rack-encoding_guard 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 24e9d6fb725a32cf5e1146b64f5e2d04173fe272
4
+ data.tar.gz: 9f935c1cf9ea47c23dd944db72b99742c197ec53
5
+ SHA512:
6
+ metadata.gz: 23f6be7ca2e98c13f4ad028a67516171631fd0537a4d07a597b519f6a97815bc40397def6739d3758bd35374f34988ace0fcd9b9cab78f3fc1a28bc1538b15ff
7
+ data.tar.gz: 70a85d00057dcd23725fe67d08a9013ba2e19c45bd87a42f38a719f1eae9bb079b6f2913b1c7d60eaa9c236256675d103c93f550b1a031f8647ead8963ac8350
data/.document ADDED
@@ -0,0 +1,5 @@
1
+ lib/**/*.rb
2
+ bin/*
3
+ -
4
+ features/**/*.feature
5
+ LICENSE.txt
data/.travis.yml ADDED
@@ -0,0 +1,14 @@
1
+ language: ruby
2
+ rvm:
3
+ - '1.9.3'
4
+ - '2.0.0'
5
+ - '2.1.5'
6
+ - '2.2.2'
7
+ - ruby-head
8
+ - jruby
9
+ - jruby-head
10
+ - rbx-2
11
+ script: bundle exec rspec
12
+ addons:
13
+ code_climate:
14
+ repo_token: 15bb652055da33806610cb5c684cbe04df2e67e108ed71775284cca8a2dce73f
data/Gemfile ADDED
@@ -0,0 +1,16 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gem 'rack'
4
+ gem 'activesupport', '>= 3.0.0', require: false
5
+
6
+ # Add dependencies to develop your gem here.
7
+ # Include everything needed to run rake, tests, features, etc.
8
+
9
+ group :development do
10
+ gem 'rspec'
11
+ gem 'bundler', '~> 1.0'
12
+ gem 'jeweler', '~> 2.0.1'
13
+ gem 'yard'
14
+ gem 'rubocop', require: false
15
+ gem 'codeclimate-test-reporter', require: false
16
+ end
data/Gemfile.lock ADDED
@@ -0,0 +1,110 @@
1
+ GEM
2
+ remote: https://rubygems.org/
3
+ specs:
4
+ activesupport (4.2.2)
5
+ i18n (~> 0.7)
6
+ json (~> 1.7, >= 1.7.7)
7
+ minitest (~> 5.1)
8
+ thread_safe (~> 0.3, >= 0.3.4)
9
+ tzinfo (~> 1.1)
10
+ addressable (2.3.8)
11
+ ast (2.0.0)
12
+ astrolabe (1.3.0)
13
+ parser (>= 2.2.0.pre.3, < 3.0)
14
+ builder (3.2.2)
15
+ codeclimate-test-reporter (0.4.7)
16
+ simplecov (>= 0.7.1, < 1.0.0)
17
+ descendants_tracker (0.0.4)
18
+ thread_safe (~> 0.3, >= 0.3.1)
19
+ diff-lcs (1.2.5)
20
+ docile (1.1.5)
21
+ faraday (0.9.1)
22
+ multipart-post (>= 1.2, < 3)
23
+ git (1.2.9.1)
24
+ github_api (0.12.3)
25
+ addressable (~> 2.3)
26
+ descendants_tracker (~> 0.0.4)
27
+ faraday (~> 0.8, < 0.10)
28
+ hashie (>= 3.3)
29
+ multi_json (>= 1.7.5, < 2.0)
30
+ nokogiri (~> 1.6.3)
31
+ oauth2
32
+ hashie (3.4.2)
33
+ highline (1.7.2)
34
+ i18n (0.7.0)
35
+ jeweler (2.0.1)
36
+ builder
37
+ bundler (>= 1.0)
38
+ git (>= 1.2.5)
39
+ github_api
40
+ highline (>= 1.6.15)
41
+ nokogiri (>= 1.5.10)
42
+ rake
43
+ rdoc
44
+ json (1.8.3)
45
+ jwt (1.5.1)
46
+ mini_portile (0.6.2)
47
+ minitest (5.7.0)
48
+ multi_json (1.11.1)
49
+ multi_xml (0.5.5)
50
+ multipart-post (2.0.0)
51
+ nokogiri (1.6.6.2)
52
+ mini_portile (~> 0.6.0)
53
+ oauth2 (1.0.0)
54
+ faraday (>= 0.8, < 0.10)
55
+ jwt (~> 1.0)
56
+ multi_json (~> 1.3)
57
+ multi_xml (~> 0.5)
58
+ rack (~> 1.2)
59
