rack-protection 2.0.5 → 3.0.5

data/lib/rack/protection/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Rack
   module Protection
-    VERSION = '2.0.5'
+    VERSION = '3.0.4'
   end
 end

data/lib/rack/protection/xss_header.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack/protection'
 
 module Rack
@@ -12,7 +14,7 @@ module Rack
     # Options:
     # xss_mode:: How the browser should prevent the attack (default: :block)
     class XSSHeader < Base
-      default_options :xss_mode => :block, :nosniff => true
+      default_options xss_mode: :block, nosniff: true
 
       def call(env)
         status, headers, body = @app.call(env)

data/lib/rack/protection.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack/protection/version'
 require 'rack'
 
@@ -7,6 +9,8 @@ module Rack
     autoload :Base,                  'rack/protection/base'
     autoload :CookieTossing,         'rack/protection/cookie_tossing'
     autoload :ContentSecurityPolicy, 'rack/protection/content_security_policy'
+    autoload :Encryptor,             'rack/protection/encryptor'
+    autoload :EncryptedCookie,       'rack/protection/encrypted_cookie'
     autoload :EscapedParams,         'rack/protection/escaped_params'
     autoload :FormToken,             'rack/protection/form_token'
     autoload :FrameOptions,          'rack/protection/frame_options'
@@ -14,6 +18,7 @@ module Rack
     autoload :IPSpoofing,            'rack/protection/ip_spoofing'
     autoload :JsonCsrf,              'rack/protection/json_csrf'
     autoload :PathTraversal,         'rack/protection/path_traversal'
+    autoload :ReferrerPolicy,        'rack/protection/referrer_policy'
     autoload :RemoteReferrer,        'rack/protection/remote_referrer'
     autoload :RemoteToken,           'rack/protection/remote_token'
     autoload :SessionHijacking,      'rack/protection/session_hijacking'
@@ -26,15 +31,17 @@ module Rack
       use_these = Array options[:use]
 
       if options.fetch(:without_session, false)
-        except += [:session_hijacking, :remote_token]
+        except += %i[session_hijacking remote_token]
       end
 
       Rack::Builder.new do
         # Off by default, unless added
         use ::Rack::Protection::AuthenticityToken,     options if use_these.include? :authenticity_token
-        use ::Rack::Protection::CookieTossing,         options if use_these.include? :cookie_tossing
         use ::Rack::Protection::ContentSecurityPolicy, options if use_these.include? :content_security_policy
+        use ::Rack::Protection::CookieTossing,         options if use_these.include? :cookie_tossing
+        use ::Rack::Protection::EscapedParams,         options if use_these.include? :escaped_params
         use ::Rack::Protection::FormToken,             options if use_these.include? :form_token
+        use ::Rack::Protection::ReferrerPolicy,        options if use_these.include? :referrer_policy
         use ::Rack::Protection::RemoteReferrer,        options if use_these.include? :remote_referrer
         use ::Rack::Protection::StrictTransport,       options if use_these.include? :strict_transport
 

data/lib/rack-protection.rb

@@ -1 +1 @@
-require "rack/protection"
+require 'rack/protection'

data/lib/rack_protection.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'rack/protection'

data/rack-protection.gemspec

@@ -1,40 +1,45 @@
-version = File.read(File.expand_path("../../VERSION", __FILE__)).strip
+# frozen_string_literal: true
+
+version = File.read(File.expand_path('../VERSION', __dir__)).strip
 
 Gem::Specification.new do |s|
   # general infos
-  s.name        = "rack-protection"
+  s.name        = 'rack-protection'
   s.version     = version
-  s.description = "Protect against typical web attacks, works with all Rack apps, including Rails."
-  s.homepage    = "http://sinatrarb.com/protection/"
+  s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
+  s.homepage    = 'http://sinatrarb.com/protection/'
   s.summary     = s.description
   s.license     = 'MIT'
-  s.authors     = ["https://github.com/sinatra/sinatra/graphs/contributors"]
-  s.email       = "sinatrarb@googlegroups.com"
-  s.files       = Dir["lib/**/*.rb"] + [
-    "License",
-    "README.md",
-    "Rakefile",
-    "Gemfile",
-    "rack-protection.gemspec"
+  s.authors     = ['https://github.com/sinatra/sinatra/graphs/contributors']
+  s.email       = 'sinatrarb@googlegroups.com'
+  s.files       = Dir['lib/**/*.rb'] + [
+    'License',
+    'README.md',
+    'Rakefile',
+    'Gemfile',
+    'rack-protection.gemspec'
   ]
 
-  if s.respond_to?(:metadata)
-    s.metadata = {
-      'source_code_uri'   => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
-      'homepage_uri'      => 'http://sinatrarb.com/protection/',
-      'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection'
-    }
-  else
-    raise <<-EOF
+  unless s.respond_to?(:metadata)
+    raise <<-WARN
 RubyGems 2.0 or newer is required to protect against public gem pushes. You can update your rubygems version by running:
   gem install rubygems-update
   update_rubygems:
   gem update --system
-EOF
+    WARN
   end
 
+  s.metadata = {
+    'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
+    'homepage_uri' => 'http://sinatrarb.com/protection/',
+    'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
+    'rubygems_mfa_required' => 'true'
+  }
+
+  s.required_ruby_version = '>= 2.6.0'
+
   # dependencies
-  s.add_dependency "rack"
-  s.add_development_dependency "rack-test"
-  s.add_development_dependency "rspec", "~> 3.6"
+  s.add_dependency 'rack'
+  s.add_development_dependency 'rack-test', '~> 2'
+  s.add_development_dependency 'rspec', '~> 3'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 3.0.5
 platform: ruby
 authors:
 - https://github.com/sinatra/sinatra/graphs/contributors
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-12-22 00:00:00.000000000 Z
+date: 2022-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -28,30 +28,30 @@ dependencies:
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3'
 description: Protect against typical web attacks, works with all Rack apps, including
   Rails.
 email: sinatrarb@googlegroups.com
@@ -69,6 +69,8 @@ files:
 - lib/rack/protection/base.rb
 - lib/rack/protection/content_security_policy.rb
 - lib/rack/protection/cookie_tossing.rb
+- lib/rack/protection/encrypted_cookie.rb
+- lib/rack/protection/encryptor.rb
 - lib/rack/protection/escaped_params.rb
 - lib/rack/protection/form_token.rb
 - lib/rack/protection/frame_options.rb
@@ -76,12 +78,14 @@ files:
 - lib/rack/protection/ip_spoofing.rb
 - lib/rack/protection/json_csrf.rb
 - lib/rack/protection/path_traversal.rb
+- lib/rack/protection/referrer_policy.rb
 - lib/rack/protection/remote_referrer.rb
 - lib/rack/protection/remote_token.rb
 - lib/rack/protection/session_hijacking.rb
 - lib/rack/protection/strict_transport.rb
 - lib/rack/protection/version.rb
 - lib/rack/protection/xss_header.rb
+- lib/rack_protection.rb
 - rack-protection.gemspec
 homepage: http://sinatrarb.com/protection/
 licenses:
@@ -90,7 +94,8 @@ metadata:
   source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
   homepage_uri: http://sinatrarb.com/protection/
   documentation_uri: https://www.rubydoc.info/gems/rack-protection
-post_install_message: 
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -98,16 +103,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Protect against typical web attacks, works with all Rack apps, including
   Rails.