safe_redirect 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +8 -1
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/spec/lib/safe_redirect/safe_redirect_spec.rb +3 -0
  5. metadata +2 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 73595819096734251288a747c73948f27deb1470
4
- data.tar.gz: f1f7de8ed97ee7a9bf50dc7e67d687e896d19e40
3
+ metadata.gz: 9e0bbcba98a1e205b970a2350ad00ee249c29179
4
+ data.tar.gz: d83b859f1a3dff81021f1b3fa7b872e7592f262e
5
5
  SHA512:
6
- metadata.gz: 645b2a52d54d86d5e4e023e511c85ec1fc3ff7f057f25561bb430ebd18708ba0fe158756100171263eb0eedbb4c3c096e7bff26c7ec9cebab8bf3f647e9f897f
7
- data.tar.gz: f8fc5d77f0eb82bf925abfcb8d701b690d9f40e007bd8df03f1ae33c89928c6a94b81417d196889d64c21fdd9b4f9ef3ab33fcd49d5d9e9cbb9a2628e73377b1
6
+ metadata.gz: 421f582d00d284e2229790a0a63761a3eb1794cab6ac68435f1d68f378619ee47f08495cab470f962016ad568cdaa1408b3187be13133396ed20355186263897
7
+ data.tar.gz: 430412ac48189ac16692c3e78e70ef4bac43523e67f33efcae09ab61f49bf9a9a36854d877ebf7dce681323f972a57126e230b05bb0e47ae09b4004688bd7f32
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -2,7 +2,7 @@ require 'uri'
2
2
 
3
3
  module SafeRedirect
4
4
  def safe_domain?(uri)
5
- return true if uri.host.nil? && uri.scheme.nil?
5
+ return true if valid_uri?(uri)
6
6
  return false if uri.host.nil?
7
7
 
8
8
  SafeRedirect.configuration.domain_whitelists.any? do |domain|
@@ -59,4 +59,11 @@ module SafeRedirect
59
59
  hash.delete(:host) unless safe_domain?(uri)
60
60
  hash
61
61
  end
62
+
63
+ def valid_uri?(uri)
64
+ return false unless uri.host.nil? && uri.scheme.nil?
65
+ return true if uri.path.nil? || uri.path =~ /^\//
66
+ false
67
+ end
68
+
62
69
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.2.2'
2
+ VERSION = '0.2.3'
3
3
  end
data/spec/lib/safe_redirect/safe_redirect_spec.rb CHANGED
@@ -17,6 +17,7 @@ module SafeRedirect
17
17
  'http://www.twitter.com',
18
18
  'http://blah.foo.org',
19
19
  'http://foo.org',
20
+ 'http://foo.org/',
20
21
  :back,
21
22
  ['some', 'object'],
22
23
  { controller: 'home', action: 'index' },
@@ -26,6 +27,8 @@ module SafeRedirect
26
27
  "https://www.bukalapak.com@google.com",
27
28
  "http://////@@@@@@attacker.com//evil.com",
28
29
  "//bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com",
30
+ "evil.com",
31
+ ".evil.com",
29
32
  "%@%@%@%@%@%@%@%@%@%@evil.com",
30
33
  "https://www-bukalapak.com",
31
34
  "https://www.bukalapak.com\n.evil.com",
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-08-10 00:00:00.000000000 Z
11
+ date: 2016-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -71,4 +71,3 @@ test_files:
71
71
  - spec/lib/safe_redirect/configuration_spec.rb
72
72
  - spec/lib/safe_redirect/safe_redirect_spec.rb
73
73
  - spec/spec_helper.rb
74
- has_rdoc: