safe_redirect 0.2.2 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/safe_redirect/safe_redirect.rb +8 -1
  3. data/lib/safe_redirect/version.rb +1 -1
  4. data/spec/lib/safe_redirect/safe_redirect_spec.rb +3 -0
  5. metadata +2 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 73595819096734251288a747c73948f27deb1470
4
- data.tar.gz: f1f7de8ed97ee7a9bf50dc7e67d687e896d19e40
3
+ metadata.gz: 9e0bbcba98a1e205b970a2350ad00ee249c29179
4
+ data.tar.gz: d83b859f1a3dff81021f1b3fa7b872e7592f262e
5
5
  SHA512:
6
- metadata.gz: 645b2a52d54d86d5e4e023e511c85ec1fc3ff7f057f25561bb430ebd18708ba0fe158756100171263eb0eedbb4c3c096e7bff26c7ec9cebab8bf3f647e9f897f
7
- data.tar.gz: f8fc5d77f0eb82bf925abfcb8d701b690d9f40e007bd8df03f1ae33c89928c6a94b81417d196889d64c21fdd9b4f9ef3ab33fcd49d5d9e9cbb9a2628e73377b1
6
+ metadata.gz: 421f582d00d284e2229790a0a63761a3eb1794cab6ac68435f1d68f378619ee47f08495cab470f962016ad568cdaa1408b3187be13133396ed20355186263897
7
+ data.tar.gz: 430412ac48189ac16692c3e78e70ef4bac43523e67f33efcae09ab61f49bf9a9a36854d877ebf7dce681323f972a57126e230b05bb0e47ae09b4004688bd7f32
data/lib/safe_redirect/safe_redirect.rb CHANGED
@@ -2,7 +2,7 @@ require 'uri'
2
2
 
3
3
  module SafeRedirect
4
4
  def safe_domain?(uri)
5
- return true if uri.host.nil? && uri.scheme.nil?
5
+ return true if valid_uri?(uri)
6
6
  return false if uri.host.nil?
7
7
 
8
8
  SafeRedirect.configuration.domain_whitelists.any? do |domain|
@@ -59,4 +59,11 @@ module SafeRedirect
59
59
  hash.delete(:host) unless safe_domain?(uri)
60
60
  hash
61
61
  end
62
+
63
+ def valid_uri?(uri)
64
+ return false unless uri.host.nil? && uri.scheme.nil?
65
+ return true if uri.path.nil? || uri.path =~ /^\//
66
+ false
67
+ end
68
+
62
69
  end
data/lib/safe_redirect/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeRedirect
2
- VERSION = '0.2.2'
2
+ VERSION = '0.2.3'
3
3
  end
data/spec/lib/safe_redirect/safe_redirect_spec.rb CHANGED
@@ -17,6 +17,7 @@ module SafeRedirect
17
17
  'http://www.twitter.com',
18
18
  'http://blah.foo.org',
19
19
  'http://foo.org',
20
+ 'http://foo.org/',
20
21
  :back,
21
22
  ['some', 'object'],
22
23
  { controller: 'home', action: 'index' },
@@ -26,6 +27,8 @@ module SafeRedirect
26
27
  "https://www.bukalapak.com@google.com",
27
28
  "http://////@@@@@@attacker.com//evil.com",
28
29
  "//bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com",
30
+ "evil.com",
31
+ ".evil.com",
29
32
  "%@%@%@%@%@%@%@%@%@%@evil.com",
30
33
  "https://www-bukalapak.com",
31
34
  "https://www.bukalapak.com\n.evil.com",
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safe_redirect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Edwin Tunggawan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-08-10 00:00:00.000000000 Z
11
+ date: 2016-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -71,4 +71,3 @@ test_files:
71
71
  - spec/lib/safe_redirect/configuration_spec.rb
72
72
  - spec/lib/safe_redirect/safe_redirect_spec.rb
73
73
  - spec/spec_helper.rb
74
- has_rdoc: