safe_redirect 0.1.8 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +1 -1
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/spec/lib/safe_redirect/safe_redirect_spec.rb +13 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9bea54db6f46e150f339c0a34d2778c5a0ccb9ec
4
- data.tar.gz: 1df29a162b56ac46989c29d1f06285cbd25da584
3
+ metadata.gz: 846ca148f882664845dd48c74c4b210b09101554
4
+ data.tar.gz: fb1a59ccad4d4065ecffcbe5777150f07f657919
5
5
  SHA512:
6
- metadata.gz: 5eceec28da87fa63b50e530c9529f56bd4fbdbeaea2f5c11329c4ca8b7dc60e9c4f87bedddf08250f86fff956933367332392131caf4be1b680883a39918453d
7
- data.tar.gz: 574dcad181101890960caea28171a47f4d3e621c0afa561d804795afd18d4d3a832a05e9dc30d894069a39d9b19fba5b6de40dbd7a3cfcf4452e9c0c92f58c80
6
+ metadata.gz: 4c89105fbf5b35697f8182b74a50a46863bd43f30e4c78f8d0cd8b4e800b952ce9892528f9abfd7cc6fc75ffc2afe62292845c216b26f3b99857954259f388ca
7
+ data.tar.gz: f52475eb7900bc3872dff9da34a89258ad0f0b486efcd67b623568edfdf25a0dbdcb41d545de16576bb0b2577a225a6270ca75225c2563ecf91d1fe7ca0252f8
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -29,7 +29,7 @@ module SafeRedirect
29
29
  stripped_path = path.strip
30
30
  unless safe_domain?(stripped_path)
31
31
  stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
32
- stripped_path.gsub!(/^((https?:|data:|javascript:|\.|\/\/|@|%25%40)+[a-z0-9\-\.:@%]*)+/i, '')
32
+ stripped_path.gsub!(/^((https?:|data:|javascript:|\.|\/\/|@|%)+[a-z0-9\-\.:@%]*)+/i, '')
33
33
  end
34
34
  stripped_path.empty? ? '/' : stripped_path
35
35
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.1.8'
2
+ VERSION = '0.1.9'
3
3
  end
data/spec/lib/safe_redirect/safe_redirect_spec.rb CHANGED
@@ -67,6 +67,19 @@ module SafeRedirect
67
67
  expect(Controller.safe_path('http://////@@@@@@attacker.com//evil.com')).to eq('/')
68
68
  end
69
69
 
70
+ it "considers //bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
71
+ expect(Controller.safe_path('//bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
72
+ end
73
+
74
+ it "considers %25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
75
+ expect(Controller.safe_path('%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
76
+ end
77
+
78
+
79
+ it "considers %@%@%@%@%@%@%@%@%@%@evil.com an unsafe path" do
80
+ expect(Controller.safe_path('%@%@%@%@%@%@%@%@%@%@evil.com')).to eq('/')
81
+ end
82
+
70
83
  it "can use redirect_to method with only the target path" do
71
84
  Controller.redirect_to '/'
72
85
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.8
4
+ version: 0.1.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-10 00:00:00.000000000 Z
11
+ date: 2016-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec