rack-sanitizer 2.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f8c301a4677ff19611734f3460a73bb4600cbdc01e0a60104aab3aff8e67e15c
+  data.tar.gz: 338dee798f354fc9ff31785dc47495c57ffc86f33c0090d4cf615a8b693f5a8b
+SHA512:
+  metadata.gz: af51bf36db0f9e02320fe38ba99c30cbe08222f7e1ab051eecd87314e67ba128f72cbca8e08862a96f9b5cec6bfb19089bbadf336438d9828369386e74a5e8e5
+  data.tar.gz: 4b22ddc4c638da994926ccfd9f77ea2a3961e32bd2d66bad35bfa7d7064c38d8696e688b18f0b3e39d56f9650fd1a5f899bb081c8baf6dcc3e5b2cc2e9c10bc3

data/.editorconfig

@@ -0,0 +1,17 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+indent_style = space
+indent_size = 2
+
+[*.y{a,}ml]
+indent_style = space
+indent_size = 2

data/.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

data/.github/workflows/ci.yml

@@ -0,0 +1,23 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2", ruby-head, jruby-9.2, jruby-9.3, jruby-head]
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        bundler-cache: true # 'bundle install' and cache gems
+        ruby-version: ${{ matrix.ruby }}
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/CHANGELOG.md

@@ -0,0 +1,39 @@
+Changelog
+=========
+
+Master
+-------------------------
+
+API modifications:
+
+Features implemented:
+
+Bugs fixed:
+
+v1.3.1 (2015-07-09)
+-------------------------
+
+Bugs fixed:
+  * Make sure Content-Length is adjusted. (Samuel Cochran, #26)
+
+v1.3.0 (2015-01-26)
+-------------------------
+
+v1.2.4 (2014-11-29)
+-------------------------
+
+v1.2.3 (2014-10-08)
+-------------------------
+
+v1.2.2 (2014-07-10)
+-------------------------
+
+Features implemented:
+  * Sanitize request body for all HTTP verbs. (Nathaniel Talbott, #15)
+  * Add `application/json` and `text/javascript` as sanitizable content types. (Benjamin Fleischer, #12)
+
+Bugs fixed:
+  * Ensure Rack::UTF8 Sanitizer is first middleware. (Aaron Renner, #13)
+
+v1.2.1 (2014-05-27)
+-------------------------

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rack-sanitizer.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Peter Zotov
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,119 @@
+# Rack::Sanitizer
+
+Rack::Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers. Additionally,
+it cleans up invalid UTF8 characters in the request body (depending on the configurable content type filters) by reading
+the input into a string, sanitizing the string, then replacing the Rack input stream with a rewindable input stream backed
+by the sanitized string.
+
+It is a mordernized and optimized fork of rack-utf8_sanitizer
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rack-sanitizer'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rack-sanitizer
+
+For Rails, add this to your `application.rb`:
+
+``` ruby
+config.middleware.insert 0, Rack::Sanitizer
+```
+
+For Rack apps, add this to `config.ru`:
+
+``` ruby
+use Rack::Sanitizer
+```
+
+## Usage
+
+Rack::Sanitizer divides all keys in the [Rack environment](http://rack.rubyforge.org/doc/SPEC.html) in two distinct groups: keys which contain raw data and the ones with percent-encoded data. The fields which are treated as percent-encoded are: `SCRIPT_NAME`, `REQUEST_PATH`, `REQUEST_URI`, `PATH_INFO`, `QUERY_STRING`, `HTTP_REFERER`.
+
+The generic sanitization algorithm is as follows:
+
+  1. Force the encoding to UTF-8.
+  2. If the result contains invalid characters:
+      1. Force the encoding to ASCII8-BIT.
+      2. Re-encode it as UTF-8, replacing invalid and undefined characters as U+FFFD.
+
+For fields with "raw data", the algorithm is applied once and the (UTF-8 encoded) result is left in the environment.
