RubyGems - rack-attack - Versions diffs - 4.2.0 → 4.3.0 - Mend

rack-attack 4.2.0 → 4.3.0

Potentially problematic release.

This version of rack-attack might be problematic. Click here for more details.

Files changed (11) hide show

checksums.yaml +4 -4
data/README.md +4 -4
data/Rakefile +1 -0
data/lib/rack/attack/cache.rb +18 -4
data/lib/rack/attack/fail2ban.rb +11 -4
data/lib/rack/attack/store_proxy/redis_store_proxy.rb +7 -3
data/lib/rack/attack/version.rb +1 -1
data/spec/fail2ban_spec.rb +20 -0
data/spec/integration/rack_attack_cache_spec.rb +33 -0
data/spec/rack_attack_spec.rb +3 -1
metadata +3 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e99e6a7757d11626b6b7d078abe43e9fe123cc36
-  data.tar.gz: 77b5a17a9de1acd9692805e2e634d165d66f1506
+  metadata.gz: da0016c3e3d7fee696a96f8f1e3a493b0b197518
+  data.tar.gz: 6b337c7d2ed9c48dbfd4cfc031ab6157fbceda3d
 SHA512:
-  metadata.gz: 75e2f1b7c760cc33323618edf03dd6fb3f661b73d2ed2d2ce67e80f632942c369d4e4336c479ae68e99805c2c2910a51b54dc4fab545b54d295536c28811ca20
-  data.tar.gz: 5da774caa95cfe83eaeb1c42d759ac0761fc76c5c6137681101f658680b3bba9edde35862f9a84cd0a1f530ae294142663a619c3940fedc761345b0be5cd3542
+  metadata.gz: 1f84ef0262ee5f64ed98d745bedf49f7e8ef38693a3bc8e0eddb643dc7165e881ee11642944cf75d52769e13f6da934be69bf3156c6945e938caa139bf886252
+  data.tar.gz: b952d3bd6061eaf8c7b5172c0b6620d4e3797d383c7a00d9d6d80eef78d470ba3ce8dbb1c57f801f3685164f7076a587236fc5bc3550b433c3771bddbfe589ef

data/README.md CHANGED

@@ -15,7 +15,7 @@ See the [Backing & Hacking blog post](http://www.kickstarter.com/backing-and-hac
 ## Getting started
-Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it to you Gemfile with bundler:
+Install the [rack-attack](http://rubygems.org/gems/rack-attack) gem; or add it to your Gemfile with bundler:
 ```ruby
 # In your Gemfile
@@ -36,7 +36,7 @@ Or for Rackup files:
 use Rack::Attack
 ```
-Add a `rack-attack.rb` file to `config/initalizers/`:
+Add a `rack-attack.rb` file to `config/initializers/`:
 ```ruby
 # In config/initializers/rack-attack.rb
 class Rack::Attack
@@ -95,7 +95,7 @@ can cleanly monkey patch helper methods onto the
 Define whitelists, blacklists, throttles, and tracks as blocks that return truthy values if matched, falsy otherwise. In a Rails app
 these go in an initializer in `config/initializers/`.
-A [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/Request.html) object is passed to the block (named 'req' in the examples).
+A [Rack::Request](http://www.rubydoc.info/gems/rack/Rack/Request) object is passed to the block (named 'req' in the examples).
 ### Whitelists
@@ -199,7 +199,7 @@ Rack::Attack.track("special_agent") do |req|
 end
 # Supports optional limit and period, triggers the notification only when the limit is reached.
-Rack::Attack.track("special_agent", :limit 6, :period => 60.seconds) do |req|
+Rack::Attack.track("special_agent", :limit => 6, :period => 60.seconds) do |req|
   req.user_agent == "SpecialAgent"
 end

data/Rakefile CHANGED

@@ -1,5 +1,6 @@
 require "rubygems"
 require "bundler/setup"
+require 'bundler/gem_tasks'
 require 'rake/testtask'
 namespace :test do

data/lib/rack/attack/cache.rb CHANGED

@@ -15,10 +15,7 @@ module Rack
       end
       def count(unprefixed_key, period)
-        epoch_time = Time.now.to_i
-        # Add 1 to expires_in to avoid timing error: http://git.io/i1PHXA
-        expires_in = period - (epoch_time % period) + 1
-        key = "#{prefix}:#{(epoch_time/period).to_i}:#{unprefixed_key}"
+        key, expires_in = key_and_expiry(unprefixed_key, period)
         do_count(key, expires_in)
       end
@@ -30,7 +27,24 @@ module Rack
         store.write("#{prefix}:#{unprefixed_key}", value, :expires_in => expires_in)
       end
+      def reset_count(unprefixed_key, period)
+        key, _ = key_and_expiry(unprefixed_key, period)
+        store.delete(key)
+      end
+      def delete(unprefixed_key)
+        store.delete("#{prefix}:#{unprefixed_key}")
+      end
       private
+      def key_and_expiry(unprefixed_key, period)
+        epoch_time = Time.now.to_i
+        # Add 1 to expires_in to avoid timing error: http://git.io/i1PHXA
+        expires_in = (period - (epoch_time % period) + 1).to_i
+        ["#{prefix}:#{(epoch_time / period).to_i}:#{unprefixed_key}", expires_in]
+      end
       def do_count(key, expires_in)
         result = store.increment(key, 1, :expires_in => expires_in)

data/lib/rack/attack/fail2ban.rb CHANGED

@@ -15,6 +15,17 @@ module Rack
           end
         end
+        def reset(discriminator, options)
+          findtime = options[:findtime] or raise ArgumentError, "Must pass findtime option"
+          cache.reset_count("#{key_prefix}:count:#{discriminator}", findtime)
+          # Clear ban flag just in case it's there
+          cache.delete("#{key_prefix}:ban:#{discriminator}")
+        end
+        def banned?(discriminator)
+          cache.read("#{key_prefix}:ban:#{discriminator}") ? true : false
+        end
         protected
         def key_prefix
           'fail2ban'
@@ -35,10 +46,6 @@ module Rack
           cache.write("#{key_prefix}:ban:#{discriminator}", 1, bantime)
         end
-        def banned?(discriminator)
-          cache.read("#{key_prefix}:ban:#{discriminator}")
-        end
         def cache
           Rack::Attack.cache
         end

data/lib/rack/attack/store_proxy/redis_store_proxy.rb CHANGED

@@ -13,15 +13,15 @@ module Rack
         end
         def read(key)
-          self.get(key)
+          self.get(key, raw: true)
         rescue Redis::BaseError
         end
         def write(key, value, options={})
           if (expires_in = options[:expires_in])
-            self.setex(key, expires_in, value)
+            self.setex(key, expires_in, value, raw: true)
           else
-            self.set(key, value)
+            self.set(key, value, raw: true)
           end
         rescue Redis::BaseError
         end
@@ -36,6 +36,10 @@ module Rack
         rescue Redis::BaseError
         end
+        def delete(key, options={})
+          self.del(key)
+        rescue Redis::BaseError
+        end
       end
     end
   end

data/lib/rack/attack/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Rack
   class Attack
-    VERSION = '4.2.0'
+    VERSION = '4.3.0'
   end
 end

data/spec/fail2ban_spec.rb CHANGED

@@ -58,7 +58,27 @@ describe 'Rack::Attack.Fail2Ban' do
           key = "rack::attack:fail2ban:ban:1.2.3.4"
           @cache.store.read(key).must_equal 1
         end
+      end
+      describe 'reset after success' do
+        before do
+          get '/?test=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4'
+          Rack::Attack::Fail2Ban.reset('1.2.3.4', @f2b_options)
+          get '/', {}, 'REMOTE_ADDR' => '1.2.3.4'
+        end
+        it 'succeeds' do
+          last_response.status.must_equal 200
+        end
+        it 'resets fail count' do
+          key = "rack::attack:#{Time.now.to_i/@findtime}:fail2ban:count:1.2.3.4"
+          @cache.store.read(key).must_equal nil
+        end
+        it 'IP is not banned' do
+          Rack::Attack::Fail2Ban.banned?('1.2.3.4').must_equal false
+        end
       end
     end
   end

data/spec/integration/rack_attack_cache_spec.rb CHANGED

@@ -1,6 +1,9 @@
 require_relative '../spec_helper'
 describe Rack::Attack::Cache do
+  # A convenience method for deleting a key from cache.
+  # Slightly differnet than @cache.delete, which adds a prefix.
   def delete(key)
     if @cache.store.respond_to?(:delete)
       @cache.store.delete(key)
@@ -80,6 +83,36 @@ describe Rack::Attack::Cache do
           @cache.read("cache-test-key").must_equal "foobar"
         end
       end
+      describe "delete" do
+        it "must delete the value" do
+          store.write(@key, "foobar", :expires_in => @expires_in)
+          @cache.read('cache-test-key').must_equal "foobar"
+          store.delete(@key)
+          @cache.read('cache-test-key').must_equal nil
+        end
+      end
+      describe "cache#delete" do
+        it "must delete the value" do
+          @cache.write("cache-test-key", "foobar", 1)
+          store.read(@key).must_equal "foobar"
+          @cache.delete('cache-test-key')
+          store.read(@key).must_be :nil?
+        end
+      end
+      describe "reset_count" do
+        it "must delete the value" do
+          period = 1.minute
+          unprefixed_key = 'cache-test-key'
+          @cache.count(unprefixed_key, period)
+          period_key, _ = @cache.send(:key_and_expiry, 'cache-test-key', period)
+          store.read(period_key).to_i.must_equal 1
+          @cache.reset_count(unprefixed_key, period)
+          store.read(period_key).must_equal nil
+        end
+      end
     end
   end

data/spec/rack_attack_spec.rb CHANGED

@@ -9,7 +9,9 @@ describe 'Rack::Attack' do
       Rack::Attack.blacklist("ip #{@bad_ip}") {|req| req.ip == @bad_ip }
     end
-    it('has a blacklist') { Rack::Attack.blacklists.key?("ip #{@bad_ip}") }
+    it('has a blacklist') {
+      Rack::Attack.blacklists.key?("ip #{@bad_ip}").must_equal true
+    }
     describe "a bad request" do
       before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-attack
 version: !ruby/object:Gem::Version
-  version: 4.2.0
+  version: 4.3.0
 platform: ruby
 authors:
 - Aaron Suggs
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-26 00:00:00.000000000 Z
+date: 2015-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -189,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: Block & throttle abusive requests
@@ -204,4 +204,3 @@ test_files:
 - spec/rack_attack_throttle_spec.rb
 - spec/rack_attack_track_spec.rb
 - spec/spec_helper.rb
-has_rdoc: