rack-sanitize 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.document +5 -0
- data/.gitignore +5 -0
- data/Gemfile +10 -0
- data/Gemfile.lock +23 -0
- data/LICENSE +20 -0
- data/README.rdoc +18 -0
- data/Rakefile +53 -0
- data/VERSION +1 -0
- data/lib/rack/sanitize.rb +30 -0
- data/rack-sanitize.gemspec +69 -0
- data/spec/rack/sanitize_spec.rb +73 -0
- data/spec/spec.opts +4 -0
- data/spec/spec_helper.rb +29 -0
- metadata +152 -0
data/.document
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
GEM
|
2
|
+
remote: http://rubygems.org/
|
3
|
+
specs:
|
4
|
+
activesupport (3.0.0.rc2)
|
5
|
+
nokogiri (1.4.3.1)
|
6
|
+
rack (1.2.1)
|
7
|
+
rack-test (0.5.4)
|
8
|
+
rack (>= 1.0)
|
9
|
+
rspec (1.3.0)
|
10
|
+
sanitize (1.2.0)
|
11
|
+
nokogiri (~> 1.4.1)
|
12
|
+
sinatra (1.0)
|
13
|
+
rack (>= 1.0)
|
14
|
+
|
15
|
+
PLATFORMS
|
16
|
+
ruby
|
17
|
+
|
18
|
+
DEPENDENCIES
|
19
|
+
activesupport (~> 3.0.0.rc2)
|
20
|
+
rack-test (~> 0.5.4)
|
21
|
+
rspec (~> 1.3.0)
|
22
|
+
sanitize (~> 1.2.0)
|
23
|
+
sinatra (~> 1.0)
|
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 robotapocalypse
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
= rack-sanitize
|
2
|
+
|
3
|
+
Description goes here.
|
4
|
+
|
5
|
+
== Note on Patches/Pull Requests
|
6
|
+
|
7
|
+
* Fork the project.
|
8
|
+
* Make your feature addition or bug fix.
|
9
|
+
* Add tests for it. This is important so I don't break it in a
|
10
|
+
future version unintentionally.
|
11
|
+
* Commit, do not mess with rakefile, version, or history.
|
12
|
+
(if you want to have your own version, that is fine but
|
13
|
+
bump version in a commit by itself I can ignore when I pull)
|
14
|
+
* Send me a pull request. Bonus points for topic branches.
|
15
|
+
|
16
|
+
== Copyright
|
17
|
+
|
18
|
+
Copyright (c) 2009 robotapocalypse. See LICENSE for details.
|
data/Rakefile
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
|
4
|
+
begin
|
5
|
+
require 'jeweler'
|
6
|
+
Jeweler::Tasks.new do |gem|
|
7
|
+
gem.name = "rack-sanitize"
|
8
|
+
gem.summary = %Q{Rack middleware to sanitize GET and POST parameters}
|
9
|
+
gem.description = %Q{Remove all malicious HTML from your request before it reaches your application}
|
10
|
+
gem.email = "pherph@gmail.com"
|
11
|
+
gem.homepage = "http://github.com/robotapocalypse/rack-sanitize"
|
12
|
+
gem.authors = ["robotapocalypse"]
|
13
|
+
gem.add_dependency "sanitize", "~>1.2.0"
|
14
|
+
gem.add_development_dependency "rspec", "~>1.3.0"
|
15
|
+
gem.add_development_dependency "rack-test", "~>0.5.4"
|
16
|
+
gem.add_development_dependency "sinatra", "~>1.0"
|
17
|
+
gem.add_development_dependency "activesupport", "~>3.0.0.rc2"
|
18
|
+
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
19
|
+
end
|
20
|
+
Jeweler::GemcutterTasks.new
|
21
|
+
rescue LoadError
|
22
|
+
puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
|
23
|
+
end
|
24
|
+
|
25
|
+
require 'spec/rake/spectask'
|
26
|
+
Spec::Rake::SpecTask.new(:spec) do |spec|
|
27
|
+
spec.libs << 'lib' << 'spec'
|
28
|
+
spec.spec_files = FileList['spec/**/*_spec.rb']
|
29
|
+
end
|
30
|
+
|
31
|
+
Spec::Rake::SpecTask.new(:rcov) do |spec|
|
32
|
+
spec.libs << 'lib' << 'spec'
|
33
|
+
spec.pattern = 'spec/**/*_spec.rb'
|
34
|
+
spec.rcov = true
|
35
|
+
end
|
36
|
+
|
37
|
+
task :spec => :check_dependencies
|
38
|
+
|
39
|
+
task :default => :spec
|
40
|
+
|
41
|
+
require 'rake/rdoctask'
|
42
|
+
Rake::RDocTask.new do |rdoc|
|
43
|
+
if File.exist?('VERSION')
|
44
|
+
version = File.read('VERSION')
|
45
|
+
else
|
46
|
+
version = ""
|
47
|
+
end
|
48
|
+
|
49
|
+
rdoc.rdoc_dir = 'rdoc'
|
50
|
+
rdoc.title = "rack-sanitize #{version}"
|
51
|
+
rdoc.rdoc_files.include('README*')
|
52
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
53
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.0.1
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'sanitize'
|
2
|
+
|
3
|
+
module Rack
|
4
|
+
class Sanitize
|
5
|
+
def initialize(app, config={})
|
6
|
+
@app = app
|
7
|
+
@config = config
|
8
|
+
end
|
9
|
+
|
10
|
+
def call(env)
|
11
|
+
request = Rack::Request.new(env)
|
12
|
+
request.GET.each {|k,v| request.GET[k] = sanitize(v)}
|
13
|
+
request.POST.each {|k,v| request.POST[k] = sanitize(v)}
|
14
|
+
@app.call(env)
|
15
|
+
end
|
16
|
+
|
17
|
+
private
|
18
|
+
|
19
|
+
def sanitize(value)
|
20
|
+
if value.is_a?(Hash)
|
21
|
+
value.each {|k,v| value[k] = sanitize(v)}
|
22
|
+
elsif value.is_a?(Array)
|
23
|
+
value.map {|v| sanitize(v)}
|
24
|
+
elsif value.is_a?(String)
|
25
|
+
::Sanitize.clean(value, @config)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{rack-sanitize}
|
8
|
+
s.version = "0.0.1"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["robotapocalypse"]
|
12
|
+
s.date = %q{2010-08-29}
|
13
|
+
s.description = %q{Remove all malicious HTML from your request before it reaches your application}
|
14
|
+
s.email = %q{pherph@gmail.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"LICENSE",
|
17
|
+
"README.rdoc"
|
18
|
+
]
|
19
|
+
s.files = [
|
20
|
+
".document",
|
21
|
+
".gitignore",
|
22
|
+
"Gemfile",
|
23
|
+
"Gemfile.lock",
|
24
|
+
"LICENSE",
|
25
|
+
"README.rdoc",
|
26
|
+
"Rakefile",
|
27
|
+
"VERSION",
|
28
|
+
"lib/rack/sanitize.rb",
|
29
|
+
"rack-sanitize.gemspec",
|
30
|
+
"spec/rack/sanitize_spec.rb",
|
31
|
+
"spec/spec.opts",
|
32
|
+
"spec/spec_helper.rb"
|
33
|
+
]
|
34
|
+
s.homepage = %q{http://github.com/robotapocalypse/rack-sanitize}
|
35
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
36
|
+
s.require_paths = ["lib"]
|
37
|
+
s.rubygems_version = %q{1.3.7}
|
38
|
+
s.summary = %q{Rack middleware to sanitize GET and POST parameters}
|
39
|
+
s.test_files = [
|
40
|
+
"spec/rack/sanitize_spec.rb",
|
41
|
+
"spec/spec_helper.rb"
|
42
|
+
]
|
43
|
+
|
44
|
+
if s.respond_to? :specification_version then
|
45
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
46
|
+
s.specification_version = 3
|
47
|
+
|
48
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
49
|
+
s.add_runtime_dependency(%q<sanitize>, ["~> 1.2.0"])
|
50
|
+
s.add_development_dependency(%q<rspec>, ["~> 1.3.0"])
|
51
|
+
s.add_development_dependency(%q<rack-test>, ["~> 0.5.4"])
|
52
|
+
s.add_development_dependency(%q<sinatra>, ["~> 1.0"])
|
53
|
+
s.add_development_dependency(%q<activesupport>, ["~> 3.0.0.rc2"])
|
54
|
+
else
|
55
|
+
s.add_dependency(%q<sanitize>, ["~> 1.2.0"])
|
56
|
+
s.add_dependency(%q<rspec>, ["~> 1.3.0"])
|
57
|
+
s.add_dependency(%q<rack-test>, ["~> 0.5.4"])
|
58
|
+
s.add_dependency(%q<sinatra>, ["~> 1.0"])
|
59
|
+
s.add_dependency(%q<activesupport>, ["~> 3.0.0.rc2"])
|
60
|
+
end
|
61
|
+
else
|
62
|
+
s.add_dependency(%q<sanitize>, ["~> 1.2.0"])
|
63
|
+
s.add_dependency(%q<rspec>, ["~> 1.3.0"])
|
64
|
+
s.add_dependency(%q<rack-test>, ["~> 0.5.4"])
|
65
|
+
s.add_dependency(%q<sinatra>, ["~> 1.0"])
|
66
|
+
s.add_dependency(%q<activesupport>, ["~> 3.0.0.rc2"])
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
@@ -0,0 +1,73 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../spec_helper'
|
2
|
+
|
3
|
+
describe Rack::Sanitize do
|
4
|
+
it "should sanitize GETs" do
|
5
|
+
get '/get', {"a" => "ok", "okie" => %Q{<script src="http://iammalicious.com">dokie</script>}}
|
6
|
+
last_response.body.should == "GETs: a=ok&okie=dokie"
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should sanitize POSTs" do
|
10
|
+
post '/post', {"a" => "ok", "okie" => %Q{<script src="http://iammalicious.com">dokie</script>}}
|
11
|
+
last_response.body.should == "POSTs: a=ok&okie=dokie"
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should sanitize nested parameters" do
|
15
|
+
params = {
|
16
|
+
"parent" => {
|
17
|
+
"a" => {"okay" => %Q{<script src="http://iammalicious.com">arsehole</script>}},
|
18
|
+
"okie" => %Q{<script src="http://iammalicious.com">dokie</script>}
|
19
|
+
}
|
20
|
+
}
|
21
|
+
|
22
|
+
get '/get', params
|
23
|
+
last_response.body.should == "GETs: parent[a][okay]=arsehole&parent[okie]=dokie"
|
24
|
+
|
25
|
+
post '/post', params
|
26
|
+
last_response.body.should == "POSTs: parent[a][okay]=arsehole&parent[okie]=dokie"
|
27
|
+
end
|
28
|
+
|
29
|
+
it "should sanitize elements in an array" do
|
30
|
+
params = {
|
31
|
+
"person" => {
|
32
|
+
"pets" => [
|
33
|
+
{"dog" => "<script>woof</script>"},
|
34
|
+
{"cat" => "<script>meow</script>"}
|
35
|
+
]
|
36
|
+
},
|
37
|
+
"beer" => ["<script>porter</script>", "pilsner"]
|
38
|
+
}
|
39
|
+
|
40
|
+
get '/get', params
|
41
|
+
last_response.body.should == "GETs: person[pets][][dog]=woof&person[pets][][cat]=meow&beer[]=porter&beer[]=pilsner"
|
42
|
+
|
43
|
+
post '/post', params
|
44
|
+
last_response.body.should == "POSTs: person[pets][][dog]=woof&person[pets][][cat]=meow&beer[]=porter&beer[]=pilsner"
|
45
|
+
end
|
46
|
+
|
47
|
+
it "should allow the sanitize configuration to be set" do
|
48
|
+
@app = Rack::Builder.app do
|
49
|
+
use Rack::Sanitize, Sanitize::Config::RELAXED
|
50
|
+
run PotentialVictim
|
51
|
+
end
|
52
|
+
|
53
|
+
params = {"image" => %Q{<img src="/hello.jpg" />}}
|
54
|
+
|
55
|
+
get '/get', params
|
56
|
+
last_response.body.should == %Q{GETs: image=<img src="/hello.jpg" />}
|
57
|
+
|
58
|
+
post '/post', params
|
59
|
+
last_response.body.should == %Q{POSTs: image=<img src="/hello.jpg" />}
|
60
|
+
end
|
61
|
+
|
62
|
+
it "should sanitize if the path matches" do
|
63
|
+
|
64
|
+
end
|
65
|
+
|
66
|
+
it "should not sanitize if the path does not match" do
|
67
|
+
|
68
|
+
end
|
69
|
+
|
70
|
+
it "should default to sanitizing both GETs and POSTs" do
|
71
|
+
|
72
|
+
end
|
73
|
+
end
|
data/spec/spec.opts
ADDED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
2
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
3
|
+
require 'rack/sanitize'
|
4
|
+
require 'rack/test'
|
5
|
+
require 'spec'
|
6
|
+
require 'spec/autorun'
|
7
|
+
require 'sinatra/base'
|
8
|
+
require 'active_support/core_ext/object/to_query'
|
9
|
+
|
10
|
+
class PotentialVictim < Sinatra::Base
|
11
|
+
get '/get' do
|
12
|
+
"GETs: #{Rack::Utils.unescape(request.GET.to_query)}"
|
13
|
+
end
|
14
|
+
|
15
|
+
post '/post' do
|
16
|
+
"POSTs: #{Rack::Utils.unescape(request.POST.to_query)}"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
Spec::Runner.configure do |config|
|
21
|
+
config.include Rack::Test::Methods
|
22
|
+
|
23
|
+
def app
|
24
|
+
@app ||= Rack::Builder.app do
|
25
|
+
use Rack::Sanitize
|
26
|
+
run PotentialVictim
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
metadata
ADDED
@@ -0,0 +1,152 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rack-sanitize
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 0
|
8
|
+
- 1
|
9
|
+
version: 0.0.1
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- robotapocalypse
|
13
|
+
autorequire:
|
14
|
+
bindir: bin
|
15
|
+
cert_chain: []
|
16
|
+
|
17
|
+
date: 2010-08-29 00:00:00 -06:00
|
18
|
+
default_executable:
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: sanitize
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
none: false
|
25
|
+
requirements:
|
26
|
+
- - ~>
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
segments:
|
29
|
+
- 1
|
30
|
+
- 2
|
31
|
+
- 0
|
32
|
+
version: 1.2.0
|
33
|
+
type: :runtime
|
34
|
+
version_requirements: *id001
|
35
|
+
- !ruby/object:Gem::Dependency
|
36
|
+
name: rspec
|
37
|
+
prerelease: false
|
38
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ~>
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
segments:
|
44
|
+
- 1
|
45
|
+
- 3
|
46
|
+
- 0
|
47
|
+
version: 1.3.0
|
48
|
+
type: :development
|
49
|
+
version_requirements: *id002
|
50
|
+
- !ruby/object:Gem::Dependency
|
51
|
+
name: rack-test
|
52
|
+
prerelease: false
|
53
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
54
|
+
none: false
|
55
|
+
requirements:
|
56
|
+
- - ~>
|
57
|
+
- !ruby/object:Gem::Version
|
58
|
+
segments:
|
59
|
+
- 0
|
60
|
+
- 5
|
61
|
+
- 4
|
62
|
+
version: 0.5.4
|
63
|
+
type: :development
|
64
|
+
version_requirements: *id003
|
65
|
+
- !ruby/object:Gem::Dependency
|
66
|
+
name: sinatra
|
67
|
+
prerelease: false
|
68
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
69
|
+
none: false
|
70
|
+
requirements:
|
71
|
+
- - ~>
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
segments:
|
74
|
+
- 1
|
75
|
+
- 0
|
76
|
+
version: "1.0"
|
77
|
+
type: :development
|
78
|
+
version_requirements: *id004
|
79
|
+
- !ruby/object:Gem::Dependency
|
80
|
+
name: activesupport
|
81
|
+
prerelease: false
|
82
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
83
|
+
none: false
|
84
|
+
requirements:
|
85
|
+
- - ~>
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
segments:
|
88
|
+
- 3
|
89
|
+
- 0
|
90
|
+
- 0
|
91
|
+
- rc2
|
92
|
+
version: 3.0.0.rc2
|
93
|
+
type: :development
|
94
|
+
version_requirements: *id005
|
95
|
+
description: Remove all malicious HTML from your request before it reaches your application
|
96
|
+
email: pherph@gmail.com
|
97
|
+
executables: []
|
98
|
+
|
99
|
+
extensions: []
|
100
|
+
|
101
|
+
extra_rdoc_files:
|
102
|
+
- LICENSE
|
103
|
+
- README.rdoc
|
104
|
+
files:
|
105
|
+
- .document
|
106
|
+
- .gitignore
|
107
|
+
- Gemfile
|
108
|
+
- Gemfile.lock
|
109
|
+
- LICENSE
|
110
|
+
- README.rdoc
|
111
|
+
- Rakefile
|
112
|
+
- VERSION
|
113
|
+
- lib/rack/sanitize.rb
|
114
|
+
- rack-sanitize.gemspec
|
115
|
+
- spec/rack/sanitize_spec.rb
|
116
|
+
- spec/spec.opts
|
117
|
+
- spec/spec_helper.rb
|
118
|
+
has_rdoc: true
|
119
|
+
homepage: http://github.com/robotapocalypse/rack-sanitize
|
120
|
+
licenses: []
|
121
|
+
|
122
|
+
post_install_message:
|
123
|
+
rdoc_options:
|
124
|
+
- --charset=UTF-8
|
125
|
+
require_paths:
|
126
|
+
- lib
|
127
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
128
|
+
none: false
|
129
|
+
requirements:
|
130
|
+
- - ">="
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
segments:
|
133
|
+
- 0
|
134
|
+
version: "0"
|
135
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
136
|
+
none: false
|
137
|
+
requirements:
|
138
|
+
- - ">="
|
139
|
+
- !ruby/object:Gem::Version
|
140
|
+
segments:
|
141
|
+
- 0
|
142
|
+
version: "0"
|
143
|
+
requirements: []
|
144
|
+
|
145
|
+
rubyforge_project:
|
146
|
+
rubygems_version: 1.3.7
|
147
|
+
signing_key:
|
148
|
+
specification_version: 3
|
149
|
+
summary: Rack middleware to sanitize GET and POST parameters
|
150
|
+
test_files:
|
151
|
+
- spec/rack/sanitize_spec.rb
|
152
|
+
- spec/spec_helper.rb
|