+ parser (2.2.2.5)
60
+ ast (>= 1.1, < 3.0)
61
+ powerpack (0.1.1)
62
+ rack (1.6.4)
63
+ rainbow (2.0.0)
64
+ rake (10.4.2)
65
+ rdoc (4.2.0)
66
+ rspec (3.3.0)
67
+ rspec-core (~> 3.3.0)
68
+ rspec-expectations (~> 3.3.0)
69
+ rspec-mocks (~> 3.3.0)
70
+ rspec-core (3.3.1)
71
+ rspec-support (~> 3.3.0)
72
+ rspec-expectations (3.3.0)
73
+ diff-lcs (>= 1.2.0, < 2.0)
74
+ rspec-support (~> 3.3.0)
75
+ rspec-mocks (3.3.1)
76
+ diff-lcs (>= 1.2.0, < 2.0)
77
+ rspec-support (~> 3.3.0)
78
+ rspec-support (3.3.0)
79
+ rubocop (0.32.1)
80
+ astrolabe (~> 1.3)
81
+ parser (>= 2.2.2.5, < 3.0)
82
+ powerpack (~> 0.1)
83
+ rainbow (>= 1.99.1, < 3.0)
84
+ ruby-progressbar (~> 1.4)
85
+ ruby-progressbar (1.7.5)
86
+ simplecov (0.10.0)
87
+ docile (~> 1.1.0)
88
+ json (~> 1.8)
89
+ simplecov-html (~> 0.10.0)
90
+ simplecov-html (0.10.0)
91
+ thread_safe (0.3.5)
92
+ tzinfo (1.2.2)
93
+ thread_safe (~> 0.1)
94
+ yard (0.8.7.6)
95
+
96
+ PLATFORMS
97
+ ruby
98
+
99
+ DEPENDENCIES
100
+ activesupport (>= 3.0.0)
101
+ bundler (~> 1.0)
102
+ codeclimate-test-reporter
103
+ jeweler (~> 2.0.1)
104
+ rack
105
+ rspec
106
+ rubocop
107
+ yard
108
+
109
+ BUNDLED WITH
110
+ 1.10.4
data/LICENSE.txt ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2015 Tobias Casper
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,54 @@
1
+ # Rack::EncodingGuard
2
+
3
+ [![Code Climate](https://codeclimate.com/github/tlux/rack-encoding_guard/badges/gpa.svg)](https://codeclimate.com/github/tlux/rack-encoding_guard) [![Test Coverage](https://codeclimate.com/github/tlux/rack-encoding_guard/badges/coverage.svg)](https://codeclimate.com/github/tlux/rack-encoding_guard/coverage) [![Build Status](https://travis-ci.org/tlux/rack-encoding_guard.svg?branch=master)](https://travis-ci.org/tlux/rack-encoding_guard)
4
+
5
+ A middleware to process wrong encoded URLs in Rack applications.
6
+
7
+ ## Requirements
8
+ Rack::EncodingGuard has been tested in following environments:
9
+ * Ruby 1.9.3
10
+ * Ruby 2.0
11
+ * Ruby 2.1
12
+ * Ruby 2.2
13
+ * JRuby
14
+ * Rubinius 2
15
+
16
+ ## Setup
17
+ `gem install rack-encoding_guard`
18
+
19
+ Alternatively, add the following line to your Gemfile when using Bundler:
20
+ ```ruby
21
+ gem 'rack-encoding_guard', '~> 0.1'
22
+ ```
23
+
24
+ ## Usage
25
+ If you are on Rails, you can insert the middleware to your application.rb
26
+ ```ruby
27
+ config.middleware.use 'Rack::EncodingGuard::Middleware'
28
+ ```
29
+
30
+ ### Reject Strategy
31
+ By default, all requests containing characters with invalid encodings are rejected with a HTTP status 400 code ("Bad Request"). Additionally, you can configure which message will be shown to the requesting user in this case:
32
+ ```ruby
33
+ config.middleware.use 'Rack::EncodingGuard::Middleware', :reject, with: 'Check that URL, mate!'
34
+ ```
35
+
36
+ ### Sanitize Strategy
37
+ When using the sanitize strategy it is also possible to allow requests containing invalid characters. All invalid characters will be stripped out of all relevant ENV vars so no encoding errors will occur down the middleware stack.
38
+ ```ruby
39
+ config.middleware.use 'Rack::EncodingGuard::Middleware', :sanitize
40
+ ```
41
+
42
+ ## Contributing to Rack::EncodingGuard
43
+ * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
44
+ * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
45
+ * Fork the project.
46
+ * Start a feature/bugfix branch.
47
+ * Commit and push until you are happy with your contribution.
48
+ * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
49
+ * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
50
+
51
+ ## Copyright
52
+ Copyright (c) 2015 Tobias Casper. See LICENSE.txt for
53
+ further details.
54
+
data/Rakefile ADDED
@@ -0,0 +1,32 @@
1
+ # encoding: utf-8
2
+
3
+ require 'rubygems'
4
+ require 'bundler'
5
+ begin
6
+ Bundler.setup(:default, :development)
7
+ rescue Bundler::BundlerError => e
8
+ $stderr.puts e.message
9
+ $stderr.puts "Run `bundle install` to install missing gems"
10
+ exit e.status_code
11
+ end
12
+ require 'rake'
13
+
14
+ require 'jeweler'
15
+ Jeweler::Tasks.new do |gem|
16
+ # gem is a Gem::Specification... see http://guides.rubygems.org/specification-reference/ for more options
17
+ gem.name = 'rack-encoding_guard'
18
+ gem.homepage = 'http://github.com/tlux/rack-encoding_guard'
19
+ gem.license = 'MIT'
20
+ gem.summary = %Q{A middleware to process wrong encoded URLs in Rack applications.}
21
+ gem.description = gem.summary
22
+ gem.email = 'tobias.casper@gmail.com'
23
+ gem.authors = ['Tobias Casper']
24
+ # dependencies defined in Gemfile
25
+ end
26
+ Jeweler::RubygemsDotOrgTasks.new
27
+
28
+ require 'yard'
29
+ YARD::Rake::YardocTask.new do |t|
30
+ t.files = ['lib/**/*.rb']
31
+ t.stats_options = ['--list-undoc']
32
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.1.0
@@ -0,0 +1,36 @@
1
+ module Rack
2
+ module EncodingGuard
3
+ class Middleware
4
+ attr_reader :app, :strategy
5
+
6
+ def initialize(app, strategy = nil, options = {})
7
+ @app = app
8
+ @strategy = resolve_strategy_object(strategy, options)
9
+ end
10
+
11
+ def call(env)
12
+ strategy.process(env) do
13
+ app.call(env)
14
+ end
15
+ end
16
+
17
+ private
18
+
19
+ def resolve_strategy_object(strategy, options)
20
+ case strategy
21
+ when nil then RejectStrategy.new(options)
22
+ when Class then strategy.new(options)
23
+ when String then strategy.constantize.new(options)
24
+ when Symbol
25
+ class_name = "#{strategy.to_s.camelize}Strategy"
26
+ EncodingGuard.const_get(class_name).new(options)
27
+ else
28
+ unless strategy.respond_to?(:process)
29
+ fail ArgumentError, "Invalid strategy: #{strategy.inspect}"
30
+ end
31
+ strategy
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,29 @@
1
+ module Rack
2
+ module EncodingGuard
3
+ class RejectStrategy < Strategy
4
+ DEFAULT_MESSAGE = 'Bad Request'
5
+
6
+ def process(env)
7
+ return bad_request_response if invalid_request?(env)
8
+ yield
9
+ end
10
+
11
+ private
12
+
13
+ def message
14
+ options.fetch(:with, DEFAULT_MESSAGE)
15
+ end
16
+
17
+ def invalid_request?(env)
18
+ Strategy::PROCESSIBLE_KEYS.any? do |key|
19
+ value = env[key].to_s.force_encoding(Encoding::UTF_8)
20
+ !value.valid_encoding?
