safe_redirect 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +3 -2
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/safe_redirect.gemspec +4 -0
  5. data/spec/lib/safe_redirect/configuration_spec.rb +31 -0
  6. data/spec/lib/safe_redirect/safe_redirect_spec.rb +61 -0
  7. data/spec/spec_helper.rb +23 -0
  8. metadata +26 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 994d65b4b777046399df62f71dea891f3dee1e5b
4
- data.tar.gz: 1d2260242c9dd0c4338b3c3baf45247f2156a32b
3
+ metadata.gz: 9b628c68916ed992402ee971523c5937b30538de
4
+ data.tar.gz: c497d1e8882776fe69f94f8d6095567e76d12036
5
5
  SHA512:
6
- metadata.gz: cd5c9ca9136f6b84935e754d502d9716acf9c0c4cddf4789862fbe6e2c0839ec8590a64fd12f498c7a06234ca3479c42f1237bc0411a39208ecd21a1750a8dd8
7
- data.tar.gz: ff2e823f75d81029b5ae4d9648fe77732f70f8e27dd74d51a67302faeb93b1640db62d71c857d87c0b147b1a3bd151c078efff5a4aefc73d6f29072c0b734bec
6
+ metadata.gz: 10e83cc957953e5ac78ea5e892ca18b01270663b8afbca3805df74880a62071e98ab3c5e4a919da994adadd882d018f45f4210fbde7d830831d6ee5db043d2a6
7
+ data.tar.gz: 1a2c4f2755aee51acbeee1014a55246568b4711cfde312b6d49b8a91f6e3dc9e4a2c99209016833f9ac1fc11fe61de51742e7140bb3367e6ad278dd81041057a
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -12,7 +12,7 @@ module SafeRedirect
12
12
  if safe_domain?(stripped_path)
13
13
  stripped_path
14
14
  else
15
- stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:]*/i, '')
15
+ stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
16
16
  stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
17
17
  stripped_path
18
18
  end
@@ -21,7 +21,8 @@ module SafeRedirect
21
21
  end
22
22
  end
23
23
 
24
- def redirect_to(path, options)
24
+ def redirect_to(path, options={})
25
25
  super safe_path(path), options
26
+ rescue NoMethodError
26
27
  end
27
28
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.1.1'
2
+ VERSION = '0.1.2'
3
3
  end
data/safe_redirect.gemspec CHANGED
@@ -12,7 +12,11 @@ Gem::Specification.new do |gem|
12
12
  gem.description = %q{Preventing open redirects in Rails apps}
13
13
  gem.summary = %q{Preventing open redirects in Rails apps}
14
14
  gem.homepage = "https://github.com/sdsdkkk/safe_redirect"
15
+ gem.licenses = ['MIT']
16
+
17
+ gem.add_development_dependency 'rspec'
15
18
 
16
19
  gem.files = `git ls-files`.split($/)
20
+ gem.test_files = gem.files.grep(%r{^spec/})
17
21
  gem.require_paths = ["lib", "lib/safe_redirect"]
18
22
  end
data/spec/lib/safe_redirect/configuration_spec.rb ADDED
@@ -0,0 +1,31 @@
1
+ require 'spec_helper'
2
+
3
+ module SafeRedirect
4
+ describe Configuration do
5
+ before(:each) do
6
+ reset_config
7
+ end
8
+
9
+ it "default default_path is '/'" do
10
+ expect(SafeRedirect.configuration.default_path).to eq('/')
11
+ end
12
+
13
+ it "default domain_whitelists is []" do
14
+ expect(SafeRedirect.configuration.domain_whitelists).to eq([])
15
+ end
16
+
17
+ it "can update default_path" do
18
+ SafeRedirect.configure do |config|
19
+ config.default_path = 'https://www.bukalapak.com'
20
+ end
21
+ expect(SafeRedirect.configuration.default_path).to eq('https://www.bukalapak.com')
22
+ end
23
+
24
+ it "can update domain_whitelists" do
25
+ SafeRedirect.configure do |config|
26
+ config.domain_whitelists = ['www.bukalapak.com']
27
+ end
28
+ expect(SafeRedirect.configuration.domain_whitelists).to eq(['www.bukalapak.com'])
29
+ end
30
+ end
31
+ end
data/spec/lib/safe_redirect/safe_redirect_spec.rb ADDED
@@ -0,0 +1,61 @@
1
+ require 'spec_helper'
2
+
3