+
+For fields with "percent-encoded data", the algorithm is applied twice to catch both invalid characters appearing as-is and invalid characters appearing in the percent encoding. The percent encoded, ASCII-8BIT encoded result is left in the environment.
+
+### Sanitizable content types
+
+The default content types to be sanitized are 'text/plain', 'application/x-www-form-urlencoded', 'application/json', 'text/javascript'. You may wish to modify this, for example if your app accepts specific or custom media types in the CONTENT_TYPE header. If you want to change the sanitizable content types, you can pass options when using Rack::Sanitizer.
+
+To add sanitizable content types to the list of defaults, pass the `additional_content_types` options when using Rack::Sanitizer, e.g.
+
+    config.middleware.insert 0, Rack::Sanitizer, additional_content_types: ['application/vnd.api+json']
+
+To explicitly set sanitizable content types and override the defaults, use the `sanitizable_content_types` option:
+
+    config.middleware.insert 0, Rack::Sanitizer, sanitizable_content_types: ['application/vnd.api+json']
+
+### Strategies
+
+There are two built in strategies for handling invalid characters. The default strategy is `:replace`, which will cause any invalid characters to be replaces with the unicode replacement character (�). The second built in strategy is `:exception` which will cause an `EncodingError` exception to be raised if invalid characters are found (the exception can then be handled by another Rack middleware).
+
+This is an example of handling the `:exception` strategy with additional middleware:
+
+```ruby
+require "./your/middleware/directory/rack_sanitizer_exception_handler.rb"
+
+config.middleware.insert 0, Rack::SanitizerExceptionHandler
+config.middleware.insert_after Rack::SanitizerExceptionHandler, Rack::Sanitizer, strategy: :exception
+```
+
+Note: The exception handling middleware must be inserted before `Rack::Sanitizer`
+
+```ruby
+module Rack
+  class SanitizerExceptionHandler
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @app.call(env)
+    rescue EncodingError => exception
+      # OPTIONAL: Add error logging service of your choice here
+      return [400, {}, ["Bad Request"]]
+    end
+  end
+end
+```
+
+An object that responds to `#call` and accepts the offending string with invalid characters as an argument can also be passed as a `:strategy`. This is how you can define custom strategies.
+
+```ruby
+config.middleware.insert 0, Rack::Sanitizer, strategy: :exception
+```
+
+```ruby
+replace_string = lambda do |_invalid|
+  Rails.logger.warn('Replacing invalid string')
+
+  '<Bad Encoding>'.freeze
+end
+
+config.middleware.insert 0, Rack::Sanitizer, strategy: replace_string
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+To run the tests, run `rake spec` in the project directory.

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+
+task :default => :spec
+
+desc "Run tests"
+task :spec do
+  sh 'bacon -a'
+end

data/lib/rack/sanitizer.rb

@@ -0,0 +1,273 @@
+# frozen_string_literal: true
+
+require "uri"
+require "stringio"
+
+module Rack
+  class Sanitizer
+    BAD_REQUEST = [400, { "Content-Type" => "text/plain" }, ["Bad Request"]]
+
+    # options[:sanitizable_content_types] Array
+    # options[:additional_content_types] Array
+    def initialize(app, options={})
+      @app = app
+      @strategy = build_strategy(options)
+      @sanitizable_content_types = options[:sanitizable_content_types]
+      @sanitizable_content_types ||= SANITIZABLE_CONTENT_TYPES + (options[:additional_content_types] || [])
+    end
+
+    def call(env)
+      env = sanitize(env)
+      begin
+        @app.call(env)
+      rescue SanitizedRackInput::FailedToReadBody
+        return BAD_REQUEST
+      end
+    end
+
+    DEFAULT_STRATEGIES = {
+      replace: lambda do |input|
+        input.
+          force_encoding(Encoding::ASCII_8BIT).
+          encode!(Encoding::UTF_8,
+                  invalid: :replace,
+                  undef:   :replace)
+        input
+      end,
+      exception: lambda do |input|
+        input.
+          force_encoding(Encoding::ASCII_8BIT).
+          encode!(Encoding::UTF_8)
+        input
+      end
+    }.freeze
+
+    # https://github.com/rack/rack/blob/main/SPEC.rdoc
+    URI_FIELDS  = %w(
+        SCRIPT_NAME
+        REQUEST_PATH REQUEST_URI PATH_INFO
+        QUERY_STRING
+        HTTP_REFERER
+        ORIGINAL_FULLPATH
+        ORIGINAL_SCRIPT_NAME
+        SERVER_NAME
+    ).freeze
+
+    SANITIZABLE_CONTENT_TYPES = %w(
+      text/plain
+      application/x-www-form-urlencoded
+      application/json
+      text/javascript
+    ).freeze
+
+    URI_ENCODED_CONTENT_TYPES = %w(
+      application/x-www-form-urlencoded
+    ).freeze
+
+    def sanitize(env)
+      sanitize_rack_input(env)
+      sanitize_cookies(env)
+      env.each do |key, value|
+        if URI_FIELDS.include?(key)
+          if value.frozen?
+            env[key] = sanitize_uri_encoded_string(value.dup).freeze
+          else
+            env[key] = sanitize_uri_encoded_string(value)
+          end
+        elsif key.to_s.start_with?("HTTP_")
+          # Just sanitize the headers and leave them in UTF-8. There is
+          # no reason to have UTF-8 in headers, but if it's valid, let it be.
+          if value.frozen?
+            env[key] = sanitize_string(value.dup).freeze
+          else
+            env[key] = sanitize_string(value)
+          end
+        end
+      end
+    end
+
+    private
+
+    def build_strategy(options)
+      strategy = options.fetch(:strategy) { :replace }
+
+      return strategy unless DEFAULT_STRATEGIES.key?(strategy)
+
+      DEFAULT_STRATEGIES[strategy]
+    end
+
+    def sanitize_rack_input(env)
+      # https://github.com/rack/rack/blob/master/lib/rack/request.rb#L42
+      # Logic borrowed from Rack::Request#media_type,#media_type_params,#content_charset
+      # Ignoring charset in content type.
+      content_type   = env['CONTENT_TYPE']
+      content_type &&= content_type.split(/\s*[;,]\s*/, 2).first
+      content_type &&= content_type.downcase
+      return unless @sanitizable_content_types.include?(content_type)
+      uri_encoded = URI_ENCODED_CONTENT_TYPES.include?(content_type)
+
+      if env['rack.input']
+        env['rack.input'] = SanitizedRackInput.new(
+          env['rack.input'],
+          env,
+          uri_encoded,
+          @strategy
+        )
+      end
+    end
+
+    # Cookies need to be split and then sanitized as url encoded strings
+    # since the cookie string itself is not url encoded (separated by `;`),
+    # and the normal method of `sanitize_uri_encoded_string` would break
+    # later cookie parsing in the case that a cookie value contained an
+    # encoded `;`.
+    def sanitize_cookies(env)
+      return unless env['HTTP_COOKIE']
+
+      env['HTTP_COOKIE'] = env['HTTP_COOKIE']
+        .split(/[;,] */n)
+        .map { |cookie| sanitize_uri_encoded_string(cookie) }
+        .join('; ')
+    end
+
+    module Sanitizers
+      private
+
+      # URI.encode/decode expect the input to be in ASCII-8BIT.
+      # However, there could be invalid UTF-8 characters both in
+      # raw and percent-encoded form.
+      #
+      # So, first sanitize the value, then percent-decode it while
+      # treating as UTF-8, then sanitize the result and encode it back.
+      #
+      # The result is guaranteed to be UTF-8-safe.
+      def sanitize_uri_encoded_string(input)
+        return input if input.nil?
+        decoded_value = decode_string(input)
+        reencode_string(decoded_value)
+      end
+
+      def reencode_string(decoded_value)
+        escape_unreserved(
+          sanitize_string(decoded_value))
+      end
+
+      def decode_string(input)
+        unescape_unreserved(
+          sanitize_string(input).
