rack-combobot 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/Gemfile.lock +1 -1
  2. data/lib/rack/combobot.rb +25 -8
  3. data/rack-combobot.gemspec +1 -1
  4. data/spec/rack_combobot_spec.rb +22 -2
  5. metadata +14 -14
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rack-combobot (0.0.1)
4
+ rack-combobot (0.0.2)
5
5
  rack
6
6
  rake
7
7
 
data/lib/rack/combobot.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  require "rack/combobot/config"
2
2
  require "pathname"
3
- require 'uri'
3
+ require "uri"
4
4
 
5
5
  module Rack
6
6
  class Combobot
@@ -24,25 +24,42 @@ module Rack
24
24
  file_names = params.split("&")
25
25
  extention = file_names[0].split(".").last
26
26
 
27
- # TODO: create a simple key value hash with the query string as key
28
- combo = Combination.new(@config.root, file_names).combine
27
+ begin
28
+ combo = Combination.new(@config.root, file_names).combine
29
+ [200, {"Content-Type" => MIME_TYPES[extention]}, [combo]]
30
+ rescue Combination::PathError
31
+ not_found
32
+ end
33
+ end
29
34
 
30
- [200, {"Content-Type" => MIME_TYPES[extention]}, combo]
35
+ def not_found
36
+ [404, {'Content-Type' => 'text/html'}, ['File not found']]
31
37
  end
32
38
 
33
39
  class Combination
34
40
  def initialize(root, file_names)
35
- @file_contents = []
41
+ @file_contents = combine_files(root, file_names)
42
+ end
43
+
44
+ def combine_files(root, file_names = [])
45
+ file_names.map do |file_name|
46
+
47
+ raise PathError if file_name.include?('..') || file_name.include?("~")
36
48
 
37
- file_names.each do |file_name|
38
- @file_contents << ::File.open("#{root}/#{file_name}", 'r') { |f| f.read }
49
+ root_prefix = ::File.expand_path(".", root) + "/"
50
+ file_path = ::File.expand_path(file_name, root)
51
+
52
+ raise PathError unless file_path.start_with?(root_prefix) && ::File.exist?(file_path)
53
+
54
+ file_content = ::File.open(file_path, 'r') { |f| f.read }
39
55
  end
40
56
  end
41
57
 
42
58
  def combine
43
59
  @combo ||= @file_contents.join
44
60
  end
45
- end
46
61
 
62
+ class PathError < ArgumentError; end
63
+ end
47
64
  end
48
65
  end
data/rack-combobot.gemspec CHANGED
@@ -4,7 +4,7 @@ $:.push File.expand_path("../lib", __FILE__)
4
4
 
5
5
  Gem::Specification.new do |s|
6
6
  s.name = "rack-combobot"
7
- s.version = "0.0.2"
7
+ s.version = "0.0.3"
8
8
  s.authors = ["Simon Højberg", "Christopher Meiklejohn"]
9
9
  s.email = ["r.hackr@gmail.com", "christopher.meiklejohn@gmail.com"]
10
10
  s.homepage = "https://github.com/hojberg/rack-combobot"
data/spec/rack_combobot_spec.rb CHANGED
@@ -13,7 +13,7 @@ describe "combing assets from query string" do
13
13
  }).must_equal([
14
14
  200,
15
15
  {"Content-Type" => "text/javascript"},
16
- "function lorem() { return \"a\"; }\nfunction ipsum() { return \"b\"; }\n"
16
+ ["function lorem() { return \"a\"; }\nfunction ipsum() { return \"b\"; }\n"]
17
17
  ])
18
18
  end
19
19
 
