safe_redirect 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/safe_redirect/configuration.rb +5 -0
- data/lib/safe_redirect/safe_redirect.rb +6 -6
- data/lib/safe_redirect/version.rb +1 -1
- data/safe_redirect.gemspec +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 994d65b4b777046399df62f71dea891f3dee1e5b
|
4
|
+
data.tar.gz: 1d2260242c9dd0c4338b3c3baf45247f2156a32b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cd5c9ca9136f6b84935e754d502d9716acf9c0c4cddf4789862fbe6e2c0839ec8590a64fd12f498c7a06234ca3479c42f1237bc0411a39208ecd21a1750a8dd8
|
7
|
+
data.tar.gz: ff2e823f75d81029b5ae4d9648fe77732f70f8e27dd74d51a67302faeb93b1640db62d71c857d87c0b147b1a3bd151c078efff5a4aefc73d6f29072c0b734bec
|
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
#
|
1
|
+
# Safe Redirect
|
2
2
|
|
3
3
|
A little gem to keep our Rails app safe from open redirection vulnerabilities.
|
4
4
|
|
@@ -16,8 +16,8 @@ Create a `config/initializer/safe_redirect.rb` file.
|
|
16
16
|
|
17
17
|
```rb
|
18
18
|
SafeRedirect.configure do |config|
|
19
|
-
config.
|
20
|
-
config.
|
19
|
+
config.default_path = 'https://www.yahoo.com' # default value: '/'
|
20
|
+
config.domain_whitelists = ['www.google.com'] # default value: []
|
21
21
|
end
|
22
22
|
```
|
23
23
|
|
@@ -1,8 +1,7 @@
|
|
1
1
|
module SafeRedirect
|
2
2
|
def safe_domain?(path)
|
3
|
-
whitelists = SafeRedirect.configuration.domain_whitelists || []
|
4
3
|
path =~ /^\// && !(path =~ /^\/\/+/) ||
|
5
|
-
|
4
|
+
SafeRedirect.configuration.domain_whitelists.any? do |w|
|
6
5
|
path =~ /^https?:\/\/#{w}($|\/.*)/
|
7
6
|
end
|
8
7
|
end
|
@@ -13,15 +12,16 @@ module SafeRedirect
|
|
13
12
|
if safe_domain?(stripped_path)
|
14
13
|
stripped_path
|
15
14
|
else
|
16
|
-
stripped_path.gsub(/https?:\/\/[a-z0-9\-\.:]*/i, '')
|
17
|
-
|
15
|
+
stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:]*/i, '')
|
16
|
+
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
|
17
|
+
stripped_path
|
18
18
|
end
|
19
19
|
else
|
20
20
|
SafeRedirect.configuration.default_path
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
-
def redirect_to(path)
|
25
|
-
super safe_path(path)
|
24
|
+
def redirect_to(path, options)
|
25
|
+
super safe_path(path), options
|
26
26
|
end
|
27
27
|
end
|
data/safe_redirect.gemspec
CHANGED
@@ -9,8 +9,8 @@ Gem::Specification.new do |gem|
|
|
9
9
|
gem.version = SafeRedirect::VERSION
|
10
10
|
gem.authors = ["Edwin Tunggawan"]
|
11
11
|
gem.email = ["vcc.edwint@gmail.com"]
|
12
|
-
gem.description = %q{Preventing open redirects in
|
13
|
-
gem.summary = %q{Preventing open redirects in
|
12
|
+
gem.description = %q{Preventing open redirects in Rails apps}
|
13
|
+
gem.summary = %q{Preventing open redirects in Rails apps}
|
14
14
|
gem.homepage = "https://github.com/sdsdkkk/safe_redirect"
|
15
15
|
|
16
16
|
gem.files = `git ls-files`.split($/)
|
metadata
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safe_redirect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edwin Tunggawan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-05-01 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
|
-
description: Preventing open redirects in
|
13
|
+
description: Preventing open redirects in Rails apps
|
14
14
|
email:
|
15
15
|
- vcc.edwint@gmail.com
|
16
16
|
executables: []
|
@@ -48,5 +48,5 @@ rubyforge_project:
|
|
48
48
|
rubygems_version: 2.5.1
|
49
49
|
signing_key:
|
50
50
|
specification_version: 4
|
51
|
-
summary: Preventing open redirects in
|
51
|
+
summary: Preventing open redirects in Rails apps
|
52
52
|
test_files: []
|