rack-shield 1.1.2 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/rack/shield/version.rb +1 -1
- data/lib/rack/shield.rb +26 -7
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8853aad4ab5646f5a5477f712fe297f005660958e15358144fc175d4f1497215
|
4
|
+
data.tar.gz: 23cf1ec7e0b8d547ccbaf66a63bcb8f8914677a70b1377b8ca4c4ba3894f8d56
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ddcbe97f5e6f3ba3ba3d50be2b60c248ac1c2e5c730744e498e7b7f6093d4f5adbc7b3c87bdae15569184387c6ef6afaf098752482d869b6842aaaf32eba8360
|
7
|
+
data.tar.gz: e558e60a3711893170dc994a9ec6d7c31b871f4237ba8ba7779cec44cc65ed8dd198579f2729e8e438948cbe5c953adba3c521adb70ecea999d22a4ec010567f
|
data/README.md
CHANGED
@@ -37,10 +37,10 @@ Adding to path matchers:
|
|
37
37
|
|
38
38
|
```ruby
|
39
39
|
# Regexp will be matched
|
40
|
-
Rack::Shield.
|
40
|
+
Rack::Shield.paths << /\.sql\z/
|
41
41
|
|
42
42
|
# String will be checked for inclusion
|
43
|
-
Rack::Shield.
|
43
|
+
Rack::Shield.paths << '/wp-admin'
|
44
44
|
```
|
45
45
|
Defaults are defined in `Rack::Shield::DEFAULT_EVIL_PATHS`.
|
46
46
|
|
data/lib/rack/shield/version.rb
CHANGED
data/lib/rack/shield.rb
CHANGED
@@ -76,17 +76,16 @@ module Rack
|
|
76
76
|
'<php>',
|
77
77
|
'onload=confirm',
|
78
78
|
'HelloThinkCMF',
|
79
|
-
'XDEBUG_SESSION_START'
|
80
|
-
|
81
|
-
|
79
|
+
'XDEBUG_SESSION_START']
|
80
|
+
|
81
|
+
DEFAULT_BODIES = []
|
82
|
+
|
82
83
|
class << self
|
83
84
|
|
84
|
-
attr_accessor :paths, :queries, :checks, :responder
|
85
|
+
attr_accessor :paths, :queries, :bodies, :checks, :responder
|
85
86
|
|
86
87
|
def evil?(req)
|
87
|
-
(req
|
88
|
-
(req.query_string && queries.any? { |matcher| match?(req.query_string, matcher) }) ||
|
89
|
-
(checks.any? { |matcher| match?(req, matcher) })
|
88
|
+
evil_paths?(req) || evil_queries?(req) || evil_checks?(req) || evil_bodies?(req)
|
90
89
|
end
|
91
90
|
|
92
91
|
def template
|
@@ -102,10 +101,30 @@ module Rack
|
|
102
101
|
when Proc then matcher.call(obj)
|
103
102
|
end
|
104
103
|
end
|
104
|
+
|
105
|
+
def evil_paths?(req)
|
106
|
+
req.path && paths.any? { |matcher| match?(req.path, matcher) }
|
107
|
+
end
|
108
|
+
|
109
|
+
def evil_queries?(req)
|
110
|
+
req.query_string && queries.any? { |matcher| match?(req.query_string, matcher) }
|
111
|
+
end
|
112
|
+
|
113
|
+
def evil_checks?(req)
|
114
|
+
checks.any? { |matcher| match?(req, matcher) }
|
115
|
+
end
|
116
|
+
|
117
|
+
def evil_bodies?(req)
|
118
|
+
return false unless req.post? || req.put? || req.patch?
|
119
|
+
return false unless body = req.raw_post_data
|
120
|
+
return false if body.empty?
|
121
|
+
bodies.any? { |matcher| match?(body, matcher) }
|
122
|
+
end
|
105
123
|
end
|
106
124
|
|
107
125
|
self.paths = DEFAULT_PATHS.dup
|
108
126
|
self.queries = DEFAULT_QUERIES.dup
|
127
|
+
self.bodies = DEFAULT_BODIES.dup
|
109
128
|
self.checks = []
|
110
129
|
self.responder = Responder
|
111
130
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-shield
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matthias Grosser
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-03-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack-attack
|
@@ -44,7 +44,7 @@ homepage: https://github.com/mtgrosser/rack-shield
|
|
44
44
|
licenses:
|
45
45
|
- MIT
|
46
46
|
metadata: {}
|
47
|
-
post_install_message:
|
47
|
+
post_install_message:
|
48
48
|
rdoc_options: []
|
49
49
|
require_paths:
|
50
50
|
- lib
|
@@ -60,7 +60,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
60
60
|
version: '0'
|
61
61
|
requirements: []
|
62
62
|
rubygems_version: 3.1.4
|
63
|
-
signing_key:
|
63
|
+
signing_key:
|
64
64
|
specification_version: 4
|
65
65
|
summary: Block and unblock evil requests
|
66
66
|
test_files: []
|