+            force_encoding(Encoding::ASCII_8BIT))
+      end
+
+      # RFC3986, 2.2 states that the characters from 'reserved' group must be
+      # protected during normalization (which is what Rack::Sanitizer does).
+      #
+      # However, the regexp approach used by URI.unescape is not sophisticated
+      # enough for our task.
+      def unescape_unreserved(input)
+        input.gsub(/%([a-f\d]{2})/i) do |encoded|
+          decoded = $1.hex.chr
+
+          # This regexp matches all 'unreserved' characters from RFC3986 (2.3),
+          # plus all multibyte UTF-8 characters.
+          if decoded.match?(/[A-Za-z0-9\-._~\x80-\xFF]/n)
+            decoded
+          else
+            encoded
+          end
+        end
+      end
+
+      # Performs the reverse function of `unescape_unreserved`. Unlike
+      # the previous function, we can reuse the logic in URI#encode
+      def escape_unreserved(input)
+        # This regexp matches unsafe characters, i.e. everything except 'reserved'
+        # and 'unreserved' characters from RFC3986 (2.3), and additionally '%',
+        # as percent-encoded unreserved characters could be left over from the
+        # `unescape_unreserved` invocation.
+        #
+        # See also URI::REGEXP::PATTERN::{UNRESERVED,RESERVED}.
+        URI::DEFAULT_PARSER.escape(input, /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]%]/)
+      end
+
+      def sanitize_string(input)
+        if input.is_a? String
+          input = input.force_encoding(Encoding::UTF_8)
+
+          if input.valid_encoding?
+            input
+          else
+            @strategy.call(input)
+          end
+        else
+          input
+        end
+      end
+    end
+
+    include Sanitizers
+
+    class SanitizedRackInput
+      FailedToReadBody = Class.new(Exception)
+
+      include Sanitizers
+
+      def initialize(original_io, env, uri_encoded, strategy)
+        @original_io = original_io
+        @uri_encoded = uri_encoded
+        @env = env
+        @strategy = strategy
+        @sanitized_io = nil
+      end
+
+      def gets
+        sanitized_io.gets
+      end
+
+      def read(*args)
+        sanitized_io.read(*args)
+      end
+
+      def each(&block)
+        sanitized_io.each(&block)
+      end
+
+      def rewind
+        sanitized_io.rewind
+      end
+
+      def size
+        # StringIO#size is bytesize
+        sanitized_io.size
+      end
+
+      def close
+        @sanitized_io&.close
+        @original_io.close if @original_io.respond_to?(:close)
+      end
+
+      private
+
+      UTF8_BOM = "\xef\xbb\xbf".b.freeze
+      UTF8_BOM_SIZE = UTF8_BOM.bytesize
+
+      def sanitized_io
+        @sanitized_io ||= begin
+          content_length = @env['CONTENT_LENGTH']&.to_i
+          input = content_length && content_length >= 0 ? @original_io.read(content_length) : @original_io.read
+          if input.start_with?(UTF8_BOM)
+            input = input.byteslice(UTF8_BOM_SIZE..-1)
+          end
+
+          input = sanitize_string(input)
+          if @uri_encoded
+            input = sanitize_uri_encoded_string(input).force_encoding(Encoding::UTF_8)
+          end
+          @env['CONTENT_LENGTH'] &&= input.bytesize.to_s
+          StringIO.new(input)
+        end
+      rescue ::EOFError => error
+        raise FailedToReadBody, error.message
+      end
