rack-attack 6.0.0 → 6.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +19 -5
- data/lib/rack/attack.rb +97 -146
- data/lib/rack/attack/cache.rb +15 -1
- data/lib/rack/attack/check.rb +2 -1
- data/lib/rack/attack/configuration.rb +107 -0
- data/lib/rack/attack/path_normalizer.rb +20 -18
- data/lib/rack/attack/railtie.rb +13 -0
- data/lib/rack/attack/store_proxy/active_support_redis_store_proxy.rb +3 -1
- data/lib/rack/attack/store_proxy/mem_cache_store_proxy.rb +3 -1
- data/lib/rack/attack/store_proxy/redis_proxy.rb +16 -7
- data/lib/rack/attack/throttle.rb +32 -14
- data/lib/rack/attack/track.rb +6 -5
- data/lib/rack/attack/version.rb +1 -1
- data/spec/acceptance/rails_middleware_spec.rb +35 -0
- data/spec/acceptance/stores/active_support_mem_cache_store_pooled_spec.rb +1 -3
- data/spec/acceptance/stores/active_support_redis_cache_store_pooled_spec.rb +7 -1
- data/spec/acceptance/stores/active_support_redis_cache_store_spec.rb +6 -1
- data/spec/acceptance/stores/connection_pool_dalli_client_spec.rb +3 -3
- data/spec/acceptance/throttling_spec.rb +19 -1
- data/spec/allow2ban_spec.rb +17 -14
- data/spec/fail2ban_spec.rb +17 -16
- data/spec/integration/offline_spec.rb +46 -1
- data/spec/rack_attack_instrumentation_spec.rb +1 -1
- data/spec/rack_attack_path_normalizer_spec.rb +2 -2
- data/spec/rack_attack_spec.rb +58 -13
- data/spec/rack_attack_throttle_spec.rb +43 -18
- data/spec/rack_attack_track_spec.rb +8 -5
- data/spec/spec_helper.rb +7 -9
- metadata +31 -21
data/spec/spec_helper.rb
CHANGED
@@ -5,8 +5,7 @@ require "bundler/setup"
|
|
5
5
|
require "minitest/autorun"
|
6
6
|
require "minitest/pride"
|
7
7
|
require "rack/test"
|
8
|
-
require
|
9
|
-
require 'action_dispatch'
|
8
|
+
require "rails"
|
10
9
|
|
11
10
|
require "rack/attack"
|
12
11
|
|
@@ -30,22 +29,20 @@ class MiniTest::Spec
|
|
30
29
|
include Rack::Test::Methods
|
31
30
|
|
32
31
|
before do
|
33
|
-
|
34
|
-
@_original_blocklisted_response = Rack::Attack.blocklisted_response
|
32
|
+
Rails.cache = nil
|
35
33
|
end
|
36
34
|
|
37
35
|
after do
|
38
36
|
Rack::Attack.clear_configuration
|
39
37
|
Rack::Attack.instance_variable_set(:@cache, nil)
|
40
|
-
|
41
|
-
Rack::Attack.throttled_response = @_original_throttled_response
|
42
|
-
Rack::Attack.blocklisted_response = @_original_blocklisted_response
|
43
38
|
end
|
44
39
|
|
45
40
|
def app
|
46
41
|
Rack::Builder.new do
|
47
42
|
# Use Rack::Lint to test that rack-attack is complying with the rack spec
|
48
43
|
use Rack::Lint
|
44
|
+
# Intentionally added twice to test idempotence property
|
45
|
+
use Rack::Attack
|
49
46
|
use Rack::Attack
|
50
47
|
use Rack::Lint
|
51
48
|
|
@@ -56,8 +53,9 @@ class MiniTest::Spec
|
|
56
53
|
def self.it_allows_ok_requests
|
57
54
|
it "must allow ok requests" do
|
58
55
|
get '/', {}, 'REMOTE_ADDR' => '127.0.0.1'
|
59
|
-
|
60
|
-
last_response.
|
56
|
+
|
57
|
+
_(last_response.status).must_equal 200
|
58
|
+
_(last_response.body).must_equal 'Hello World'
|
61
59
|
end
|
62
60
|
end
|
63
61
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-attack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aaron Suggs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-04-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -112,84 +112,90 @@ dependencies:
|
|
112
112
|
requirements:
|
113
113
|
- - "~>"
|
114
114
|
- !ruby/object:Gem::Version
|
115
|
-
version: '
|
115
|
+
version: '13.0'
|
116
116
|
type: :development
|
117
117
|
prerelease: false
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
119
119
|
requirements:
|
120
120
|
- - "~>"
|
121
121
|
- !ruby/object:Gem::Version
|
122
|
-
version: '
|
122
|
+
version: '13.0'
|
123
123
|
- !ruby/object:Gem::Dependency
|
124
124
|
name: rubocop
|
125
125
|
requirement: !ruby/object:Gem::Requirement
|
126
126
|
requirements:
|
127
127
|
- - '='
|
128
128
|
- !ruby/object:Gem::Version
|
129
|
-
version: 0.
|
129
|
+
version: 0.78.0
|
130
130
|
type: :development
|
131
131
|
prerelease: false
|
132
132
|
version_requirements: !ruby/object:Gem::Requirement
|
133
133
|
requirements:
|
134
134
|
- - '='
|
135
135
|
- !ruby/object:Gem::Version
|
136
|
-
version: 0.
|
136
|
+
version: 0.78.0
|
137
137
|
- !ruby/object:Gem::Dependency
|
138
|
-
name:
|
138
|
+
name: rubocop-performance
|
139
139
|
requirement: !ruby/object:Gem::Requirement
|
140
140
|
requirements:
|
141
141
|
- - "~>"
|
142
142
|
- !ruby/object:Gem::Version
|
143
|
-
version:
|
143
|
+
version: 1.5.0
|
144
144
|
type: :development
|
145
145
|
prerelease: false
|
146
146
|
version_requirements: !ruby/object:Gem::Requirement
|
147
147
|
requirements:
|
148
148
|
- - "~>"
|
149
149
|
- !ruby/object:Gem::Version
|
150
|
-
version:
|
150
|
+
version: 1.5.0
|
151
151
|
- !ruby/object:Gem::Dependency
|
152
|
-
name:
|
152
|
+
name: timecop
|
153
153
|
requirement: !ruby/object:Gem::Requirement
|
154
154
|
requirements:
|
155
155
|
- - "~>"
|
156
156
|
- !ruby/object:Gem::Version
|
157
|
-
version:
|
157
|
+
version: 0.9.1
|
158
158
|
type: :development
|
159
159
|
prerelease: false
|
160
160
|
version_requirements: !ruby/object:Gem::Requirement
|
161
161
|
requirements:
|
162
162
|
- - "~>"
|
163
163
|
- !ruby/object:Gem::Version
|
164
|
-
version:
|
164
|
+
version: 0.9.1
|
165
165
|
- !ruby/object:Gem::Dependency
|
166
|
-
name:
|
166
|
+
name: byebug
|
167
167
|
requirement: !ruby/object:Gem::Requirement
|
168
168
|
requirements:
|
169
169
|
- - "~>"
|
170
170
|
- !ruby/object:Gem::Version
|
171
|
-
version: '
|
171
|
+
version: '11.0'
|
172
172
|
type: :development
|
173
173
|
prerelease: false
|
174
174
|
version_requirements: !ruby/object:Gem::Requirement
|
175
175
|
requirements:
|
176
176
|
- - "~>"
|
177
177
|
- !ruby/object:Gem::Version
|
178
|
-
version: '
|
178
|
+
version: '11.0'
|
179
179
|
- !ruby/object:Gem::Dependency
|
180
|
-
name:
|
180
|
+
name: railties
|
181
181
|
requirement: !ruby/object:Gem::Requirement
|
182
182
|
requirements:
|
183
|
-
- - "
|
183
|
+
- - ">="
|
184
|
+
- !ruby/object:Gem::Version
|
185
|
+
version: '4.2'
|
186
|
+
- - "<"
|
184
187
|
- !ruby/object:Gem::Version
|
185
|
-
version: '
|
188
|
+
version: '6.1'
|
186
189
|
type: :development
|
187
190
|
prerelease: false
|
188
191
|
version_requirements: !ruby/object:Gem::Requirement
|
189
192
|
requirements:
|
190
|
-
- - "
|
193
|
+
- - ">="
|
194
|
+
- !ruby/object:Gem::Version
|
195
|
+
version: '4.2'
|
196
|
+
- - "<"
|
191
197
|
- !ruby/object:Gem::Version
|
192
|
-
version: '
|
198
|
+
version: '6.1'
|
193
199
|
description: A rack middleware for throttling and blocking abusive requests
|
194
200
|
email: aaron@ktheory.com
|
195
201
|
executables: []
|
@@ -204,8 +210,10 @@ files:
|
|
204
210
|
- lib/rack/attack/blocklist.rb
|
205
211
|
- lib/rack/attack/cache.rb
|
206
212
|
- lib/rack/attack/check.rb
|
213
|
+
- lib/rack/attack/configuration.rb
|
207
214
|
- lib/rack/attack/fail2ban.rb
|
208
215
|
- lib/rack/attack/path_normalizer.rb
|
216
|
+
- lib/rack/attack/railtie.rb
|
209
217
|
- lib/rack/attack/request.rb
|
210
218
|
- lib/rack/attack/safelist.rb
|
211
219
|
- lib/rack/attack/store_proxy.rb
|
@@ -230,6 +238,7 @@ files:
|
|
230
238
|
- spec/acceptance/customizing_throttled_response_spec.rb
|
231
239
|
- spec/acceptance/extending_request_object_spec.rb
|
232
240
|
- spec/acceptance/fail2ban_spec.rb
|
241
|
+
- spec/acceptance/rails_middleware_spec.rb
|
233
242
|
- spec/acceptance/safelisting_ip_spec.rb
|
234
243
|
- spec/acceptance/safelisting_spec.rb
|
235
244
|
- spec/acceptance/safelisting_subnet_spec.rb
|
@@ -282,7 +291,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
282
291
|
- !ruby/object:Gem::Version
|
283
292
|
version: '0'
|
284
293
|
requirements: []
|
285
|
-
rubygems_version: 3.
|
294
|
+
rubygems_version: 3.1.2
|
286
295
|
signing_key:
|
287
296
|
specification_version: 4
|
288
297
|
summary: Block & throttle abusive requests
|
@@ -290,6 +299,7 @@ test_files:
|
|
290
299
|
- spec/integration/offline_spec.rb
|
291
300
|
- spec/rack_attack_path_normalizer_spec.rb
|
292
301
|
- spec/acceptance/safelisting_subnet_spec.rb
|
302
|
+
- spec/acceptance/rails_middleware_spec.rb
|
293
303
|
- spec/acceptance/track_throttle_spec.rb
|
294
304
|
- spec/acceptance/cache_store_config_for_fail2ban_spec.rb
|
295
305
|
- spec/acceptance/cache_store_config_with_rails_spec.rb
|