rack-secure-referer 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +14 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +3 -0
  5. data/Gemfile +4 -0
  6. data/LICENSE.txt +22 -0
  7. data/README.md +31 -0
  8. data/Rakefile +7 -0
  9. data/lib/rack/secure/referer.rb +17 -0
  10. data/lib/rack/secure/referer/version.rb +7 -0
  11. data/rack-secure-referer.gemspec +24 -0
  12. data/spec/rack/secure/referer_spec.rb +42 -0
  13. data/spec/spec_helper.rb +2 -0
  14. metadata +114 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 4e20b686a9a758ec196f751bb6d8f947c3e56921
4
+ data.tar.gz: 70f32695f58603dd3e230ec4411b50125af189c3
5
+ SHA512:
6
+ metadata.gz: 6283f815c25621b9c3e94630bf98b35fb6655b29c3800f7ed192668c806c6be5b3a417d3ec0db9f9098cd988b151a7e406bbac48ccb5ddb0f678fe9ccf7ae1c5
7
+ data.tar.gz: 280cc83fec5506df24a21f21a015d20dd4eb19ffdb1c05805c3700724be32fd7708b17f4f82cce0a1daa212d97f72ce0dca1ec9a306d18bca6a8a00862df5815
data/.gitignore ADDED
@@ -0,0 +1,14 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ *.bundle
11
+ *.so
12
+ *.o
13
+ *.a
14
+ mkmf.log
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,3 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.0
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in rack-secure-referer.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2015 koshikawa
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,31 @@
1
+ # Rack::Secure::Referer
2
+
3
+ TODO: Write a gem description
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'rack-secure-referer'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install rack-secure-referer
20
+
21
+ ## Usage
22
+
23
+ TODO: Write usage instructions here
24
+
25
+ ## Contributing
26
+
27
+ 1. Fork it ( https://github.com/[my-github-username]/rack-secure-referer/fork )
28
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
29
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
30
+ 4. Push to the branch (`git push origin my-new-feature`)
31
+ 5. Create a new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,7 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
7
+
data/lib/rack/secure/referer.rb ADDED
@@ -0,0 +1,17 @@
1
+ require "rack/secure/referer/version"
2
+ require 'rack/request'
3
+
4
+ module Rack
5
+ module Secure
6
+ module Referer
7
+ def new(env)
8
+ unless env['HTTP_REFERER'].nil? || env['HTTP_REFERER'].match(/\Ahttp(s)?:\/\//i)
9
+ env['HTTP_REFERER'] = nil
10
+ end
11
+ super
12
+ end
13
+ end
14
+ end
15
+ end
16
+
17
+ Rack::Request.extend Rack::Secure::Referer
data/lib/rack/secure/referer/version.rb ADDED
@@ -0,0 +1,7 @@
1
+ module Rack
2
+ module Secure
3
+ module Referer
4
+ VERSION = "1.0.0"
5
+ end
6
+ end
7
+ end
data/rack-secure-referer.gemspec ADDED
@@ -0,0 +1,24 @@
1
+ lib = File.expand_path('../lib', __FILE__)
2
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
+ require 'rack/secure/referer/version'
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "rack-secure-referer"
7
+ spec.version = Rack::Secure::Referer::VERSION
8
+ spec.authors = ["ppworks"]
9
+ spec.email = ["koshikawa@ppworks.jp"]
10
+ spec.summary = %q{Secure request.referer}
11
+ spec.description = %q{Secure request.referer for preventing XSS}
12
+ spec.homepage = "https://github.com/ppworks/rack-secure-referer"
13
+ spec.license = "MIT"
14
+
15
+ spec.files = `git ls-files -z`.split("\x0")
16
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
17
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
+ spec.require_paths = ["lib"]
19
+
20
+ spec.add_development_dependency 'rack', '> 0.2'
21
+ spec.add_development_dependency "bundler", "~> 1.7"
22
+ spec.add_development_dependency "rake", "~> 10.0"
23
+ spec.add_development_dependency "rspec"
24
+ end
data/spec/rack/secure/referer_spec.rb ADDED
@@ -0,0 +1,42 @@
1
+ require 'spec_helper'
2
+ require 'rack/mock'
3
+
4
+ describe Rack::Secure::Referer do
5
+ it 'has a version number' do
6
+ expect(Rack::Secure::Referer::VERSION).not_to be nil
7
+ end
8
+
9
+ describe '#referer' do
10
+ subject { request.referer }
11
+
12
+ let(:request) do
13
+ Rack::Request.new(Rack::MockRequest.env_for("http://example.com:8080/").merge(referer_env))
14
+ end
15
+
16
+ let(:referer_env) { { 'HTTP_REFERER' => referer } }
17
+
18
+ context 'when referer is /' do
19
+ let(:referer) { '/' }
20
+ it { expect(request.referer).to eq nil }
21
+ it { expect(request.env['HTTP_REFERER']).to eq nil }
22
+ end
23
+
24
+ context 'when referer is javascript:alert(1)' do
25
+ let(:referer) { 'javascript:alert(1)' }
26
+ it { expect(request.referer).to eq nil }
27
+ it { expect(request.env['HTTP_REFERER']).to eq nil }
28
+ end
29
+
30
+ context 'when referer is http://example.net/' do
31
+ let(:referer) { 'http://example.net' }
32
+ it { expect(request.referer).to eq referer }
33
+ it { expect(request.env['HTTP_REFERER']).to eq referer }
34
+ end
35
+
36
+ context 'when referer is https://example.net/' do
37
+ let(:referer) { 'https://example.net' }
38
+ it { expect(request.referer).to eq referer }
39
+ it { expect(request.env['HTTP_REFERER']).to eq referer }
40
+ end
41
+ end
42
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,2 @@
1
+ $LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
2
+ require 'rack/secure/referer'
metadata ADDED
@@ -0,0 +1,114 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-secure-referer
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - ppworks
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-04-11 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.2'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.2'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.7'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.7'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: Secure request.referer for preventing XSS
70
+ email:
71
+ - koshikawa@ppworks.jp
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files: []
75
+ files:
76
+ - ".gitignore"
77
+ - ".rspec"
78
+ - ".travis.yml"
79
+ - Gemfile
80
+ - LICENSE.txt
81
+ - README.md
82
+ - Rakefile
83
+ - lib/rack/secure/referer.rb
84
+ - lib/rack/secure/referer/version.rb
85
+ - rack-secure-referer.gemspec
86
+ - spec/rack/secure/referer_spec.rb
87
+ - spec/spec_helper.rb
88
+ homepage: https://github.com/ppworks/rack-secure-referer
89
+ licenses:
90
+ - MIT
91
+ metadata: {}
92
+ post_install_message:
93
+ rdoc_options: []
94
+ require_paths:
95
+ - lib
96
+ required_ruby_version: !ruby/object:Gem::Requirement
97
+ requirements:
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ version: '0'
101
+ required_rubygems_version: !ruby/object:Gem::Requirement
102
+ requirements:
103
+ - - ">="
104
+ - !ruby/object:Gem::Version
105
+ version: '0'
106
+ requirements: []
107
+ rubyforge_project:
108
+ rubygems_version: 2.4.5
109
+ signing_key:
110
+ specification_version: 4
111
+ summary: Secure request.referer
112
+ test_files:
113
+ - spec/rack/secure/referer_spec.rb
114
+ - spec/spec_helper.rb