+    end
+  end
+end

data/rack-sanitizer.gemspec

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |gem|
+  gem.name          = "rack-sanitizer"
+  gem.version       = '2.0.0'
+  gem.authors       = ["Jean Boussier", "whitequark"]
+  gem.license       = "MIT"
+  gem.email         = ["jean.boussier@gmail.org"]
+  gem.description   = %{Rack::Sanitizer is a Rack middleware which cleans up } <<
+                      %{invalid UTF8 characters in request URI and headers.}
+  gem.summary       = "It is a mordernized and optimized fork of rack-utf8_sanitizer"
+  gem.homepage      = "http://github.com/Shopify/rack-sanitizer"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.metadata["allowed_push_host"] = "https://rubygems.org/"
+
+  gem.required_ruby_version = '>= 2.5'
+
+  gem.add_dependency             "rack", '>= 1.0', '< 4.0'
+
+  gem.add_development_dependency "bacon"
+  gem.add_development_dependency "bacon-colored_output"
+  gem.add_development_dependency "rake"
+end

data/test/test_sanitizer.rb

@@ -0,0 +1,526 @@
+# encoding:ascii-8bit
+
+require 'bacon/colored_output'
+require 'cgi'
+require 'rack/sanitizer'
+
+describe Rack::Sanitizer do
+  before do
+    @app = Rack::Sanitizer.new(-> env { env["rack.input"]&.size; env })
+  end
+
+  shared :does_sanitize_plain do
+    it "sanitizes plaintext entity (HTTP_USER_AGENT)" do
+      env    = @app.({ "HTTP_USER_AGENT" => @plain_input })
+      result = env["HTTP_USER_AGENT"]
+
+      result.encoding.should == Encoding::UTF_8
+      result.should.be.valid_encoding
+    end
+  end
+
+  shared :does_sanitize_uri do
+    it "sanitizes URI-like entity (REQUEST_PATH)" do
+      env    = @app.({ "REQUEST_PATH" => @uri_input })
+      result = env["REQUEST_PATH"]
+
+      result.encoding.should == Encoding::US_ASCII
+      result.should.be.valid_encoding
+    end
+  end
+
+  describe "with invalid host input" do
+    it "sanitizes host entity (SERVER_NAME)" do
+      host   = "host\xD0".force_encoding('UTF-8')
+      env    = @app.({ "SERVER_NAME" => host })
+      result = env["SERVER_NAME"]
+
+      result.encoding.should == Encoding::US_ASCII
+      result.should.be.valid_encoding
+    end
+  end
+
+  describe "with invalid UTF-8 input" do
+    before do
+      @plain_input = "foo\xe0".force_encoding('UTF-8')
+      @uri_input   = "http://bar/foo%E0".force_encoding('UTF-8')
+    end
+
+    behaves_like :does_sanitize_plain
+    behaves_like :does_sanitize_uri
+  end
+
+  describe "with invalid, incorrectly percent-encoded UTF-8 URI input" do
+    before do
+      @uri_input   = "http://bar/foo%E0\xe0".force_encoding('UTF-8')
+    end
+
+    behaves_like :does_sanitize_uri
+  end
+
+  describe "with invalid ASCII-8BIT input" do
+    before do
+      @plain_input = "foo\xe0"
+      @uri_input   = "http://bar/foo%E0"
+    end
+
+    behaves_like :does_sanitize_plain
+    behaves_like :does_sanitize_uri
+  end
+
+  describe "with invalid, incorrectly percent-encoded ASCII-8BIT URI input" do
+    before do
+      @uri_input   = "http://bar/foo%E0\xe0"
+    end
+
+    behaves_like :does_sanitize_uri
+  end
+
+  shared :identity_plain do
+    it "does not change plaintext entity (HTTP_USER_AGENT)" do
+      env    = @app.({ "HTTP_USER_AGENT" => @plain_input })
+      result = env["HTTP_USER_AGENT"]
+
+      result.encoding.should == Encoding::UTF_8
