rack-attack 5.4.0 → 6.2.0

data/spec/support/cache_store_helper.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 class Minitest::Spec
-  def self.it_works_for_cache_backed_features
+  def self.it_works_for_cache_backed_features(options)
+    fetch_from_store = options.fetch(:fetch_from_store)
+
     it "works for throttle" do
       Rack::Attack.throttle("by ip", limit: 1, period: 60) do |request|
         request.ip
@@ -54,5 +58,27 @@ class Minitest::Spec
       get "/"
       assert_equal 403, last_response.status
     end
+
+    it "doesn't leak keys" do
+      Rack::Attack.throttle("by ip", limit: 1, period: 1) do |request|
+        request.ip
+      end
+
+      key = nil
+
+      # Freeze time during these statement to be sure that the key used by rack attack is the same
+      # we pre-calculate in local variable `key`
+      Timecop.freeze do
+        key = "rack::attack:#{Time.now.to_i}:by ip:1.2.3.4"
+
+        get "/", {}, "REMOTE_ADDR" => "1.2.3.4"
+      end
+
+      assert fetch_from_store.call(key)
+
+      sleep 2.1
+
+      assert_nil fetch_from_store.call(key)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 5.4.0
+  version: 6.2.0
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-02 00:00:00.000000000 Z
+date: 2019-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -48,16 +48,22 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.17'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.17'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -106,84 +112,90 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.57.2
+        version: 0.75.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.57.2
+        version: 0.75.0
 - !ruby/object:Gem::Dependency
-  name: timecop
+  name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: 1.5.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 0.9.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 0.9.1
 - !ruby/object:Gem::Dependency
-  name: actionpack
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '11.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '11.0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '4.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.2'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.1'
 description: A rack middleware for throttling and blocking abusive requests
 email: aaron@ktheory.com
 executables: []
@@ -192,6 +204,7 @@ extra_rdoc_files: []
 files:
 - README.md
 - Rakefile
+- bin/setup
 - lib/rack/attack.rb
 - lib/rack/attack/allow2ban.rb
 - lib/rack/attack/blocklist.rb
@@ -199,11 +212,13 @@ files:
 - lib/rack/attack/check.rb
 - lib/rack/attack/fail2ban.rb
 - lib/rack/attack/path_normalizer.rb
+- lib/rack/attack/railtie.rb
 - lib/rack/attack/request.rb
 - lib/rack/attack/safelist.rb
 - lib/rack/attack/store_proxy.rb
+- lib/rack/attack/store_proxy/active_support_redis_store_proxy.rb
 - lib/rack/attack/store_proxy/dalli_proxy.rb
-- lib/rack/attack/store_proxy/mem_cache_proxy.rb
+- lib/rack/attack/store_proxy/mem_cache_store_proxy.rb
 - lib/rack/attack/store_proxy/redis_cache_store_proxy.rb
 - lib/rack/attack/store_proxy/redis_proxy.rb
 - lib/rack/attack/store_proxy/redis_store_proxy.rb
@@ -222,10 +237,12 @@ files:
 - spec/acceptance/customizing_throttled_response_spec.rb
 - spec/acceptance/extending_request_object_spec.rb
 - spec/acceptance/fail2ban_spec.rb
+- spec/acceptance/rails_middleware_spec.rb
 - spec/acceptance/safelisting_ip_spec.rb
 - spec/acceptance/safelisting_spec.rb
 - spec/acceptance/safelisting_subnet_spec.rb
 - spec/acceptance/stores/active_support_dalli_store_spec.rb
+- spec/acceptance/stores/active_support_mem_cache_store_pooled_spec.rb
 - spec/acceptance/stores/active_support_mem_cache_store_spec.rb
 - spec/acceptance/stores/active_support_memory_store_spec.rb
 - spec/acceptance/stores/active_support_redis_cache_store_pooled_spec.rb
@@ -242,6 +259,7 @@ files:
 - spec/fail2ban_spec.rb
 - spec/integration/offline_spec.rb
 - spec/rack_attack_dalli_proxy_spec.rb
+- spec/rack_attack_instrumentation_spec.rb
 - spec/rack_attack_path_normalizer_spec.rb
 - spec/rack_attack_request_spec.rb
 - spec/rack_attack_spec.rb
@@ -265,15 +283,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Block & throttle abusive requests
@@ -281,6 +298,7 @@ test_files:
 - spec/integration/offline_spec.rb
 - spec/rack_attack_path_normalizer_spec.rb
 - spec/acceptance/safelisting_subnet_spec.rb
+- spec/acceptance/rails_middleware_spec.rb
 - spec/acceptance/track_throttle_spec.rb
 - spec/acceptance/cache_store_config_for_fail2ban_spec.rb
 - spec/acceptance/cache_store_config_with_rails_spec.rb
@@ -297,6 +315,7 @@ test_files:
 - spec/acceptance/safelisting_spec.rb
 - spec/acceptance/cache_store_config_for_throttle_spec.rb
 - spec/acceptance/fail2ban_spec.rb
+- spec/acceptance/stores/active_support_mem_cache_store_pooled_spec.rb
 - spec/acceptance/stores/active_support_redis_cache_store_spec.rb
 - spec/acceptance/stores/active_support_memory_store_spec.rb
 - spec/acceptance/stores/active_support_redis_store_spec.rb
@@ -310,6 +329,7 @@ test_files:
 - spec/acceptance/customizing_blocked_response_spec.rb
 - spec/spec_helper.rb
 - spec/allow2ban_spec.rb
+- spec/rack_attack_instrumentation_spec.rb
 - spec/rack_attack_dalli_proxy_spec.rb
 - spec/rack_attack_spec.rb
 - spec/rack_attack_throttle_spec.rb

data/lib/rack/attack/store_proxy/mem_cache_proxy.rb

@@ -1,50 +0,0 @@
-module Rack
-  class Attack
-    module StoreProxy
-      class MemCacheProxy < SimpleDelegator
-        def self.handle?(store)
-          defined?(::MemCache) && store.is_a?(::MemCache)
-        end
-
-        def initialize(store)
-          super(store)
-          stub_with_if_missing
-        end
-
-        def read(key)
-          # Second argument: reading raw value
-          get(key, true)
-        rescue MemCache::MemCacheError
-        end
-
-        def write(key, value, options = {})
-          # Third argument: writing raw value
-          set(key, value, options.fetch(:expires_in, 0), true)
-        rescue MemCache::MemCacheError
-        end
-
-        def increment(key, amount, _options = {})
-          incr(key, amount)
-        rescue MemCache::MemCacheError
-        end
-
-        def delete(key, _options = {})
-          with do |client|
-            client.delete(key)
-          end
-        rescue MemCache::MemCacheError
-        end
-
-        private
-
-        def stub_with_if_missing
-          unless __getobj__.respond_to?(:with)
-            class << self
-              def with; yield __getobj__; end
-            end
-          end
-        end
-      end
-    end
-  end
-end