safe_redirect 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9e0bbcba98a1e205b970a2350ad00ee249c29179
|
4
|
+
data.tar.gz: d83b859f1a3dff81021f1b3fa7b872e7592f262e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 421f582d00d284e2229790a0a63761a3eb1794cab6ac68435f1d68f378619ee47f08495cab470f962016ad568cdaa1408b3187be13133396ed20355186263897
|
7
|
+
data.tar.gz: 430412ac48189ac16692c3e78e70ef4bac43523e67f33efcae09ab61f49bf9a9a36854d877ebf7dce681323f972a57126e230b05bb0e47ae09b4004688bd7f32
|
@@ -2,7 +2,7 @@ require 'uri'
|
|
2
2
|
|
3
3
|
module SafeRedirect
|
4
4
|
def safe_domain?(uri)
|
5
|
-
return true if
|
5
|
+
return true if valid_uri?(uri)
|
6
6
|
return false if uri.host.nil?
|
7
7
|
|
8
8
|
SafeRedirect.configuration.domain_whitelists.any? do |domain|
|
@@ -59,4 +59,11 @@ module SafeRedirect
|
|
59
59
|
hash.delete(:host) unless safe_domain?(uri)
|
60
60
|
hash
|
61
61
|
end
|
62
|
+
|
63
|
+
def valid_uri?(uri)
|
64
|
+
return false unless uri.host.nil? && uri.scheme.nil?
|
65
|
+
return true if uri.path.nil? || uri.path =~ /^\//
|
66
|
+
false
|
67
|
+
end
|
68
|
+
|
62
69
|
end
|
@@ -17,6 +17,7 @@ module SafeRedirect
|
|
17
17
|
'http://www.twitter.com',
|
18
18
|
'http://blah.foo.org',
|
19
19
|
'http://foo.org',
|
20
|
+
'http://foo.org/',
|
20
21
|
:back,
|
21
22
|
['some', 'object'],
|
22
23
|
{ controller: 'home', action: 'index' },
|
@@ -26,6 +27,8 @@ module SafeRedirect
|
|
26
27
|
"https://www.bukalapak.com@google.com",
|
27
28
|
"http://////@@@@@@attacker.com//evil.com",
|
28
29
|
"//bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com",
|
30
|
+
"evil.com",
|
31
|
+
".evil.com",
|
29
32
|
"%@%@%@%@%@%@%@%@%@%@evil.com",
|
30
33
|
"https://www-bukalapak.com",
|
31
34
|
"https://www.bukalapak.com\n.evil.com",
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safe_redirect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edwin Tunggawan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-11-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -71,4 +71,3 @@ test_files:
|
|
71
71
|
- spec/lib/safe_redirect/configuration_spec.rb
|
72
72
|
- spec/lib/safe_redirect/safe_redirect_spec.rb
|
73
73
|
- spec/spec_helper.rb
|
74
|
-
has_rdoc:
|