RubyGems - rack-protection - Versions diffs - 1.4.0 → 1.5.0 - Mend

rack-protection 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rack-protection might be problematic. Click here for more details.

Files changed (5) hide show

data/lib/rack/protection/base.rb +5 -0
data/lib/rack/protection/version.rb +1 -1
data/rack-protection.gemspec +5 -3
data/spec/protection_spec.rb +12 -0
metadata +63 -76

data/lib/rack/protection/base.rb CHANGED

@@ -11,6 +11,7 @@ module Rack
         :message     => 'Forbidden',       :encryptor => Digest::SHA1,
         :session_key => 'rack.session',    :status    => 403,
         :allow_empty_referrer => true,
+        :report_key           => "protection.failed",
         :html_types           => %w[text/html application/xhtml]
       }
@@ -63,6 +64,10 @@ module Rack
         [options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
       end
+      def report(env)
+        env[options[:report_key]] = true
+      end
       def session?(env)
         env.include? options[:session_key]
       end

data/lib/rack/protection/version.rb CHANGED

@@ -4,7 +4,7 @@ module Rack
       VERSION
     end
-    SIGNATURE = [1, 4, 0]
+    SIGNATURE = [1, 5, 0]
     VERSION   = SIGNATURE.join('.')
     VERSION.extend Comparable

data/rack-protection.gemspec CHANGED

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "rack-protection"
-  s.version     = "1.4.0"
+  s.version     = "1.5.0"
   s.description = "You should use protection!"
   s.homepage    = "http://github.com/rkh/rack-protection"
   s.summary     = s.description
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
     "Corey Ward",
     "David Kellum",
     "Egor Homakov",
+    "Florian Gilcher",
     "Fojas",
     "Mael Clerambault",
     "Martin Mauch",
@@ -31,11 +32,11 @@ Gem::Specification.new do |s|
   s.email = [
     "konstantin.mailinglists@googlemail.com",
     "p0deje@gmail.com",
-    "cheald@gmail.com",
     "self@hecticjeff.net",
     "coreyward@me.com",
     "dek-oss@gravitext.com",
     "homakov@gmail.com",
+    "florian.gilcher@asquera.de",
     "developer@fojasaur.us",
     "mael@clerambault.fr",
     "martin.mauch@gmail.com",
@@ -44,7 +45,8 @@ Gem::Specification.new do |s|
     "steve.agalloco@gmail.com",
     "akzhan.abdulin@gmail.com",
     "toby.net.info.mail+git@gmail.com",
-    "bjoerge@bengler.no"
+    "bjoerge@bengler.no",
+    "cheald@gmail.com"
   ]
   # generated from git ls-files

data/spec/protection_spec.rb CHANGED

@@ -18,6 +18,18 @@ describe Rack::Protection do
     session.should be_empty
   end
+  it 'passes errors through if :reaction => :report is used' do
+    mock_app do
+      use Rack::Protection, :reaction => :report
+      run proc { |e| [200, {'Content-Type' => 'text/plain'}, [e["protection.failed"].to_s]] }
+    end
+    session = {:foo => :bar}
+    post('/', {}, 'rack.session' => session, 'HTTP_ORIGIN' => 'http://malicious.com')
+    last_response.should be_ok
+    body.should == "true"
+  end
   describe "#html?" do
     context "given an appropriate content-type header" do
       subject { Rack::Protection::Base.new(nil).html? 'content-type' => "text/html" }

metadata CHANGED

@@ -1,15 +1,10 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: rack-protection
-version: !ruby/object:Gem::Version
-  hash: 7
+version: !ruby/object:Gem::Version
+  version: 1.5.0
   prerelease:
-  segments:
-  - 1
-  - 4
-  - 0
-  version: 1.4.0
 platform: ruby
-authors:
+authors:
 - Konstantin Haase
 - Alex Rodionov
 - Chris Heald
@@ -17,6 +12,7 @@ authors:
 - Corey Ward
 - David Kellum
 - Egor Homakov
+- Florian Gilcher
 - Fojas
 - Mael Clerambault
 - Martin Mauch
@@ -25,66 +21,69 @@ authors:
 - Steve Agalloco
 - Akzhan Abdulin
 - TOBY
-- Bju00F8rge Nu00E6ss
+- Bjørge Næss
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-03-01 00:00:00 +11:00
-default_executable:
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2013-03-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rack
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency
-  name: rack-test
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency
-  name: rspec
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 2
-        - 0
-        version: "2.0"
+      - !ruby/object:Gem::Version
+        version: '2.0'
   type: :development
-  version_requirements: *id003
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
 description: You should use protection!
-email:
+email:
 - konstantin.mailinglists@googlemail.com
 - p0deje@gmail.com
-- cheald@gmail.com
 - self@hecticjeff.net
 - coreyward@me.com
 - dek-oss@gravitext.com
 - homakov@gmail.com
+- florian.gilcher@asquera.de
 - developer@fojasaur.us
 - mael@clerambault.fr
 - martin.mauch@gmail.com
@@ -94,13 +93,11 @@ email:
 - akzhan.abdulin@gmail.com
 - toby.net.info.mail+git@gmail.com
 - bjoerge@bengler.no
+- cheald@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - License
 - README.md
 - Rakefile
@@ -135,39 +132,29 @@ files:
 - spec/session_hijacking_spec.rb
 - spec/spec_helper.rb
 - spec/xss_header_spec.rb
-has_rdoc: true
 homepage: http://github.com/rkh/rack-protection
 licenses: []
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.6.2
+rubygems_version: 1.8.23
 signing_key:
 specification_version: 3
 summary: You should use protection!
 test_files: []
+has_rdoc: