Spec
       use Rack::Attack
       use Rack::Lint
 
-      run lambda {|env| [200, {}, ['Hello World']]}
+      run lambda { |_env| [200, {}, ['Hello World']] }
     }.to_app
   end