rswag-api 2.8.0 → 2.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rswag/api/middleware.rb +6 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 24a46129ae1192485e1d09b1c2930afd78c229007981af3e4ac14d2087f9bd37
|
|
4
|
+
data.tar.gz: 86aa96d20b65e8a7d4f739dc6eaad415e6b75bc57ca197ac402344949922bd5e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a7a8332ce317746707b505bd660e6c6a078e1f07170656324fa764cd436d565256f627e47a9ce7a8608f7d0bb8ba1a8e7c5a5da2066d439fc2db6ed96934d474
|
|
7
|
+
data.tar.gz: 9c94264f402db5fd0f936975b85dfd3e3a43aa1e47ab744d960a7f26d37f657ae09b3e9e2d30edcdf2542bbee01de347af07aa56367b5c252bbc7e689fd33ecc
|
data/lib/rswag/api/middleware.rb
CHANGED
|
@@ -13,7 +13,12 @@ module Rswag
|
|
|
13
13
|
|
|
14
14
|
def call(env)
|
|
15
15
|
path = env['PATH_INFO']
|
|
16
|
-
filename
|
|
16
|
+
# Sanitize the filename for directory traversal by expanding, and ensuring
|
|
17
|
+
# its starts with the root directory.
|
|
18
|
+
filename = File.expand_path(path, @config.resolve_swagger_root(env))
|
|
19
|
+
unless filename.start_with? @config.resolve_swagger_root(env)
|
|
20
|
+
return @app.call(env)
|
|
21
|
+
end
|
|
17
22
|
|
|
18
23
|
if env['REQUEST_METHOD'] == 'GET' && File.file?(filename)
|
|
19
24
|
swagger = parse_file(filename)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rswag-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Richie Morris
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2023-07-13 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: railties
|