+ module SafeRedirect
4
+ describe SafeRedirect do
5
+ class Controller
6
+ extend SafeRedirect
7
+ end
8
+
9
+ before(:all) do
10
+ load_config
11
+ end
12
+
13
+ it "considers https://www.bukalapak.com a safe domain" do
14
+ expect(Controller.safe_domain?('https://www.bukalapak.com')).to eq(true)
15
+ end
16
+
17
+ it "considers / a safe domain" do
18
+ expect(Controller.safe_domain?('/')).to eq(true)
19
+ end
20
+
21
+ it "considers // an unsafe domain" do
22
+ expect(Controller.safe_domain?('//')).to eq(false)
23
+ end
24
+
25
+ it "considers http://www.twitter.com a safe domain" do
26
+ expect(Controller.safe_domain?('http://www.twitter.com')).to eq(true)
27
+ end
28
+
29
+ it "considers https://www.bukalapak.com@google.com an unsafe domain" do
30
+ expect(Controller.safe_domain?('https://www.bukalapak.com@google.com')).to eq(false)
31
+ end
32
+
33
+ it "considers https://www.bukalapak.com a safe path" do
34
+ expect(Controller.safe_path('https://www.bukalapak.com')).to eq('https://www.bukalapak.com')
35
+ end
36
+
37
+ it "considers / a safe path" do
38
+ expect(Controller.safe_path('/')).to eq('/')
39
+ end
40
+
41
+ it "considers // an unsafe path" do
42
+ expect(Controller.safe_path('//')).to eq('')
43
+ end
44
+
45
+ it "considers http://www.twitter.com a safe path" do
46
+ expect(Controller.safe_path('http://www.twitter.com')).to eq('http://www.twitter.com')
47
+ end
48
+
49
+ it "considers https://www.bukalapak.com@google.com an unsafe path" do
50
+ expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('')
51
+ end
52
+
53
+ it "can use redirect_to method with only the target path" do
54
+ Controller.redirect_to '/'
55
+ end
56
+
57
+ it "can use redirect_to method with both the target path and the options" do
58
+ Controller.redirect_to '/', notice: 'Back to home page'
59
+ end
60
+ end
61
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,23 @@
1
+ require 'rubygems'
2
+ require 'rspec'
3
+
4
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'safe_redirect')
5
+
6
+ def reset_config
7
+ SafeRedirect.reset_config
8
+ end
9
+
10
+ def load_config
11
+ SafeRedirect.configure do |config|
12
+ config.default_path = '/sdsdkkk'
13
+ config.domain_whitelists = ['www.twitter.com', 'www.bukalapak.com']
14
+ end
15
+ end
16
+
17
+ module SafeRedirect
18
+ class << self
19
+ def reset_config
20
+ @configuration = Configuration.new
21
+ end
22
+ end
23
+ end
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-01 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2016-05-03 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rspec
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  description: Preventing open redirects in Rails apps
14
28
  email:
15
29
  - vcc.edwint@gmail.com
@@ -25,8 +39,12 @@ files:
25
39
  - lib/safe_redirect/safe_redirect.rb
26
40
  - lib/safe_redirect/version.rb
27
41
  - safe_redirect.gemspec
42
+ - spec/lib/safe_redirect/configuration_spec.rb
43
+ - spec/lib/safe_redirect/safe_redirect_spec.rb
44
+ - spec/spec_helper.rb
28
45
  homepage: https://github.com/sdsdkkk/safe_redirect
29
- licenses: []
46
+ licenses:
47
+ - MIT
30
48
  metadata: {}
31
49
  post_install_message:
32
50
  rdoc_options: []
@@ -49,4 +67,7 @@ rubygems_version: 2.5.1
49
67
  signing_key:
50
68
  specification_version: 4
51
69
  summary: Preventing open redirects in Rails apps
52
- test_files: []
70
+ test_files:
71
+ - spec/lib/safe_redirect/configuration_spec.rb
72
+ - spec/lib/safe_redirect/safe_redirect_spec.rb
73
+ - spec/spec_helper.rb