+      result.should.be.valid_encoding
+      result.should == @plain_input
+    end
+  end
+
+  shared :identity_uri do
+    it "does not change URI-like entity (REQUEST_PATH)" do
+      env    = @app.({ "REQUEST_PATH" => @uri_input })
+      result = env["REQUEST_PATH"]
+
+      result.encoding.should == Encoding::US_ASCII
+      result.should.be.valid_encoding
+      result.should == @uri_input
+    end
+  end
+
+  describe "with valid UTF-8 input" do
+    before do
+      @plain_input = "foo bar лол".force_encoding('UTF-8')
+      @uri_input   = "http://bar/foo+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
+    end
+
+    behaves_like :identity_plain
+    behaves_like :identity_uri
+
+    describe "with URI characters from reserved range" do
+      before do
+        @uri_input   = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
+      end
+
+      behaves_like :identity_uri
+    end
+  end
+
+  describe "with valid, not percent-encoded UTF-8 URI input" do
+    before do
+      @uri_input   = "http://bar/foo+bar+лол".force_encoding('UTF-8')
+      @encoded     = "http://bar/foo+bar+#{CGI.escape("лол")}"
+    end
+
+    it "does not change URI-like entity (REQUEST_PATH)" do
+      env    = @app.({ "REQUEST_PATH" => @uri_input })
+      result = env["REQUEST_PATH"]
+
+      result.encoding.should == Encoding::US_ASCII
+      result.should.be.valid_encoding
+      result.should == @encoded
+    end
+  end
+
+  describe "with valid ASCII-8BIT input" do
+    before do
+      @plain_input = "bar baz"
+      @uri_input   = "http://bar/bar+baz"
+    end
+
+    behaves_like :identity_plain
+    behaves_like :identity_uri
+
+    describe "with URI characters from reserved range" do
+      before do
+        @uri_input   = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB"
+      end
+
+      behaves_like :identity_uri
+    end
+  end
+
+  describe "with frozen strings" do
+    before do
+      @plain_input = "bar baz".freeze
+      @uri_input   = "http://bar/bar+baz".freeze
+    end
+
+    it "preserves the frozen? status of input" do
+      env  = @app.({ "HTTP_USER_AGENT" => @plain_input,
+                     "REQUEST_PATH" => @uri_input })
+
+      env["HTTP_USER_AGENT"].should.be.frozen
+      env["REQUEST_PATH"].should.be.frozen
+    end
+  end
+
+  describe "with symbols in the env" do
+    before do
+      @uri_input = "http://bar/foo%E0\xe0".force_encoding('UTF-8')
+    end
+
+    it "sanitizes REQUEST_PATH with invalid UTF-8 URI input" do
+      env  = @app.({ :requested_at => "2014-07-22",
+                     "REQUEST_PATH" => @uri_input })
+
+      result = env["REQUEST_PATH"]
+
+      result.encoding.should == Encoding::US_ASCII
+      result.should.be.valid_encoding
+    end
+  end
+
+  describe "with form data" do
+    def request_env
+      @plain_input = "foo bar лол".force_encoding('UTF-8')
+      {
+         "REQUEST_METHOD" => "POST",
+         "CONTENT_TYPE" => "application/x-www-form-urlencoded;foo=bar",
+         "HTTP_USER_AGENT" => @plain_input,
+         "rack.input" => @rack_input,
+      }
+    end
+
+    def sanitize_form_data(request_env = request_env())
+      @uri_input = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
+      @response_env = @app.(request_env)
+      sanitized_input = @response_env['rack.input'].read
+
+      yield sanitized_input if block_given?
+
+      @response_env['rack.input'].rewind
+      behaves_like :does_sanitize_plain
+      behaves_like :does_sanitize_uri
+      behaves_like :identity_plain
+      behaves_like :identity_uri
+      @response_env['rack.input'].close
+    end
+
+    class BrokenIO < StringIO
+      def read(_length = nil)
+        raise EOFError
+      end
+    end
+
+    it "returns HTTP 400 on EOF" do
+      @rack_input = BrokenIO.new
+      @response_env = @app.(request_env)
+      @response_env.should == [400, {"Content-Type"=>"text/plain"}, ["Bad Request"]]
+    end
+
+    it "sanitizes StringIO rack.input" do
+      input = "foo=bla&quux=bar"
+      @rack_input = StringIO.new input
+
+      sanitize_form_data do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+
+    it "sanitizes StringIO rack.input on GET" do
+      input = "foo=bla&quux=bar"
+      @rack_input = StringIO.new input
+
+      sanitize_form_data(request_env.merge("REQUEST_METHOD" => "GET")) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+
+    it "sanitizes StringIO rack.input with bad encoding" do
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      sanitize_form_data do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should != input
+      end
+    end
+
+    it "strip UTF-8 BOM from StringIO rack.input" do
+      input = %(\xef\xbb\xbf{"Hello": "World"})
+      @rack_input = StringIO.new input
+
+      sanitize_form_data(request_env.merge("CONTENT_TYPE" => "application/json")) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == '{"Hello": "World"}'
+      end
+    end
+
+    it "sanitizes StringIO rack.input with form encoded bad encoding" do
+      input = "foo=bla&foo=baz&quux%ED=bar%ED"
+      @rack_input = StringIO.new input
+
+      sanitize_form_data do |sanitized_input|
+        # URI.decode_www_form does some encoding magic
+        sanitized_input.split("&").each do |pair|
+          pair.split("=", 2).each do |component|
+            decoded = URI.decode_www_form_component(component)
+            decoded.should.be.valid_encoding
+          end
+        end
+        sanitized_input.should != input
+      end
+    end
+
+    it "sanitizes non-StringIO rack.input" do
+      require 'rack/rewindable_input'
+      input = "foo=bla&quux=bar"
+      @rack_input = Rack::RewindableInput.new(StringIO.new(input))
+
+      sanitize_form_data do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+
+    it "sanitizes non-StringIO rack.input with bad encoding" do
+      require 'rack/rewindable_input'
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = Rack::RewindableInput.new(StringIO.new(input))
+
+      sanitize_form_data do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should != input
+      end
+    end
+
+    it "does not sanitize the rack body if there is no CONTENT_TYPE" do
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env.update('CONTENT_TYPE' => nil)
+      sanitize_form_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::ASCII_8BIT
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+
+    it "does not sanitize the rack body if there is empty CONTENT_TYPE" do
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env.update('CONTENT_TYPE' => '')
+      sanitize_form_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::ASCII_8BIT
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+
+    it "adjusts content-length when replacing input" do
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env.update("CONTENT_LENGTH" => input.bytesize)
+      sanitize_form_data(env) do |sanitized_input|
+        sanitized_input.bytesize.should != input.bytesize
+        @response_env["CONTENT_LENGTH"].should == sanitized_input.bytesize.to_s
+      end
+    end
+
+    it "does not sanitize null bytes by default" do
+      input =  "foo=bla&quux=bar%00"
+      @rack_input = StringIO.new input
+
+      sanitize_form_data do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+  end
+
+  describe "with custom content-type" do
+    def request_env
+      {
+          "REQUEST_METHOD" => "GET",
+          "CONTENT_TYPE" => "application/json",
+          "HTTP_COOKIE" => @cookie,
+          "rack.input" => StringIO.new,
+      }
+    end
+
+    it "sanitizes bad http cookie" do
+      @cookie = "foo=bla; quux=bar\xED"
+      response_env = @app.(request_env)
+      response_env['HTTP_COOKIE'].should != @cookie
+      response_env['HTTP_COOKIE'].should == 'foo=bla; quux=bar%EF%BF%BD'
+    end
+
+    it "does not change ok http cookie" do
+      @cookie = "foo=bla; quux=bar"
+      response_env = @app.(request_env)
+      response_env['HTTP_COOKIE'].should == @cookie
+
+      @cookie = "foo=b%3bla; quux=b%20a%20r"
+      response_env = @app.(request_env)
+      response_env['HTTP_COOKIE'].should == @cookie
+    end
+  end
+
+  describe "with custom content-type" do
+    def request_env
+      @plain_input = "foo bar лол".force_encoding('UTF-8')
+      {
+          "REQUEST_METHOD" => "POST",
+          "CONTENT_TYPE" => "application/vnd.api+json",
+          "HTTP_USER_AGENT" => @plain_input,
+          "rack.input" => @rack_input,
+      }
+    end
+
+    def sanitize_data(request_env = request_env())
+      @uri_input = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
+      @response_env = @app.(request_env)
+      sanitized_input = @response_env['rack.input'].read
+
+      yield sanitized_input if block_given?
