rack-secure-upload 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +17 -0
  3. data/lib/rack/secure_upload/middleware.rb +14 -16
  4. data/lib/rack/secure_upload/version.rb +1 -1
  5. data/spec/rack/secure_upload/middleware_spec.rb +2 -2
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b036f4ac41ac68592044502068e7988049f23991
4
- data.tar.gz: 840e4c8358d2dbb268f0487076b43de84a4bf32a
3
+ metadata.gz: b4b1eeae9fa091e56c7c3c2779f4528be8293df0
4
+ data.tar.gz: f132b4749d2b2c70723a33fb3a5d53e9581a0b09
5
5
  SHA512:
6
- metadata.gz: 514c477f9022a3df886c57568bb8a737f98a7fd93f71b4c9cf922a7b9d8f2050e32de72795f1abcdf2b22477c9f27c9f794a4dbf00ad6eae6b8bc1ee3ced0d24
7
- data.tar.gz: f71b8efc4bfa183ea50b97e48d72f86489464f20fa56a4e49b751a27a2a7b799086a78e826a71731136bc3cb75cd60c46b69a63c05978b03a313a16d809602d1
6
+ metadata.gz: 8ef3981f9f1b939c21b5a4a27bff38b680bfa45b15034249e31e5cd54af48164c041b324d069731a9a1542afce754c7f548b2c5a54897b1cfc9d1045240ed1ff
7
+ data.tar.gz: 0d5e0f6fddd51c324497ad14ab0394b9d7e95b6350ab5adbb72948c14d9d177c7a9e212e49d488013b61f939efe54d51bb95fb17dedf3a1bab9eea12cd3d728e
data/README.md CHANGED
@@ -34,6 +34,23 @@ module MyApp
34
34
  end
35
35
  ```
36
36
 
37
+ ## Options
38
+
39
+ You can add some options like below.
40
+
41
+ ```ruby
42
+ use Rack::SecureUpload::Middleware, :fsecure, {foo: :bar}
43
+ ```
44
+
45
+ ### fallback
46
+
47
+ - `proc { |env, params, path| }`
48
+ - use return value of proc
49
+ - `:raise`
50
+ - raise `Rack::SecureUpload::InsecureFileError` |
51
+ - else
52
+ - return `406`
53
+
37
54
  ## AntiVirus Softwares
38
55
 
39
56
  ### Avast
data/lib/rack/secure_upload/middleware.rb CHANGED
@@ -9,30 +9,29 @@ module Rack
9
9
 
10
10
  def initialize(app, scanners, options = {})
11
11
  @app = app
12
- @options = options
13
12
  @scanners = [scanners].flatten.map { |scanner| scanner.is_a?(Symbol) ? Rack::SecureUpload::Scanner.const_get(camelize(scanner.to_s)).new : scanner }
14
13
  @scanners.each do |scanner|
15
14
  scanner.setup
16
15
  end
16
+ @options = options
17
17
  end
18
18
 
19
19
  def call(env)
20
20
  params = Rack::Multipart.parse_multipart(env)
21
21
 
22
22
  if params && !params.empty?
23
- begin
24
- traverse(params) do |value|
25
- next unless [Tempfile, File].any?{ |klass| value.is_a?(klass) }
26
- scan value.path
27
- end
28
- rescue InsecureFileError => e
29
- fallback = @options[:fallback]
30
- if fallback.respond_to?(:call)
31
- return fallback.call(env, params, e)
32
- elsif fallback.to_s == 'raise'
33
- raise
34
- else
35
- return [406, {'content-type' => 'text/plain; charset=UTF-8'}, ['Insecure File(s) are found!']]
23
+ traverse(params) do |value|
24
+ next unless [Tempfile, File].any?{ |klass| value.is_a?(klass) }
25
+
26
+ unless scan value.path
27
+ fallback = @options[:fallback]
28
+ if fallback.respond_to?(:call)
29
+ return fallback.call(env, params, value.path)
30
+ elsif fallback.to_s == 'raise'
31
+ raise InsecureFileError, "The uploaded file \"#{value.path}\" is insecure!"
32
+ else
33
+ return [406, {'content-type' => 'text/plain; charset=UTF-8'}, ['Insecure File(s) are found!']]
34
+ end
36
35
  end
37
36
  end
38
37
  end
@@ -43,13 +42,12 @@ module Rack
43
42
  private
44
43
 
45
44
  def scan(path)
46
- secure = @scanners.any? do |scanner|
45
+ @scanners.any? do |scanner|
47
46
  unless res = scanner.scan(path)
48
47
  Rack::SecureUpload.logger.warn "#{scanner} found an insecure file: #{path}"
49
48
  end
50
49
  res
51
50
  end
52
- raise InsecureFileError, "The uploaded file \"#{path}\" is insecure!" unless secure
53
51
  end
54
52
  end
55
53
  end
data/lib/rack/secure_upload/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module SecureUpload
3
- VERSION = "0.1.1"
3
+ VERSION = "0.1.2"
4
4
  end
5
5
  end
data/spec/rack/secure_upload/middleware_spec.rb CHANGED
@@ -38,9 +38,9 @@ describe Rack::SecureUpload::Middleware do
38
38
  let(:options) { {fallback: fallback} }
39
39
 
40
40
  it "calls fallback" do
41
- expect(fallback).to receive(:call)
41
+ expect(fallback).to receive(:call).and_return('yay')
42
42
  allow(scanner).to receive(:scan).and_return(false)
43
- subject.call(env)
43
+ expect(subject.call(env)).to eq('yay')
44
44
  end
45
45
  end
46
46
  context "fallback is raise" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-secure-upload
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daisuke Taniwaki