rack-sanitizer 2.0.0 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/cla.yml +22 -0
- data/lib/rack/sanitizer.rb +9 -6
- data/rack-sanitizer.gemspec +1 -1
- metadata +4 -4
- data/CHANGELOG.md +0 -39
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0963cd5d478e19917c2fec66f99bc1a9f49f436ece2e39a27a533e6b4eecc8fc'
|
4
|
+
data.tar.gz: a91279934039be5176b8538d77c4c44a2e442e14514d7f63316f1254dcbc91d1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1b9665b889004365211cbdfb62429bd3ae014bc1e99c5781cf4ed4b4ad94973efa650261f8922ce9b70d54286fe02b149e6c09e787dfc3b8252d8530b79bcccf
|
7
|
+
data.tar.gz: 5e2e5555c2eccaca2755cfd727cd16fe726b5200a141853f40b55c4732a2f030742e33e511b39ba5f23ef22905fe65e1da38c0f7dc05896067ad7a70c9291f7f
|
@@ -0,0 +1,22 @@
|
|
1
|
+
name: Contributor License Agreement (CLA)
|
2
|
+
|
3
|
+
on:
|
4
|
+
pull_request_target:
|
5
|
+
types: [opened, synchronize]
|
6
|
+
issue_comment:
|
7
|
+
types: [created]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
cla:
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
if: |
|
13
|
+
(github.event.issue.pull_request
|
14
|
+
&& !github.event.issue.pull_request.merged_at
|
15
|
+
&& contains(github.event.comment.body, 'signed')
|
16
|
+
)
|
17
|
+
|| (github.event.pull_request && !github.event.pull_request.merged)
|
18
|
+
steps:
|
19
|
+
- uses: Shopify/shopify-cla-action@v1
|
20
|
+
with:
|
21
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
22
|
+
cla-token: ${{ secrets.CLA_TOKEN }}
|
data/lib/rack/sanitizer.rb
CHANGED
@@ -5,8 +5,6 @@ require "stringio"
|
|
5
5
|
|
6
6
|
module Rack
|
7
7
|
class Sanitizer
|
8
|
-
BAD_REQUEST = [400, { "Content-Type" => "text/plain" }, ["Bad Request"]]
|
9
|
-
|
10
8
|
# options[:sanitizable_content_types] Array
|
11
9
|
# options[:additional_content_types] Array
|
12
10
|
def initialize(app, options={})
|
@@ -21,7 +19,7 @@ module Rack
|
|
21
19
|
begin
|
22
20
|
@app.call(env)
|
23
21
|
rescue SanitizedRackInput::FailedToReadBody
|
24
|
-
return
|
22
|
+
return [400, { "Content-Type" => "text/plain" }, ["Bad Request"]]
|
25
23
|
end
|
26
24
|
end
|
27
25
|
|
@@ -100,9 +98,14 @@ module Rack
|
|
100
98
|
# https://github.com/rack/rack/blob/master/lib/rack/request.rb#L42
|
101
99
|
# Logic borrowed from Rack::Request#media_type,#media_type_params,#content_charset
|
102
100
|
# Ignoring charset in content type.
|
103
|
-
content_type
|
104
|
-
|
105
|
-
|
101
|
+
if content_type = env['CONTENT_TYPE']
|
102
|
+
content_type = content_type.split(/[;,]/, 2).first
|
103
|
+
if content_type
|
104
|
+
content_type.strip!
|
105
|
+
content_type.downcase!
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
106
109
|
return unless @sanitizable_content_types.include?(content_type)
|
107
110
|
uri_encoded = URI_ENCODED_CONTENT_TYPES.include?(content_type)
|
108
111
|
|
data/rack-sanitizer.gemspec
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-sanitizer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jean Boussier
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2024-04-12 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rack
|
@@ -84,8 +84,8 @@ files:
|
|
84
84
|
- ".editorconfig"
|
85
85
|
- ".github/dependabot.yml"
|
86
86
|
- ".github/workflows/ci.yml"
|
87
|
+
- ".github/workflows/cla.yml"
|
87
88
|
- ".gitignore"
|
88
|
-
- CHANGELOG.md
|
89
89
|
- Gemfile
|
90
90
|
- LICENSE.txt
|
91
91
|
- README.md
|
@@ -113,7 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
113
113
|
- !ruby/object:Gem::Version
|
114
114
|
version: '0'
|
115
115
|
requirements: []
|
116
|
-
rubygems_version: 3.
|
116
|
+
rubygems_version: 3.5.8
|
117
117
|
signing_key:
|
118
118
|
specification_version: 4
|
119
119
|
summary: It is a mordernized and optimized fork of rack-utf8_sanitizer
|
data/CHANGELOG.md
DELETED
@@ -1,39 +0,0 @@
|
|
1
|
-
Changelog
|
2
|
-
=========
|
3
|
-
|
4
|
-
Master
|
5
|
-
-------------------------
|
6
|
-
|
7
|
-
API modifications:
|
8
|
-
|
9
|
-
Features implemented:
|
10
|
-
|
11
|
-
Bugs fixed:
|
12
|
-
|
13
|
-
v1.3.1 (2015-07-09)
|
14
|
-
-------------------------
|
15
|
-
|
16
|
-
Bugs fixed:
|
17
|
-
* Make sure Content-Length is adjusted. (Samuel Cochran, #26)
|
18
|
-
|
19
|
-
v1.3.0 (2015-01-26)
|
20
|
-
-------------------------
|
21
|
-
|
22
|
-
v1.2.4 (2014-11-29)
|
23
|
-
-------------------------
|
24
|
-
|
25
|
-
v1.2.3 (2014-10-08)
|
26
|
-
-------------------------
|
27
|
-
|
28
|
-
v1.2.2 (2014-07-10)
|
29
|
-
-------------------------
|
30
|
-
|
31
|
-
Features implemented:
|
32
|
-
* Sanitize request body for all HTTP verbs. (Nathaniel Talbott, #15)
|
33
|
-
* Add `application/json` and `text/javascript` as sanitizable content types. (Benjamin Fleischer, #12)
|
34
|
-
|
35
|
-
Bugs fixed:
|
36
|
-
* Ensure Rack::UTF8 Sanitizer is first middleware. (Aaron Renner, #13)
|
37
|
-
|
38
|
-
v1.2.1 (2014-05-27)
|
39
|
-
-------------------------
|