rack-protection 3.0.5 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +3 -4
- data/README.md +2 -0
- data/lib/rack/protection/base.rb +7 -1
- data/lib/rack/protection/version.rb +1 -1
- data/rack-protection.gemspec +6 -7
- metadata +21 -29
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7640a15f8659807abd53474e7ce538a42e476e4bd99dc745f3b9b8c16161c008
|
|
4
|
+
data.tar.gz: '05468ec6c8113d3afce2df62221e4c866616999700c30ba3ef94a2705b11138b'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eeaff5e584a8ee3be6c80dc92c67fcc95bdbb97b084509ed90ca9ad524598fba63690cfa372586edd27940cd609fa44210637e9c95fbf1191e1a5cc297f222ac
|
|
7
|
+
data.tar.gz: 26e2160d65b6015c7aaa52266b7241d15f645eb259d1371b864b3e2b6a3b1fbef841e62304bc8e39a83fab1a52ddb0c3455a51385a9a451c833cbed91b75d00a
|
data/Gemfile
CHANGED
|
@@ -4,14 +4,13 @@ source 'https://rubygems.org'
|
|
|
4
4
|
# encoding: utf-8
|
|
5
5
|
|
|
6
6
|
gem 'rake'
|
|
7
|
+
gem 'rspec', '~> 3'
|
|
7
8
|
|
|
8
9
|
rack_version = ENV['rack'].to_s
|
|
9
10
|
rack_version = nil if rack_version.empty? || (rack_version == 'stable')
|
|
10
|
-
rack_version = { github: 'rack/rack' } if rack_version == '
|
|
11
|
+
rack_version = { github: 'rack/rack' } if rack_version == 'head'
|
|
11
12
|
gem 'rack', rack_version
|
|
12
13
|
|
|
13
|
-
gem 'sinatra', path: '..'
|
|
14
|
-
|
|
15
14
|
gemspec
|
|
16
15
|
|
|
17
|
-
gem 'rack-test'
|
|
16
|
+
gem 'rack-test'
|
data/README.md
CHANGED
|
@@ -74,6 +74,7 @@ Prevented by:
|
|
|
74
74
|
## Cookie Tossing
|
|
75
75
|
|
|
76
76
|
Prevented by:
|
|
77
|
+
|
|
77
78
|
* [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`)
|
|
78
79
|
|
|
79
80
|
## IP Spoofing
|
|
@@ -95,6 +96,7 @@ Prevented by:
|
|
|
95
96
|
# Instrumentation
|
|
96
97
|
|
|
97
98
|
Instrumentation is enabled by passing in an instrumenter as an option.
|
|
99
|
+
|
|
98
100
|
```
|
|
99
101
|
use Rack::Protection, instrumenter: ActiveSupport::Notifications
|
|
100
102
|
```
|
data/lib/rack/protection/base.rb
CHANGED
|
@@ -93,7 +93,13 @@ module Rack
|
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
def drop_session(env)
|
|
96
|
-
|
|
96
|
+
return unless session? env
|
|
97
|
+
|
|
98
|
+
session(env).clear
|
|
99
|
+
|
|
100
|
+
return if ["1", "true"].include?(ENV["RACK_PROTECTION_SILENCE_DROP_SESSION_WARNING"])
|
|
101
|
+
|
|
102
|
+
warn env, "session dropped by #{self.class}"
|
|
97
103
|
end
|
|
98
104
|
|
|
99
105
|
def referrer(env)
|
data/rack-protection.gemspec
CHANGED
|
@@ -6,9 +6,9 @@ Gem::Specification.new do |s|
|
|
|
6
6
|
# general infos
|
|
7
7
|
s.name = 'rack-protection'
|
|
8
8
|
s.version = version
|
|
9
|
-
s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails
|
|
10
|
-
s.homepage = '
|
|
11
|
-
s.summary = s.description
|
|
9
|
+
s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails'
|
|
10
|
+
s.homepage = 'https://sinatrarb.com/protection/'
|
|
11
|
+
s.summary = "#{s.description}."
|
|
12
12
|
s.license = 'MIT'
|
|
13
13
|
s.authors = ['https://github.com/sinatra/sinatra/graphs/contributors']
|
|
14
14
|
s.email = 'sinatrarb@googlegroups.com'
|
|
@@ -30,7 +30,7 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
|
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
s.metadata = {
|
|
33
|
-
'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/
|
|
33
|
+
'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/main/rack-protection',
|
|
34
34
|
'homepage_uri' => 'http://sinatrarb.com/protection/',
|
|
35
35
|
'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
|
|
36
36
|
'rubygems_mfa_required' => 'true'
|
|
@@ -39,7 +39,6 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
|
|
|
39
39
|
s.required_ruby_version = '>= 2.6.0'
|
|
40
40
|
|
|
41
41
|
# dependencies
|
|
42
|
-
s.add_dependency '
|
|
43
|
-
s.
|
|
44
|
-
s.add_development_dependency 'rspec', '~> 3'
|
|
42
|
+
s.add_dependency 'base64', '>= 0.1.0'
|
|
43
|
+
s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
|
|
45
44
|
end
|
metadata
CHANGED
|
@@ -1,59 +1,51 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-protection
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- https://github.com/sinatra/sinatra/graphs/contributors
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-12-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: base64
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 0.1.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 0.1.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: rack
|
|
28
|
+
name: rack
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '2'
|
|
34
|
-
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - "~>"
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '2'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: rspec
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - "~>"
|
|
33
|
+
version: '2.2'
|
|
34
|
+
- - ">="
|
|
46
35
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
48
|
-
type: :
|
|
36
|
+
version: 2.2.4
|
|
37
|
+
type: :runtime
|
|
49
38
|
prerelease: false
|
|
50
39
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
40
|
requirements:
|
|
52
41
|
- - "~>"
|
|
53
42
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
43
|
+
version: '2.2'
|
|
44
|
+
- - ">="
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: 2.2.4
|
|
55
47
|
description: Protect against typical web attacks, works with all Rack apps, including
|
|
56
|
-
Rails
|
|
48
|
+
Rails
|
|
57
49
|
email: sinatrarb@googlegroups.com
|
|
58
50
|
executables: []
|
|
59
51
|
extensions: []
|
|
@@ -87,15 +79,15 @@ files:
|
|
|
87
79
|
- lib/rack/protection/xss_header.rb
|
|
88
80
|
- lib/rack_protection.rb
|
|
89
81
|
- rack-protection.gemspec
|
|
90
|
-
homepage:
|
|
82
|
+
homepage: https://sinatrarb.com/protection/
|
|
91
83
|
licenses:
|
|
92
84
|
- MIT
|
|
93
85
|
metadata:
|
|
94
|
-
source_code_uri: https://github.com/sinatra/sinatra/tree/
|
|
86
|
+
source_code_uri: https://github.com/sinatra/sinatra/tree/main/rack-protection
|
|
95
87
|
homepage_uri: http://sinatrarb.com/protection/
|
|
96
88
|
documentation_uri: https://www.rubydoc.info/gems/rack-protection
|
|
97
89
|
rubygems_mfa_required: 'true'
|
|
98
|
-
post_install_message:
|
|
90
|
+
post_install_message:
|
|
99
91
|
rdoc_options: []
|
|
100
92
|
require_paths:
|
|
101
93
|
- lib
|
|
@@ -110,8 +102,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
110
102
|
- !ruby/object:Gem::Version
|
|
111
103
|
version: '0'
|
|
112
104
|
requirements: []
|
|
113
|
-
rubygems_version: 3.
|
|
114
|
-
signing_key:
|
|
105
|
+
rubygems_version: 3.5.3
|
|
106
|
+
signing_key:
|
|
115
107
|
specification_version: 4
|
|
116
108
|
summary: Protect against typical web attacks, works with all Rack apps, including
|
|
117
109
|
Rails.
|