RubyGems - rack-protection - Versions diffs - 1.4.0 → 1.5.0 - Mend

rack-protection 1.4.0 → 1.5.0

Potentially problematic release.

This version of rack-protection might be problematic. Click here for more details.

Files changed (5) hide show

data/lib/rack/protection/base.rb +5 -0
data/lib/rack/protection/version.rb +1 -1
data/rack-protection.gemspec +5 -3
data/spec/protection_spec.rb +12 -0
metadata +63 -76

data/lib/rack/protection/base.rb CHANGED

@@ -11,6 +11,7 @@ module Rack
         :message     => 'Forbidden',       :encryptor => Digest::SHA1,
         :session_key => 'rack.session',    :status    => 403,
         :allow_empty_referrer => true,
+        :report_key           => "protection.failed",
         :html_types           => %w[text/html application/xhtml]
       }
@@ -63,6 +64,10 @@ module Rack
         [options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
       end
+      def report(env)
+        env[options[:report_key]] = true
+      end
       def session?(env)
         env.include? options[:session_key]
       end

data/lib/rack/protection/version.rb CHANGED

@@ -4,7 +4,7 @@ module Rack
       VERSION
     end
-    SIGNATURE = [1, 4, 0]
+    SIGNATURE = [1, 5, 0]
     VERSION   = SIGNATURE.join('.')
     VERSION.extend Comparable

data/rack-protection.gemspec CHANGED

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "rack-protection"
-  s.version     = "1.4.0"
+  s.version     = "1.5.0"
   s.description = "You should use protection!"
   s.homepage    = "http://github.com/rkh/rack-protection"
   s.summary     = s.description
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
     "Corey Ward",
     "David Kellum",
     "Egor Homakov",
+    "Florian Gilcher",
     "Fojas",
     "Mael Clerambault",
     "Martin Mauch",
@@ -31,11 +32,11 @@ Gem::Specification.new do |s|
   s.email = [
     "konstantin.mailinglists@googlemail.com",
     "p0deje@gmail.com",
-    "cheald@gmail.com",
     "self@hecticjeff.net",
     "coreyward@me.com",
     "dek-oss@gravitext.com",
     "homakov@gmail.com",
+    "florian.gilcher@asquera.de",
     "developer@fojasaur.us",
     "mael@clerambault.fr",
     "martin.mauch@gmail.com",
@@ -44,7 +45,8 @@ Gem::Specification.new do |s|
     "steve.agalloco@gmail.com",
     "akzhan.abdulin@gmail.com",
     "toby.net.info.mail+git@gmail.com",
-    "bjoerge@bengler.no"
+    "bjoerge@bengler.no",
+    "cheald@gmail.com"
   ]
   # generated from git ls-files

data/spec/protection_spec.rb CHANGED

@@ -18,6 +18,18 @@ describe Rack::Protection do
     session.should be_empty
   end
+  it 'passes errors through if :reaction => :report is used' do
+    mock_app do
+      use Rack::Protection, :reaction => :report
+      run proc { |e| [200, {'Content-Type' => 'text/plain'}, [e["protection.failed"].to_s]] }
+    end
+    session = {:foo => :bar}
+    post('/', {}, 'rack.session' => session, 'HTTP_ORIGIN' => 'http://malicious.com')
+    last_response.should be_ok
+    body.should == "true"
+  end
   describe "#html?" do
     context "given an appropriate content-type header" do
       subject { Rack::Protection::Base.new(nil).html? 'content-type' => "text/html" }

metadata CHANGED

@@ -1,15 +1,10 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: rack-protection
-version: !ruby/object:Gem::Version
-  hash: 7
+version: !ruby/object:Gem::Version
+  version: 1.5.0
   prerelease:
-  segments:
-  - 1
-  - 4
-  - 0
-  version: 1.4.0
 platform: ruby
-authors:
+authors:
 - Konstantin Haase
 - Alex Rodionov
 - Chris Heald
@@ -17,6 +12,7 @@ authors:
 - Corey Ward
 - David Kellum
 - Egor Homakov
+- Florian Gilcher
 - Fojas
 - Mael Clerambault
 - Martin Mauch
@@ -25,66 +21,69 @@ authors:
 - Steve Agalloco
 - Akzhan Abdulin
 - TOBY
-- Bju00F8rge Nu00E6ss
+- Bjørge Næss
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-03-01 00:00:00 +11:00
-default_executable:
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2013-03-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rack
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: rack-test
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: rspec
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 2
-        - 0
-        version: "2.0"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
-  version_requirements: *id003
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
 description: You should use protection!
-email:
+email:
 - konstantin.mailinglists@googlemail.com
 - p0deje@gmail.com
-- cheald@gmail.com
 - self@hecticjeff.net
 - coreyward@me.com
 - dek-oss@gravitext.com
 - homakov@gmail.com
+- florian.gilcher@asquera.de
 - developer@fojasaur.us
 - mael@clerambault.fr
 - martin.mauch@gmail.com
@@ -94,13 +93,11 @@ email:
 - akzhan.abdulin@gmail.com
 - toby.net.info.mail+git@gmail.com
 - bjoerge@bengler.no
+- cheald@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - License
 - README.md
 - Rakefile
@@ -135,39 +132,29 @@ files:
 - spec/session_hijacking_spec.rb
 - spec/spec_helper.rb
 - spec/xss_header_spec.rb
-has_rdoc: true
 homepage: http://github.com/rkh/rack-protection
 licenses: []
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.6.2
+rubygems_version: 1.8.23
 signing_key:
 specification_version: 3
 summary: You should use protection!
 test_files: []
+has_rdoc: