RubyGems - rack-attack - Versions diffs - 5.2.0 → 5.3.0 - Mend

rack-attack 5.2.0 → 5.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +4 -4
data/README.md +13 -24
data/Rakefile +1 -1
data/lib/rack/attack.rb +28 -23
data/lib/rack/attack/allow2ban.rb +1 -0
data/lib/rack/attack/blocklist.rb +0 -1
data/lib/rack/attack/cache.rb +1 -2
data/lib/rack/attack/check.rb +1 -2
data/lib/rack/attack/fail2ban.rb +2 -1
data/lib/rack/attack/path_normalizer.rb +6 -8
data/lib/rack/attack/safelist.rb +0 -1
data/lib/rack/attack/store_proxy.rb +2 -4
data/lib/rack/attack/store_proxy/dalli_proxy.rb +2 -3
data/lib/rack/attack/store_proxy/mem_cache_proxy.rb +4 -5
data/lib/rack/attack/store_proxy/redis_cache_store_proxy.rb +30 -0
data/lib/rack/attack/store_proxy/redis_store_proxy.rb +4 -11
data/lib/rack/attack/version.rb +1 -1
data/spec/acceptance/cache_store_config_for_allow2ban_spec.rb +2 -2
data/spec/acceptance/cache_store_config_for_fail2ban_spec.rb +2 -2
data/spec/acceptance/cache_store_config_for_throttle_spec.rb +1 -1
data/spec/acceptance/customizing_blocked_response_spec.rb +1 -1
data/spec/acceptance/customizing_throttled_response_spec.rb +1 -1
data/spec/acceptance/safelisting_ip_spec.rb +0 -1
data/spec/acceptance/stores/mem_cache_store_spec.rb +38 -0
data/spec/acceptance/stores/redis_cache_store_spec.rb +41 -0
data/spec/allow2ban_spec.rb +6 -6
data/spec/fail2ban_spec.rb +7 -7
data/spec/integration/rack_attack_cache_spec.rb +4 -1
data/spec/rack_attack_dalli_proxy_spec.rb +0 -2
data/spec/rack_attack_spec.rb +6 -6
data/spec/rack_attack_throttle_spec.rb +7 -7
data/spec/rack_attack_track_spec.rb +5 -5
data/spec/spec_helper.rb +3 -4
data/spec/support/cache_store_helper.rb +58 -0
metadata +65 -44

data/spec/support/cache_store_helper.rb ADDED

@@ -0,0 +1,58 @@
+class Minitest::Spec
+  def self.it_works_for_cache_backed_features
+    it "works for throttle" do
+      Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request|
+        request.ip
+      end
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      assert_equal 200, last_response.status
+      get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      assert_equal 429, last_response.status
+    end
+    it "works for fail2ban" do
+      Rack::Attack.blocklist("fail2ban pentesters") do |request|
+        Rack::Attack::Fail2Ban.filter(request.ip, maxretry: 2, findtime: 30, bantime: 60) do
+          request.path.include?("private-place")
+        end
+      end
+      get "/"
+      assert_equal 200, last_response.status
+      get "/private-place"
+      assert_equal 403, last_response.status
+      get "/private-place"
+      assert_equal 403, last_response.status
+      get "/"
+      assert_equal 403, last_response.status
+    end
+    it "works for allow2ban" do
+      Rack::Attack.blocklist("allow2ban pentesters") do |request|
+        Rack::Attack::Allow2Ban.filter(request.ip, maxretry: 2, findtime: 30, bantime: 60) do
+          request.path.include?("scarce-resource")
+        end
+      end
+      get "/"
+      assert_equal 200, last_response.status
+      get "/scarce-resource"
+      assert_equal 200, last_response.status
+      get "/scarce-resource"
+      assert_equal 200, last_response.status
+      get "/scarce-resource"
+      assert_equal 403, last_response.status
+      get "/"
+      assert_equal 403, last_response.status
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 5.3.0
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-03-29 00:00:00.000000000 Z
+date: 2018-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -25,35 +25,35 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
-  name: minitest-stub-const
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
-  name: rack-test
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: connection_pool
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: appraisal
+  name: dalli
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,35 +95,35 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: guard-minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: actionpack
+  name: memcache-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: redis-activesupport
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -137,7 +137,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: dalli
+  name: minitest-stub-const
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -151,7 +151,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: connection_pool
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -165,7 +165,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: memcache-client
+  name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -179,7 +179,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: timecop
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -193,7 +193,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: redis-activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -207,7 +207,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: guard-minitest
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.55.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.55.0
+- !ruby/object:Gem::Dependency
+  name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -268,6 +282,7 @@ files:
 - lib/rack/attack/store_proxy.rb
 - lib/rack/attack/store_proxy/dalli_proxy.rb
 - lib/rack/attack/store_proxy/mem_cache_proxy.rb
+- lib/rack/attack/store_proxy/redis_cache_store_proxy.rb
 - lib/rack/attack/store_proxy/redis_store_proxy.rb
 - lib/rack/attack/throttle.rb
 - lib/rack/attack/track.rb
@@ -287,6 +302,8 @@ files:
 - spec/acceptance/safelisting_ip_spec.rb
 - spec/acceptance/safelisting_spec.rb
 - spec/acceptance/safelisting_subnet_spec.rb
+- spec/acceptance/stores/mem_cache_store_spec.rb
+- spec/acceptance/stores/redis_cache_store_spec.rb
 - spec/acceptance/throttling_spec.rb
 - spec/acceptance/track_spec.rb
 - spec/acceptance/track_throttle_spec.rb
@@ -301,7 +318,8 @@ files:
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb
 - spec/spec_helper.rb
-homepage: http://github.com/kickstarter/rack-attack
+- spec/support/cache_store_helper.rb
+homepage: https://github.com/kickstarter/rack-attack
 licenses:
 - MIT
 metadata: {}
@@ -314,7 +332,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.0.0
+      version: '2.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -322,37 +340,40 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 2.7.7
 signing_key:
 specification_version: 4
 summary: Block & throttle abusive requests
 test_files:
-- spec/spec_helper.rb
-- spec/rack_attack_throttle_spec.rb
-- spec/rack_attack_spec.rb
 - spec/integration/offline_spec.rb
 - spec/integration/rack_attack_cache_spec.rb
-- spec/rack_attack_track_spec.rb
-- spec/fail2ban_spec.rb
-- spec/rack_attack_dalli_proxy_spec.rb
 - spec/rack_attack_path_normalizer_spec.rb
 - spec/acceptance/safelisting_subnet_spec.rb
 - spec/acceptance/track_throttle_spec.rb
-- spec/acceptance/blocking_ip_spec.rb
-- spec/acceptance/track_spec.rb
-- spec/acceptance/fail2ban_spec.rb
-- spec/acceptance/safelisting_ip_spec.rb
 - spec/acceptance/cache_store_config_for_fail2ban_spec.rb
+- spec/acceptance/cache_store_config_with_rails_spec.rb
+- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
+- spec/acceptance/safelisting_ip_spec.rb
+- spec/acceptance/track_spec.rb
+- spec/acceptance/blocking_subnet_spec.rb
+- spec/acceptance/blocking_ip_spec.rb
+- spec/acceptance/allow2ban_spec.rb
 - spec/acceptance/throttling_spec.rb
 - spec/acceptance/blocking_spec.rb
-- spec/acceptance/customizing_blocked_response_spec.rb
-- spec/acceptance/cache_store_config_for_throttle_spec.rb
-- spec/acceptance/blocking_subnet_spec.rb
 - spec/acceptance/customizing_throttled_response_spec.rb
-- spec/acceptance/allow2ban_spec.rb
-- spec/acceptance/cache_store_config_for_allow2ban_spec.rb
-- spec/acceptance/cache_store_config_with_rails_spec.rb
 - spec/acceptance/extending_request_object_spec.rb
 - spec/acceptance/safelisting_spec.rb
-- spec/rack_attack_request_spec.rb
+- spec/acceptance/cache_store_config_for_throttle_spec.rb
+- spec/acceptance/fail2ban_spec.rb
+- spec/acceptance/stores/mem_cache_store_spec.rb
+- spec/acceptance/stores/redis_cache_store_spec.rb
+- spec/acceptance/customizing_blocked_response_spec.rb
+- spec/spec_helper.rb
 - spec/allow2ban_spec.rb
+- spec/rack_attack_dalli_proxy_spec.rb
+- spec/rack_attack_spec.rb
+- spec/rack_attack_throttle_spec.rb
+- spec/rack_attack_request_spec.rb
+- spec/fail2ban_spec.rb
+- spec/rack_attack_track_spec.rb
+- spec/support/cache_store_helper.rb