rack-protection-monkey 1.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. checksums.yaml +7 -0
  2. data/License +20 -0
  3. data/README.md +90 -0
  4. data/Rakefile +48 -0
  5. data/lib/rack-protection.rb +1 -0
  6. data/lib/rack/protection.rb +40 -0
  7. data/lib/rack/protection/authenticity_token.rb +31 -0
  8. data/lib/rack/protection/base.rb +121 -0
  9. data/lib/rack/protection/escaped_params.rb +87 -0
  10. data/lib/rack/protection/form_token.rb +23 -0
  11. data/lib/rack/protection/frame_options.rb +37 -0
  12. data/lib/rack/protection/http_origin.rb +34 -0
  13. data/lib/rack/protection/ip_spoofing.rb +23 -0
  14. data/lib/rack/protection/json_csrf.rb +35 -0
  15. data/lib/rack/protection/path_traversal.rb +47 -0
  16. data/lib/rack/protection/remote_referrer.rb +20 -0
  17. data/lib/rack/protection/remote_token.rb +22 -0
  18. data/lib/rack/protection/session_hijacking.rb +36 -0
  19. data/lib/rack/protection/version.rb +16 -0
  20. data/lib/rack/protection/xss_header.rb +25 -0
  21. data/rack-protection.gemspec +123 -0
  22. data/spec/lib/rack/protection/authenticity_token_spec.rb +46 -0
  23. data/spec/lib/rack/protection/base_spec.rb +38 -0
  24. data/spec/lib/rack/protection/escaped_params_spec.rb +41 -0
  25. data/spec/lib/rack/protection/form_token_spec.rb +31 -0
  26. data/spec/lib/rack/protection/frame_options_spec.rb +37 -0
  27. data/spec/lib/rack/protection/http_origin_spec.rb +40 -0
  28. data/spec/lib/rack/protection/ip_spoofing_spec.rb +33 -0
  29. data/spec/lib/rack/protection/json_csrf_spec.rb +56 -0
  30. data/spec/lib/rack/protection/path_traversal_spec.rb +39 -0
  31. data/spec/lib/rack/protection/protection_spec.rb +103 -0
  32. data/spec/lib/rack/protection/remote_referrer_spec.rb +29 -0
  33. data/spec/lib/rack/protection/remote_token_spec.rb +40 -0
  34. data/spec/lib/rack/protection/session_hijacking_spec.rb +53 -0
  35. data/spec/lib/rack/protection/xss_header_spec.rb +54 -0
  36. data/spec/spec_helper.rb +86 -0
  37. data/spec/support/dummy_app.rb +7 -0
  38. data/spec/support/not_implemented_as_pending.rb +23 -0
  39. data/spec/support/rack_monkey_patches.rb +21 -0
  40. data/spec/support/shared_examples.rb +65 -0
  41. data/spec/support/spec_helpers.rb +36 -0
  42. metadata +180 -0
@@ -0,0 +1,29 @@
1
+ describe Rack::Protection::RemoteReferrer do
2
+ it_behaves_like "any rack application"
3
+
4
+ it "accepts post requests with no referrer" do
5
+ expect(post('/')).to be_ok
6
+ end
7
+
8
+ it "does not accept post requests with no referrer if allow_empty_referrer is false" do
9
+ mock_app do
10
+ use Rack::Protection::RemoteReferrer, :allow_empty_referrer => false
11
+ run DummyApp
12
+ end
13
+ expect(post('/')).not_to be_ok
14
+ end
15
+
16
+ it "should allow post request with a relative referrer" do
17
+ expect(post('/', {}, 'HTTP_REFERER' => '/')).to be_ok
18
+ end
19
+
20
+ it "accepts post requests with the same host in the referrer" do
21
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.com')
22
+ expect(last_response).to be_ok
23
+ end
24
+
25
+ it "denies post requests with a remote referrer" do
26
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org')
27
+ expect(last_response).not_to be_ok
28
+ end
29
+ end
@@ -0,0 +1,40 @@
1
+ describe Rack::Protection::RemoteToken do
2
+ it_behaves_like "any rack application"
3
+
4
+ it "accepts post requests with no referrer" do
5
+ expect(post('/')).to be_ok
6
+ end
7
+
8
+ it "accepts post requests with a local referrer" do
9
+ expect(post('/', {}, 'HTTP_REFERER' => '/')).to be_ok
10
+ end
11
+
12
+ it "denies post requests with a remote referrer and no token" do
13
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org')
14
+ expect(last_response).not_to be_ok
15
+ end
16
+
17
+ it "accepts post requests with a remote referrer and correct X-CSRF-Token header" do
18
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org',
19
+ 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a")