+    end
+
+    it "does not sanitize custom content-type by default" do
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env
+      sanitize_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::ASCII_8BIT
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+
+    it "sanitizes custom content-type if additional_content_types given" do
+      @app = Rack::Sanitizer.new(-> env { env }, additional_content_types: ["application/vnd.api+json"])
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env
+      sanitize_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should != input
+      end
+    end
+
+    it "sanitizes default content-type if additional_content_types given" do
+      @app = Rack::Sanitizer.new(-> env { env }, additional_content_types: ["application/vnd.api+json"])
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env.update('CONTENT_TYPE' => 'application/json')
+      sanitize_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should != input
+      end
+    end
+
+    it "sanitizes custom content-type if sanitizable_content_types given" do
+      @app = Rack::Sanitizer.new(-> env { env }, sanitizable_content_types: ["application/vnd.api+json"])
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env
+      sanitize_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should != input
+      end
+    end
+
+    it "does not sanitize default content-type if sanitizable_content_types does not include it" do
+      @app = Rack::Sanitizer.new(-> env { env }, sanitizable_content_types: ["application/vnd.api+json"])
+      input =  "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env.update('CONTENT_TYPE' => 'application/json')
+      sanitize_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::ASCII_8BIT
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == input
+      end
+    end
+  end
+
+  describe "with custom strategy" do
+    def request_env
+      @plain_input = "foo bar лол".force_encoding('UTF-8')
+      {
+          "REQUEST_METHOD" => "POST",
+          "CONTENT_TYPE" => "application/json",
+          "HTTP_USER_AGENT" => @plain_input,
+          "rack.input" => @rack_input,
+      }
+    end
+
+    def sanitize_data(request_env = request_env())
+      @uri_input = "http://bar/foo+%2F%3A+bar+%D0%BB%D0%BE%D0%BB".force_encoding('UTF-8')
+      @response_env = @app.(request_env)
+      sanitized_input = @response_env['rack.input'].read
+
+      yield sanitized_input if block_given?
+    end
+
+    it "calls a default strategy (replace)" do
+      @app = Rack::Sanitizer.new(-> env { env })
+
+      input = "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env
+      sanitize_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should != input
+      end
+    end
+
+    it "calls the exception strategy" do
+      @app = Rack::Sanitizer.new(-> env { env }, strategy: :exception)
+
+      input = "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env
+      should.raise(EncodingError) { sanitize_data(env) }
+    end
+
+    it "accepts a proc as a strategy" do
+      truncate = -> (input) do
+        'replace'.force_encoding(Encoding::UTF_8)
+      end
+
+      @app = Rack::Sanitizer.new(-> env { env }, strategy: truncate)
+
+      input = "foo=bla&quux=bar\xED"
+      @rack_input = StringIO.new input
+
+      env = request_env
+      sanitize_data(env) do |sanitized_input|
+        sanitized_input.encoding.should == Encoding::UTF_8
+        sanitized_input.should.be.valid_encoding
+        sanitized_input.should == 'replace'
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: rack-sanitizer
+version: !ruby/object:Gem::Version
+  version: 2.0.0
+platform: ruby
+authors:
+- Jean Boussier
+- whitequark
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-11-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: bacon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bacon-colored_output
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rack::Sanitizer is a Rack middleware which cleans up invalid UTF8 characters
+  in request URI and headers.
+email:
+- jean.boussier@gmail.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".editorconfig"
+- ".github/dependabot.yml"
+- ".github/workflows/ci.yml"
+- ".gitignore"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/rack/sanitizer.rb
+- rack-sanitizer.gemspec
+- test/test_sanitizer.rb
+homepage: http://github.com/Shopify/rack-sanitizer
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org/
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.5'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.21
+signing_key: 
+specification_version: 4
+summary: It is a mordernized and optimized fork of rack-utf8_sanitizer
+test_files:
+- test/test_sanitizer.rb