safe_redirect 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/safe_redirect/safe_redirect.rb +3 -2
- data/lib/safe_redirect/version.rb +1 -1
- data/safe_redirect.gemspec +4 -0
- data/spec/lib/safe_redirect/configuration_spec.rb +31 -0
- data/spec/lib/safe_redirect/safe_redirect_spec.rb +61 -0
- data/spec/spec_helper.rb +23 -0
- metadata +26 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9b628c68916ed992402ee971523c5937b30538de
|
4
|
+
data.tar.gz: c497d1e8882776fe69f94f8d6095567e76d12036
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10e83cc957953e5ac78ea5e892ca18b01270663b8afbca3805df74880a62071e98ab3c5e4a919da994adadd882d018f45f4210fbde7d830831d6ee5db043d2a6
|
7
|
+
data.tar.gz: 1a2c4f2755aee51acbeee1014a55246568b4711cfde312b6d49b8a91f6e3dc9e4a2c99209016833f9ac1fc11fe61de51742e7140bb3367e6ad278dd81041057a
|
@@ -12,7 +12,7 @@ module SafeRedirect
|
|
12
12
|
if safe_domain?(stripped_path)
|
13
13
|
stripped_path
|
14
14
|
else
|
15
|
-
stripped_path.gsub!(/https?:\/\/[a-z0-9
|
15
|
+
stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
|
16
16
|
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
|
17
17
|
stripped_path
|
18
18
|
end
|
@@ -21,7 +21,8 @@ module SafeRedirect
|
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
-
def redirect_to(path, options)
|
24
|
+
def redirect_to(path, options={})
|
25
25
|
super safe_path(path), options
|
26
|
+
rescue NoMethodError
|
26
27
|
end
|
27
28
|
end
|
data/safe_redirect.gemspec
CHANGED
@@ -12,7 +12,11 @@ Gem::Specification.new do |gem|
|
|
12
12
|
gem.description = %q{Preventing open redirects in Rails apps}
|
13
13
|
gem.summary = %q{Preventing open redirects in Rails apps}
|
14
14
|
gem.homepage = "https://github.com/sdsdkkk/safe_redirect"
|
15
|
+
gem.licenses = ['MIT']
|
16
|
+
|
17
|
+
gem.add_development_dependency 'rspec'
|
15
18
|
|
16
19
|
gem.files = `git ls-files`.split($/)
|
20
|
+
gem.test_files = gem.files.grep(%r{^spec/})
|
17
21
|
gem.require_paths = ["lib", "lib/safe_redirect"]
|
18
22
|
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module SafeRedirect
|
4
|
+
describe Configuration do
|
5
|
+
before(:each) do
|
6
|
+
reset_config
|
7
|
+
end
|
8
|
+
|
9
|
+
it "default default_path is '/'" do
|
10
|
+
expect(SafeRedirect.configuration.default_path).to eq('/')
|
11
|
+
end
|
12
|
+
|
13
|
+
it "default domain_whitelists is []" do
|
14
|
+
expect(SafeRedirect.configuration.domain_whitelists).to eq([])
|
15
|
+
end
|
16
|
+
|
17
|
+
it "can update default_path" do
|
18
|
+
SafeRedirect.configure do |config|
|
19
|
+
config.default_path = 'https://www.bukalapak.com'
|
20
|
+
end
|
21
|
+
expect(SafeRedirect.configuration.default_path).to eq('https://www.bukalapak.com')
|
22
|
+
end
|
23
|
+
|
24
|
+
it "can update domain_whitelists" do
|
25
|
+
SafeRedirect.configure do |config|
|
26
|
+
config.domain_whitelists = ['www.bukalapak.com']
|
27
|
+
end
|
28
|
+
expect(SafeRedirect.configuration.domain_whitelists).to eq(['www.bukalapak.com'])
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module SafeRedirect
|
4
|
+
describe SafeRedirect do
|
5
|
+
class Controller
|
6
|
+
extend SafeRedirect
|
7
|
+
end
|
8
|
+
|
9
|
+
before(:all) do
|
10
|
+
load_config
|
11
|
+
end
|
12
|
+
|
13
|
+
it "considers https://www.bukalapak.com a safe domain" do
|
14
|
+
expect(Controller.safe_domain?('https://www.bukalapak.com')).to eq(true)
|
15
|
+
end
|
16
|
+
|
17
|
+
it "considers / a safe domain" do
|
18
|
+
expect(Controller.safe_domain?('/')).to eq(true)
|
19
|
+
end
|
20
|
+
|
21
|
+
it "considers // an unsafe domain" do
|
22
|
+
expect(Controller.safe_domain?('//')).to eq(false)
|
23
|
+
end
|
24
|
+
|
25
|
+
it "considers http://www.twitter.com a safe domain" do
|
26
|
+
expect(Controller.safe_domain?('http://www.twitter.com')).to eq(true)
|
27
|
+
end
|
28
|
+
|
29
|
+
it "considers https://www.bukalapak.com@google.com an unsafe domain" do
|
30
|
+
expect(Controller.safe_domain?('https://www.bukalapak.com@google.com')).to eq(false)
|
31
|
+
end
|
32
|
+
|
33
|
+
it "considers https://www.bukalapak.com a safe path" do
|
34
|
+
expect(Controller.safe_path('https://www.bukalapak.com')).to eq('https://www.bukalapak.com')
|
35
|
+
end
|
36
|
+
|
37
|
+
it "considers / a safe path" do
|
38
|
+
expect(Controller.safe_path('/')).to eq('/')
|
39
|
+
end
|
40
|
+
|
41
|
+
it "considers // an unsafe path" do
|
42
|
+
expect(Controller.safe_path('//')).to eq('')
|
43
|
+
end
|
44
|
+
|
45
|
+
it "considers http://www.twitter.com a safe path" do
|
46
|
+
expect(Controller.safe_path('http://www.twitter.com')).to eq('http://www.twitter.com')
|
47
|
+
end
|
48
|
+
|
49
|
+
it "considers https://www.bukalapak.com@google.com an unsafe path" do
|
50
|
+
expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('')
|
51
|
+
end
|
52
|
+
|
53
|
+
it "can use redirect_to method with only the target path" do
|
54
|
+
Controller.redirect_to '/'
|
55
|
+
end
|
56
|
+
|
57
|
+
it "can use redirect_to method with both the target path and the options" do
|
58
|
+
Controller.redirect_to '/', notice: 'Back to home page'
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rspec'
|
3
|
+
|
4
|
+
require File.join(File.dirname(__FILE__), '..', 'lib', 'safe_redirect')
|
5
|
+
|
6
|
+
def reset_config
|
7
|
+
SafeRedirect.reset_config
|
8
|
+
end
|
9
|
+
|
10
|
+
def load_config
|
11
|
+
SafeRedirect.configure do |config|
|
12
|
+
config.default_path = '/sdsdkkk'
|
13
|
+
config.domain_whitelists = ['www.twitter.com', 'www.bukalapak.com']
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
module SafeRedirect
|
18
|
+
class << self
|
19
|
+
def reset_config
|
20
|
+
@configuration = Configuration.new
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safe_redirect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edwin Tunggawan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
12
|
-
dependencies:
|
11
|
+
date: 2016-05-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rspec
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
13
27
|
description: Preventing open redirects in Rails apps
|
14
28
|
email:
|
15
29
|
- vcc.edwint@gmail.com
|
@@ -25,8 +39,12 @@ files:
|
|
25
39
|
- lib/safe_redirect/safe_redirect.rb
|
26
40
|
- lib/safe_redirect/version.rb
|
27
41
|
- safe_redirect.gemspec
|
42
|
+
- spec/lib/safe_redirect/configuration_spec.rb
|
43
|
+
- spec/lib/safe_redirect/safe_redirect_spec.rb
|
44
|
+
- spec/spec_helper.rb
|
28
45
|
homepage: https://github.com/sdsdkkk/safe_redirect
|
29
|
-
licenses:
|
46
|
+
licenses:
|
47
|
+
- MIT
|
30
48
|
metadata: {}
|
31
49
|
post_install_message:
|
32
50
|
rdoc_options: []
|
@@ -49,4 +67,7 @@ rubygems_version: 2.5.1
|
|
49
67
|
signing_key:
|
50
68
|
specification_version: 4
|
51
69
|
summary: Preventing open redirects in Rails apps
|
52
|
-
test_files:
|
70
|
+
test_files:
|
71
|
+
- spec/lib/safe_redirect/configuration_spec.rb
|
72
|
+
- spec/lib/safe_redirect/safe_redirect_spec.rb
|
73
|
+
- spec/spec_helper.rb
|