rack_csrf 2.4.0 → 2.7.0

Sign up to get free protection for your applications and to get access to all the features.
metadata CHANGED
@@ -1,146 +1,146 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: rack_csrf
3
- version: !ruby/object:Gem::Version
4
- hash: 31
5
- prerelease:
6
- segments:
7
- - 2
8
- - 4
9
- - 0
10
- version: 2.4.0
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.7.0
11
5
  platform: ruby
12
- authors:
6
+ authors:
13
7
  - Emanuele Vicentini
14
- autorequire:
8
+ autorequire:
15
9
  bindir: bin
16
10
  cert_chain: []
17
-
18
- date: 2012-02-28 00:00:00 Z
19
- dependencies:
20
- - !ruby/object:Gem::Dependency
21
- prerelease: false
22
- type: :runtime
23
- requirement: &id001 !ruby/object:Gem::Requirement
24
- none: false
25
- requirements:
26
- - - ">="
27
- - !ruby/object:Gem::Version
28
- hash: 25
29
- segments:
30
- - 0
31
- - 9
32
- version: "0.9"
33
- version_requirements: *id001
11
+ date: 2022-09-10 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
34
14
  name: rack
35
- - !ruby/object:Gem::Dependency
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 1.1.0
20
+ type: :runtime
36
21
  prerelease: false
37
- type: :development
38
- requirement: &id002 !ruby/object:Gem::Requirement
39
- none: false
40
- requirements:
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
41
24
  - - ">="
42
- - !ruby/object:Gem::Version
43
- hash: 23
44
- segments:
45
- - 1
46
- - 0
47
- - 0
48
- version: 1.0.0
49
- version_requirements: *id002
25
+ - !ruby/object:Gem::Version
26
+ version: 1.1.0
27
+ - !ruby/object:Gem::Dependency
50
28
  name: bundler
51
- - !ruby/object:Gem::Dependency
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 1.0.0
34
+ type: :development
52
35
  prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: 1.0.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
53
48
  type: :development
54
- requirement: &id003 !ruby/object:Gem::Requirement
55
- none: false
56
- requirements:
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
57
52
  - - ">="
58
- - !ruby/object:Gem::Version
59
- hash: 17
60
- segments:
61
- - 1
62
- - 1
63
- - 1
64
- version: 1.1.1
65
- version_requirements: *id003
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
66
56
  name: cucumber
67
- - !ruby/object:Gem::Dependency
68
- prerelease: false
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '3.0'
69
62
  type: :development
70
- requirement: &id004 !ruby/object:Gem::Requirement
71
- none: false
72
- requirements:
73
- - - ">="
74
- - !ruby/object:Gem::Version
75
- hash: 3
76
- segments:
77
- - 0
78
- version: "0"
79
- version_requirements: *id004
80
- name: rack-test
81
- - !ruby/object:Gem::Dependency
82
63
  prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '3.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rack-test
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
83
76
  type: :development
84
- requirement: &id005 !ruby/object:Gem::Requirement
85
- none: false
86
- requirements:
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
87
80
  - - ">="
88
- - !ruby/object:Gem::Version
89
- hash: 15
90
- segments:
91
- - 2
92
- - 0
93
- - 0
94
- version: 2.0.0
95
- version_requirements: *id005
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
96
84
  name: rspec
97
- - !ruby/object:Gem::Dependency
98
- prerelease: false
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.0'
99
90
  type: :development
100
- requirement: &id006 !ruby/object:Gem::Requirement
101
- none: false
102
- requirements:
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rdoc
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
103
101
  - - ">="
104
- - !ruby/object:Gem::Version
105
- hash: 27
106
- segments:
107
- - 2
108
- - 4
109
- - 2
102
+ - !ruby/object:Gem::Version
110
103
  version: 2.4.2
111
- version_requirements: *id006
112
- name: rdoc
113
- - !ruby/object:Gem::Dependency
104
+ type: :development
114
105
  prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: 2.4.2
111
+ - !ruby/object:Gem::Dependency
112
+ name: git
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: 1.2.5
115
118
  type: :development
116
- requirement: &id007 !ruby/object:Gem::Requirement
117
- none: false
118
- requirements:
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
119
122
  - - ">="
120
- - !ruby/object:Gem::Version
121
- hash: 3
122
- segments:
123
- - 0
124
- version: "0"
125
- version_requirements: *id007
126
- name: jeweler
123
+ - !ruby/object:Gem::Version
124
+ version: 1.2.5
127
125
  description: Anti-CSRF Rack middleware
128
- email: emanuele.vicentini@gmail.com
126
+ email:
127
+ - emanuele.vicentini@gmail.com
129
128
  executables: []
130
-
131
129
  extensions: []
132
-
133
- extra_rdoc_files:
130
+ extra_rdoc_files:
134
131
  - LICENSE.rdoc
135
132
  - README.rdoc
136
- files:
137
- - .rspec
133
+ files:
134
+ - ".circleci/config.yml"
135
+ - ".github/dependabot.yml"
136
+ - ".github/workflows/ci.yml"
137
+ - ".gitignore"
138
+ - ".rspec"
138
139
  - Changelog.md
139
140
  - Gemfile
140
141
  - LICENSE.rdoc
141
142
  - README.rdoc
142
143
  - Rakefile
143
- - VERSION
144
144
  - cucumber.yml
145
145
  - examples/camping/Gemfile
146
146
  - examples/camping/README.rdoc
@@ -192,47 +192,55 @@ files:
192
192
  - features/variation_on_header_name.feature
193
193
  - features/variation_on_key_name.feature
194
194
  - lib/rack/csrf.rb
195
- - lib/rack/vendor/securerandom.rb
195
+ - lib/rack/csrf/version.rb
196
196
  - rack_csrf.gemspec
197
197
  - spec/csrf_spec.rb
198
198
  - spec/spec_helper.rb
199
199
  homepage: https://github.com/baldowl/rack_csrf
200
- licenses:
200
+ licenses:
201
201
  - MIT
202
- post_install_message:
203
- rdoc_options:
204
- - --line-numbers
205
- - --inline-source
206
- - --title
207
- - Rack::Csrf 2.4.0
208
- - --main
202
+ metadata: {}
203
+ post_install_message:
204
+ rdoc_options:
205
+ - "--line-numbers"
206
+ - "--inline-source"
207
+ - "--title"
208
+ - Rack::Csrf 2.7.0
209
+ - "--main"
209
210
  - README.rdoc
210
- require_paths:
211
+ require_paths:
211
212
  - lib
212
- required_ruby_version: !ruby/object:Gem::Requirement
213
- none: false
214
- requirements:
213
+ required_ruby_version: !ruby/object:Gem::Requirement
214
+ requirements:
215
215
  - - ">="
216
- - !ruby/object:Gem::Version
217
- hash: 3
218
- segments:
219
- - 0
220
- version: "0"
221
- required_rubygems_version: !ruby/object:Gem::Requirement
222
- none: false
223
- requirements:
216
+ - !ruby/object:Gem::Version
217
+ version: 1.9.2
218
+ required_rubygems_version: !ruby/object:Gem::Requirement
219
+ requirements:
224
220
  - - ">="
225
- - !ruby/object:Gem::Version
226
- hash: 3
227
- segments:
228
- - 0
229
- version: "0"
221
+ - !ruby/object:Gem::Version
222
+ version: '0'
230
223
  requirements: []
231
-
232
- rubyforge_project: rackcsrf
233
- rubygems_version: 1.8.17
234
- signing_key:
235
- specification_version: 3
224
+ rubygems_version: 3.3.22
225
+ signing_key:
226
+ specification_version: 4
236
227
  summary: Anti-CSRF Rack middleware
237
- test_files: []
238
-
228
+ test_files:
229
+ - features/check_only_some_specific_requests.feature
230
+ - features/custom_http_methods.feature
231
+ - features/empty_responses.feature
232
+ - features/inspecting_also_get_requests.feature
233
+ - features/raising_exception.feature
234
+ - features/setup.feature
235
+ - features/skip_if_block_passes.feature
236
+ - features/skip_some_routes.feature
237
+ - features/step_definitions/request_steps.rb
238
+ - features/step_definitions/response_steps.rb
239
+ - features/step_definitions/setup_steps.rb
240
+ - features/support/env.rb
241
+ - features/support/fake_session.rb
242
+ - features/variation_on_field_name.feature
243
+ - features/variation_on_header_name.feature
244
+ - features/variation_on_key_name.feature
245
+ - spec/csrf_spec.rb
246
+ - spec/spec_helper.rb
data/VERSION DELETED
@@ -1 +0,0 @@
1
- 2.4.0
@@ -1,256 +0,0 @@
1
- # Library taken from Ruby 1.9 SVN repository on 2009-04-15T10:25Z
2
- # For copyright and license see http://www.ruby-lang.org
3
-
4
- # = Secure random number generator interface.
5
- #
6
- # This library is an interface for secure random number generator which is
7
- # suitable for generating session key in HTTP cookies, etc.
8
- #
9
- # It supports following secure random number generators.
10
- #
11
- # * openssl
12
- # * /dev/urandom
13
- # * Win32
14
- #
15
- # == Example
16
- #
17
- # # random hexadecimal string.
18
- # p SecureRandom.hex(10) #=> "52750b30ffbc7de3b362"
19
- # p SecureRandom.hex(10) #=> "92b15d6c8dc4beb5f559"
20
- # p SecureRandom.hex(11) #=> "6aca1b5c58e4863e6b81b8"
21
- # p SecureRandom.hex(12) #=> "94b2fff3e7fd9b9c391a2306"
22
- # p SecureRandom.hex(13) #=> "39b290146bea6ce975c37cfc23"
23
- # ...
24
- #
25
- # # random base64 string.
26
- # p SecureRandom.base64(10) #=> "EcmTPZwWRAozdA=="
27
- # p SecureRandom.base64(10) #=> "9b0nsevdwNuM/w=="
28
- # p SecureRandom.base64(10) #=> "KO1nIU+p9DKxGg=="
29
- # p SecureRandom.base64(11) #=> "l7XEiFja+8EKEtY="
30
- # p SecureRandom.base64(12) #=> "7kJSM/MzBJI+75j8"
31
- # p SecureRandom.base64(13) #=> "vKLJ0tXBHqQOuIcSIg=="
32
- # ...
33
- #
34
- # # random binary string.
35
- # p SecureRandom.random_bytes(10) #=> "\016\t{\370g\310pbr\301"
36
- # p SecureRandom.random_bytes(10) #=> "\323U\030TO\234\357\020\a\337"
37
- # ...
38
-
39
- begin
40
- require 'openssl'
41
- rescue LoadError
42
- end
43
-
44
- module SecureRandom
45
- # SecureRandom.random_bytes generates a random binary string.
46
- #
47
- # The argument n specifies the length of the result string.
48
- #
49
- # If n is not specified, 16 is assumed.
50
- # It may be larger in future.
51
- #
52
- # The result may contain any byte: "\x00" - "\xff".
53
- #
54
- # p SecureRandom.random_bytes #=> "\xD8\\\xE0\xF4\r\xB2\xFC*WM\xFF\x83\x18\xF45\xB6"
55
- # p SecureRandom.random_bytes #=> "m\xDC\xFC/\a\x00Uf\xB2\xB2P\xBD\xFF6S\x97"
56
- #
57
- # If secure random number generator is not available,
58
- # NotImplementedError is raised.
59
- def self.random_bytes(n=nil)
60
- n ||= 16
61
-
62
- if defined? OpenSSL::Random
63
- return OpenSSL::Random.random_bytes(n)
64
- end
65
-
66
- if !defined?(@has_urandom) || @has_urandom
67
- flags = File::RDONLY
68
- flags |= File::NONBLOCK if defined? File::NONBLOCK
69
- flags |= File::NOCTTY if defined? File::NOCTTY
70
- flags |= File::NOFOLLOW if defined? File::NOFOLLOW
71
- begin
72
- File.open("/dev/urandom", flags) {|f|
73
- unless f.stat.chardev?
74
- raise Errno::ENOENT
75
- end
76
- @has_urandom = true
77
- ret = f.readpartial(n)
78
- if ret.length != n
79
- raise NotImplementedError, "Unexpected partial read from random device"
80
- end
81
- return ret
82
- }
83
- rescue Errno::ENOENT
84
- @has_urandom = false
85
- end
86
- end
87
-
88
- if !defined?(@has_win32)
89
- begin
90
- require 'Win32API'
91
-
92
- crypt_acquire_context = Win32API.new("advapi32", "CryptAcquireContext", 'PPPII', 'L')
93
- @crypt_gen_random = Win32API.new("advapi32", "CryptGenRandom", 'LIP', 'L')
94
-
95
- hProvStr = " " * 4
96
- prov_rsa_full = 1
97
- crypt_verifycontext = 0xF0000000
98
-
99
- if crypt_acquire_context.call(hProvStr, nil, nil, prov_rsa_full, crypt_verifycontext) == 0
100
- raise SystemCallError, "CryptAcquireContext failed: #{lastWin32ErrorMessage}"
101
- end
102
- @hProv, = hProvStr.unpack('L')
103
-
104
- @has_win32 = true
105
- rescue LoadError
106
- @has_win32 = false
107
- end
108
- end
109
- if @has_win32
110
- bytes = " " * n
111
- if @crypt_gen_random.call(@hProv, bytes.size, bytes) == 0
112
- raise SystemCallError, "CryptGenRandom failed: #{lastWin32ErrorMessage}"
113
- end
114
- return bytes
115
- end
116
-
117
- raise NotImplementedError, "No random device"
118
- end
119
-
120
- # SecureRandom.hex generates a random hex string.
121
- #
122
- # The argument n specifies the length of the random length.
123
- # The length of the result string is twice of n.
124
- #
125
- # If n is not specified, 16 is assumed.
126
- # It may be larger in future.
127
- #
128
- # The result may contain 0-9 and a-f.
129
- #
130
- # p SecureRandom.hex #=> "eb693ec8252cd630102fd0d0fb7c3485"
131
- # p SecureRandom.hex #=> "91dc3bfb4de5b11d029d376634589b61"
132
- #
133
- # If secure random number generator is not available,
134
- # NotImplementedError is raised.
135
- def self.hex(n=nil)
136
- random_bytes(n).unpack("H*")[0]
137
- end
138
-
139
- # SecureRandom.base64 generates a random base64 string.
140
- #
141
- # The argument n specifies the length of the random length.
142
- # The length of the result string is about 4/3 of n.
143
- #
144
- # If n is not specified, 16 is assumed.
145
- # It may be larger in future.
146
- #
147
- # The result may contain A-Z, a-z, 0-9, "+", "/" and "=".
148
- #
149
- # p SecureRandom.base64 #=> "/2BuBuLf3+WfSKyQbRcc/A=="
150
- # p SecureRandom.base64 #=> "6BbW0pxO0YENxn38HMUbcQ=="
151
- #
152
- # If secure random number generator is not available,
153
- # NotImplementedError is raised.
154
- #
155
- # See RFC 3548 for base64.
156
- def self.base64(n=nil)
157
- [random_bytes(n)].pack("m*").delete("\n")
158
- end
159
-
160
- # SecureRandom.urlsafe_base64 generates a random URL-safe base64 string.
161
- #
162
- # The argument _n_ specifies the length of the random length.
163
- # The length of the result string is about 4/3 of _n_.
164
- #
165
- # If _n_ is not specified, 16 is assumed.
166
- # It may be larger in future.
167
- #
168
- # The boolean argument _padding_ specifies the padding.
169
- # If it is false or nil, padding is not generated.
170
- # Otherwise padding is generated.
171
- # By default, padding is not generated because "=" may be used as a URL delimiter.
172
- #
173
- # The result may contain A-Z, a-z, 0-9, "-" and "_".
174
- # "=" is also used if _padding_ is true.
175
- #
176
- # p SecureRandom.urlsafe_base64 #=> "b4GOKm4pOYU_-BOXcrUGDg"
177
- # p SecureRandom.urlsafe_base64 #=> "UZLdOkzop70Ddx-IJR0ABg"
178
- #
179
- # p SecureRandom.urlsafe_base64(nil, true) #=> "i0XQ-7gglIsHGV2_BNPrdQ=="
180
- # p SecureRandom.urlsafe_base64(nil, true) #=> "-M8rLhr7JEpJlqFGUMmOxg=="
181
- #
182
- # If secure random number generator is not available,
183
- # NotImplementedError is raised.
184
- #
185
- # See RFC 3548 for URL-safe base64.
186
- def self.urlsafe_base64(n=nil, padding=false)
187
- s = [random_bytes(n)].pack("m*")
188
- s.delete!("\n")
189
- s.tr!("+/", "-_")
190
- s.delete!("=") if !padding
191
- s
192
- end
193
-
194
- # SecureRandom.random_number generates a random number.
195
- #
196
- # If an positive integer is given as n,
197
- # SecureRandom.random_number returns an integer:
198
- # 0 <= SecureRandom.random_number(n) < n.
199
- #
200
- # p SecureRandom.random_number(100) #=> 15
201
- # p SecureRandom.random_number(100) #=> 88
202
- #
203
- # If 0 is given or an argument is not given,
204
- # SecureRandom.random_number returns an float:
205
- # 0.0 <= SecureRandom.random_number() < 1.0.
206
- #
207
- # p SecureRandom.random_number #=> 0.596506046187744
208
- # p SecureRandom.random_number #=> 0.350621695741409
209
- #
210
- def self.random_number(n=0)
211
- if 0 < n
212
- hex = n.to_s(16)
213
- hex = '0' + hex if (hex.length & 1) == 1
214
- bin = [hex].pack("H*")
215
- mask = bin[0].ord
216
- mask |= mask >> 1
217
- mask |= mask >> 2
218
- mask |= mask >> 4
219
- begin
220
- rnd = SecureRandom.random_bytes(bin.length)
221
- rnd[0] = (rnd[0].ord & mask).chr
222
- end until rnd < bin
223
- rnd.unpack("H*")[0].hex
224
- else
225
- # assumption: Float::MANT_DIG <= 64
226
- i64 = SecureRandom.random_bytes(8).unpack("Q")[0]
227
- Math.ldexp(i64 >> (64-Float::MANT_DIG), -Float::MANT_DIG)
228
- end
229
- end
230
-
231
- # SecureRandom.uuid generates a v4 random UUID (Universally Unique IDentifier).
232
- #
233
- # p SecureRandom.uuid #=> "2d931510-d99f-494a-8c67-87feb05e1594"
234
- # p SecureRandom.uuid #=> "62936e70-1815-439b-bf89-8492855a7e6b"
235
- #
236
- # See RFC 4122 for UUID.
237
- def self.uuid
238
- ary = self.random_bytes(16).unpack("NnnnnN")
239
- ary[2] = (ary[2] & 0x0fff) | 0x4000
240
- ary[3] = (ary[3] & 0x3fff) | 0x8000
241
- "%08x-%04x-%04x-%04x-%04x%08x" % ary
242
- end
243
-
244
- # Following code is based on David Garamond's GUID library for Ruby.
245
- def self.lastWin32ErrorMessage # :nodoc:
246
- get_last_error = Win32API.new("kernel32", "GetLastError", '', 'L')
247
- format_message = Win32API.new("kernel32", "FormatMessageA", 'LPLLPLPPPPPPPP', 'L')
248
- format_message_ignore_inserts = 0x00000200
249
- format_message_from_system = 0x00001000
250
-
251
- code = get_last_error.call
252
- msg = "\0" * 1024
253
- len = format_message.call(format_message_ignore_inserts + format_message_from_system, 0, code, 0, msg, 1024, nil, nil, nil, nil, nil, nil, nil, nil)
254
- msg[0, len].tr("\r", '').chomp
255
- end
256
- end