RubyGems - rack-protection - Versions diffs - 2.1.0 → 3.0.5 - Mend

rack-protection 2.1.0 → 3.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

checksums.yaml +4 -4
data/Gemfile +7 -3
data/Rakefile +24 -22
data/lib/rack/protection/authenticity_token.rb +76 -24
data/lib/rack/protection/base.rb +23 -15
data/lib/rack/protection/content_security_policy.rb +6 -5
data/lib/rack/protection/cookie_tossing.rb +7 -5
data/lib/rack/protection/encrypted_cookie.rb +273 -0
data/lib/rack/protection/encryptor.rb +62 -0
data/lib/rack/protection/escaped_params.rb +14 -10
data/lib/rack/protection/form_token.rb +3 -1
data/lib/rack/protection/frame_options.rb +3 -1
data/lib/rack/protection/http_origin.rb +6 -10
data/lib/rack/protection/ip_spoofing.rb +7 -3
data/lib/rack/protection/json_csrf.rb +6 -3
data/lib/rack/protection/path_traversal.rb +8 -5
data/lib/rack/protection/referrer_policy.rb +3 -1
data/lib/rack/protection/remote_referrer.rb +2 -0
data/lib/rack/protection/remote_token.rb +2 -0
data/lib/rack/protection/session_hijacking.rb +8 -7
data/lib/rack/protection/strict_transport.rb +4 -2
data/lib/rack/protection/version.rb +3 -1
data/lib/rack/protection/xss_header.rb +3 -1
data/lib/rack/protection.rb +5 -1
data/lib/rack-protection.rb +1 -1
data/lib/rack_protection.rb +3 -0
data/rack-protection.gemspec +29 -24
metadata +17 -13

data/lib/rack/protection.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rack/protection/version'
 require 'rack'
@@ -7,6 +9,8 @@ module Rack
     autoload :Base,                  'rack/protection/base'
     autoload :CookieTossing,         'rack/protection/cookie_tossing'
     autoload :ContentSecurityPolicy, 'rack/protection/content_security_policy'
+    autoload :Encryptor,             'rack/protection/encryptor'
+    autoload :EncryptedCookie,       'rack/protection/encrypted_cookie'
     autoload :EscapedParams,         'rack/protection/escaped_params'
     autoload :FormToken,             'rack/protection/form_token'
     autoload :FrameOptions,          'rack/protection/frame_options'
@@ -27,7 +31,7 @@ module Rack
       use_these = Array options[:use]
       if options.fetch(:without_session, false)
-        except += [:session_hijacking, :remote_token]
+        except += %i[session_hijacking remote_token]
       end
       Rack::Builder.new do

data/lib/rack-protection.rb CHANGED Viewed

	@@ -1 +1 @@
1	- require "rack/protection"
1	+ require 'rack/protection'

data/lib/rack_protection.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require 'rack/protection'

data/rack-protection.gemspec CHANGED Viewed

@@ -1,40 +1,45 @@
-version = File.read(File.expand_path("../../VERSION", __FILE__)).strip
+# frozen_string_literal: true
+version = File.read(File.expand_path('../VERSION', __dir__)).strip
 Gem::Specification.new do |s|
   # general infos
-  s.name        = "rack-protection"
+  s.name        = 'rack-protection'
   s.version     = version
-  s.description = "Protect against typical web attacks, works with all Rack apps, including Rails."
-  s.homepage    = "http://sinatrarb.com/protection/"
+  s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
+  s.homepage    = 'http://sinatrarb.com/protection/'
   s.summary     = s.description
   s.license     = 'MIT'
-  s.authors     = ["https://github.com/sinatra/sinatra/graphs/contributors"]
-  s.email       = "sinatrarb@googlegroups.com"
-  s.files       = Dir["lib/**/*.rb"] + [
-    "License",
-    "README.md",
-    "Rakefile",
-    "Gemfile",
-    "rack-protection.gemspec"
+  s.authors     = ['https://github.com/sinatra/sinatra/graphs/contributors']
+  s.email       = 'sinatrarb@googlegroups.com'
+  s.files       = Dir['lib/**/*.rb'] + [
+    'License',
+    'README.md',
+    'Rakefile',
+    'Gemfile',
+    'rack-protection.gemspec'
   ]
-  if s.respond_to?(:metadata)
-    s.metadata = {
-      'source_code_uri'   => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
-      'homepage_uri'      => 'http://sinatrarb.com/protection/',
-      'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection'
-    }
-  else
-    raise <<-EOF
+  unless s.respond_to?(:metadata)
+    raise <<-WARN
 RubyGems 2.0 or newer is required to protect against public gem pushes. You can update your rubygems version by running:
   gem install rubygems-update
   update_rubygems:
   gem update --system
-EOF
+    WARN
   end
+  s.metadata = {
+    'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
+    'homepage_uri' => 'http://sinatrarb.com/protection/',
+    'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
+    'rubygems_mfa_required' => 'true'
+  }
+  s.required_ruby_version = '>= 2.6.0'
   # dependencies
-  s.add_dependency "rack"
-  s.add_development_dependency "rack-test"
-  s.add_development_dependency "rspec", "~> 3.6"
+  s.add_dependency 'rack'
+  s.add_development_dependency 'rack-test', '~> 2'
+  s.add_development_dependency 'rspec', '~> 3'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 3.0.5
 platform: ruby
 authors:
 - https://github.com/sinatra/sinatra/graphs/contributors
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-04 00:00:00.000000000 Z
+date: 2022-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -28,30 +28,30 @@ dependencies:
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3'
 description: Protect against typical web attacks, works with all Rack apps, including
   Rails.
 email: sinatrarb@googlegroups.com
@@ -69,6 +69,8 @@ files:
 - lib/rack/protection/base.rb
 - lib/rack/protection/content_security_policy.rb
 - lib/rack/protection/cookie_tossing.rb
+- lib/rack/protection/encrypted_cookie.rb
+- lib/rack/protection/encryptor.rb
 - lib/rack/protection/escaped_params.rb
 - lib/rack/protection/form_token.rb
 - lib/rack/protection/frame_options.rb
@@ -83,6 +85,7 @@ files:
 - lib/rack/protection/strict_transport.rb
 - lib/rack/protection/version.rb
 - lib/rack/protection/xss_header.rb
+- lib/rack_protection.rb
 - rack-protection.gemspec
 homepage: http://sinatrarb.com/protection/
 licenses:
@@ -91,7 +94,8 @@ metadata:
   source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
   homepage_uri: http://sinatrarb.com/protection/
   documentation_uri: https://www.rubydoc.info/gems/rack-protection
-post_install_message:
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -99,15 +103,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Protect against typical web attacks, works with all Rack apps, including
   Rails.