rack-protection 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of rack-protection might be problematic. Click here for more details.

@@ -11,6 +11,7 @@ module Rack
11
11
  :message => 'Forbidden', :encryptor => Digest::SHA1,
12
12
  :session_key => 'rack.session', :status => 403,
13
13
  :allow_empty_referrer => true,
14
+ :report_key => "protection.failed",
14
15
  :html_types => %w[text/html application/xhtml]
15
16
  }
16
17
 
@@ -63,6 +64,10 @@ module Rack
63
64
  [options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
64
65
  end
65
66
 
67
+ def report(env)
68
+ env[options[:report_key]] = true
69
+ end
70
+
66
71
  def session?(env)
67
72
  env.include? options[:session_key]
68
73
  end
@@ -4,7 +4,7 @@ module Rack
4
4
  VERSION
5
5
  end
6
6
 
7
- SIGNATURE = [1, 4, 0]
7
+ SIGNATURE = [1, 5, 0]
8
8
  VERSION = SIGNATURE.join('.')
9
9
 
10
10
  VERSION.extend Comparable
@@ -2,7 +2,7 @@
2
2
  Gem::Specification.new do |s|
3
3
  # general infos
4
4
  s.name = "rack-protection"
5
- s.version = "1.4.0"
5
+ s.version = "1.5.0"
6
6
  s.description = "You should use protection!"
7
7
  s.homepage = "http://github.com/rkh/rack-protection"
8
8
  s.summary = s.description
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
16
16
  "Corey Ward",
17
17
  "David Kellum",
18
18
  "Egor Homakov",
19
+ "Florian Gilcher",
19
20
  "Fojas",
20
21
  "Mael Clerambault",
21
22
  "Martin Mauch",
@@ -31,11 +32,11 @@ Gem::Specification.new do |s|
31
32
  s.email = [
32
33
  "konstantin.mailinglists@googlemail.com",
33
34
  "p0deje@gmail.com",
34
- "cheald@gmail.com",
35
35
  "self@hecticjeff.net",
36
36
  "coreyward@me.com",
37
37
  "dek-oss@gravitext.com",
38
38
  "homakov@gmail.com",
39
+ "florian.gilcher@asquera.de",
39
40
  "developer@fojasaur.us",
40
41
  "mael@clerambault.fr",
41
42
  "martin.mauch@gmail.com",
@@ -44,7 +45,8 @@ Gem::Specification.new do |s|
44
45
  "steve.agalloco@gmail.com",
45
46
  "akzhan.abdulin@gmail.com",
46
47
  "toby.net.info.mail+git@gmail.com",
47
- "bjoerge@bengler.no"
48
+ "bjoerge@bengler.no",
49
+ "cheald@gmail.com"
48
50
  ]
49
51
 
50
52
  # generated from git ls-files
@@ -18,6 +18,18 @@ describe Rack::Protection do
18
18
  session.should be_empty
19
19
  end
20
20
 
21
+ it 'passes errors through if :reaction => :report is used' do
22
+ mock_app do
23
+ use Rack::Protection, :reaction => :report
24
+ run proc { |e| [200, {'Content-Type' => 'text/plain'}, [e["protection.failed"].to_s]] }
25
+ end
26
+
27
+ session = {:foo => :bar}
28
+ post('/', {}, 'rack.session' => session, 'HTTP_ORIGIN' => 'http://malicious.com')
29
+ last_response.should be_ok
30
+ body.should == "true"
31
+ end
32
+
21
33
  describe "#html?" do
22
34
  context "given an appropriate content-type header" do
23
35
  subject { Rack::Protection::Base.new(nil).html? 'content-type' => "text/html" }
metadata CHANGED
@@ -1,15 +1,10 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rack-protection
3
- version: !ruby/object:Gem::Version
4
- hash: 7
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.5.0
5
5
  prerelease:
6
- segments:
7
- - 1
8
- - 4
9
- - 0
10
- version: 1.4.0
11
6
  platform: ruby
12
- authors:
7
+ authors:
13
8
  - Konstantin Haase
14
9
  - Alex Rodionov
15
10
  - Chris Heald
@@ -17,6 +12,7 @@ authors:
17
12
  - Corey Ward
18
13
  - David Kellum
19
14
  - Egor Homakov
15
+ - Florian Gilcher
20
16
  - Fojas
21
17
  - Mael Clerambault
22
18
  - Martin Mauch
@@ -25,66 +21,69 @@ authors:
25
21
  - Steve Agalloco
26
22
  - Akzhan Abdulin
27
23
  - TOBY
28
- - Bju00F8rge Nu00E6ss
24
+ - Bjørge Næss
29
25
  autorequire:
30
26
  bindir: bin
31
27
  cert_chain: []
32
-
33
- date: 2013-03-01 00:00:00 +11:00
34
- default_executable:
35
- dependencies:
36
- - !ruby/object:Gem::Dependency
28
+ date: 2013-03-13 00:00:00.000000000 Z
29
+ dependencies:
30
+ - !ruby/object:Gem::Dependency
37
31
  name: rack
38
- prerelease: false
39
- requirement: &id001 !ruby/object:Gem::Requirement
32
+ requirement: !ruby/object:Gem::Requirement
40
33
  none: false
41
- requirements:
42
- - - ">="
43
- - !ruby/object:Gem::Version
44
- hash: 3
45
- segments:
46
- - 0
47
- version: "0"
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
48
38
  type: :runtime
49
- version_requirements: *id001
50
- - !ruby/object:Gem::Dependency
51
- name: rack-test
52
39
  prerelease: false
53
- requirement: &id002 !ruby/object:Gem::Requirement
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ - !ruby/object:Gem::Dependency
47
+ name: rack-test
48
+ requirement: !ruby/object:Gem::Requirement
54
49
  none: false
55
- requirements:
56
- - - ">="
57
- - !ruby/object:Gem::Version
58
- hash: 3
59
- segments:
60
- - 0
61
- version: "0"
50
+ requirements:
51
+ - - ! '>='
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
62
54
  type: :development
63
- version_requirements: *id002
64
- - !ruby/object:Gem::Dependency
65
- name: rspec
66
55
  prerelease: false
67
- requirement: &id003 !ruby/object:Gem::Requirement
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ! '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ - !ruby/object:Gem::Dependency
63
+ name: rspec
64
+ requirement: !ruby/object:Gem::Requirement
68
65
  none: false
69
- requirements:
66
+ requirements:
70
67
  - - ~>
71
- - !ruby/object:Gem::Version
72
- hash: 3
73
- segments:
74
- - 2
75
- - 0
76
- version: "2.0"
68
+ - !ruby/object:Gem::Version
69
+ version: '2.0'
77
70
  type: :development
78
- version_requirements: *id003
71
+ prerelease: false
72
+ version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - ~>
76
+ - !ruby/object:Gem::Version
77
+ version: '2.0'
79
78
  description: You should use protection!
80
- email:
79
+ email:
81
80
  - konstantin.mailinglists@googlemail.com
82
81
  - p0deje@gmail.com
83
- - cheald@gmail.com
84
82
  - self@hecticjeff.net
85
83
  - coreyward@me.com
86
84
  - dek-oss@gravitext.com
87
85
  - homakov@gmail.com
86
+ - florian.gilcher@asquera.de
88
87
  - developer@fojasaur.us
89
88
  - mael@clerambault.fr
90
89
  - martin.mauch@gmail.com
@@ -94,13 +93,11 @@ email:
94
93
  - akzhan.abdulin@gmail.com
95
94
  - toby.net.info.mail+git@gmail.com
96
95
  - bjoerge@bengler.no
96
+ - cheald@gmail.com
97
97
  executables: []
98
-
99
98
  extensions: []
100
-
101
99
  extra_rdoc_files: []
102
-
103
- files:
100
+ files:
104
101
  - License
105
102
  - README.md
106
103
  - Rakefile
@@ -135,39 +132,29 @@ files:
135
132
  - spec/session_hijacking_spec.rb
136
133
  - spec/spec_helper.rb
137
134
  - spec/xss_header_spec.rb
138
- has_rdoc: true
139
135
  homepage: http://github.com/rkh/rack-protection
140
136
  licenses: []
141
-
142
137
  post_install_message:
143
138
  rdoc_options: []
144
-
145
- require_paths:
139
+ require_paths:
146
140
  - lib
147
- required_ruby_version: !ruby/object:Gem::Requirement
141
+ required_ruby_version: !ruby/object:Gem::Requirement
148
142
  none: false
149
- requirements:
150
- - - ">="
151
- - !ruby/object:Gem::Version
152
- hash: 3
153
- segments:
154
- - 0
155
- version: "0"
156
- required_rubygems_version: !ruby/object:Gem::Requirement
143
+ requirements:
144
+ - - ! '>='
145
+ - !ruby/object:Gem::Version
146
+ version: '0'
147
+ required_rubygems_version: !ruby/object:Gem::Requirement
157
148
  none: false
158
- requirements:
159
- - - ">="
160
- - !ruby/object:Gem::Version
161
- hash: 3
162
- segments:
163
- - 0
164
- version: "0"
149
+ requirements:
150
+ - - ! '>='
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
165
153
  requirements: []
166
-
167
154
  rubyforge_project:
168
- rubygems_version: 1.6.2
155
+ rubygems_version: 1.8.23
169
156
  signing_key:
170
157
  specification_version: 3
171
158
  summary: You should use protection!
172
159
  test_files: []
173
-
160
+ has_rdoc: