rack-protection 2.2.0 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -3
- data/README.md +2 -0
- data/Rakefile +24 -22
- data/lib/rack/protection/authenticity_token.rb +20 -16
- data/lib/rack/protection/base.rb +30 -16
- data/lib/rack/protection/content_security_policy.rb +6 -5
- data/lib/rack/protection/cookie_tossing.rb +7 -5
- data/lib/rack/protection/encrypted_cookie.rb +273 -0
- data/lib/rack/protection/encryptor.rb +62 -0
- data/lib/rack/protection/escaped_params.rb +14 -10
- data/lib/rack/protection/form_token.rb +3 -1
- data/lib/rack/protection/frame_options.rb +3 -1
- data/lib/rack/protection/http_origin.rb +6 -10
- data/lib/rack/protection/ip_spoofing.rb +7 -3
- data/lib/rack/protection/json_csrf.rb +6 -3
- data/lib/rack/protection/path_traversal.rb +8 -5
- data/lib/rack/protection/referrer_policy.rb +3 -1
- data/lib/rack/protection/remote_referrer.rb +2 -0
- data/lib/rack/protection/remote_token.rb +2 -0
- data/lib/rack/protection/session_hijacking.rb +8 -7
- data/lib/rack/protection/strict_transport.rb +4 -2
- data/lib/rack/protection/version.rb +3 -1
- data/lib/rack/protection/xss_header.rb +3 -1
- data/lib/rack/protection.rb +5 -1
- data/lib/rack-protection.rb +1 -1
- data/lib/rack_protection.rb +3 -0
- data/rack-protection.gemspec +30 -25
- metadata +28 -18
data/lib/rack/protection.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'rack/protection/version'
|
2
4
|
require 'rack'
|
3
5
|
|
@@ -7,6 +9,8 @@ module Rack
|
|
7
9
|
autoload :Base, 'rack/protection/base'
|
8
10
|
autoload :CookieTossing, 'rack/protection/cookie_tossing'
|
9
11
|
autoload :ContentSecurityPolicy, 'rack/protection/content_security_policy'
|
12
|
+
autoload :Encryptor, 'rack/protection/encryptor'
|
13
|
+
autoload :EncryptedCookie, 'rack/protection/encrypted_cookie'
|
10
14
|
autoload :EscapedParams, 'rack/protection/escaped_params'
|
11
15
|
autoload :FormToken, 'rack/protection/form_token'
|
12
16
|
autoload :FrameOptions, 'rack/protection/frame_options'
|
@@ -27,7 +31,7 @@ module Rack
|
|
27
31
|
use_these = Array options[:use]
|
28
32
|
|
29
33
|
if options.fetch(:without_session, false)
|
30
|
-
except += [
|
34
|
+
except += %i[session_hijacking remote_token]
|
31
35
|
end
|
32
36
|
|
33
37
|
Rack::Builder.new do
|
data/lib/rack-protection.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require
|
1
|
+
require 'rack/protection'
|
data/rack-protection.gemspec
CHANGED
@@ -1,40 +1,45 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
version = File.read(File.expand_path('../VERSION', __dir__)).strip
|
2
4
|
|
3
5
|
Gem::Specification.new do |s|
|
4
6
|
# general infos
|
5
|
-
s.name =
|
7
|
+
s.name = 'rack-protection'
|
6
8
|
s.version = version
|
7
|
-
s.description =
|
8
|
-
s.homepage =
|
9
|
-
s.summary = s.description
|
9
|
+
s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails'
|
10
|
+
s.homepage = 'https://sinatrarb.com/protection/'
|
11
|
+
s.summary = "#{s.description}."
|
10
12
|
s.license = 'MIT'
|
11
|
-
s.authors = [
|
12
|
-
s.email =
|
13
|
-
s.files = Dir[
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
13
|
+
s.authors = ['https://github.com/sinatra/sinatra/graphs/contributors']
|
14
|
+
s.email = 'sinatrarb@googlegroups.com'
|
15
|
+
s.files = Dir['lib/**/*.rb'] + [
|
16
|
+
'License',
|
17
|
+
'README.md',
|
18
|
+
'Rakefile',
|
19
|
+
'Gemfile',
|
20
|
+
'rack-protection.gemspec'
|
19
21
|
]
|
20
22
|
|
21
|
-
|
22
|
-
|
23
|
-
'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
|
24
|
-
'homepage_uri' => 'http://sinatrarb.com/protection/',
|
25
|
-
'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection'
|
26
|
-
}
|
27
|
-
else
|
28
|
-
raise <<-EOF
|
23
|
+
unless s.respond_to?(:metadata)
|
24
|
+
raise <<-WARN
|
29
25
|
RubyGems 2.0 or newer is required to protect against public gem pushes. You can update your rubygems version by running:
|
30
26
|
gem install rubygems-update
|
31
27
|
update_rubygems:
|
32
28
|
gem update --system
|
33
|
-
|
29
|
+
WARN
|
34
30
|
end
|
35
31
|
|
32
|
+
s.metadata = {
|
33
|
+
'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/main/rack-protection',
|
34
|
+
'homepage_uri' => 'http://sinatrarb.com/protection/',
|
35
|
+
'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
|
36
|
+
'rubygems_mfa_required' => 'true'
|
37
|
+
}
|
38
|
+
|
39
|
+
s.required_ruby_version = '>= 2.6.0'
|
40
|
+
|
36
41
|
# dependencies
|
37
|
-
s.add_dependency
|
38
|
-
s.add_development_dependency
|
39
|
-
s.add_development_dependency
|
42
|
+
s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
|
43
|
+
s.add_development_dependency 'rack-test', '~> 2'
|
44
|
+
s.add_development_dependency 'rspec', '~> 3'
|
40
45
|
end
|
metadata
CHANGED
@@ -1,59 +1,65 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-protection
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- https://github.com/sinatra/sinatra/graphs/contributors
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-08-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.2'
|
17
20
|
- - ">="
|
18
21
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
22
|
+
version: 2.2.4
|
20
23
|
type: :runtime
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '2.2'
|
24
30
|
- - ">="
|
25
31
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
32
|
+
version: 2.2.4
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: rack-test
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
30
36
|
requirements:
|
31
|
-
- - "
|
37
|
+
- - "~>"
|
32
38
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
39
|
+
version: '2'
|
34
40
|
type: :development
|
35
41
|
prerelease: false
|
36
42
|
version_requirements: !ruby/object:Gem::Requirement
|
37
43
|
requirements:
|
38
|
-
- - "
|
44
|
+
- - "~>"
|
39
45
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
46
|
+
version: '2'
|
41
47
|
- !ruby/object:Gem::Dependency
|
42
48
|
name: rspec
|
43
49
|
requirement: !ruby/object:Gem::Requirement
|
44
50
|
requirements:
|
45
51
|
- - "~>"
|
46
52
|
- !ruby/object:Gem::Version
|
47
|
-
version: '3
|
53
|
+
version: '3'
|
48
54
|
type: :development
|
49
55
|
prerelease: false
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
51
57
|
requirements:
|
52
58
|
- - "~>"
|
53
59
|
- !ruby/object:Gem::Version
|
54
|
-
version: '3
|
60
|
+
version: '3'
|
55
61
|
description: Protect against typical web attacks, works with all Rack apps, including
|
56
|
-
Rails
|
62
|
+
Rails
|
57
63
|
email: sinatrarb@googlegroups.com
|
58
64
|
executables: []
|
59
65
|
extensions: []
|
@@ -69,6 +75,8 @@ files:
|
|
69
75
|
- lib/rack/protection/base.rb
|
70
76
|
- lib/rack/protection/content_security_policy.rb
|
71
77
|
- lib/rack/protection/cookie_tossing.rb
|
78
|
+
- lib/rack/protection/encrypted_cookie.rb
|
79
|
+
- lib/rack/protection/encryptor.rb
|
72
80
|
- lib/rack/protection/escaped_params.rb
|
73
81
|
- lib/rack/protection/form_token.rb
|
74
82
|
- lib/rack/protection/frame_options.rb
|
@@ -83,15 +91,17 @@ files:
|
|
83
91
|
- lib/rack/protection/strict_transport.rb
|
84
92
|
- lib/rack/protection/version.rb
|
85
93
|
- lib/rack/protection/xss_header.rb
|
94
|
+
- lib/rack_protection.rb
|
86
95
|
- rack-protection.gemspec
|
87
|
-
homepage:
|
96
|
+
homepage: https://sinatrarb.com/protection/
|
88
97
|
licenses:
|
89
98
|
- MIT
|
90
99
|
metadata:
|
91
|
-
source_code_uri: https://github.com/sinatra/sinatra/tree/
|
100
|
+
source_code_uri: https://github.com/sinatra/sinatra/tree/main/rack-protection
|
92
101
|
homepage_uri: http://sinatrarb.com/protection/
|
93
102
|
documentation_uri: https://www.rubydoc.info/gems/rack-protection
|
94
|
-
|
103
|
+
rubygems_mfa_required: 'true'
|
104
|
+
post_install_message:
|
95
105
|
rdoc_options: []
|
96
106
|
require_paths:
|
97
107
|
- lib
|
@@ -99,15 +109,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
99
109
|
requirements:
|
100
110
|
- - ">="
|
101
111
|
- !ruby/object:Gem::Version
|
102
|
-
version:
|
112
|
+
version: 2.6.0
|
103
113
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
104
114
|
requirements:
|
105
115
|
- - ">="
|
106
116
|
- !ruby/object:Gem::Version
|
107
117
|
version: '0'
|
108
118
|
requirements: []
|
109
|
-
rubygems_version: 3.
|
110
|
-
signing_key:
|
119
|
+
rubygems_version: 3.4.18
|
120
|
+
signing_key:
|
111
121
|
specification_version: 4
|
112
122
|
summary: Protect against typical web attacks, works with all Rack apps, including
|
113
123
|
Rails.
|