21
+ end
22
+ end
23
+
24
+ def bad_request_response
25
+ [400, {}, [message]]
26
+ end
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,14 @@
1
+ module Rack
2
+ module EncodingGuard
3
+ class SanitizeStrategy < Strategy
4
+ def process(env)
5
+ Strategy::PROCESSIBLE_KEYS.each do |key|
6
+ env[key] = env[key].to_s.encode(Encoding::UTF_8, Encoding::BINARY,
7
+ invalid: :replace, undef: :replace,
8
+ replace: '')
9
+ end
10
+ yield
11
+ end
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,26 @@
1
+ module Rack
2
+ module EncodingGuard
3
+ class Strategy
4
+ PROCESSIBLE_KEYS = %w(
5
+ HTTP_REFERER
6
+ PATH_INFO
7
+ REQUEST_URI
8
+ REQUEST_PATH
9
+ QUERY_STRING
10
+ )
11
+
12
+ attr_reader :options
13
+
14
+ def initialize(options = {})
15
+ @options = options
16
+ end
17
+
18
+ def process(env)
19
+ yield
20
+ end
21
+ end
22
+ end
23
+ end
24
+
25
+ require 'rack/encoding_guard/reject_strategy'
26
+ require 'rack/encoding_guard/sanitize_strategy'
@@ -0,0 +1,9 @@
1
+ require 'active_support/inflector'
2
+
3
+ module Rack
4
+ module EncodingGuard
5
+ end
6
+ end
7
+
8
+ require 'rack/encoding_guard/strategy'
9
+ require 'rack/encoding_guard/middleware'
@@ -0,0 +1,2 @@
1
+ require 'rack'
2
+ require 'rack/encoding_guard'
@@ -0,0 +1,83 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+ # stub: rack-encoding_guard 0.1.0 ruby lib
6
+
7
+ Gem::Specification.new do |s|
8
+ s.name = "rack-encoding_guard"
9
+ s.version = "0.1.0"
10
+
11
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
+ s.require_paths = ["lib"]
13
+ s.authors = ["Tobias Casper"]
14
+ s.date = "2015-06-27"
15
+ s.description = "A middleware to process wrong encoded URLs in Rack applications."
16
+ s.email = "tobias.casper@gmail.com"
17
+ s.extra_rdoc_files = [
18
+ "LICENSE.txt",
19
+ "README.md"
20
+ ]
21
+ s.files = [
22
+ ".document",
23
+ ".travis.yml",
24
+ "Gemfile",
25
+ "Gemfile.lock",
26
+ "LICENSE.txt",
27
+ "README.md",
28
+ "Rakefile",
29
+ "VERSION",
30
+ "lib/rack-encoding_guard.rb",
31
+ "lib/rack/encoding_guard.rb",
32
+ "lib/rack/encoding_guard/middleware.rb",
33
+ "lib/rack/encoding_guard/reject_strategy.rb",
34
+ "lib/rack/encoding_guard/sanitize_strategy.rb",
35
+ "lib/rack/encoding_guard/strategy.rb",
36
+ "rack-encoding_guard.gemspec",
37
+ "spec/lib/rack/encoding_guard/middleware_spec.rb",
38
+ "spec/lib/rack/encoding_guard/reject_strategy_spec.rb",
39
+ "spec/lib/rack/encoding_guard/sanitize_strategy_spec.rb",
40
+ "spec/spec_helper.rb",
41
+ "spec/support/.keep",
42
+ "spec/support/mock_app.rb",
43
+ "spec/support/shared_examples_for_strategy.rb"
44
+ ]
45
+ s.homepage = "http://github.com/tlux/rack-encoding_guard"
46
+ s.licenses = ["MIT"]
47
+ s.rubygems_version = "2.4.6"
48
+ s.summary = "A middleware to process wrong encoded URLs in Rack applications."
49
+
50
+ if s.respond_to? :specification_version then
51
+ s.specification_version = 4
52
+
53
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
54
+ s.add_runtime_dependency(%q<rack>, [">= 0"])
55
+ s.add_runtime_dependency(%q<activesupport>, [">= 3.0.0"])
56
+ s.add_development_dependency(%q<rspec>, [">= 0"])
57
+ s.add_development_dependency(%q<bundler>, ["~> 1.0"])
58
+ s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
59
+ s.add_development_dependency(%q<yard>, [">= 0"])
60
+ s.add_development_dependency(%q<rubocop>, [">= 0"])
61
+ s.add_development_dependency(%q<codeclimate-test-reporter>, [">= 0"])
62
+ else
63
+ s.add_dependency(%q<rack>, [">= 0"])
64
+ s.add_dependency(%q<activesupport>, [">= 3.0.0"])
65
+ s.add_dependency(%q<rspec>, [">= 0"])
66
+ s.add_dependency(%q<bundler>, ["~> 1.0"])
67
+ s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
68
+ s.add_dependency(%q<yard>, [">= 0"])
69
+ s.add_dependency(%q<rubocop>, [">= 0"])
70
+ s.add_dependency(%q<codeclimate-test-reporter>, [">= 0"])
71
+ end
72
+ else
73
+ s.add_dependency(%q<rack>, [">= 0"])
74
+ s.add_dependency(%q<activesupport>, [">= 3.0.0"])
75
+ s.add_dependency(%q<rspec>, [">= 0"])
76
+ s.add_dependency(%q<bundler>, ["~> 1.0"])
77
+ s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
78
+ s.add_dependency(%q<yard>, [">= 0"])
79
+ s.add_dependency(%q<rubocop>, [">= 0"])
80
+ s.add_dependency(%q<codeclimate-test-reporter>, [">= 0"])
81
+ end
82
+ end
83
+
@@ -0,0 +1,88 @@
1
+ require 'spec_helper'
2
+
3
+ describe Rack::EncodingGuard::Middleware do
4
+ let(:app) { MockApp.new(200, {}, 'Default') }
5
+
6
+ describe '.new' do
7
+ it 'raises without arguments' do
8
+ expect { described_class.new }.to raise_error(ArgumentError)
9
+ end
10
+
11
+ it 'requires an app as first argument' do
12
+ expect { described_class.new(app) }.not_to raise_error
13
+ end
14
+
15
+ context 'with strategies' do
16
+ it 'uses RejectStrategy when second argument is omitted' do
17
+ middleware = described_class.new(app)
18
+ expect(middleware.strategy).to be_a Rack::EncodingGuard::RejectStrategy
19
+ end
20
+
21
+ it 'uses RejectStrategy when second argument is nil' do
22
+ middleware = described_class.new(app, nil)
23
+ expect(middleware.strategy).to be_a Rack::EncodingGuard::RejectStrategy
24
+ end
25
+
26
+ it 'uses RejectStrategy when second argument is :reject' do
27
+ middleware = described_class.new(app, :reject)
28
+ expect(middleware.strategy).to be_a Rack::EncodingGuard::RejectStrategy
29
+ end
30
+
31
+ it 'forwards the given options to the RejectStrategy object' do
32
+ options = { message: 'Test' }
33
+ middleware = described_class.new(app, :reject, options)
34
+ expect(middleware.strategy.options).to eq options
35
+ end
36
+
37
+ it 'uses SanitizeStrategy when second argument is :sanitize' do
38
+ middleware = described_class.new(app, :sanitize)
39
+ expect(middleware.strategy).to be_a Rack::EncodingGuard::SanitizeStrategy
40
+ end
41
+
42
+ it 'uses the class specified as second argument' do
43
+ strategy_class = Rack::EncodingGuard::SanitizeStrategy
44
+ middleware = described_class.new(app, strategy_class)
45
+ expect(middleware.strategy).to be_a strategy_class
46
+ end
47
+
48
+ it 'uses the constantized String specified as second argument' do
49
+ middleware = described_class.new(app, 'Rack::EncodingGuard::SanitizeStrategy')
50
+ expect(middleware.strategy).to be_a Rack::EncodingGuard::SanitizeStrategy
51
+ end
52
+
53
+ it 'raises if an object of invalid type is specified as second argument' do
54
+ expect { described_class.new(app, 0) }.to raise_error(
55
+ ArgumentError, "Invalid strategy: 0"
56
+ )
57
+ end
58
+
59
+ it 'uses any object responding to #process as strategy' do
60
+ strategy = double
61
+ allow(strategy).to receive(:process) do |_env|
62
+ [200, {}, ['Strategy Response']]
63
+ end
64
+
65
+ middleware = described_class.new(app, strategy)
66
+ expect(middleware.strategy).to eq strategy
67
+ end
68
+
69
+ it 'raises if an object not responding to #process is given as ' \
70
+ 'strategy' do
71
+ expect { described_class.new(app, double) }.to raise_error(
72
+ ArgumentError, /Invalid strategy/
73
+ )
74
+ end
75
+ end
76
+ end
77
+
78
+ describe '#call' do
79
+ it 'returns the result of the #process method of the used strategy' do
80
+ strategy = double('Strategy')
81
+ strategy_response = [200, {}, ['Strategy Response']]
82
+ allow(strategy).to receive(:process).and_return(strategy_response)
83
+
84
+ middleware = described_class.new(app, strategy)
85
+ expect(middleware.call({})).to eq strategy_response
86
+ end
87
+ end
88
+ end
@@ -0,0 +1,51 @@
1
+ require 'spec_helper'
2
+
3
+ describe Rack::EncodingGuard::RejectStrategy do
4
+ include_examples 'Strategy'
5
+
6
+ let! :env do
7
+ Rack::MockRequest.env_for('http://example.com/some/path?and=query&string=set')
8
+ end
9
+
10
+ let :app_response do
11
+ [200, {}, ['Default']]
12
+ end
13
+
14
+ context 'with valid environment' do
15
+ it 'cascades to the app response' do
16
+ strategy = described_class.new
17
+ expect(strategy.process(env) { app_response }).to eq app_response
18
+ end
19
+ end
20
+
21
+ INVALID_ENV_VARS = {
22
+ 'HTTP_REFERER' => "http://example.com/so\255me/ref\255erer/path",
23
+ 'PATH_INFO' => "/some/pa\255th",
24
+ 'REQUEST_URI' => "/so\255me/request/path?a\255nd=query",
25
+ 'REQUEST_PATH' => "/some/pa\255th",
26
+ 'QUERY_STRING' => "and=que\255ry&str\255ing=set"
27
+ }
28
+
29
+ INVALID_ENV_VARS.each do |name, value|
30
+ context "with invalid #{name}" do
31
+ before do
32
+ env[name] = value
33
+ end
34
+
35
+ it 'responds with bad request status' do
36
+ expected_response = [400, {}, ['Bad Request']]
37
+ strategy = described_class.new
38
+ expect(strategy.process(env) { app_response }).to eq expected_response
39
+ end
40
+
41
+ context 'with response text configured' do
42
+ it 'responds with bad request status and custom message' do
43
+ custom_text = 'Something went wrong'
44
+ expected_response = [400, {}, [custom_text]]
45
+ strategy = described_class.new(with: custom_text)
46
+ expect(strategy.process(env) { app_response }).to eq expected_response
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
@@ -0,0 +1,49 @@
1
+ require 'spec_helper'
2
+
3
+ describe Rack::EncodingGuard::SanitizeStrategy do
4
+ include_examples 'Strategy'
5
+
6
+ let! :env do
7
+ Rack::MockRequest.env_for('http://example.com/some/path?and=query&string=set')
8
+ end
9
+
10
+ let :app_response do
11
+ [200, {}, ['Default']]
12
+ end
13
+
14
+ context 'with valid environment' do
15
+ it 'cascades to the app response' do
16
+ strategy = described_class.new
17
+ expect(strategy.process(env) { app_response }).to eq app_response
18
+ end
19
+ end
20
+
21
+ INVALID_ENV_VARS = {
22
+ 'HTTP_REFERER' => ["http://example.com/so\255me/ref\255erer/path",
23
+ 'http://example.com/some/referer/path'],
24
+ 'PATH_INFO' => ["/some/pa\255th", '/some/path'],
25
+ 'REQUEST_URI' => ["/so\255me/request/path?a\255nd=query",
26
+ '/some/request/path?and=query'],
27
+ 'REQUEST_PATH' => ["/some/pa\255th", '/some/path'],
28
+ 'QUERY_STRING' => ["and=que\255ry&str\255ing=set", 'and=query&string=set']
29
+ }
30
+
31
+ INVALID_ENV_VARS.each do |name, (invalid_value, valid_value)|
32
+ context "with invalid #{name}" do
33
+ before do
34
+ env[name] = invalid_value
35
+ end
36
+
37
+ subject(:strategy) { described_class.new }
38
+
39
+ it 'cascades to app response' do
40
+ expect(strategy.process(env) { app_response }).to eq app_response
41
+ end
42
+
43
+ it "strips invalid characters from #{name}" do
44
+ strategy.process(env) { app_response }
45
+ expect(env[name]).to eq valid_value
46
+ end
47
+ end
48
+ end
49
+ end
@@ -0,0 +1,23 @@
1
+ require 'codeclimate-test-reporter'
2
+ CodeClimate::TestReporter.start
3
+
4
+ ENV['RACK_ENV'] = 'test'
5
+
6
+ require 'rubygems'
7
+ require 'bundler/setup'
8
+ require 'rack'
9
+ require 'rack/encoding_guard'
10
+ require 'rspec'
11
+
12
+ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
13
+
14
+ RSpec.configure do |config|
15
+ config.expect_with :rspec do |c|
16
+ c.syntax = :expect
17
+ end
18
+
19
+ config.mock_with :rspec
20
+
21
+ config.filter_run :focus
22
+ config.run_all_when_everything_filtered = true
23
+ end
File without changes
@@ -0,0 +1,12 @@
1
+ class MockApp
2
+ def initialize(*args)
3
+ @status, @headers, @body = args
4
+ @status = 200
5
+ @headers ||= {}
6
+ @body = Array(@body)
7
+ end
8
+
9
+ def call(env)
10
+ [@status, @headers, @body]
11
+ end
12
+ end
@@ -0,0 +1,21 @@
1
+ require 'spec_helper'
2
+
3
+ shared_examples 'Strategy' do
4
+ let :env do
5
+ Rack::MockRequest.env_for('http://example.com/some/path?and=query')
6
+ end
7
+
8
+ describe '.new' do
9
+ it 'takes a options as argument' do
10
+ options = { option_1: true, option_2: false }
11
+ strategy = described_class.new(options)
12
+ expect(strategy.options).to eq options
13
+ end
14
+ end
15
+
16
+ describe '#process' do
17
+ it 'raises without block given' do
18
+ expect { described_class.new.process(env) }.to raise_error LocalJumpError
19
+ end
20
+ end
21
+ end
metadata ADDED
@@ -0,0 +1,179 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-encoding_guard
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Tobias Casper
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-06-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: activesupport
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 3.0.0
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: 3.0.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: bundler
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '1.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '1.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: jeweler
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: 2.0.1
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: 2.0.1
83
+ - !ruby/object:Gem::Dependency
84
+ name: yard
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: codeclimate-test-reporter
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ description: A middleware to process wrong encoded URLs in Rack applications.
126
+ email: tobias.casper@gmail.com
127
+ executables: []
128
+ extensions: []
129
+ extra_rdoc_files:
130
+ - LICENSE.txt
131
+ - README.md
132
+ files:
133
+ - ".document"
134
+ - ".travis.yml"
135
+ - Gemfile
136
+ - Gemfile.lock
137
+ - LICENSE.txt
138
+ - README.md
139
+ - Rakefile
140
+ - VERSION
141
+ - lib/rack-encoding_guard.rb
142
+ - lib/rack/encoding_guard.rb
143
+ - lib/rack/encoding_guard/middleware.rb
144
+ - lib/rack/encoding_guard/reject_strategy.rb
145
+ - lib/rack/encoding_guard/sanitize_strategy.rb
146
+ - lib/rack/encoding_guard/strategy.rb
147
+ - rack-encoding_guard.gemspec
148
+ - spec/lib/rack/encoding_guard/middleware_spec.rb
149
+ - spec/lib/rack/encoding_guard/reject_strategy_spec.rb
150
+ - spec/lib/rack/encoding_guard/sanitize_strategy_spec.rb
151
+ - spec/spec_helper.rb
152
+ - spec/support/.keep
153
+ - spec/support/mock_app.rb
154
+ - spec/support/shared_examples_for_strategy.rb
155
+ homepage: http://github.com/tlux/rack-encoding_guard
156
+ licenses:
157
+ - MIT
158
+ metadata: {}
159
+ post_install_message:
160
+ rdoc_options: []
161
+ require_paths:
162
+ - lib
163
+ required_ruby_version: !ruby/object:Gem::Requirement
164
+ requirements:
165
+ - - ">="
166
+ - !ruby/object:Gem::Version
167
+ version: '0'
168
+ required_rubygems_version: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - ">="
171
+ - !ruby/object:Gem::Version
172
+ version: '0'
173
+ requirements: []
174
+ rubyforge_project:
175
+ rubygems_version: 2.4.6
176
+ signing_key:
177
+ specification_version: 4
178
+ summary: A middleware to process wrong encoded URLs in Rack applications.
179
+ test_files: []