rack-protection 3.0.5 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +3 -4
  3. data/README.md +2 -0
  4. data/lib/rack/protection/base.rb +7 -1
  5. data/lib/rack/protection/version.rb +1 -1
  6. data/rack-protection.gemspec +6 -7
  7. metadata +21 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7fef35d427c0ff406165fdf913c53089e65f94d759aaf5610aebd5ef0c43cd30
4
- data.tar.gz: 4a458e4fada2015274bde82e4209bfe4c94618227fc7a2dc8df198258c1b7404
3
+ metadata.gz: 7640a15f8659807abd53474e7ce538a42e476e4bd99dc745f3b9b8c16161c008
4
+ data.tar.gz: '05468ec6c8113d3afce2df62221e4c866616999700c30ba3ef94a2705b11138b'
5
5
  SHA512:
6
- metadata.gz: e8b1ba3b66ae172be989c43133f111fbe416706df83735f51aa785146242bbab8e55c5b0fa4667dff165ac462db518c1209f9957ec3bf95744da1dc4881cd5c9
7
- data.tar.gz: cd46380780ad4c7078a6fc31f46cfaa6dda79bcbf2b47cf6e973592d85c35d4ef1c0bff5fee0b910e29e5cb579307447eae4d4c5880f2440586ee204a9d37da8
6
+ metadata.gz: eeaff5e584a8ee3be6c80dc92c67fcc95bdbb97b084509ed90ca9ad524598fba63690cfa372586edd27940cd609fa44210637e9c95fbf1191e1a5cc297f222ac
7
+ data.tar.gz: 26e2160d65b6015c7aaa52266b7241d15f645eb259d1371b864b3e2b6a3b1fbef841e62304bc8e39a83fab1a52ddb0c3455a51385a9a451c833cbed91b75d00a
data/Gemfile CHANGED
@@ -4,14 +4,13 @@ source 'https://rubygems.org'
4
4
  # encoding: utf-8
5
5
 
6
6
  gem 'rake'
7
+ gem 'rspec', '~> 3'
7
8
 
8
9
  rack_version = ENV['rack'].to_s
9
10
  rack_version = nil if rack_version.empty? || (rack_version == 'stable')
10
- rack_version = { github: 'rack/rack' } if rack_version == 'main'
11
+ rack_version = { github: 'rack/rack' } if rack_version == 'head'
11
12
  gem 'rack', rack_version
12
13
 
13
- gem 'sinatra', path: '..'
14
-
15
14
  gemspec
16
15
 
17
- gem 'rack-test', github: 'rack/rack-test'
16
+ gem 'rack-test'
data/README.md CHANGED
@@ -74,6 +74,7 @@ Prevented by:
74
74
  ## Cookie Tossing
75
75
 
76
76
  Prevented by:
77
+
77
78
  * [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use Rack::Protection`)
78
79
 
79
80
  ## IP Spoofing
@@ -95,6 +96,7 @@ Prevented by:
95
96
  # Instrumentation
96
97
 
97
98
  Instrumentation is enabled by passing in an instrumenter as an option.
99
+
98
100
  ```
99
101
  use Rack::Protection, instrumenter: ActiveSupport::Notifications
100
102
  ```
data/lib/rack/protection/base.rb CHANGED
@@ -93,7 +93,13 @@ module Rack
93
93
  end
94
94
 
95
95
  def drop_session(env)
96
- session(env).clear if session? env
96
+ return unless session? env
97
+
98
+ session(env).clear
99
+
100
+ return if ["1", "true"].include?(ENV["RACK_PROTECTION_SILENCE_DROP_SESSION_WARNING"])
101
+
102
+ warn env, "session dropped by #{self.class}"
97
103
  end
98
104
 
