rswag-api 2.9.0 → 2.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rswag/api/middleware.rb +6 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4788a47931d1d98a8f905cf8afed655c53afdc1fe2ac7912a76c0b5aa7dfc649
|
4
|
+
data.tar.gz: e4a1cda783a67dd2707b528ac9796dd6ba487dc42cf5d9befb15e232b747ac74
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c7f8c2762098b6ff3320b1724dd51dd209bbdde3d45fcda24f4f6ac027eafa44b08fbdb37f113c0fafdec807c2f12ea4c6932a246879f8a5545e1eafca1c4686
|
7
|
+
data.tar.gz: 2f1013896940b59035472c846f8585479f150389c5aa8e7df327ab64e308ecc29f69d8322e78ff59012254a642ef7953953067e849ffd46208bc6fe02d56df4a
|
data/lib/rswag/api/middleware.rb
CHANGED
@@ -13,7 +13,12 @@ module Rswag
|
|
13
13
|
|
14
14
|
def call(env)
|
15
15
|
path = env['PATH_INFO']
|
16
|
-
filename
|
16
|
+
# Sanitize the filename for directory traversal by expanding, and ensuring
|
17
|
+
# its starts with the root directory.
|
18
|
+
filename = File.expand_path(File.join(@config.resolve_swagger_root(env), path))
|
19
|
+
unless filename.start_with? @config.resolve_swagger_root(env)
|
20
|
+
return @app.call(env)
|
21
|
+
end
|
17
22
|
|
18
23
|
if env['REQUEST_METHOD'] == 'GET' && File.file?(filename)
|
19
24
|
swagger = parse_file(filename)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rswag-api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Richie Morris
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2023-
|
13
|
+
date: 2023-07-13 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: railties
|