safe_redirect 0.1.5 → 0.1.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +1 -1
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/spec/lib/safe_redirect/safe_redirect_spec.rb +4 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5a6d01c7330bafc677a98f499e04b7db0a6c27cf
4
- data.tar.gz: 1672f119857023640eda0223d20e72a214de0129
3
+ metadata.gz: 83594e7e226d3e60888b702e5b78913e5608f048
4
+ data.tar.gz: b28b74779ef487115be6eeb9b64f4aae8e1855cf
5
5
  SHA512:
6
- metadata.gz: 8b9cb5dc6823258bbe67023e1788fe357328e51bd9511345edea8048505ea269641dca477cc9df62fadd038d03065e5676d2d2b1e2365689451b2eaa718b761f
7
- data.tar.gz: df89615fd2dbef7f302024a2ae396e70a6329378e6d38e8242c62d18cc9aa2824f768c740fcaec5f7c79f31fcc4e02b99b347f8c72d575a89895f6e06321fb46
6
+ metadata.gz: ffe4d06d9859fccd5cfd52e84e04bbb03351b50f77a202293c187601395c58b37e5cd360be776bc7ff360562051eabf6930f0440729a91e0a348c1b441b4ba0d
7
+ data.tar.gz: 375f867f4049e2ae31777a318e58d70da3d5a17a25129dc9821a073d6cfc9c30570572acab67bc5e1fbe80761b2569ae1f17af0a1db02458ed0e7916055c433a
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -29,7 +29,7 @@ module SafeRedirect
29
29
  stripped_path = path.strip
30
30
  unless safe_domain?(stripped_path)
31
31
  stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
32
- stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+[a-z0-9\-\.:@]*/i, '')
32
+ stripped_path.gsub!(/^((https?:|data:|javascript:|\.|\/\/|@)+[a-z0-9\-\.:@]*)+/i, '')
33
33
  end
34
34
  stripped_path.empty? ? '/' : stripped_path
35
35
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.1.5'
2
+ VERSION = '0.1.6'
3
3
  end
data/spec/lib/safe_redirect/safe_redirect_spec.rb CHANGED
@@ -63,6 +63,10 @@ module SafeRedirect
63
63
  expect(Controller.safe_path('.@@@google.com/search')).to eq('/search')
64
64
  end
65
65
 
66
+ it "considers http://////@@@@@@attacker.com//evil.com an unsafe path" do
67
+ expect(Controller.safe_path('http://////@@@@@@attacker.com//evil.com')).to eq('/')
68
+ end
69
+
66
70
  it "can use redirect_to method with only the target path" do
67
71
  Controller.redirect_to '/'
68
72
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 0.1.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-20 00:00:00.000000000 Z
11
+ date: 2016-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec