rack-sanitizer 2.0.0 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/cla.yml +22 -0
- data/lib/rack/sanitizer.rb +9 -6
- data/rack-sanitizer.gemspec +1 -1
- metadata +4 -4
- data/CHANGELOG.md +0 -39
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0963cd5d478e19917c2fec66f99bc1a9f49f436ece2e39a27a533e6b4eecc8fc'
|
|
4
|
+
data.tar.gz: a91279934039be5176b8538d77c4c44a2e442e14514d7f63316f1254dcbc91d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1b9665b889004365211cbdfb62429bd3ae014bc1e99c5781cf4ed4b4ad94973efa650261f8922ce9b70d54286fe02b149e6c09e787dfc3b8252d8530b79bcccf
|
|
7
|
+
data.tar.gz: 5e2e5555c2eccaca2755cfd727cd16fe726b5200a141853f40b55c4732a2f030742e33e511b39ba5f23ef22905fe65e1da38c0f7dc05896067ad7a70c9291f7f
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
name: Contributor License Agreement (CLA)
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request_target:
|
|
5
|
+
types: [opened, synchronize]
|
|
6
|
+
issue_comment:
|
|
7
|
+
types: [created]
|
|
8
|
+
|
|
9
|
+
jobs:
|
|
10
|
+
cla:
|
|
11
|
+
runs-on: ubuntu-latest
|
|
12
|
+
if: |
|
|
13
|
+
(github.event.issue.pull_request
|
|
14
|
+
&& !github.event.issue.pull_request.merged_at
|
|
15
|
+
&& contains(github.event.comment.body, 'signed')
|
|
16
|
+
)
|
|
17
|
+
|| (github.event.pull_request && !github.event.pull_request.merged)
|
|
18
|
+
steps:
|
|
19
|
+
- uses: Shopify/shopify-cla-action@v1
|
|
20
|
+
with:
|
|
21
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
22
|
+
cla-token: ${{ secrets.CLA_TOKEN }}
|
data/lib/rack/sanitizer.rb
CHANGED
|
@@ -5,8 +5,6 @@ require "stringio"
|
|
|
5
5
|
|
|
6
6
|
module Rack
|
|
7
7
|
class Sanitizer
|
|
8
|
-
BAD_REQUEST = [400, { "Content-Type" => "text/plain" }, ["Bad Request"]]
|
|
9
|
-
|
|
10
8
|
# options[:sanitizable_content_types] Array
|
|
11
9
|
# options[:additional_content_types] Array
|
|
12
10
|
def initialize(app, options={})
|
|
@@ -21,7 +19,7 @@ module Rack
|
|
|
21
19
|
begin
|
|
22
20
|
@app.call(env)
|
|
23
21
|
rescue SanitizedRackInput::FailedToReadBody
|
|
24
|
-
return
|
|
22
|
+
return [400, { "Content-Type" => "text/plain" }, ["Bad Request"]]
|
|
25
23
|
end
|
|
26
24
|
end
|
|
27
25
|
|
|
@@ -100,9 +98,14 @@ module Rack
|
|
|
100
98
|
# https://github.com/rack/rack/blob/master/lib/rack/request.rb#L42
|
|
101
99
|
# Logic borrowed from Rack::Request#media_type,#media_type_params,#content_charset
|
|
102
100
|
# Ignoring charset in content type.
|
|
103
|
-
content_type
|
|
104
|
-
|
|
105
|
-
|
|
101
|
+
if content_type = env['CONTENT_TYPE']
|
|
102
|
+
content_type = content_type.split(/[;,]/, 2).first
|
|
103
|
+
if content_type
|
|
104
|
+
content_type.strip!
|
|
105
|
+
content_type.downcase!
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
106
109
|
return unless @sanitizable_content_types.include?(content_type)
|
|
107
110
|
uri_encoded = URI_ENCODED_CONTENT_TYPES.include?(content_type)
|
|
108
111
|
|
data/rack-sanitizer.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-sanitizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jean Boussier
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-04-12 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack
|
|
@@ -84,8 +84,8 @@ files:
|
|
|
84
84
|
- ".editorconfig"
|
|
85
85
|
- ".github/dependabot.yml"
|
|
86
86
|
- ".github/workflows/ci.yml"
|
|
87
|
+
- ".github/workflows/cla.yml"
|
|
87
88
|
- ".gitignore"
|
|
88
|
-
- CHANGELOG.md
|
|
89
89
|
- Gemfile
|
|
90
90
|
- LICENSE.txt
|
|
91
91
|
- README.md
|
|
@@ -113,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
113
113
|
- !ruby/object:Gem::Version
|
|
114
114
|
version: '0'
|
|
115
115
|
requirements: []
|
|
116
|
-
rubygems_version: 3.
|
|
116
|
+
rubygems_version: 3.5.8
|
|
117
117
|
signing_key:
|
|
118
118
|
specification_version: 4
|
|
119
119
|
summary: It is a mordernized and optimized fork of rack-utf8_sanitizer
|
data/CHANGELOG.md
DELETED
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
Changelog
|
|
2
|
-
=========
|
|
3
|
-
|
|
4
|
-
Master
|
|
5
|
-
-------------------------
|
|
6
|
-
|
|
7
|
-
API modifications:
|
|
8
|
-
|
|
9
|
-
Features implemented:
|
|
10
|
-
|
|
11
|
-
Bugs fixed:
|
|
12
|
-
|
|
13
|
-
v1.3.1 (2015-07-09)
|
|
14
|
-
-------------------------
|
|
15
|
-
|
|
16
|
-
Bugs fixed:
|
|
17
|
-
* Make sure Content-Length is adjusted. (Samuel Cochran, #26)
|
|
18
|
-
|
|
19
|
-
v1.3.0 (2015-01-26)
|
|
20
|
-
-------------------------
|
|
21
|
-
|
|
22
|
-
v1.2.4 (2014-11-29)
|
|
23
|
-
-------------------------
|
|
24
|
-
|
|
25
|
-
v1.2.3 (2014-10-08)
|
|
26
|
-
-------------------------
|
|
27
|
-
|
|
28
|
-
v1.2.2 (2014-07-10)
|
|
29
|
-
-------------------------
|
|
30
|
-
|
|
31
|
-
Features implemented:
|
|
32
|
-
* Sanitize request body for all HTTP verbs. (Nathaniel Talbott, #15)
|
|
33
|
-
* Add `application/json` and `text/javascript` as sanitizable content types. (Benjamin Fleischer, #12)
|
|
34
|
-
|
|
35
|
-
Bugs fixed:
|
|
36
|
-
* Ensure Rack::UTF8 Sanitizer is first middleware. (Aaron Renner, #13)
|
|
37
|
-
|
|
38
|
-
v1.2.1 (2014-05-27)
|
|
39
|
-
-------------------------
|