rack-protection 2.0.3 → 3.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,7 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Rack
2
4
  module Protection
3
- VERSION = '2.0.3'
5
+ VERSION = '3.0.6'
4
6
  end
5
7
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/protection'
2
4
 
3
5
  module Rack
@@ -12,7 +14,7 @@ module Rack
12
14
  # Options:
13
15
  # xss_mode:: How the browser should prevent the attack (default: :block)
14
16
  class XSSHeader < Base
15
- default_options :xss_mode => :block, :nosniff => true
17
+ default_options xss_mode: :block, nosniff: true
16
18
 
17
19
  def call(env)
18
20
  status, headers, body = @app.call(env)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/protection/version'
2
4
  require 'rack'
3
5
 
@@ -7,6 +9,8 @@ module Rack
7
9
  autoload :Base, 'rack/protection/base'
8
10
  autoload :CookieTossing, 'rack/protection/cookie_tossing'
9
11
  autoload :ContentSecurityPolicy, 'rack/protection/content_security_policy'
12
+ autoload :Encryptor, 'rack/protection/encryptor'
13
+ autoload :EncryptedCookie, 'rack/protection/encrypted_cookie'
10
14
  autoload :EscapedParams, 'rack/protection/escaped_params'
11
15
  autoload :FormToken, 'rack/protection/form_token'
12
16
  autoload :FrameOptions, 'rack/protection/frame_options'
@@ -14,6 +18,7 @@ module Rack
14
18
  autoload :IPSpoofing, 'rack/protection/ip_spoofing'
15
19
  autoload :JsonCsrf, 'rack/protection/json_csrf'
16
20
  autoload :PathTraversal, 'rack/protection/path_traversal'
21
+ autoload :ReferrerPolicy, 'rack/protection/referrer_policy'
17
22
  autoload :RemoteReferrer, 'rack/protection/remote_referrer'
18
23
  autoload :RemoteToken, 'rack/protection/remote_token'
19
24
  autoload :SessionHijacking, 'rack/protection/session_hijacking'
@@ -26,15 +31,17 @@ module Rack
26
31
  use_these = Array options[:use]
27
32
 
28
33
  if options.fetch(:without_session, false)
29
- except += [:session_hijacking, :remote_token]
34
+ except += %i[session_hijacking remote_token]
30
35
  end
31
36
 
32
37
  Rack::Builder.new do
33
38
  # Off by default, unless added
34
39
  use ::Rack::Protection::AuthenticityToken, options if use_these.include? :authenticity_token
35
- use ::Rack::Protection::CookieTossing, options if use_these.include? :cookie_tossing
36
40
  use ::Rack::Protection::ContentSecurityPolicy, options if use_these.include? :content_security_policy
41
+ use ::Rack::Protection::CookieTossing, options if use_these.include? :cookie_tossing
42
+ use ::Rack::Protection::EscapedParams, options if use_these.include? :escaped_params
37
43
  use ::Rack::Protection::FormToken, options if use_these.include? :form_token
44
+ use ::Rack::Protection::ReferrerPolicy, options if use_these.include? :referrer_policy
38
45
  use ::Rack::Protection::RemoteReferrer, options if use_these.include? :remote_referrer
39
46
  use ::Rack::Protection::StrictTransport, options if use_these.include? :strict_transport
40
47
 
@@ -1 +1 @@
1
- require "rack/protection"
1
+ require 'rack/protection'
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rack/protection'
@@ -1,25 +1,45 @@
1
- version = File.read(File.expand_path("../../VERSION", __FILE__)).strip
1
+ # frozen_string_literal: true
2
+
3
+ version = File.read(File.expand_path('../VERSION', __dir__)).strip
2
4
 
3
5
  Gem::Specification.new do |s|
4
6
  # general infos
5
- s.name = "rack-protection"
7
+ s.name = 'rack-protection'
6
8
  s.version = version
7
- s.description = "Protect against typical web attacks, works with all Rack apps, including Rails."
8
- s.homepage = "http://www.sinatrarb.com/protection/"
9
+ s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
10
+ s.homepage = 'https://sinatrarb.com/protection/'
9
11
  s.summary = s.description
10
12
  s.license = 'MIT'
11
- s.authors = ["https://github.com/sinatra/sinatra/graphs/contributors"]
12
- s.email = "sinatrarb@googlegroups.com"
13
- s.files = Dir["lib/**/*.rb"] + [
14
- "License",
15
- "README.md",
16
- "Rakefile",
17
- "Gemfile",
18
- "rack-protection.gemspec"
13
+ s.authors = ['https://github.com/sinatra/sinatra/graphs/contributors']
14
+ s.email = 'sinatrarb@googlegroups.com'
15
+ s.files = Dir['lib/**/*.rb'] + [
16
+ 'License',
17
+ 'README.md',
18
+ 'Rakefile',
19
+ 'Gemfile',
20
+ 'rack-protection.gemspec'
19
21
  ]
20
22
 
23
+ unless s.respond_to?(:metadata)
24
+ raise <<-WARN
25
+ RubyGems 2.0 or newer is required to protect against public gem pushes. You can update your rubygems version by running:
26
+ gem install rubygems-update
27
+ update_rubygems:
28
+ gem update --system
29
+ WARN
30
+ end
31
+
32
+ s.metadata = {
33
+ 'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/main/rack-protection',
34
+ 'homepage_uri' => 'http://sinatrarb.com/protection/',
35
+ 'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
36
+ 'rubygems_mfa_required' => 'true'
37
+ }
38
+
39
+ s.required_ruby_version = '>= 2.6.0'
40
+
21
41
  # dependencies
22
- s.add_dependency "rack"
23
- s.add_development_dependency "rack-test"
24
- s.add_development_dependency "rspec", "~> 3.6"
42
+ s.add_dependency 'rack'
43
+ s.add_development_dependency 'rack-test', '~> 2'
44
+ s.add_development_dependency 'rspec', '~> 3'
25
45
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.3
4
+ version: 3.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-06-08 00:00:00.000000000 Z
11
+ date: 2023-04-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -28,30 +28,30 @@ dependencies:
28
28
  name: rack-test
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ">="
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: '2'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ">="
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: '2'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.6'
47
+ version: '3'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.6'
54
+ version: '3'
55
55
  description: Protect against typical web attacks, works with all Rack apps, including
56
56
  Rails.
57
57
  email: sinatrarb@googlegroups.com
@@ -69,6 +69,8 @@ files:
69
69
  - lib/rack/protection/base.rb
70
70
  - lib/rack/protection/content_security_policy.rb
71
71
  - lib/rack/protection/cookie_tossing.rb
72
+ - lib/rack/protection/encrypted_cookie.rb
73
+ - lib/rack/protection/encryptor.rb
72
74
  - lib/rack/protection/escaped_params.rb
73
75
  - lib/rack/protection/form_token.rb
74
76
  - lib/rack/protection/frame_options.rb
@@ -76,18 +78,24 @@ files:
76
78
  - lib/rack/protection/ip_spoofing.rb
77
79
  - lib/rack/protection/json_csrf.rb
78
80
  - lib/rack/protection/path_traversal.rb
81
+ - lib/rack/protection/referrer_policy.rb
79
82
  - lib/rack/protection/remote_referrer.rb
80
83
  - lib/rack/protection/remote_token.rb
81
84
  - lib/rack/protection/session_hijacking.rb
82
85
  - lib/rack/protection/strict_transport.rb
83
86
  - lib/rack/protection/version.rb
84
87
  - lib/rack/protection/xss_header.rb
88
+ - lib/rack_protection.rb
85
89
  - rack-protection.gemspec
86
- homepage: http://www.sinatrarb.com/protection/
90
+ homepage: https://sinatrarb.com/protection/
87
91
  licenses:
88
92
  - MIT
89
- metadata: {}
90
- post_install_message:
93
+ metadata:
94
+ source_code_uri: https://github.com/sinatra/sinatra/tree/main/rack-protection
95
+ homepage_uri: http://sinatrarb.com/protection/
96
+ documentation_uri: https://www.rubydoc.info/gems/rack-protection
97
+ rubygems_mfa_required: 'true'
98
+ post_install_message:
91
99
  rdoc_options: []
92
100
  require_paths:
93
101
  - lib
@@ -95,16 +103,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
95
103
  requirements:
96
104
  - - ">="
97
105
  - !ruby/object:Gem::Version
98
- version: '0'
106
+ version: 2.6.0
99
107
  required_rubygems_version: !ruby/object:Gem::Requirement
100
108
  requirements:
101
109
  - - ">="
102
110
  - !ruby/object:Gem::Version
103
111
  version: '0'
104
112
  requirements: []
105
- rubyforge_project:
106
- rubygems_version: 2.7.6
107
- signing_key:
113
+ rubygems_version: 3.4.10
114
+ signing_key:
108
115
  specification_version: 4
109
116
  summary: Protect against typical web attacks, works with all Rack apps, including
110
117
  Rails.