safe_redirect 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 42781306d360f12ef01f4a73870f29f7d7bb3ccf
4
+ data.tar.gz: 17ee1e4e9949489f5cb4f4b80798aadbb8ed32bd
5
+ SHA512:
6
+ metadata.gz: 9d5601897b86a1bd091e90ec5fa091f43a2d4d595715339933aa99a519edda52cd677d30d33a8f10c87879adcb6a5caf066de95e7095dc48fe3649a4fefa254a
7
+ data.tar.gz: f2ddf78d33afb33fb33ed17927dc24af704b2b1ccc904e21a38ac2d9bbc85fb8909cac98c1bd4594f8152c0fb90a42df6d11de91d701d970f18ff37c8967ec87
data/.gitignore ADDED
@@ -0,0 +1,2 @@
1
+ *.swp
2
+ *.gem
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2015 Edwin Tunggawan (sdsdkkk)
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,51 @@
1
+ # SafeRedirect
2
+
3
+ A little gem to keep our Rails app safe from open redirection vulnerabilities.
4
+
5
+ ## Installation
6
+
7
+ Add this line to Gemfile.
8
+
9
+ ```
10
+ gem 'safe_redirect'
11
+ ```
12
+
13
+ ## Usage
14
+
15
+ Create a `config/initializer/safe_redirect.rb` file.
16
+
17
+ ```rb
18
+ SafeRedirect.configure do |config|
19
+ config.domain_whitelists = ['www.google.com']
20
+ config.default_path = 'https://www.yahoo.com'
21
+ end
22
+ ```
23
+
24
+ Add this line to the controllers you wish to secure from open redirection.
25
+
26
+ ```rb
27
+ include SafeRedirect
28
+ ```
29
+
30
+ The `redirect_to` method provided by Rails will be overrode by `safe_redirect`'s `redirect_to` method.
31
+
32
+ ```rb
33
+ redirect_to 'https://www.google.com' # => redirects to https://www.google.com
34
+ redirect_to 'https://www.golgege.com' # => redirects to ''
35
+ redirect_to 'https://www.golgege.com/hahaha' # => redirects to '/hahaha'
36
+ redirect_to 1234 # => redirects to https://www.yahoo.com as default path
37
+ ```
38
+
39
+ ## Contributing
40
+
41
+ - Fork the repository
42
+ - Create a branch for a new feature, build it
43
+ - Create a pull request
44
+
45
+ ## License
46
+
47
+ MIT License
48
+
49
+ ## Author
50
+
51
+ - [Edwin Tunggawan](https://github.com/sdsdkkk)
@@ -0,0 +1,3 @@
1
+ require 'safe_redirect/version'
2
+ require 'safe_redirect/safe_redirect'
3
+ require 'safe_redirect/configuration'
@@ -0,0 +1,17 @@
1
+ module SafeRedirect
2
+ class << self
3
+ attr_writer :configuration
4
+
5
+ def configuration
6
+ @configuration ||= Configuration.new
7
+ end
8
+
9
+ def configure
10
+ yield(configuration)
11
+ end
12
+ end
13
+
14
+ class Configuration
15
+ attr_accessor :default_path, :domain_whitelists
16
+ end
17
+ end
@@ -0,0 +1,27 @@
1
+ module SafeRedirect
2
+ def safe_domain?(path)
3
+ whitelists = SafeRedirect.configuration.domain_whitelists || []
4
+ path =~ /^\// && !(path =~ /^\/\/+/) ||
5
+ whitelists.any? do |w|
6
+ path =~ /^https?:\/\/#{w}($|\/.*)/
7
+ end
8
+ end
9
+
10
+ def safe_path(path)
11
+ if path.kind_of?(String)
12
+ stripped_path = path.strip
13
+ if safe_domain?(stripped_path)
14
+ stripped_path
15
+ else
16
+ stripped_path.gsub(/https?:\/\/[a-z0-9\-\.:]*/i, '')
17
+ .gsub(/^(data:|javascript:|\.|\/\/|@)+/i, '')
18
+ end
19
+ else
20
+ SafeRedirect.configuration.default_path
21
+ end
22
+ end
23
+
24
+ def redirect_to(path)
25
+ super safe_path(path)
26
+ end
27
+ end
@@ -0,0 +1,3 @@
1
+ module SafeRedirect
2
+ VERSION = '0.1.0'
3
+ end
@@ -0,0 +1,18 @@
1
+
2
+ # -*- encoding: utf-8 -*-
3
+ lib = File.expand_path('../lib', __FILE__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require 'safe_redirect/version'
6
+
7
+ Gem::Specification.new do |gem|
8
+ gem.name = "safe_redirect"
9
+ gem.version = SafeRedirect::VERSION
10
+ gem.authors = ["Edwin Tunggawan"]
11
+ gem.email = ["vcc.edwint@gmail.com"]
12
+ gem.description = %q{Preventing open redirects in Ruby web apps}
13
+ gem.summary = %q{Preventing open redirects in Ruby web apps}
14
+ gem.homepage = "https://github.com/sdsdkkk/safe_redirect"
15
+
16
+ gem.files = `git ls-files`.split($/)
17
+ gem.require_paths = ["lib", "lib/safe_redirect"]
18
+ end
metadata ADDED
@@ -0,0 +1,52 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: safe_redirect
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Edwin Tunggawan
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-04-30 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Preventing open redirects in Ruby web apps
14
+ email:
15
+ - vcc.edwint@gmail.com
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - ".gitignore"
21
+ - LICENSE
22
+ - README.md
23
+ - lib/safe_redirect.rb
24
+ - lib/safe_redirect/configuration.rb
25
+ - lib/safe_redirect/safe_redirect.rb
26
+ - lib/safe_redirect/version.rb
27
+ - safe_redirect.gemspec
28
+ homepage: https://github.com/sdsdkkk/safe_redirect
29
+ licenses: []
30
+ metadata: {}
31
+ post_install_message:
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ - lib/safe_redirect
36
+ required_ruby_version: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ required_rubygems_version: !ruby/object:Gem::Requirement
42
+ requirements:
43
+ - - ">="
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ requirements: []
47
+ rubyforge_project:
48
+ rubygems_version: 2.5.1
49
+ signing_key:
50
+ specification_version: 4
51
+ summary: Preventing open redirects in Ruby web apps
52
+ test_files: []