rack-protection 2.2.2 → 2.2.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rack/protection/ip_spoofing.rb +5 -3
  3. data/lib/rack/protection/version.rb +1 -1
  4. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa9d7fd8b6dd44cfd54fd833a1679efedfccdf76619d0b01e0aa2057f2e8b586
4
- data.tar.gz: f0541b4bf7e3cc865bdca886de807968787e90a26ca4fcd3ff3787496e64a9de
3
+ metadata.gz: 329a83327187635894cd3f8530c6e96b6cac29e8e28b1a8db0f1339cffa07a23
4
+ data.tar.gz: da8bea5ddeab7426d74fe977b7856a78c10f397da94b5769f5f72b83d5e0a1b1
5
5
  SHA512:
6
- metadata.gz: 89f4d7bd2b9ee4a1e51fb9a7d9699f0d1d3881a82bb3b8813527f6ce8cce96274462fd502e8df4d5f6b21cbf2d79da9bd69bff6a4e6e7e289e69aa7cb4e18893
7
- data.tar.gz: 381cdab10dffb59181caef1a80b46e9d584e1f20fa602843f1649164bbd16d44cbfd5ba5aef2ebd0a447e52fad7437644d29188e98b9998a19a4377abbc0051f
6
+ metadata.gz: 6e4e35ae58ac6f131cff279bf7e68770eb87253d40c518980e1b44abbd9fbc7deb8952618e92289631d3641dd627ffb57f1963562536e8164aba2357544f36d6
7
+ data.tar.gz: 26b2c4e7413a6bf68386c474173ccad34ed7334064d4f262dfc0e04f546edc61b1de6ec95ca151544decbb1962957d85907734c38566b7e1b2501e6254d4956f
data/lib/rack/protection/ip_spoofing.rb CHANGED
@@ -13,9 +13,11 @@ module Rack
13
13
 
14
14
  def accepts?(env)
15
15
  return true unless env.include? 'HTTP_X_FORWARDED_FOR'
16
- ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
17
- return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP']
18
- return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP']
16
+
17
+ ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
18
+ return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
19
+ return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])
20
+
19
21
  true
20
22
  end
21
23
  end
data/lib/rack/protection/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module Protection
3
- VERSION = '2.2.1'
3
+ VERSION = '2.2.3'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.2
4
+ version: 2.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-23 00:00:00.000000000 Z
11
+ date: 2022-12-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -106,7 +106,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
106
106
  - !ruby/object:Gem::Version
107
107
  version: '0'
108
108
  requirements: []
109
- rubygems_version: 3.0.3.1
109
+ rubyforge_project:
110
+ rubygems_version: 2.7.6.3
110
111
  signing_key:
111
112
  specification_version: 4
112
113
  summary: Protect against typical web attacks, works with all Rack apps, including