20
+ expect(last_response).to be_ok
21
+ end
22
+
23
+ it "denies post requests with a remote referrer and wrong X-CSRF-Token header" do
24
+ post('/', {}, 'HTTP_REFERER' => 'http://example.com/foo', 'HTTP_HOST' => 'example.org',
25
+ 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b")
26
+ expect(last_response).not_to be_ok
27
+ end
28
+
29
+ it "accepts post form requests with a remote referrer and correct authenticity_token field" do
30
+ post('/', {"authenticity_token" => "a"}, 'HTTP_REFERER' => 'http://example.com/foo',
31
+ 'HTTP_HOST' => 'example.org', 'rack.session' => {:csrf => "a"})
32
+ expect(last_response).to be_ok
33
+ end
34
+
35
+ it "denies post form requests with a remote referrer and wrong authenticity_token field" do
36
+ post('/', {"authenticity_token" => "a"}, 'HTTP_REFERER' => 'http://example.com/foo',
37
+ 'HTTP_HOST' => 'example.org', 'rack.session' => {:csrf => "b"})
38
+ expect(last_response).not_to be_ok
39
+ end
40
+ end
@@ -0,0 +1,53 @@
1
+ describe Rack::Protection::SessionHijacking do
2
+ it_behaves_like "any rack application"
3
+
4
+ it "accepts a session without changes to tracked parameters" do
5
+ session = {:foo => :bar}
6
+ get '/', {}, 'rack.session' => session
7
+ get '/', {}, 'rack.session' => session
8
+ expect(session[:foo]).to eq(:bar)
9
+ end
10
+
11
+ it "denies requests with a changing User-Agent header" do
12
+ session = {:foo => :bar}
13
+ get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'a'
14
+ get '/', {}, 'rack.session' => session, 'HTTP_USER_AGENT' => 'b'
15
+ expect(session).to be_empty
16
+ end
17
+
18
+ it "accepts requests with a changing Accept-Encoding header" do
19
+ # this is tested because previously it led to clearing the session
20
+ session = {:foo => :bar}
21
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
22
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
23
+ expect(session).not_to be_empty
24
+ end
25
+
26
+ it "denies requests with a changing Accept-Language header" do
27
+ session = {:foo => :bar}
28
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
29
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'b'
30
+ expect(session).to be_empty
31
+ end
32
+
33
+ it "accepts requests with the same Accept-Language header" do
34
+ session = {:foo => :bar}
35
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
36
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
37
+ expect(session).not_to be_empty
38
+ end
39
+
40
+ it "comparison of Accept-Language header is not case sensitive" do
41
+ session = {:foo => :bar}
42
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
43
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'A'
44
+ expect(session).not_to be_empty
45
+ end
46
+
47
+ it "accepts requests with a changing Version header"do
48
+ session = {:foo => :bar}
49
+ get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'
50
+ get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.1'
51
+ expect(session[:foo]).to eq(:bar)
52
+ end
53
+ end
@@ -0,0 +1,54 @@
1
+ describe Rack::Protection::XSSHeader do
2
+ it_behaves_like "any rack application"
3
+
4
+ it 'should set the X-XSS-Protection' do
5
+ expect(get('/', {}, 'wants' => 'text/html;charset=utf-8').headers["X-XSS-Protection"]).to eq("1; mode=block")
6
+ end
7
+
8
+ it 'should set the X-XSS-Protection for XHTML' do
9
+ expect(get('/', {}, 'wants' => 'application/xhtml+xml').headers["X-XSS-Protection"]).to eq("1; mode=block")
10
+ end
11
+
12
+ it 'should not set the X-XSS-Protection for other content types' do
13
+ expect(get('/', {}, 'wants' => 'application/foo').headers["X-XSS-Protection"]).to be_nil
14
+ end
15
+
16
+ it 'should allow changing the protection mode' do
17
+ # I have no clue what other modes are available
18
+ mock_app do
19
+ use Rack::Protection::XSSHeader, :xss_mode => :foo
20
+ run DummyApp
21
+ end
22
+
23
+ expect(get('/', {}, 'wants' => 'application/xhtml').headers["X-XSS-Protection"]).to eq("1; mode=foo")
