rack-protection 2.2.1 → 2.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rack/protection/ip_spoofing.rb +5 -3
  3. data/lib/rack/protection/version.rb +1 -1
  4. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e901f1cfa34ea0aa6b13be17c71316ae7dbbea93a778f0987e3bac6d795d502
4
- data.tar.gz: 701fb3d7ae00c8c15326c179905d46a4a1ce43c038158247c11969eb80358dee
3
+ metadata.gz: 41643b8e96c39cab78011412440435328537bdccf21141fd3a448b3b3fd905ba
4
+ data.tar.gz: 94385c3ad84be0e4a7472efb54f1eb7c4b373c7b6c845bdf1b66b03bef9ad63d
5
5
  SHA512:
6
- metadata.gz: 32a5cfa10061ee479768089916d00b0c39c68f7e0a851221307d88a63bc31f53f3034e87e192061ec6cae5f15cccaff07c0609986d21d2e09f9bf9845255a3b0
7
- data.tar.gz: 913396747a895659eb7609e278242939895816a9dab7f1e9ad99c0dd17c05e44edf406c8a53347c47d7a6eb2a04feae0e19af99099fc623a16d434ec87abaa78
6
+ metadata.gz: fe3546ac3539741b388c9468bd79b9773b2fbb4a0ed02b71e43b1940008c631232f832e0ec4d93408a3d2a73e7e2ae676b541241798fd2219099c85ebab9267d
7
+ data.tar.gz: 00dbd06226c8481fbd292171b797407a79dee5fa76a20ec90c3f9d4dec3e24d15ad383c4824589084b7f5639644a19c3cfdf8be3ecdbe03ae4162ef3a576fc2c
data/lib/rack/protection/ip_spoofing.rb CHANGED
@@ -13,9 +13,11 @@ module Rack
13
13
 
14
14
  def accepts?(env)
15
15
  return true unless env.include? 'HTTP_X_FORWARDED_FOR'
16
- ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
17
- return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP']
18
- return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP']
16
+
17
+ ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
18
+ return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
19
+ return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])
20
+
19
21
  true
20
22
  end
21
23
  end
data/lib/rack/protection/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Protection
3
- VERSION = '2.2.1'
3
+ VERSION = '2.2.2'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-15 00:00:00.000000000 Z
11
+ date: 2022-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -106,7 +106,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
106
106
  - !ruby/object:Gem::Version
107
107
  version: '0'
108
108
  requirements: []
109
- rubygems_version: 3.0.3.1
109
+ rubyforge_project:
110
+ rubygems_version: 2.7.6.3
110
111
  signing_key:
111
112
  specification_version: 4
112
113
  summary: Protect against typical web attacks, works with all Rack apps, including