rack-protection 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack-protection might be problematic. Click here for more details.
- data/lib/rack/protection/base.rb +5 -0
- data/lib/rack/protection/version.rb +1 -1
- data/rack-protection.gemspec +5 -3
- data/spec/protection_spec.rb +12 -0
- metadata +63 -76
data/lib/rack/protection/base.rb
CHANGED
@@ -11,6 +11,7 @@ module Rack
|
|
11
11
|
:message => 'Forbidden', :encryptor => Digest::SHA1,
|
12
12
|
:session_key => 'rack.session', :status => 403,
|
13
13
|
:allow_empty_referrer => true,
|
14
|
+
:report_key => "protection.failed",
|
14
15
|
:html_types => %w[text/html application/xhtml]
|
15
16
|
}
|
16
17
|
|
@@ -63,6 +64,10 @@ module Rack
|
|
63
64
|
[options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
|
64
65
|
end
|
65
66
|
|
67
|
+
def report(env)
|
68
|
+
env[options[:report_key]] = true
|
69
|
+
end
|
70
|
+
|
66
71
|
def session?(env)
|
67
72
|
env.include? options[:session_key]
|
68
73
|
end
|
data/rack-protection.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
Gem::Specification.new do |s|
|
3
3
|
# general infos
|
4
4
|
s.name = "rack-protection"
|
5
|
-
s.version = "1.
|
5
|
+
s.version = "1.5.0"
|
6
6
|
s.description = "You should use protection!"
|
7
7
|
s.homepage = "http://github.com/rkh/rack-protection"
|
8
8
|
s.summary = s.description
|
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
|
|
16
16
|
"Corey Ward",
|
17
17
|
"David Kellum",
|
18
18
|
"Egor Homakov",
|
19
|
+
"Florian Gilcher",
|
19
20
|
"Fojas",
|
20
21
|
"Mael Clerambault",
|
21
22
|
"Martin Mauch",
|
@@ -31,11 +32,11 @@ Gem::Specification.new do |s|
|
|
31
32
|
s.email = [
|
32
33
|
"konstantin.mailinglists@googlemail.com",
|
33
34
|
"p0deje@gmail.com",
|
34
|
-
"cheald@gmail.com",
|
35
35
|
"self@hecticjeff.net",
|
36
36
|
"coreyward@me.com",
|
37
37
|
"dek-oss@gravitext.com",
|
38
38
|
"homakov@gmail.com",
|
39
|
+
"florian.gilcher@asquera.de",
|
39
40
|
"developer@fojasaur.us",
|
40
41
|
"mael@clerambault.fr",
|
41
42
|
"martin.mauch@gmail.com",
|
@@ -44,7 +45,8 @@ Gem::Specification.new do |s|
|
|
44
45
|
"steve.agalloco@gmail.com",
|
45
46
|
"akzhan.abdulin@gmail.com",
|
46
47
|
"toby.net.info.mail+git@gmail.com",
|
47
|
-
"bjoerge@bengler.no"
|
48
|
+
"bjoerge@bengler.no",
|
49
|
+
"cheald@gmail.com"
|
48
50
|
]
|
49
51
|
|
50
52
|
# generated from git ls-files
|
data/spec/protection_spec.rb
CHANGED
@@ -18,6 +18,18 @@ describe Rack::Protection do
|
|
18
18
|
session.should be_empty
|
19
19
|
end
|
20
20
|
|
21
|
+
it 'passes errors through if :reaction => :report is used' do
|
22
|
+
mock_app do
|
23
|
+
use Rack::Protection, :reaction => :report
|
24
|
+
run proc { |e| [200, {'Content-Type' => 'text/plain'}, [e["protection.failed"].to_s]] }
|
25
|
+
end
|
26
|
+
|
27
|
+
session = {:foo => :bar}
|
28
|
+
post('/', {}, 'rack.session' => session, 'HTTP_ORIGIN' => 'http://malicious.com')
|
29
|
+
last_response.should be_ok
|
30
|
+
body.should == "true"
|
31
|
+
end
|
32
|
+
|
21
33
|
describe "#html?" do
|
22
34
|
context "given an appropriate content-type header" do
|
23
35
|
subject { Rack::Protection::Base.new(nil).html? 'content-type' => "text/html" }
|
metadata
CHANGED
@@ -1,15 +1,10 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-protection
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.5.0
|
5
5
|
prerelease:
|
6
|
-
segments:
|
7
|
-
- 1
|
8
|
-
- 4
|
9
|
-
- 0
|
10
|
-
version: 1.4.0
|
11
6
|
platform: ruby
|
12
|
-
authors:
|
7
|
+
authors:
|
13
8
|
- Konstantin Haase
|
14
9
|
- Alex Rodionov
|
15
10
|
- Chris Heald
|
@@ -17,6 +12,7 @@ authors:
|
|
17
12
|
- Corey Ward
|
18
13
|
- David Kellum
|
19
14
|
- Egor Homakov
|
15
|
+
- Florian Gilcher
|
20
16
|
- Fojas
|
21
17
|
- Mael Clerambault
|
22
18
|
- Martin Mauch
|
@@ -25,66 +21,69 @@ authors:
|
|
25
21
|
- Steve Agalloco
|
26
22
|
- Akzhan Abdulin
|
27
23
|
- TOBY
|
28
|
-
-
|
24
|
+
- Bjørge Næss
|
29
25
|
autorequire:
|
30
26
|
bindir: bin
|
31
27
|
cert_chain: []
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
dependencies:
|
36
|
-
- !ruby/object:Gem::Dependency
|
28
|
+
date: 2013-03-13 00:00:00.000000000 Z
|
29
|
+
dependencies:
|
30
|
+
- !ruby/object:Gem::Dependency
|
37
31
|
name: rack
|
38
|
-
|
39
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
40
33
|
none: false
|
41
|
-
requirements:
|
42
|
-
- -
|
43
|
-
- !ruby/object:Gem::Version
|
44
|
-
|
45
|
-
segments:
|
46
|
-
- 0
|
47
|
-
version: "0"
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
48
38
|
type: :runtime
|
49
|
-
version_requirements: *id001
|
50
|
-
- !ruby/object:Gem::Dependency
|
51
|
-
name: rack-test
|
52
39
|
prerelease: false
|
53
|
-
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: rack-test
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
54
49
|
none: false
|
55
|
-
requirements:
|
56
|
-
- -
|
57
|
-
- !ruby/object:Gem::Version
|
58
|
-
|
59
|
-
segments:
|
60
|
-
- 0
|
61
|
-
version: "0"
|
50
|
+
requirements:
|
51
|
+
- - ! '>='
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
62
54
|
type: :development
|
63
|
-
version_requirements: *id002
|
64
|
-
- !ruby/object:Gem::Dependency
|
65
|
-
name: rspec
|
66
55
|
prerelease: false
|
67
|
-
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ! '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: rspec
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
68
65
|
none: false
|
69
|
-
requirements:
|
66
|
+
requirements:
|
70
67
|
- - ~>
|
71
|
-
- !ruby/object:Gem::Version
|
72
|
-
|
73
|
-
segments:
|
74
|
-
- 2
|
75
|
-
- 0
|
76
|
-
version: "2.0"
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '2.0'
|
77
70
|
type: :development
|
78
|
-
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ~>
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '2.0'
|
79
78
|
description: You should use protection!
|
80
|
-
email:
|
79
|
+
email:
|
81
80
|
- konstantin.mailinglists@googlemail.com
|
82
81
|
- p0deje@gmail.com
|
83
|
-
- cheald@gmail.com
|
84
82
|
- self@hecticjeff.net
|
85
83
|
- coreyward@me.com
|
86
84
|
- dek-oss@gravitext.com
|
87
85
|
- homakov@gmail.com
|
86
|
+
- florian.gilcher@asquera.de
|
88
87
|
- developer@fojasaur.us
|
89
88
|
- mael@clerambault.fr
|
90
89
|
- martin.mauch@gmail.com
|
@@ -94,13 +93,11 @@ email:
|
|
94
93
|
- akzhan.abdulin@gmail.com
|
95
94
|
- toby.net.info.mail+git@gmail.com
|
96
95
|
- bjoerge@bengler.no
|
96
|
+
- cheald@gmail.com
|
97
97
|
executables: []
|
98
|
-
|
99
98
|
extensions: []
|
100
|
-
|
101
99
|
extra_rdoc_files: []
|
102
|
-
|
103
|
-
files:
|
100
|
+
files:
|
104
101
|
- License
|
105
102
|
- README.md
|
106
103
|
- Rakefile
|
@@ -135,39 +132,29 @@ files:
|
|
135
132
|
- spec/session_hijacking_spec.rb
|
136
133
|
- spec/spec_helper.rb
|
137
134
|
- spec/xss_header_spec.rb
|
138
|
-
has_rdoc: true
|
139
135
|
homepage: http://github.com/rkh/rack-protection
|
140
136
|
licenses: []
|
141
|
-
|
142
137
|
post_install_message:
|
143
138
|
rdoc_options: []
|
144
|
-
|
145
|
-
require_paths:
|
139
|
+
require_paths:
|
146
140
|
- lib
|
147
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
141
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
148
142
|
none: false
|
149
|
-
requirements:
|
150
|
-
- -
|
151
|
-
- !ruby/object:Gem::Version
|
152
|
-
|
153
|
-
|
154
|
-
- 0
|
155
|
-
version: "0"
|
156
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
143
|
+
requirements:
|
144
|
+
- - ! '>='
|
145
|
+
- !ruby/object:Gem::Version
|
146
|
+
version: '0'
|
147
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
157
148
|
none: false
|
158
|
-
requirements:
|
159
|
-
- -
|
160
|
-
- !ruby/object:Gem::Version
|
161
|
-
|
162
|
-
segments:
|
163
|
-
- 0
|
164
|
-
version: "0"
|
149
|
+
requirements:
|
150
|
+
- - ! '>='
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0'
|
165
153
|
requirements: []
|
166
|
-
|
167
154
|
rubyforge_project:
|
168
|
-
rubygems_version: 1.
|
155
|
+
rubygems_version: 1.8.23
|
169
156
|
signing_key:
|
170
157
|
specification_version: 3
|
171
158
|
summary: You should use protection!
|
172
159
|
test_files: []
|
173
|
-
|
160
|
+
has_rdoc:
|