safe_redirect 0.1.8 → 0.1.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +1 -1
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/spec/lib/safe_redirect/safe_redirect_spec.rb +13 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9bea54db6f46e150f339c0a34d2778c5a0ccb9ec
4
- data.tar.gz: 1df29a162b56ac46989c29d1f06285cbd25da584
3
+ metadata.gz: 846ca148f882664845dd48c74c4b210b09101554
4
+ data.tar.gz: fb1a59ccad4d4065ecffcbe5777150f07f657919
5
5
  SHA512:
6
- metadata.gz: 5eceec28da87fa63b50e530c9529f56bd4fbdbeaea2f5c11329c4ca8b7dc60e9c4f87bedddf08250f86fff956933367332392131caf4be1b680883a39918453d
7
- data.tar.gz: 574dcad181101890960caea28171a47f4d3e621c0afa561d804795afd18d4d3a832a05e9dc30d894069a39d9b19fba5b6de40dbd7a3cfcf4452e9c0c92f58c80
6
+ metadata.gz: 4c89105fbf5b35697f8182b74a50a46863bd43f30e4c78f8d0cd8b4e800b952ce9892528f9abfd7cc6fc75ffc2afe62292845c216b26f3b99857954259f388ca
7
+ data.tar.gz: f52475eb7900bc3872dff9da34a89258ad0f0b486efcd67b623568edfdf25a0dbdcb41d545de16576bb0b2577a225a6270ca75225c2563ecf91d1fe7ca0252f8
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -29,7 +29,7 @@ module SafeRedirect
29
29
  stripped_path = path.strip
30
30
  unless safe_domain?(stripped_path)
31
31
  stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
32
- stripped_path.gsub!(/^((https?:|data:|javascript:|\.|\/\/|@|%25%40)+[a-z0-9\-\.:@%]*)+/i, '')
32
+ stripped_path.gsub!(/^((https?:|data:|javascript:|\.|\/\/|@|%)+[a-z0-9\-\.:@%]*)+/i, '')
33
33
  end
34
34
  stripped_path.empty? ? '/' : stripped_path
35
35
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.1.8'
2
+ VERSION = '0.1.9'
3
3
  end
data/spec/lib/safe_redirect/safe_redirect_spec.rb CHANGED
@@ -67,6 +67,19 @@ module SafeRedirect
67
67
  expect(Controller.safe_path('http://////@@@@@@attacker.com//evil.com')).to eq('/')
68
68
  end
69
69
 
70
+ it "considers //bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
71
+ expect(Controller.safe_path('//bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
72
+ end
73
+
74
+ it "considers %25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
75
+ expect(Controller.safe_path('%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
76
+ end
77
+
78
+
79
+ it "considers %@%@%@%@%@%@%@%@%@%@evil.com an unsafe path" do
80
+ expect(Controller.safe_path('%@%@%@%@%@%@%@%@%@%@evil.com')).to eq('/')
81
+ end
82
+
70
83
  it "can use redirect_to method with only the target path" do
71
84
  Controller.redirect_to '/'
72
85
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.8
4
+ version: 0.1.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-10 00:00:00.000000000 Z
11
+ date: 2016-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec