rack-protection 1.0.0 → 1.5.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/README.md +9 -13
- data/Rakefile +15 -4
- data/lib/rack/protection/authenticity_token.rb +10 -3
- data/lib/rack/protection/base.rb +52 -4
- data/lib/rack/protection/escaped_params.rb +34 -8
- data/lib/rack/protection/frame_options.rb +14 -3
- data/lib/rack/protection/http_origin.rb +32 -0
- data/lib/rack/protection/ip_spoofing.rb +1 -1
- data/lib/rack/protection/json_csrf.rb +14 -4
- data/lib/rack/protection/path_traversal.rb +26 -5
- data/lib/rack/protection/remote_referrer.rb +0 -3
- data/lib/rack/protection/session_hijacking.rb +5 -5
- data/lib/rack/protection/version.rb +6 -34
- data/lib/rack/protection/xss_header.rb +4 -6
- data/lib/rack/protection.rb +13 -8
- data/rack-protection.gemspec +57 -4
- data/spec/authenticity_token_spec.rb +15 -0
- data/spec/base_spec.rb +40 -0
- data/spec/escaped_params_spec.rb +9 -0
- data/spec/frame_options_spec.rb +19 -4
- data/spec/http_origin_spec.rb +38 -0
- data/spec/json_csrf_spec.rb +26 -0
- data/spec/path_traversal_spec.rb +20 -2
- data/spec/protection_spec.rb +100 -0
- data/spec/session_hijacking_spec.rb +19 -4
- data/spec/spec_helper.rb +7 -1
- data/spec/xss_header_spec.rb +35 -3
- metadata +82 -32
metadata
CHANGED
|
@@ -1,67 +1,114 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-protection
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 1.5.5
|
|
6
5
|
platform: ruby
|
|
7
6
|
authors:
|
|
8
7
|
- Konstantin Haase
|
|
9
|
-
-
|
|
8
|
+
- Alex Rodionov
|
|
9
|
+
- Patrick Ellis
|
|
10
|
+
- Jason Staten
|
|
11
|
+
- ITO Nobuaki
|
|
12
|
+
- Jeff Welling
|
|
13
|
+
- Matteo Centenaro
|
|
14
|
+
- Egor Homakov
|
|
15
|
+
- Florian Gilcher
|
|
10
16
|
- Fojas
|
|
17
|
+
- Igor Bochkariov
|
|
18
|
+
- Mael Clerambault
|
|
19
|
+
- Martin Mauch
|
|
20
|
+
- Renne Nissinen
|
|
21
|
+
- SAKAI, Kazuaki
|
|
22
|
+
- Stanislav Savulchik
|
|
23
|
+
- Steve Agalloco
|
|
24
|
+
- TOBY
|
|
25
|
+
- Thais Camilo and Konstantin Haase
|
|
26
|
+
- Vipul A M
|
|
27
|
+
- Akzhan Abdulin
|
|
28
|
+
- brookemckim
|
|
29
|
+
- Bjørge Næss
|
|
30
|
+
- Chris Heald
|
|
31
|
+
- Chris Mytton
|
|
32
|
+
- Corey Ward
|
|
33
|
+
- Dario Cravero
|
|
34
|
+
- David Kellum
|
|
11
35
|
autorequire:
|
|
12
36
|
bindir: bin
|
|
13
37
|
cert_chain: []
|
|
14
|
-
date:
|
|
38
|
+
date: 2018-03-07 00:00:00.000000000 Z
|
|
15
39
|
dependencies:
|
|
16
40
|
- !ruby/object:Gem::Dependency
|
|
17
41
|
name: rack
|
|
18
|
-
requirement:
|
|
19
|
-
none: false
|
|
42
|
+
requirement: !ruby/object:Gem::Requirement
|
|
20
43
|
requirements:
|
|
21
|
-
- -
|
|
44
|
+
- - ">="
|
|
22
45
|
- !ruby/object:Gem::Version
|
|
23
46
|
version: '0'
|
|
24
47
|
type: :runtime
|
|
25
48
|
prerelease: false
|
|
26
|
-
version_requirements:
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: escape_utils
|
|
29
|
-
requirement: &2151828040 !ruby/object:Gem::Requirement
|
|
30
|
-
none: false
|
|
49
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
31
50
|
requirements:
|
|
32
|
-
- -
|
|
51
|
+
- - ">="
|
|
33
52
|
- !ruby/object:Gem::Version
|
|
34
53
|
version: '0'
|
|
35
|
-
type: :runtime
|
|
36
|
-
prerelease: false
|
|
37
|
-
version_requirements: *2151828040
|
|
38
54
|
- !ruby/object:Gem::Dependency
|
|
39
55
|
name: rack-test
|
|
40
|
-
requirement:
|
|
41
|
-
none: false
|
|
56
|
+
requirement: !ruby/object:Gem::Requirement
|
|
42
57
|
requirements:
|
|
43
|
-
- -
|
|
58
|
+
- - ">="
|
|
44
59
|
- !ruby/object:Gem::Version
|
|
45
60
|
version: '0'
|
|
46
61
|
type: :development
|
|
47
62
|
prerelease: false
|
|
48
|
-
version_requirements:
|
|
63
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">="
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: '0'
|
|
49
68
|
- !ruby/object:Gem::Dependency
|
|
50
69
|
name: rspec
|
|
51
|
-
requirement:
|
|
52
|
-
none: false
|
|
70
|
+
requirement: !ruby/object:Gem::Requirement
|
|
53
71
|
requirements:
|
|
54
|
-
- - ~>
|
|
72
|
+
- - "~>"
|
|
55
73
|
- !ruby/object:Gem::Version
|
|
56
74
|
version: '2.0'
|
|
57
75
|
type: :development
|
|
58
76
|
prerelease: false
|
|
59
|
-
version_requirements:
|
|
77
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
78
|
+
requirements:
|
|
79
|
+
- - "~>"
|
|
80
|
+
- !ruby/object:Gem::Version
|
|
81
|
+
version: '2.0'
|
|
60
82
|
description: You should use protection!
|
|
61
83
|
email:
|
|
62
84
|
- konstantin.mailinglists@googlemail.com
|
|
63
|
-
-
|
|
85
|
+
- p0deje@gmail.com
|
|
86
|
+
- jstaten07@gmail.com
|
|
87
|
+
- patrick@soundcloud.com
|
|
88
|
+
- jeff.welling@gmail.com
|
|
89
|
+
- bugant@gmail.com
|
|
90
|
+
- daydream.trippers@gmail.com
|
|
91
|
+
- florian.gilcher@asquera.de
|
|
64
92
|
- developer@fojasaur.us
|
|
93
|
+
- ujifgc@gmail.com
|
|
94
|
+
- mael@clerambault.fr
|
|
95
|
+
- martin.mauch@gmail.com
|
|
96
|
+
- rennex@iki.fi
|
|
97
|
+
- kaz.july.7@gmail.com
|
|
98
|
+
- s.savulchik@gmail.com
|
|
99
|
+
- steve.agalloco@gmail.com
|
|
100
|
+
- toby.net.info.mail+git@gmail.com
|
|
101
|
+
- dev+narwen+rkh@rkh.im
|
|
102
|
+
- vipulnsward@gmail.com
|
|
103
|
+
- akzhan.abdulin@gmail.com
|
|
104
|
+
- brooke@digitalocean.com
|
|
105
|
+
- bjoerge@bengler.no
|
|
106
|
+
- cheald@gmail.com
|
|
107
|
+
- self@hecticjeff.net
|
|
108
|
+
- coreyward@me.com
|
|
109
|
+
- dario@uxtemple.com
|
|
110
|
+
- dek-oss@gravitext.com
|
|
111
|
+
- homakov@gmail.com
|
|
65
112
|
executables: []
|
|
66
113
|
extensions: []
|
|
67
114
|
extra_rdoc_files: []
|
|
@@ -76,6 +123,7 @@ files:
|
|
|
76
123
|
- lib/rack/protection/escaped_params.rb
|
|
77
124
|
- lib/rack/protection/form_token.rb
|
|
78
125
|
- lib/rack/protection/frame_options.rb
|
|
126
|
+
- lib/rack/protection/http_origin.rb
|
|
79
127
|
- lib/rack/protection/ip_spoofing.rb
|
|
80
128
|
- lib/rack/protection/json_csrf.rb
|
|
81
129
|
- lib/rack/protection/path_traversal.rb
|
|
@@ -86,9 +134,11 @@ files:
|
|
|
86
134
|
- lib/rack/protection/xss_header.rb
|
|
87
135
|
- rack-protection.gemspec
|
|
88
136
|
- spec/authenticity_token_spec.rb
|
|
137
|
+
- spec/base_spec.rb
|
|
89
138
|
- spec/escaped_params_spec.rb
|
|
90
139
|
- spec/form_token_spec.rb
|
|
91
140
|
- spec/frame_options_spec.rb
|
|
141
|
+
- spec/http_origin_spec.rb
|
|
92
142
|
- spec/ip_spoofing_spec.rb
|
|
93
143
|
- spec/json_csrf_spec.rb
|
|
94
144
|
- spec/path_traversal_spec.rb
|
|
@@ -99,27 +149,27 @@ files:
|
|
|
99
149
|
- spec/spec_helper.rb
|
|
100
150
|
- spec/xss_header_spec.rb
|
|
101
151
|
homepage: http://github.com/rkh/rack-protection
|
|
102
|
-
licenses:
|
|
152
|
+
licenses:
|
|
153
|
+
- MIT
|
|
154
|
+
metadata: {}
|
|
103
155
|
post_install_message:
|
|
104
156
|
rdoc_options: []
|
|
105
157
|
require_paths:
|
|
106
158
|
- lib
|
|
107
159
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
108
|
-
none: false
|
|
109
160
|
requirements:
|
|
110
|
-
- -
|
|
161
|
+
- - ">="
|
|
111
162
|
- !ruby/object:Gem::Version
|
|
112
163
|
version: '0'
|
|
113
164
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
114
|
-
none: false
|
|
115
165
|
requirements:
|
|
116
|
-
- -
|
|
166
|
+
- - ">="
|
|
117
167
|
- !ruby/object:Gem::Version
|
|
118
168
|
version: '0'
|
|
119
169
|
requirements: []
|
|
120
170
|
rubyforge_project:
|
|
121
|
-
rubygems_version:
|
|
171
|
+
rubygems_version: 2.7.3
|
|
122
172
|
signing_key:
|
|
123
|
-
specification_version:
|
|
173
|
+
specification_version: 4
|
|
124
174
|
summary: You should use protection!
|
|
125
175
|
test_files: []
|