rack-protection 2.0.5 → 3.0.5

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,5 +1,7 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Rack
2
4
  module Protection
3
- VERSION = '2.0.5'
5
+ VERSION = '3.0.4'
4
6
  end
5
7
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/protection'
2
4
 
3
5
  module Rack
@@ -12,7 +14,7 @@ module Rack
12
14
  # Options:
13
15
  # xss_mode:: How the browser should prevent the attack (default: :block)
14
16
  class XSSHeader < Base
15
- default_options :xss_mode => :block, :nosniff => true
17
+ default_options xss_mode: :block, nosniff: true
16
18
 
17
19
  def call(env)
18
20
  status, headers, body = @app.call(env)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'rack/protection/version'
2
4
  require 'rack'
3
5
 
@@ -7,6 +9,8 @@ module Rack
7
9
  autoload :Base, 'rack/protection/base'
8
10
  autoload :CookieTossing, 'rack/protection/cookie_tossing'
9
11
  autoload :ContentSecurityPolicy, 'rack/protection/content_security_policy'
12
+ autoload :Encryptor, 'rack/protection/encryptor'
13
+ autoload :EncryptedCookie, 'rack/protection/encrypted_cookie'
10
14
  autoload :EscapedParams, 'rack/protection/escaped_params'
11
15
  autoload :FormToken, 'rack/protection/form_token'
12
16
  autoload :FrameOptions, 'rack/protection/frame_options'
@@ -14,6 +18,7 @@ module Rack
14
18
  autoload :IPSpoofing, 'rack/protection/ip_spoofing'
15
19
  autoload :JsonCsrf, 'rack/protection/json_csrf'
16
20
  autoload :PathTraversal, 'rack/protection/path_traversal'
21
+ autoload :ReferrerPolicy, 'rack/protection/referrer_policy'
17
22
  autoload :RemoteReferrer, 'rack/protection/remote_referrer'
18
23
  autoload :RemoteToken, 'rack/protection/remote_token'
19
24
  autoload :SessionHijacking, 'rack/protection/session_hijacking'
@@ -26,15 +31,17 @@ module Rack
26
31
  use_these = Array options[:use]
27
32
 
28
33
  if options.fetch(:without_session, false)
29
- except += [:session_hijacking, :remote_token]
34
+ except += %i[session_hijacking remote_token]
30
35
  end
31
36
 
32
37
  Rack::Builder.new do
33
38
  # Off by default, unless added
34
39
  use ::Rack::Protection::AuthenticityToken, options if use_these.include? :authenticity_token
35
- use ::Rack::Protection::CookieTossing, options if use_these.include? :cookie_tossing
36
40
  use ::Rack::Protection::ContentSecurityPolicy, options if use_these.include? :content_security_policy
41
+ use ::Rack::Protection::CookieTossing, options if use_these.include? :cookie_tossing
42
+ use ::Rack::Protection::EscapedParams, options if use_these.include? :escaped_params
37
43
  use ::Rack::Protection::FormToken, options if use_these.include? :form_token
44
+ use ::Rack::Protection::ReferrerPolicy, options if use_these.include? :referrer_policy
38
45
  use ::Rack::Protection::RemoteReferrer, options if use_these.include? :remote_referrer
39
46
  use ::Rack::Protection::StrictTransport, options if use_these.include? :strict_transport
40
47
 
@@ -1 +1 @@
1
- require "rack/protection"
1
+ require 'rack/protection'
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rack/protection'
@@ -1,40 +1,45 @@
1
- version = File.read(File.expand_path("../../VERSION", __FILE__)).strip
1
+ # frozen_string_literal: true
2
+
3
+ version = File.read(File.expand_path('../VERSION', __dir__)).strip
2
4
 
3
5
  Gem::Specification.new do |s|
4
6
  # general infos
5
- s.name = "rack-protection"
7
+ s.name = 'rack-protection'
6
8
  s.version = version
7
- s.description = "Protect against typical web attacks, works with all Rack apps, including Rails."
8
- s.homepage = "http://sinatrarb.com/protection/"
9
+ s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
10
+ s.homepage = 'http://sinatrarb.com/protection/'
9
11
  s.summary = s.description
10
12
  s.license = 'MIT'
11
- s.authors = ["https://github.com/sinatra/sinatra/graphs/contributors"]
12
- s.email = "sinatrarb@googlegroups.com"
13
- s.files = Dir["lib/**/*.rb"] + [
14
- "License",
15
- "README.md",
16
- "Rakefile",
17
- "Gemfile",
18
- "rack-protection.gemspec"
13
+ s.authors = ['https://github.com/sinatra/sinatra/graphs/contributors']
14
+ s.email = 'sinatrarb@googlegroups.com'
15
+ s.files = Dir['lib/**/*.rb'] + [
16
+ 'License',
17
+ 'README.md',
18
+ 'Rakefile',
19
+ 'Gemfile',
20
+ 'rack-protection.gemspec'
19
21
  ]
20
22
 
21
- if s.respond_to?(:metadata)
22
- s.metadata = {
23
- 'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
24
- 'homepage_uri' => 'http://sinatrarb.com/protection/',
25
- 'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection'
26
- }
27
- else
28
- raise <<-EOF
23
+ unless s.respond_to?(:metadata)
24
+ raise <<-WARN
29
25
  RubyGems 2.0 or newer is required to protect against public gem pushes. You can update your rubygems version by running:
30
26
  gem install rubygems-update
31
27
  update_rubygems:
32
28
  gem update --system
33
- EOF
29
+ WARN
34
30
  end
35
31
 
32
+ s.metadata = {
33
+ 'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
34
+ 'homepage_uri' => 'http://sinatrarb.com/protection/',
35
+ 'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
36
+ 'rubygems_mfa_required' => 'true'
37
+ }
38
+
39
+ s.required_ruby_version = '>= 2.6.0'
40
+
36
41
  # dependencies
37
- s.add_dependency "rack"
38
- s.add_development_dependency "rack-test"
39
- s.add_development_dependency "rspec", "~> 3.6"
42
+ s.add_dependency 'rack'
43
+ s.add_development_dependency 'rack-test', '~> 2'
44
+ s.add_development_dependency 'rspec', '~> 3'
40
45
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.5
4
+ version: 3.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-12-22 00:00:00.000000000 Z
11
+ date: 2022-12-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -28,30 +28,30 @@ dependencies:
28
28
  name: rack-test
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ">="
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: '2'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ">="
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: '2'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.6'
47
+ version: '3'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.6'
54
+ version: '3'
55
55
  description: Protect against typical web attacks, works with all Rack apps, including
56
56
  Rails.
57
57
  email: sinatrarb@googlegroups.com
@@ -69,6 +69,8 @@ files:
69
69
  - lib/rack/protection/base.rb
70
70
  - lib/rack/protection/content_security_policy.rb
71
71
  - lib/rack/protection/cookie_tossing.rb
72
+ - lib/rack/protection/encrypted_cookie.rb
73
+ - lib/rack/protection/encryptor.rb
72
74
  - lib/rack/protection/escaped_params.rb
73
75
  - lib/rack/protection/form_token.rb
74
76
  - lib/rack/protection/frame_options.rb
@@ -76,12 +78,14 @@ files:
76
78
  - lib/rack/protection/ip_spoofing.rb
77
79
  - lib/rack/protection/json_csrf.rb
78
80
  - lib/rack/protection/path_traversal.rb
81
+ - lib/rack/protection/referrer_policy.rb
79
82
  - lib/rack/protection/remote_referrer.rb
80
83
  - lib/rack/protection/remote_token.rb
81
84
  - lib/rack/protection/session_hijacking.rb
82
85
  - lib/rack/protection/strict_transport.rb
83
86
  - lib/rack/protection/version.rb
84
87
  - lib/rack/protection/xss_header.rb
88
+ - lib/rack_protection.rb
85
89
  - rack-protection.gemspec
86
90
  homepage: http://sinatrarb.com/protection/
87
91
  licenses:
@@ -90,7 +94,8 @@ metadata:
90
94
  source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
91
95
  homepage_uri: http://sinatrarb.com/protection/
92
96
  documentation_uri: https://www.rubydoc.info/gems/rack-protection
93
- post_install_message:
97
+ rubygems_mfa_required: 'true'
98
+ post_install_message:
94
99
  rdoc_options: []
95
100
  require_paths:
96
101
  - lib
@@ -98,16 +103,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
98
103
  requirements:
99
104
  - - ">="
100
105
  - !ruby/object:Gem::Version
101
- version: '0'
106
+ version: 2.6.0
102
107
  required_rubygems_version: !ruby/object:Gem::Requirement
103
108
  requirements:
104
109
  - - ">="
105
110
  - !ruby/object:Gem::Version
106
111
  version: '0'
107
112
  requirements: []
108
- rubyforge_project:
109
- rubygems_version: 2.7.6
110
- signing_key:
113
+ rubygems_version: 3.2.3
114
+ signing_key:
111
115
  specification_version: 4
112
116
  summary: Protect against typical web attacks, works with all Rack apps, including
113
117
  Rails.