rack-sanitize 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/.document ADDED
@@ -0,0 +1,5 @@
1
+ README.rdoc
2
+ lib/**/*.rb
3
+ bin/*
4
+ features/**/*.feature
5
+ LICENSE
data/.gitignore ADDED
@@ -0,0 +1,5 @@
1
+ *.sw?
2
+ .DS_Store
3
+ coverage
4
+ rdoc
5
+ pkg
data/Gemfile ADDED
@@ -0,0 +1,10 @@
1
+ source :rubygems
2
+
3
+ gem "sanitize", "~>1.2.0"
4
+
5
+ group :test do
6
+ gem "rspec", "~>1.3.0"
7
+ gem "rack-test", "~>0.5.4"
8
+ gem "sinatra", "~>1.0"
9
+ gem "activesupport", "~>3.0.0.rc2"
10
+ end
data/Gemfile.lock ADDED
@@ -0,0 +1,23 @@
1
+ GEM
2
+ remote: http://rubygems.org/
3
+ specs:
4
+ activesupport (3.0.0.rc2)
5
+ nokogiri (1.4.3.1)
6
+ rack (1.2.1)
7
+ rack-test (0.5.4)
8
+ rack (>= 1.0)
9
+ rspec (1.3.0)
10
+ sanitize (1.2.0)
11
+ nokogiri (~> 1.4.1)
12
+ sinatra (1.0)
13
+ rack (>= 1.0)
14
+
15
+ PLATFORMS
16
+ ruby
17
+
18
+ DEPENDENCIES
19
+ activesupport (~> 3.0.0.rc2)
20
+ rack-test (~> 0.5.4)
21
+ rspec (~> 1.3.0)
22
+ sanitize (~> 1.2.0)
23
+ sinatra (~> 1.0)
data/LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2009 robotapocalypse
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.rdoc ADDED
@@ -0,0 +1,18 @@
1
+ = rack-sanitize
2
+
3
+ Description goes here.
4
+
5
+ == Note on Patches/Pull Requests
6
+
7
+ * Fork the project.
8
+ * Make your feature addition or bug fix.
9
+ * Add tests for it. This is important so I don't break it in a
10
+ future version unintentionally.
11
+ * Commit, do not mess with rakefile, version, or history.
12
+ (if you want to have your own version, that is fine but
13
+ bump version in a commit by itself I can ignore when I pull)
14
+ * Send me a pull request. Bonus points for topic branches.
15
+
16
+ == Copyright
17
+
18
+ Copyright (c) 2009 robotapocalypse. See LICENSE for details.
data/Rakefile ADDED
@@ -0,0 +1,53 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+
4
+ begin
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gem|
7
+ gem.name = "rack-sanitize"
8
+ gem.summary = %Q{Rack middleware to sanitize GET and POST parameters}
9
+ gem.description = %Q{Remove all malicious HTML from your request before it reaches your application}
10
+ gem.email = "pherph@gmail.com"
11
+ gem.homepage = "http://github.com/robotapocalypse/rack-sanitize"
12
+ gem.authors = ["robotapocalypse"]
13
+ gem.add_dependency "sanitize", "~>1.2.0"
14
+ gem.add_development_dependency "rspec", "~>1.3.0"
15
+ gem.add_development_dependency "rack-test", "~>0.5.4"
16
+ gem.add_development_dependency "sinatra", "~>1.0"
17
+ gem.add_development_dependency "activesupport", "~>3.0.0.rc2"
18
+ # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
19
+ end
20
+ Jeweler::GemcutterTasks.new
21
+ rescue LoadError
22
+ puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
23
+ end
24
+
25
+ require 'spec/rake/spectask'
26
+ Spec::Rake::SpecTask.new(:spec) do |spec|
27
+ spec.libs << 'lib' << 'spec'
28
+ spec.spec_files = FileList['spec/**/*_spec.rb']
29
+ end
30
+
31
+ Spec::Rake::SpecTask.new(:rcov) do |spec|
32
+ spec.libs << 'lib' << 'spec'
33
+ spec.pattern = 'spec/**/*_spec.rb'
34
+ spec.rcov = true
35
+ end
36
+
37
+ task :spec => :check_dependencies
38
+
39
+ task :default => :spec
40
+
41
+ require 'rake/rdoctask'
42
+ Rake::RDocTask.new do |rdoc|
43
+ if File.exist?('VERSION')
44
+ version = File.read('VERSION')
45
+ else
46
+ version = ""
47
+ end
48
+
49
+ rdoc.rdoc_dir = 'rdoc'
50
+ rdoc.title = "rack-sanitize #{version}"
51
+ rdoc.rdoc_files.include('README*')
52
+ rdoc.rdoc_files.include('lib/**/*.rb')
53
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.0.1
@@ -0,0 +1,30 @@
1
+ require 'sanitize'
2
+
3
+ module Rack
4
+ class Sanitize
5
+ def initialize(app, config={})
6
+ @app = app
7
+ @config = config
8
+ end
9
+
10
+ def call(env)
11
+ request = Rack::Request.new(env)
12
+ request.GET.each {|k,v| request.GET[k] = sanitize(v)}
13
+ request.POST.each {|k,v| request.POST[k] = sanitize(v)}
14
+ @app.call(env)
15
+ end
16
+
17
+ private
18
+
19
+ def sanitize(value)
20
+ if value.is_a?(Hash)
21
+ value.each {|k,v| value[k] = sanitize(v)}
22
+ elsif value.is_a?(Array)
23
+ value.map {|v| sanitize(v)}
24
+ elsif value.is_a?(String)
25
+ ::Sanitize.clean(value, @config)
26
+ end
27
+ end
28
+
29
+ end
30
+ end
@@ -0,0 +1,69 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{rack-sanitize}
8
+ s.version = "0.0.1"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["robotapocalypse"]
12
+ s.date = %q{2010-08-29}
13
+ s.description = %q{Remove all malicious HTML from your request before it reaches your application}
14
+ s.email = %q{pherph@gmail.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ ".gitignore",
22
+ "Gemfile",
23
+ "Gemfile.lock",
24
+ "LICENSE",
25
+ "README.rdoc",
26
+ "Rakefile",
27
+ "VERSION",
28
+ "lib/rack/sanitize.rb",
29
+ "rack-sanitize.gemspec",
30
+ "spec/rack/sanitize_spec.rb",
31
+ "spec/spec.opts",
32
+ "spec/spec_helper.rb"
33
+ ]
34
+ s.homepage = %q{http://github.com/robotapocalypse/rack-sanitize}
35
+ s.rdoc_options = ["--charset=UTF-8"]
36
+ s.require_paths = ["lib"]
37
+ s.rubygems_version = %q{1.3.7}
38
+ s.summary = %q{Rack middleware to sanitize GET and POST parameters}
39
+ s.test_files = [
40
+ "spec/rack/sanitize_spec.rb",
41
+ "spec/spec_helper.rb"
42
+ ]
43
+
44
+ if s.respond_to? :specification_version then
45
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
46
+ s.specification_version = 3
47
+
48
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
49
+ s.add_runtime_dependency(%q<sanitize>, ["~> 1.2.0"])
50
+ s.add_development_dependency(%q<rspec>, ["~> 1.3.0"])
51
+ s.add_development_dependency(%q<rack-test>, ["~> 0.5.4"])
52
+ s.add_development_dependency(%q<sinatra>, ["~> 1.0"])
53
+ s.add_development_dependency(%q<activesupport>, ["~> 3.0.0.rc2"])
54
+ else
55
+ s.add_dependency(%q<sanitize>, ["~> 1.2.0"])
56
+ s.add_dependency(%q<rspec>, ["~> 1.3.0"])
57
+ s.add_dependency(%q<rack-test>, ["~> 0.5.4"])
58
+ s.add_dependency(%q<sinatra>, ["~> 1.0"])
59
+ s.add_dependency(%q<activesupport>, ["~> 3.0.0.rc2"])
60
+ end
61
+ else
62
+ s.add_dependency(%q<sanitize>, ["~> 1.2.0"])
63
+ s.add_dependency(%q<rspec>, ["~> 1.3.0"])
64
+ s.add_dependency(%q<rack-test>, ["~> 0.5.4"])
65
+ s.add_dependency(%q<sinatra>, ["~> 1.0"])
66
+ s.add_dependency(%q<activesupport>, ["~> 3.0.0.rc2"])
67
+ end
68
+ end
69
+
@@ -0,0 +1,73 @@
1
+ require File.dirname(__FILE__) + '/../spec_helper'
2
+
3
+ describe Rack::Sanitize do
4
+ it "should sanitize GETs" do
5
+ get '/get', {"a" => "ok", "okie" => %Q{<script src="http://iammalicious.com">dokie</script>}}
6
+ last_response.body.should == "GETs: a=ok&okie=dokie"
7
+ end
8
+
9
+ it "should sanitize POSTs" do
10
+ post '/post', {"a" => "ok", "okie" => %Q{<script src="http://iammalicious.com">dokie</script>}}
11
+ last_response.body.should == "POSTs: a=ok&okie=dokie"
12
+ end
13
+
14
+ it "should sanitize nested parameters" do
15
+ params = {
16
+ "parent" => {
17
+ "a" => {"okay" => %Q{<script src="http://iammalicious.com">arsehole</script>}},
18
+ "okie" => %Q{<script src="http://iammalicious.com">dokie</script>}
19
+ }
20
+ }
21
+
22
+ get '/get', params
23
+ last_response.body.should == "GETs: parent[a][okay]=arsehole&parent[okie]=dokie"
24
+
25
+ post '/post', params
26
+ last_response.body.should == "POSTs: parent[a][okay]=arsehole&parent[okie]=dokie"
27
+ end
28
+
29
+ it "should sanitize elements in an array" do
30
+ params = {
31
+ "person" => {
32
+ "pets" => [
33
+ {"dog" => "<script>woof</script>"},
34
+ {"cat" => "<script>meow</script>"}
35
+ ]
36
+ },
37
+ "beer" => ["<script>porter</script>", "pilsner"]
38
+ }
39
+
40
+ get '/get', params
41
+ last_response.body.should == "GETs: person[pets][][dog]=woof&person[pets][][cat]=meow&beer[]=porter&beer[]=pilsner"
42
+
43
+ post '/post', params
44
+ last_response.body.should == "POSTs: person[pets][][dog]=woof&person[pets][][cat]=meow&beer[]=porter&beer[]=pilsner"
45
+ end
46
+
47
+ it "should allow the sanitize configuration to be set" do
48
+ @app = Rack::Builder.app do
49
+ use Rack::Sanitize, Sanitize::Config::RELAXED
50
+ run PotentialVictim
51
+ end
52
+
53
+ params = {"image" => %Q{<img src="/hello.jpg" />}}
54
+
55
+ get '/get', params
56
+ last_response.body.should == %Q{GETs: image=<img src="/hello.jpg" />}
57
+
58
+ post '/post', params
59
+ last_response.body.should == %Q{POSTs: image=<img src="/hello.jpg" />}
60
+ end
61
+
62
+ it "should sanitize if the path matches" do
63
+
64
+ end
65
+
66
+ it "should not sanitize if the path does not match" do
67
+
68
+ end
69
+
70
+ it "should default to sanitizing both GETs and POSTs" do
71
+
72
+ end
73
+ end
data/spec/spec.opts ADDED
@@ -0,0 +1,4 @@
1
+ --colour
2
+ --format progress
3
+ --loadby mtime
4
+ --reverse
@@ -0,0 +1,29 @@
1
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
2
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
3
+ require 'rack/sanitize'
4
+ require 'rack/test'
5
+ require 'spec'
6
+ require 'spec/autorun'
7
+ require 'sinatra/base'
8
+ require 'active_support/core_ext/object/to_query'
9
+
10
+ class PotentialVictim < Sinatra::Base
11
+ get '/get' do
12
+ "GETs: #{Rack::Utils.unescape(request.GET.to_query)}"
13
+ end
14
+
15
+ post '/post' do
16
+ "POSTs: #{Rack::Utils.unescape(request.POST.to_query)}"
17
+ end
18
+ end
19
+
20
+ Spec::Runner.configure do |config|
21
+ config.include Rack::Test::Methods
22
+
23
+ def app
24
+ @app ||= Rack::Builder.app do
25
+ use Rack::Sanitize
26
+ run PotentialVictim
27
+ end
28
+ end
29
+ end
metadata ADDED
@@ -0,0 +1,152 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-sanitize
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: false
5
+ segments:
6
+ - 0
7
+ - 0
8
+ - 1
9
+ version: 0.0.1
10
+ platform: ruby
11
+ authors:
12
+ - robotapocalypse
13
+ autorequire:
14
+ bindir: bin
15
+ cert_chain: []
16
+
17
+ date: 2010-08-29 00:00:00 -06:00
18
+ default_executable:
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
21
+ name: sanitize
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
24
+ none: false
25
+ requirements:
26
+ - - ~>
27
+ - !ruby/object:Gem::Version
28
+ segments:
29
+ - 1
30
+ - 2
31
+ - 0
32
+ version: 1.2.0
33
+ type: :runtime
34
+ version_requirements: *id001
35
+ - !ruby/object:Gem::Dependency
36
+ name: rspec
37
+ prerelease: false
38
+ requirement: &id002 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ~>
42
+ - !ruby/object:Gem::Version
43
+ segments:
44
+ - 1
45
+ - 3
46
+ - 0
47
+ version: 1.3.0
48
+ type: :development
49
+ version_requirements: *id002
50
+ - !ruby/object:Gem::Dependency
51
+ name: rack-test
52
+ prerelease: false
53
+ requirement: &id003 !ruby/object:Gem::Requirement
54
+ none: false
55
+ requirements:
56
+ - - ~>
57
+ - !ruby/object:Gem::Version
58
+ segments:
59
+ - 0
60
+ - 5
61
+ - 4
62
+ version: 0.5.4
63
+ type: :development
64
+ version_requirements: *id003
65
+ - !ruby/object:Gem::Dependency
66
+ name: sinatra
67
+ prerelease: false
68
+ requirement: &id004 !ruby/object:Gem::Requirement
69
+ none: false
70
+ requirements:
71
+ - - ~>
72
+ - !ruby/object:Gem::Version
73
+ segments:
74
+ - 1
75
+ - 0
76
+ version: "1.0"
77
+ type: :development
78
+ version_requirements: *id004
79
+ - !ruby/object:Gem::Dependency
80
+ name: activesupport
81
+ prerelease: false
82
+ requirement: &id005 !ruby/object:Gem::Requirement
83
+ none: false
84
+ requirements:
85
+ - - ~>
86
+ - !ruby/object:Gem::Version
87
+ segments:
88
+ - 3
89
+ - 0
90
+ - 0
91
+ - rc2
92
+ version: 3.0.0.rc2
93
+ type: :development
94
+ version_requirements: *id005
95
+ description: Remove all malicious HTML from your request before it reaches your application
96
+ email: pherph@gmail.com
97
+ executables: []
98
+
99
+ extensions: []
100
+
101
+ extra_rdoc_files:
102
+ - LICENSE
103
+ - README.rdoc
104
+ files:
105
+ - .document
106
+ - .gitignore
107
+ - Gemfile
108
+ - Gemfile.lock
109
+ - LICENSE
110
+ - README.rdoc
111
+ - Rakefile
112
+ - VERSION
113
+ - lib/rack/sanitize.rb
114
+ - rack-sanitize.gemspec
115
+ - spec/rack/sanitize_spec.rb
116
+ - spec/spec.opts
117
+ - spec/spec_helper.rb
118
+ has_rdoc: true
119
+ homepage: http://github.com/robotapocalypse/rack-sanitize
120
+ licenses: []
121
+
122
+ post_install_message:
123
+ rdoc_options:
124
+ - --charset=UTF-8
125
+ require_paths:
126
+ - lib
127
+ required_ruby_version: !ruby/object:Gem::Requirement
128
+ none: false
129
+ requirements:
130
+ - - ">="
131
+ - !ruby/object:Gem::Version
132
+ segments:
133
+ - 0
134
+ version: "0"
135
+ required_rubygems_version: !ruby/object:Gem::Requirement
136
+ none: false
137
+ requirements:
138
+ - - ">="
139
+ - !ruby/object:Gem::Version
140
+ segments:
141
+ - 0
142
+ version: "0"
143
+ requirements: []
144
+
145
+ rubyforge_project:
146
+ rubygems_version: 1.3.7
147
+ signing_key:
148
+ specification_version: 3
149
+ summary: Rack middleware to sanitize GET and POST parameters
150
+ test_files:
151
+ - spec/rack/sanitize_spec.rb
152
+ - spec/spec_helper.rb