99
105
  def referrer(env)
data/lib/rack/protection/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rack
4
4
  module Protection
5
- VERSION = '3.0.4'
5
+ VERSION = '3.2.0'
6
6
  end
7
7
  end
data/rack-protection.gemspec CHANGED
@@ -6,9 +6,9 @@ Gem::Specification.new do |s|
6
6
  # general infos
7
7
  s.name = 'rack-protection'
8
8
  s.version = version
9
- s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails.'
10
- s.homepage = 'http://sinatrarb.com/protection/'
11
- s.summary = s.description
9
+ s.description = 'Protect against typical web attacks, works with all Rack apps, including Rails'
10
+ s.homepage = 'https://sinatrarb.com/protection/'
11
+ s.summary = "#{s.description}."
12
12
  s.license = 'MIT'
13
13
  s.authors = ['https://github.com/sinatra/sinatra/graphs/contributors']
14
14
  s.email = 'sinatrarb@googlegroups.com'
@@ -30,7 +30,7 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
30
30
  end
31
31
 
32
32
  s.metadata = {
33
- 'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/master/rack-protection',
33
+ 'source_code_uri' => 'https://github.com/sinatra/sinatra/tree/main/rack-protection',
34
34
  'homepage_uri' => 'http://sinatrarb.com/protection/',
35
35
  'documentation_uri' => 'https://www.rubydoc.info/gems/rack-protection',
36
36
  'rubygems_mfa_required' => 'true'
@@ -39,7 +39,6 @@ RubyGems 2.0 or newer is required to protect against public gem pushes. You can
39
39
  s.required_ruby_version = '>= 2.6.0'
40
40
 
41
41
  # dependencies
42
- s.add_dependency 'rack'
43
- s.add_development_dependency 'rack-test', '~> 2'
44
- s.add_development_dependency 'rspec', '~> 3'
42
+ s.add_dependency 'base64', '>= 0.1.0'
43
+ s.add_dependency 'rack', '~> 2.2', '>= 2.2.4'
45
44
  end
metadata CHANGED
@@ -1,59 +1,51 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.5
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - https://github.com/sinatra/sinatra/graphs/contributors
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-16 00:00:00.000000000 Z
11
+ date: 2023-12-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rack
14
+ name: base64
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: 0.1.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: 0.1.0
27
27
  - !ruby/object:Gem::Dependency
28
- name: rack-test
28
+ name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '2'
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '2'
41
- - !ruby/object:Gem::Dependency
42
- name: rspec
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - "~>"
33
+ version: '2.2'
34
+ - - ">="
46
35
  - !ruby/object:Gem::Version
47
- version: '3'
48
- type: :development
36
+ version: 2.2.4
37
+ type: :runtime
49
38
  prerelease: false
50
39
  version_requirements: !ruby/object:Gem::Requirement
51
40
  requirements:
52
41
  - - "~>"
53
42
  - !ruby/object:Gem::Version
54
- version: '3'
43
+ version: '2.2'
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: 2.2.4
55
47
  description: Protect against typical web attacks, works with all Rack apps, including
56
- Rails.
48
+ Rails
57
49
  email: sinatrarb@googlegroups.com
58
50
  executables: []
59
51
  extensions: []
@@ -87,15 +79,15 @@ files:
87
79
  - lib/rack/protection/xss_header.rb
88
80
  - lib/rack_protection.rb
89
81
  - rack-protection.gemspec
90
- homepage: http://sinatrarb.com/protection/
82
+ homepage: https://sinatrarb.com/protection/
91
83
  licenses:
92
84
  - MIT
93
85
  metadata:
94
- source_code_uri: https://github.com/sinatra/sinatra/tree/master/rack-protection
86
+ source_code_uri: https://github.com/sinatra/sinatra/tree/main/rack-protection
95
87
  homepage_uri: http://sinatrarb.com/protection/
96
88
  documentation_uri: https://www.rubydoc.info/gems/rack-protection
97
89
  rubygems_mfa_required: 'true'
98
- post_install_message:
90
+ post_install_message:
99
91
  rdoc_options: []
100
92
  require_paths:
101
93
  - lib
@@ -110,8 +102,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
102
  - !ruby/object:Gem::Version
111
103
  version: '0'
112
104
  requirements: []
113
- rubygems_version: 3.2.3
114
- signing_key:
105
+ rubygems_version: 3.5.3
106
+ signing_key:
115
107
  specification_version: 4
116
108
  summary: Protect against typical web attacks, works with all Rack apps, including
117
109
  Rails.