RubyGems - rack-protection - Versions diffs - 2.1.0 → 3.0.5 - Mend

rack-protection 2.1.0 → 3.0.5

Files changed (28) hide show

checksums.yaml +4 -4
data/Gemfile +7 -3
data/Rakefile +24 -22
data/lib/rack/protection/authenticity_token.rb +76 -24
data/lib/rack/protection/base.rb +23 -15
data/lib/rack/protection/content_security_policy.rb +6 -5
data/lib/rack/protection/cookie_tossing.rb +7 -5
data/lib/rack/protection/encrypted_cookie.rb +273 -0
data/lib/rack/protection/encryptor.rb +62 -0
data/lib/rack/protection/escaped_params.rb +14 -10
data/lib/rack/protection/form_token.rb +3 -1
data/lib/rack/protection/frame_options.rb +3 -1
data/lib/rack/protection/http_origin.rb +6 -10
data/lib/rack/protection/ip_spoofing.rb +7 -3
data/lib/rack/protection/json_csrf.rb +6 -3
data/lib/rack/protection/path_traversal.rb +8 -5
data/lib/rack/protection/referrer_policy.rb +3 -1
data/lib/rack/protection/remote_referrer.rb +2 -0
data/lib/rack/protection/remote_token.rb +2 -0
data/lib/rack/protection/session_hijacking.rb +8 -7
data/lib/rack/protection/strict_transport.rb +4 -2
data/lib/rack/protection/version.rb +3 -1
data/lib/rack/protection/xss_header.rb +3 -1
data/lib/rack/protection.rb +5 -1
data/lib/rack-protection.rb +1 -1
data/lib/rack_protection.rb +3 -0
data/rack-protection.gemspec +29 -24
metadata +17 -13

data/lib/rack/protection.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rack/protection/version'
 require 'rack'
@@ -7,6 +9,8 @@ module Rack
     autoload :Base,                  'rack/protection/base'
     autoload :CookieTossing,         'rack/protection/cookie_tossing'
     autoload :ContentSecurityPolicy, 'rack/protection/content_security_policy'
+    autoload :Encryptor,             'rack/protection/encryptor'
+    autoload :EncryptedCookie,       'rack/protection/encrypted_cookie'
     autoload :EscapedParams,         'rack/protection/escaped_params'
     autoload :FormToken,             'rack/protection/form_token'
     autoload :FrameOptions,          'rack/protection/frame_options'
@@ -27,7 +31,7 @@ module Rack
       use_these = Array options[:use]
       if options.fetch(:without_session, false)
-        except += [:session_hijacking, :remote_token]
+        except += %i[session_hijacking remote_token]
       end
       Rack::Builder.new do

data/lib/rack-protection.rb CHANGED Viewed

	@@ -1 +1 @@
1	- require "rack/protection"
1	+ require 'rack/protection'

data/lib/rack_protection.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require 'rack/protection'

data/rack-protection.gemspec CHANGED Viewed

@@ -1,40 +1,45 @@
-version = File.read(File.expand_path("../../VERSION", __FILE__)).strip
+# frozen_string_literal: true
+version = File.read(File.expand_path('../VERSION', __dir__)).strip
 Gem::Specification.new do |s|
   # general infos
-  s.name        = "rack-protection"
+  s.name        = 'rack-protection'
   s.version     = version
-  s.description = "Protect against typical web attacks, works with all Rack apps, including Rails."
-  s.homepage    = "http://sinatrarb.com/protection/"
+  s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
+  s.homepage    = 'http://sinatrarb.com/protection/'
   s.summary     = s.description
   s.license     = 'MIT'
-  s.authors     = ["https://github.com/sinatra/sinatra/graphs/contributors"]
-  s.email       = "sinatrarb@googlegroups.com"
-  s.files       = Dir["lib/**/*.rb"] + [
-    "License",
-    "README.md",
-    "Rakefile",
-    "Gemfile",
-    "rack-protection.gemspec"
+  s.authors     = ['https://github.com/sinatra/sinatra/graphs/contributors']
+  s.email       = 'sinatrarb@googlegroups.com'
+  s.files       = Dir['lib/**/*.rb'] + [
+    'License',
+    'README.md',
+    'Rakefile',
+    'Gemfile',
+    'rack-protection.gemspec'
   ]
-  if s.respond_to?(:metadata)
-    s.metadata = {
-      'source_code_uri'   => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
-      'homepage_uri'      => 'http://sinatrarb.com/protection/',
-      'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection'
-    }
-  else
-    raise <<-EOF
+  unless s.respond_to?(:metadata)
+    raise <<-WARN
 RubyGems 2.0 or newer is required to protect against public gem pushes. You can update your rubygems version by running:
   gem install rubygems-update
   update_rubygems:
   gem update --system
-EOF
+    WARN
   end
+  s.metadata = {
+    'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
+    'homepage_uri' => 'http://sinatrarb.com/protection/',
+    'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
+    'rubygems_mfa_required' => 'true'
+  }
+  s.required_ruby_version = '>= 2.6.0'
   # dependencies
-  s.add_dependency "rack"
-  s.add_development_dependency "rack-test"
-  s.add_development_dependency "rspec", "~> 3.6"
+  s.add_dependency 'rack'
+  s.add_development_dependency 'rack-test', '~> 2'
+  s.add_development_dependency 'rspec', '~> 3'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 3.0.5
 platform: ruby
 authors:
 - https://github.com/sinatra/sinatra/graphs/contributors
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-04 00:00:00.000000000 Z
+date: 2022-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -28,30 +28,30 @@ dependencies:
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3'
 description: Protect against typical web attacks, works with all Rack apps, including
   Rails.
 email: sinatrarb@googlegroups.com
@@ -69,6 +69,8 @@ files:
 - lib/rack/protection/base.rb
 - lib/rack/protection/content_security_policy.rb
 - lib/rack/protection/cookie_tossing.rb
+- lib/rack/protection/encrypted_cookie.rb
+- lib/rack/protection/encryptor.rb
 - lib/rack/protection/escaped_params.rb
 - lib/rack/protection/form_token.rb
 - lib/rack/protection/frame_options.rb
@@ -83,6 +85,7 @@ files:
 - lib/rack/protection/strict_transport.rb
 - lib/rack/protection/version.rb
 - lib/rack/protection/xss_header.rb
+- lib/rack_protection.rb
 - rack-protection.gemspec
 homepage: http://sinatrarb.com/protection/
 licenses:
@@ -91,7 +94,8 @@ metadata:
   source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
   homepage_uri: http://sinatrarb.com/protection/
   documentation_uri: https://www.rubydoc.info/gems/rack-protection
-post_install_message:
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -99,15 +103,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Protect against typical web attacks, works with all Rack apps, including
   Rails.