@@ -23,7 +23,27 @@ describe "combing assets from query string" do
23
23
  }).must_equal([
24
24
  200,
25
25
  {"Content-Type" => "text/css"},
26
- ".lorem { background: blue; }\n#lipsum { border: 1px solid red }\n"
26
+ [".lorem { background: blue; }\n#lipsum { border: 1px solid red }\n"]
27
+ ])
28
+ end
29
+
30
+ it "returns 404 when it can't find files" do
31
+ @app.call({
32
+ "QUERY_STRING" => "js3.js&js4.js"
33
+ }).must_equal([
34
+ 404,
35
+ {'Content-Type' => 'text/html'},
36
+ ['File not found']
37
+ ])
38
+ end
39
+
40
+ it 'returns 404 when trying to move up from the root dir' do
41
+ @app.call({
42
+ "QUERY_STRING" => "js3.js&../../js4.js"
43
+ }).must_equal([
44
+ 404,
45
+ {'Content-Type' => 'text/html'},
46
+ ['File not found']
27
47
  ])
28
48
  end
29
49
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-combobot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,11 +10,11 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-01-06 00:00:00.000000000 Z
13
+ date: 2012-03-09 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rake
17
- requirement: &2152913280 !ruby/object:Gem::Requirement
17
+ requirement: &2154066720 !ruby/object:Gem::Requirement
18
18
  none: false
19
19
  requirements:
20
20
  - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
22
22
  version: '0'
23
23
  type: :runtime
24
24
  prerelease: false
25
- version_requirements: *2152913280
25
+ version_requirements: *2154066720
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: rack
28
- requirement: &2152912480 !ruby/object:Gem::Requirement
28
+ requirement: &2154066280 !ruby/object:Gem::Requirement
29
29
  none: false
30
30
  requirements:
31
31
  - - ! '>='
@@ -33,10 +33,10 @@ dependencies:
33
33
  version: '0'
34
34
  type: :runtime
35
35
  prerelease: false
36
- version_requirements: *2152912480
36
+ version_requirements: *2154066280
37
37
  - !ruby/object:Gem::Dependency
38
38
  name: minitest
39
- requirement: &2152910980 !ruby/object:Gem::Requirement
39
+ requirement: &2154065860 !ruby/object:Gem::Requirement
40
40
  none: false
41
41
  requirements:
42
42
  - - ! '>='
@@ -44,10 +44,10 @@ dependencies:
44
44
  version: '0'
45
45
  type: :development
46
46
  prerelease: false
47
- version_requirements: *2152910980
47
+ version_requirements: *2154065860
48
48
  - !ruby/object:Gem::Dependency
49
49
  name: rack-test
50
- requirement: &2152902700 !ruby/object:Gem::Requirement
50
+ requirement: &2154065440 !ruby/object:Gem::Requirement
51
51
  none: false
52
52
  requirements:
53
53
  - - ! '>='
@@ -55,10 +55,10 @@ dependencies:
55
55
  version: '0'
56
56
  type: :development
57
57
  prerelease: false
58
- version_requirements: *2152902700
58
+ version_requirements: *2154065440
59
59
  - !ruby/object:Gem::Dependency
60
60
  name: guard
61
- requirement: &2152901820 !ruby/object:Gem::Requirement
61
+ requirement: &2154065020 !ruby/object:Gem::Requirement
62
62
  none: false
63
63
  requirements:
64
64
  - - ! '>='
@@ -66,10 +66,10 @@ dependencies:
66
66
  version: '0'
67
67
  type: :development
68
68
  prerelease: false
69
- version_requirements: *2152901820
69
+ version_requirements: *2154065020
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: guard-minitest
72
- requirement: &2152900400 !ruby/object:Gem::Requirement
72
+ requirement: &2154064600 !ruby/object:Gem::Requirement
73
73
  none: false
74
74
  requirements:
75
75
  - - ! '>='
@@ -77,7 +77,7 @@ dependencies:
77
77
  version: '0'
78
78
  type: :development
79
79
  prerelease: false
80
- version_requirements: *2152900400
80
+ version_requirements: *2154064600
81
81
  description: combines assets to server 1 file
82
82
  email:
83
83
  - r.hackr@gmail.com