safe_redirect 0.1.9 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 846ca148f882664845dd48c74c4b210b09101554
-  data.tar.gz: fb1a59ccad4d4065ecffcbe5777150f07f657919
+  metadata.gz: d7ec6d3b3465f55bad649de2f616f80fd54eeba7
+  data.tar.gz: 84a2a87fdd19aea1a6df85ed28db68e12588f1b4
 SHA512:
-  metadata.gz: 4c89105fbf5b35697f8182b74a50a46863bd43f30e4c78f8d0cd8b4e800b952ce9892528f9abfd7cc6fc75ffc2afe62292845c216b26f3b99857954259f388ca
-  data.tar.gz: f52475eb7900bc3872dff9da34a89258ad0f0b486efcd67b623568edfdf25a0dbdcb41d545de16576bb0b2577a225a6270ca75225c2563ecf91d1fe7ca0252f8
+  metadata.gz: 977e8f2775ea6bb8b946fd8f405da5c1a7ccc9f5f8e0289f41d4d108e244c5f62f5812bf4f943e78165bcac4307717e8904e842d82efcfa5fe23df4c267a1906
+  data.tar.gz: 5e763f75a2648e9eac79f60880ef10ac73c60ec789481f1a0fed3435438dd25f17981920952aeb4dc711ca49b28294f5780dc7cb2b412039664621909010fb4a

data/README.md

@@ -31,7 +31,8 @@ The `redirect_to` method provided by Rails will be overrode by `safe_redirect`'s
 
 ```rb
 redirect_to 'https://www.google.com' # => redirects to https://www.google.com
-redirect_to 'https://www.golgege.com' # => redirects to ''
+redirect_to 'https://www.golgege.com' # => redirects to '/'
+redirect_to 'https://www.golgege.com', safe: true # => redirects to 'https://www.golgege.com'
 redirect_to 'https://www.golgege.com/hahaha' # => redirects to '/hahaha'
 redirect_to 1234 # => redirects to https://www.yahoo.com as default path
 ```
@@ -39,7 +40,7 @@ redirect_to 1234 # => redirects to https://www.yahoo.com as default path
 ## Contributing
 
 - Fork the repository
-- Create a branch for a new feature, build it
+- Create a branch for a new feature or bug fix, build it
 - Create a pull request
 
 ## License
@@ -48,4 +49,4 @@ MIT License
 
 ## Author
 
-- [Edwin Tunggawan](https://github.com/sdsdkkk)
+- [Edwin Tunggawan](https://github.com/sdsdkkk)

data/lib/safe_redirect/safe_redirect.rb

@@ -2,7 +2,7 @@ module SafeRedirect
   def safe_domain?(path)
     path =~ /^\// && !(path =~ /^\/\/+/)  ||
     SafeRedirect.configuration.domain_whitelists.any? do |w|
-      path =~ /^https?:\/\/#{w}($|\/.*)/i
+      path =~ /^https?:\/\/#{Regexp.escape(w)}($|\/.*)/i
     end
   end
 

data/lib/safe_redirect/version.rb

@@ -1,3 +1,3 @@
 module SafeRedirect
-  VERSION = '0.1.9'
+  VERSION = '0.2.0'
 end

data/spec/lib/safe_redirect/configuration_spec.rb

@@ -6,22 +6,22 @@ module SafeRedirect
       reset_config
     end
 
-    it "default default_path is /" do
+    it 'default default_path is /' do
       expect(SafeRedirect.configuration.default_path).to eq('/')
     end
 
-    it "default domain_whitelists is []" do
+    it 'default domain_whitelists is []' do
       expect(SafeRedirect.configuration.domain_whitelists).to eq([])
     end
 
-    it "can update default_path" do
+    it 'can update default_path' do
       SafeRedirect.configure do |config|
         config.default_path = 'https://www.bukalapak.com'
       end
       expect(SafeRedirect.configuration.default_path).to eq('https://www.bukalapak.com')
     end
 
-    it "can update domain_whitelists" do
+    it 'can update domain_whitelists' do
       SafeRedirect.configure do |config|
         config.domain_whitelists = ['www.bukalapak.com']
       end

data/spec/lib/safe_redirect/safe_redirect_spec.rb

@@ -10,81 +10,36 @@ module SafeRedirect
       load_config
     end
 
-    it "considers https://www.bukalapak.com a safe domain" do
-      expect(Controller.safe_domain?('https://www.bukalapak.com')).to eq(true)
-    end
-
-    it "considers / a safe domain" do
-      expect(Controller.safe_domain?('/')).to eq(true)
-    end
-
-    it "considers // an unsafe domain" do
-      expect(Controller.safe_domain?('//')).to eq(false)
-    end
-
-    it "considers http://www.twitter.com a safe domain" do
-      expect(Controller.safe_domain?('http://www.twitter.com')).to eq(true)
-    end
+    SAFE_PATHS = [
+      'https://www.bukalapak.com',
+      '/',
+      'http://www.twitter.com',
+      :back,
+      { controller: 'home', action: 'index' }
+    ]
 
-    it "considers https://www.bukalapak.com@google.com an unsafe domain" do
-      expect(Controller.safe_domain?('https://www.bukalapak.com@google.com')).to eq(false)
-    end
+    UNSAFE_PATHS = %w(// https://www.bukalapak.com@google.com http://////@@@@@@attacker.com//evil.com
+                      .@@@google.com //bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com
+                      %25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com 
+                      %@%@%@%@%@%@%@%@%@%@evil.com https://www-bukalapak.com)
 
-    it "considers https://www.bukalapak.com a safe path" do
-      expect(Controller.safe_path('https://www.bukalapak.com')).to eq('https://www.bukalapak.com')
+    SAFE_PATHS.each do |path|
+      it "considers #{path} a safe path" do
+        expect(Controller.safe_path(path)).to eq(path)
+      end
     end
 
-    it "considers / a safe path" do
-      expect(Controller.safe_path('/')).to eq('/')
-    end
-
-    it "considers // an unsafe path" do
-      expect(Controller.safe_path('//')).to eq('/')
-    end
-
-    it "considers http://www.twitter.com a safe path" do
-      expect(Controller.safe_path('http://www.twitter.com')).to eq('http://www.twitter.com')
-    end
-
-    it "considers :back a safe path" do
-      expect(Controller.safe_path(:back)).to eq(:back)
-    end
-
-    it "considers {controller: 'home', action: 'index'} a safe path" do
-      expect(Controller.safe_path({controller: 'home', action: 'index'})).to eq({controller: 'home', action: 'index'})
-    end
-
-    it "considers https://www.bukalapak.com@google.com an unsafe path" do
-      expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('/')
-    end
-
-    it "considers .@@@google.com an unsafe path" do
-      expect(Controller.safe_path('.@@@google.com')).to eq('/')
-      expect(Controller.safe_path('.@@@google.com/search')).to eq('/search')
-    end
-
-    it "considers http://////@@@@@@attacker.com//evil.com an unsafe path" do
-      expect(Controller.safe_path('http://////@@@@@@attacker.com//evil.com')).to eq('/')
-    end
-
-    it "considers //bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
-      expect(Controller.safe_path('//bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
-    end
-
-    it "considers %25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
-      expect(Controller.safe_path('%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
-    end
-
-
-    it "considers %@%@%@%@%@%@%@%@%@%@evil.com an unsafe path" do
-      expect(Controller.safe_path('%@%@%@%@%@%@%@%@%@%@evil.com')).to eq('/')
+    UNSAFE_PATHS.each do |path|
+      it "considers #{path} an unsafe path" do
+        expect(Controller.safe_path(path)).to eq('/')
+      end
     end
 
-    it "can use redirect_to method with only the target path" do
+    it 'can use redirect_to method with only the target path' do
       Controller.redirect_to '/'
     end
 
-    it "can use redirect_to method with both the target path and the options" do
+    it 'can use redirect_to method with both the target path and the options' do
       Controller.redirect_to '/', notice: 'Back to home page'
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: safe_redirect
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.2.0
 platform: ruby
 authors:
 - Edwin Tunggawan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-13 00:00:00.000000000 Z
+date: 2016-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -71,3 +71,4 @@ test_files:
 - spec/lib/safe_redirect/configuration_spec.rb
 - spec/lib/safe_redirect/safe_redirect_spec.rb
 - spec/spec_helper.rb
+has_rdoc: