rack-protection 2.0.3 → 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rack/protection/path_traversal.rb +4 -12
- data/lib/rack/protection/session_hijacking.rb +1 -1
- data/lib/rack/protection/version.rb +1 -1
- data/rack-protection.gemspec +16 -1
- metadata +8 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8409e3948b276eede337038b10bb8dc59add80afbfa28fbcd2160f9f52670b82
|
|
4
|
+
data.tar.gz: 1d5485791b331fad229c63535c5c94761dc839194a90ee22811a9eb6a5e6be40
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1bb5f7e556b1fdf46dd029c4f620e7062527d4b3280d0ce80e43552d5fd260f3445a4411f0f680689d215cc4532cb1e3f5b5cf64eae91a8411daccabeedcf557
|
|
7
|
+
data.tar.gz: 3108b981b3ada3ea6959f494f08fc6ea1c15e0bf9f269cf5d8a4c82103f9cdcf7d858fbf864eb95ab98fa9eaf041aef4d8f352d05e55167879563e7500896967
|
|
@@ -19,18 +19,10 @@ module Rack
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def cleanup(path)
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
slash = '/'.encode(encoding)
|
|
27
|
-
backslash = '\\'.encode(encoding)
|
|
28
|
-
else
|
|
29
|
-
# Ruby 1.8
|
|
30
|
-
dot = '.'
|
|
31
|
-
slash = '/'
|
|
32
|
-
backslash = '\\'
|
|
33
|
-
end
|
|
22
|
+
encoding = path.encoding
|
|
23
|
+
dot = '.'.encode(encoding)
|
|
24
|
+
slash = '/'.encode(encoding)
|
|
25
|
+
backslash = '\\'.encode(encoding)
|
|
34
26
|
|
|
35
27
|
parts = []
|
|
36
28
|
unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash).gsub(/%5c/i, backslash)
|
|
@@ -14,7 +14,7 @@ module Rack
|
|
|
14
14
|
class SessionHijacking < Base
|
|
15
15
|
default_reaction :drop_session
|
|
16
16
|
default_options :tracking_key => :tracking, :encrypt_tracking => true,
|
|
17
|
-
:track => %w[HTTP_USER_AGENT
|
|
17
|
+
:track => %w[HTTP_USER_AGENT]
|
|
18
18
|
|
|
19
19
|
def accepts?(env)
|
|
20
20
|
session = session env
|
data/rack-protection.gemspec
CHANGED
|
@@ -5,7 +5,7 @@ Gem::Specification.new do |s|
|
|
|
5
5
|
s.name = "rack-protection"
|
|
6
6
|
s.version = version
|
|
7
7
|
s.description = "Protect against typical web attacks, works with all Rack apps, including Rails."
|
|
8
|
-
s.homepage = "http://
|
|
8
|
+
s.homepage = "http://sinatrarb.com/protection/"
|
|
9
9
|
s.summary = s.description
|
|
10
10
|
s.license = 'MIT'
|
|
11
11
|
s.authors = ["https://github.com/sinatra/sinatra/graphs/contributors"]
|
|
@@ -18,6 +18,21 @@ Gem::Specification.new do |s|
|
|
|
18
18
|
"rack-protection.gemspec"
|
|
19
19
|
]
|
|
20
20
|
|
|
21
|
+
if s.respond_to?(:metadata)
|
|
22
|
+
s.metadata = {
|
|
23
|
+
'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
|
|
24
|
+
'homepage_uri' => 'http://sinatrarb.com/protection/',
|
|
25
|
+
'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection'
|
|
26
|
+
}
|
|
27
|
+
else
|
|
28
|
+
raise <<-EOF
|
|
29
|
+
RubyGems 2.0 or newer is required to protect against public gem pushes. You can update your rubygems version by running:
|
|
30
|
+
gem install rubygems-update
|
|
31
|
+
update_rubygems:
|
|
32
|
+
gem update --system
|
|
33
|
+
EOF
|
|
34
|
+
end
|
|
35
|
+
|
|
21
36
|
# dependencies
|
|
22
37
|
s.add_dependency "rack"
|
|
23
38
|
s.add_development_dependency "rack-test"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-protection
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- https://github.com/sinatra/sinatra/graphs/contributors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -83,10 +83,13 @@ files:
|
|
|
83
83
|
- lib/rack/protection/version.rb
|
|
84
84
|
- lib/rack/protection/xss_header.rb
|
|
85
85
|
- rack-protection.gemspec
|
|
86
|
-
homepage: http://
|
|
86
|
+
homepage: http://sinatrarb.com/protection/
|
|
87
87
|
licenses:
|
|
88
88
|
- MIT
|
|
89
|
-
metadata:
|
|
89
|
+
metadata:
|
|
90
|
+
source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
|
|
91
|
+
homepage_uri: http://sinatrarb.com/protection/
|
|
92
|
+
documentation_uri: https://www.rubydoc.info/gems/rack-protection
|
|
90
93
|
post_install_message:
|
|
91
94
|
rdoc_options: []
|
|
92
95
|
require_paths:
|
|
@@ -103,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
103
106
|
version: '0'
|
|
104
107
|
requirements: []
|
|
105
108
|
rubyforge_project:
|
|
106
|
-
rubygems_version: 2.7.
|
|
109
|
+
rubygems_version: 2.7.3
|
|
107
110
|
signing_key:
|
|
108
111
|
specification_version: 4
|
|
109
112
|
summary: Protect against typical web attacks, works with all Rack apps, including
|