24
+ end
25
+
26
+ it 'should not override the header if already set' do
27
+ mock_app with_headers("X-XSS-Protection" => "0")
28
+ expect(get('/', {}, 'wants' => 'text/html').headers["X-XSS-Protection"]).to eq("0")
29
+ end
30
+
31
+ it 'should set the X-Content-Type-Options' do
32
+ expect(get('/', {}, 'wants' => 'text/html').header["X-Content-Type-Options"]).to eq("nosniff")
33
+ end
34
+
35
+
36
+ it 'should set the X-Content-Type-Options for other content types' do
37
+ expect(get('/', {}, 'wants' => 'application/foo').header["X-Content-Type-Options"]).to eq("nosniff")
38
+ end
39
+
40
+
41
+ it 'should allow changing the nosniff-mode off' do
42
+ mock_app do
43
+ use Rack::Protection::XSSHeader, :nosniff => false
44
+ run DummyApp
45
+ end
46
+
47
+ expect(get('/').headers["X-Content-Type-Options"]).to be_nil
48
+ end
49
+
50
+ it 'should not override the header if already set X-Content-Type-Options' do
51
+ mock_app with_headers("X-Content-Type-Options" => "sniff")
52
+ expect(get('/', {}, 'wants' => 'text/html').headers["X-Content-Type-Options"]).to eq("sniff")
53
+ end
54
+ end
@@ -0,0 +1,86 @@
1
+ require 'rack/protection'
2
+ require 'rack/test'
3
+ require 'rack'
4
+
5
+ Dir[File.expand_path('../support/**/*.rb', __FILE__)].each { |f| require f }
6
+
7
+ # This file was generated by the `rspec --init` command. Conventionally, all
8
+ # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
9
+ # The generated `.rspec` file contains `--require spec_helper` which will cause this
10
+ # file to always be loaded, without a need to explicitly require it in any files.
11
+ #
12
+ # Given that it is always loaded, you are encouraged to keep this file as
13
+ # light-weight as possible. Requiring heavyweight dependencies from this file
14
+ # will add to the boot time of your test suite on EVERY test run, even for an
15
+ # individual file that may not need all of that loaded. Instead, make a
16
+ # separate helper file that requires this one and then use it only in the specs
17
+ # that actually need it.
18
+ #
19
+ # The `.rspec` file also contains a few flags that are not defaults but that
20
+ # users commonly want.
21
+ #
22
+ # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
23
+ RSpec.configure do |config|
24
+ # The settings below are suggested to provide a good initial experience
25
+ # with RSpec, but feel free to customize to your heart's content.
26
+
27
+ # These two settings work together to allow you to limit a spec run
28
+ # to individual examples or groups you care about by tagging them with
29
+ # `:focus` metadata. When nothing is tagged with `:focus`, all examples
30
+ # get run.
31
+ config.filter_run :focus
32
+ config.run_all_when_everything_filtered = true
33
+
34
+ # Many RSpec users commonly either run the entire suite or an individual
35
+ # file, and it's useful to allow more verbose output when running an
36
+ # individual spec file.
37
+ if config.files_to_run.one?
38
+ # Use the documentation formatter for detailed output,
39
+ # unless a formatter has already been configured
40
+ # (e.g. via a command-line flag).
41
+ config.default_formatter = 'doc'
42
+ end
43
+
44
+ # Print the 10 slowest examples and example groups at the
45
+ # end of the spec run, to help surface which specs are running
46
+ # particularly slow.
47
+ config.profile_examples = 10
48
+
49
+ # Run specs in random order to surface order dependencies. If you find an
50
+ # order dependency and want to debug it, you can fix the order by providing
51
+ # the seed, which is printed after each run.
52
+ # --seed 1234
53
+ config.order = :random
54
+
55
+ # Seed global randomization in this process using the `--seed` CLI option.
56
+ # Setting this allows you to use `--seed` to deterministically reproduce
57
+ # test failures related to randomization by passing the same `--seed` value
58
+ # as the one that triggered the failure.
59
+ Kernel.srand config.seed
60
+
61
+ # rspec-expectations config goes here. You can use an alternate
62
+ # assertion/expectation library such as wrong or the stdlib/minitest
63
+ # assertions if you prefer.
64
+ config.expect_with :rspec do |expectations|
65
+ # Enable only the newer, non-monkey-patching expect syntax.
66
+ # For more details, see:
67
+ # - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
68
+ expectations.syntax = :expect
69
+ end
70
+
71
+ # rspec-mocks config goes here. You can use an alternate test double
72
+ # library (such as bogus or mocha) by changing the `mock_with` option here.
73
+ config.mock_with :rspec do |mocks|
74
+ # Enable only the newer, non-monkey-patching expect syntax.
75
+ # For more details, see:
76
+ # - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
77
+ mocks.syntax = :expect
78
+
79
+ # Prevents you from mocking or stubbing a method that does not exist on
80
+ # a real object. This is generally recommended.
81
+ mocks.verify_partial_doubles = true
82
+ end
83
+
84
+ config.include Rack::Test::Methods
85
+ config.include SpecHelpers
86
+ end
@@ -0,0 +1,7 @@
1
+ module DummyApp
2
+ def self.call(env)
3
+ Thread.current[:last_env] = env
4
+ body = (env['REQUEST_METHOD'] == 'HEAD' ? '' : 'ok')
5
+ [200, {'Content-Type' => env['wants'] || 'text/plain'}, [body]]
6
+ end
7
+ end
@@ -0,0 +1,23 @@
1
+ # see http://blog.101ideas.cz/posts/pending-examples-via-not-implemented-error-in-rspec.html
2
+ module NotImplementedAsPending
3
+ def self.included(base)
4
+ base.class_eval do
5
+ alias_method :__finish__, :finish
6
+ remove_method :finish
7
+ end
8
+ end
9
+
10
+ def finish(reporter)
11
+ if @exception.is_a?(NotImplementedError)
12
+ from = @exception.backtrace[0]
13
+ message = "#{@exception.message} (from #{from})"
14
+ @pending_declared_in_example = message
15
+ metadata[:pending] = true
16
+ @exception = nil
17
+ end
18
+
19
+ __finish__(reporter)
20
+ end
21
+
22
+ RSpec::Core::Example.send :include, self
23
+ end
@@ -0,0 +1,21 @@
1
+ if defined? Gem.loaded_specs and Gem.loaded_specs.include? 'rack'
2
+ version = Gem.loaded_specs['rack'].version.to_s
3
+ else
4
+ version = Rack.release + '.0'
5
+ end
6
+
7
+ if version == "1.3"
8
+ Rack::Session::Abstract::ID.class_eval do
9
+ private
10
+ def prepare_session(env)
11
+ session_was = env[ENV_SESSION_KEY]
12
+ env[ENV_SESSION_KEY] = SessionHash.new(self, env)
13
+ env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
14
+ env[ENV_SESSION_KEY].merge! session_was if session_was
15
+ end
16
+ end
17
+ end
18
+
19
+ unless Rack::MockResponse.method_defined? :header
20
+ Rack::MockResponse.send(:alias_method, :header, :headers)
21
+ end
@@ -0,0 +1,65 @@
1
+ shared_examples_for 'any rack application' do
2
+ it "should not interfere with normal get requests" do
3
+ expect(get('/')).to be_ok
4
+ expect(body).to eq('ok')
5
+ end
6
+
7
+ it "should not interfere with normal head requests" do
8
+ expect(head('/')).to be_ok
9
+ end
10
+
11
+ it 'should not leak changes to env' do
12
+ klass = described_class
13
+ detector = Struct.new(:app) do
14
+ def call(env)
15
+ was = env.dup
16
+ res = app.call(env)
17
+ was.each do |k,v|
18
+ next if env[k] == v
19
+ fail "env[#{k.inspect}] changed from #{v.inspect} to #{env[k].inspect}"
20
+ end
21
+ res
22
+ end
23
+ end
24
+
25
+ mock_app do
26
+ use Rack::Head
27
+ use(Rack::Config) { |e| e['rack.session'] ||= {}}
28
+ use detector
29
+ use klass
30
+ run DummyApp
31
+ end
32
+
33
+ expect(get('/..', :foo => '<bar>')).to be_ok
34
+ end
35
+
36
+ it 'allows passing on values in env' do
37
+ klass = described_class
38
+ changer = Struct.new(:app) do
39
+ def call(env)
40
+ env['foo.bar'] = 42
41
+ app.call(env)
42
+ end
43
+ end
44
+ detector = Struct.new(:app) do
45
+ def call(env)
46
+ app.call(env)
47
+ end
48
+ end
49
+
50
+ expect_any_instance_of(detector).to receive(:call).with(
51
+ hash_including('foo.bar' => 42)
52
+ ).and_call_original
53
+
54
+ mock_app do
55
+ use Rack::Head
56
+ use(Rack::Config) { |e| e['rack.session'] ||= {}}
57
+ use changer
58
+ use klass
59
+ use detector
60
+ run DummyApp
61
+ end
62
+
63
+ expect(get('/')).to be_ok
64
+ end
65
+ end
@@ -0,0 +1,36 @@
1
+ require 'forwardable'
2
+
3
+ module SpecHelpers
4
+ extend Forwardable
5
+ def_delegators :last_response, :body, :headers, :status, :errors
6
+ def_delegators :current_session, :env_for
7
+ attr_writer :app
8
+
9
+ def app
10
+ @app ||= nil
11
+ @app || mock_app(DummyApp)
12
+ end
13
+
14
+ def mock_app(app = nil, &block)
15
+ app = block if app.nil? and block.arity == 1
16
+ if app
17
+ klass = described_class
18
+ mock_app do
19
+ use Rack::Head
20
+ use(Rack::Config) { |e| e['rack.session'] ||= {}}
21
+ use klass
22
+ run app
23
+ end
24
+ else
25
+ @app = Rack::Lint.new Rack::Builder.new(&block).to_app
26
+ end
27
+ end
28
+
29
+ def with_headers(headers)
30
+ proc { [200, {'Content-Type' => 'text/plain'}.merge(headers), ['ok']] }
31
+ end
32
+
33
+ def env
34
+ Thread.current[:last_env]
35
+ end
36
+ end
metadata ADDED
@@ -0,0 +1,180 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-protection-monkey
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.5.3
5
+ platform: ruby
6
+ authors:
7
+ - Konstantin Haase
8
+ - Alex Rodionov
9
+ - Patrick Ellis
10
+ - Jason Staten
11
+ - ITO Nobuaki
12
+ - Jeff Welling
13
+ - Matteo Centenaro
14
+ - Egor Homakov
15
+ - Florian Gilcher
16
+ - Fojas
17
+ - Igor Bochkariov
18
+ - Mael Clerambault
19
+ - Martin Mauch
20
+ - Renne Nissinen
21
+ - SAKAI, Kazuaki
22
+ - Stanislav Savulchik
23
+ - Steve Agalloco
24
+ - TOBY
25
+ - Thais Camilo and Konstantin Haase
26
+ - Vipul A M
27
+ - Akzhan Abdulin
28
+ - brookemckim
29
+ - Bjørge Næss
30
+ - Chris Heald
31
+ - Chris Mytton
32
+ - Corey Ward
33
+ - Dario Cravero
34
+ - David Kellum
35
+ autorequire:
36
+ bindir: bin
37
+ cert_chain: []
38
+ date: 2015-08-31 00:00:00.000000000 Z
39
+ dependencies:
40
+ - !ruby/object:Gem::Dependency
41
+ name: rack
42
+ requirement: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ type: :runtime
48
+ prerelease: false
49
+ version_requirements: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ - !ruby/object:Gem::Dependency
55
+ name: rack-test
56
+ requirement: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: '0'
61
+ type: :development
62
+ prerelease: false
63
+ version_requirements: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - ">="
66
+ - !ruby/object:Gem::Version
67
+ version: '0'
68
+ - !ruby/object:Gem::Dependency
69
+ name: rspec
70
+ requirement: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: 3.0.0
75
+ type: :development
76
+ prerelease: false
77
+ version_requirements: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - "~>"
80
+ - !ruby/object:Gem::Version
81
+ version: 3.0.0
82
+ description: You should use protection! - Monkey Version
83
+ email:
84
+ - konstantin.mailinglists@googlemail.com
85
+ - p0deje@gmail.com
86
+ - jstaten07@gmail.com
87
+ - patrick@soundcloud.com
88
+ - jeff.welling@gmail.com
89
+ - bugant@gmail.com
90
+ - daydream.trippers@gmail.com
91
+ - florian.gilcher@asquera.de
92
+ - developer@fojasaur.us
93
+ - ujifgc@gmail.com
94
+ - mael@clerambault.fr
95
+ - martin.mauch@gmail.com
96
+ - rennex@iki.fi
97
+ - kaz.july.7@gmail.com
98
+ - s.savulchik@gmail.com
99
+ - steve.agalloco@gmail.com
100
+ - toby.net.info.mail+git@gmail.com
101
+ - dev+narwen+rkh@rkh.im
102
+ - vipulnsward@gmail.com
103
+ - akzhan.abdulin@gmail.com
104
+ - brooke@digitalocean.com
105
+ - bjoerge@bengler.no
106
+ - cheald@gmail.com
107
+ - self@hecticjeff.net
108
+ - coreyward@me.com
109
+ - dario@uxtemple.com
110
+ - dek-oss@gravitext.com
111
+ - homakov@gmail.com
112
+ executables: []
113
+ extensions: []
114
+ extra_rdoc_files: []
115
+ files:
116
+ - License
117
+ - README.md
118
+ - Rakefile
119
+ - lib/rack-protection.rb
120
+ - lib/rack/protection.rb
121
+ - lib/rack/protection/authenticity_token.rb
122
+ - lib/rack/protection/base.rb
123
+ - lib/rack/protection/escaped_params.rb
124
+ - lib/rack/protection/form_token.rb
125
+ - lib/rack/protection/frame_options.rb
126
+ - lib/rack/protection/http_origin.rb
127
+ - lib/rack/protection/ip_spoofing.rb
128
+ - lib/rack/protection/json_csrf.rb
129
+ - lib/rack/protection/path_traversal.rb
130
+ - lib/rack/protection/remote_referrer.rb
131
+ - lib/rack/protection/remote_token.rb
132
+ - lib/rack/protection/session_hijacking.rb
133
+ - lib/rack/protection/version.rb
134
+ - lib/rack/protection/xss_header.rb
135
+ - rack-protection.gemspec
136
+ - spec/lib/rack/protection/authenticity_token_spec.rb
137
+ - spec/lib/rack/protection/base_spec.rb
138
+ - spec/lib/rack/protection/escaped_params_spec.rb
139
+ - spec/lib/rack/protection/form_token_spec.rb
140
+ - spec/lib/rack/protection/frame_options_spec.rb
141
+ - spec/lib/rack/protection/http_origin_spec.rb
142
+ - spec/lib/rack/protection/ip_spoofing_spec.rb
143
+ - spec/lib/rack/protection/json_csrf_spec.rb
144
+ - spec/lib/rack/protection/path_traversal_spec.rb
145
+ - spec/lib/rack/protection/protection_spec.rb
146
+ - spec/lib/rack/protection/remote_referrer_spec.rb
147
+ - spec/lib/rack/protection/remote_token_spec.rb
148
+ - spec/lib/rack/protection/session_hijacking_spec.rb
149
+ - spec/lib/rack/protection/xss_header_spec.rb
150
+ - spec/spec_helper.rb
151
+ - spec/support/dummy_app.rb
152
+ - spec/support/not_implemented_as_pending.rb
153
+ - spec/support/rack_monkey_patches.rb
154
+ - spec/support/shared_examples.rb
155
+ - spec/support/spec_helpers.rb
156
+ homepage: http://github.com/sinatra/rack-protection
157
+ licenses:
158
+ - MIT
159
+ metadata: {}
160
+ post_install_message:
161
+ rdoc_options: []
162
+ require_paths:
163
+ - lib
164
+ required_ruby_version: !ruby/object:Gem::Requirement
165
+ requirements:
166
+ - - ">="
167
+ - !ruby/object:Gem::Version
168
+ version: '0'
169
+ required_rubygems_version: !ruby/object:Gem::Requirement
170
+ requirements:
171
+ - - ">="
172
+ - !ruby/object:Gem::Version
173
+ version: '0'
174
+ requirements: []
175
+ rubyforge_project:
176
+ rubygems_version: 2.4.5
177
+ signing_key:
178
+ specification_version: 4
179
+ summary: You should use protection! - Monkey Version
180
+ test_files: []