safe_redirect 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d7ec6d3b3465f55bad649de2f616f80fd54eeba7
|
4
|
+
data.tar.gz: 84a2a87fdd19aea1a6df85ed28db68e12588f1b4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 977e8f2775ea6bb8b946fd8f405da5c1a7ccc9f5f8e0289f41d4d108e244c5f62f5812bf4f943e78165bcac4307717e8904e842d82efcfa5fe23df4c267a1906
|
7
|
+
data.tar.gz: 5e763f75a2648e9eac79f60880ef10ac73c60ec789481f1a0fed3435438dd25f17981920952aeb4dc711ca49b28294f5780dc7cb2b412039664621909010fb4a
|
data/README.md
CHANGED
@@ -31,7 +31,8 @@ The `redirect_to` method provided by Rails will be overrode by `safe_redirect`'s
|
|
31
31
|
|
32
32
|
```rb
|
33
33
|
redirect_to 'https://www.google.com' # => redirects to https://www.google.com
|
34
|
-
redirect_to 'https://www.golgege.com' # => redirects to ''
|
34
|
+
redirect_to 'https://www.golgege.com' # => redirects to '/'
|
35
|
+
redirect_to 'https://www.golgege.com', safe: true # => redirects to 'https://www.golgege.com'
|
35
36
|
redirect_to 'https://www.golgege.com/hahaha' # => redirects to '/hahaha'
|
36
37
|
redirect_to 1234 # => redirects to https://www.yahoo.com as default path
|
37
38
|
```
|
@@ -39,7 +40,7 @@ redirect_to 1234 # => redirects to https://www.yahoo.com as default path
|
|
39
40
|
## Contributing
|
40
41
|
|
41
42
|
- Fork the repository
|
42
|
-
- Create a branch for a new feature, build it
|
43
|
+
- Create a branch for a new feature or bug fix, build it
|
43
44
|
- Create a pull request
|
44
45
|
|
45
46
|
## License
|
@@ -48,4 +49,4 @@ MIT License
|
|
48
49
|
|
49
50
|
## Author
|
50
51
|
|
51
|
-
- [Edwin Tunggawan](https://github.com/sdsdkkk)
|
52
|
+
- [Edwin Tunggawan](https://github.com/sdsdkkk)
|
@@ -6,22 +6,22 @@ module SafeRedirect
|
|
6
6
|
reset_config
|
7
7
|
end
|
8
8
|
|
9
|
-
it
|
9
|
+
it 'default default_path is /' do
|
10
10
|
expect(SafeRedirect.configuration.default_path).to eq('/')
|
11
11
|
end
|
12
12
|
|
13
|
-
it
|
13
|
+
it 'default domain_whitelists is []' do
|
14
14
|
expect(SafeRedirect.configuration.domain_whitelists).to eq([])
|
15
15
|
end
|
16
16
|
|
17
|
-
it
|
17
|
+
it 'can update default_path' do
|
18
18
|
SafeRedirect.configure do |config|
|
19
19
|
config.default_path = 'https://www.bukalapak.com'
|
20
20
|
end
|
21
21
|
expect(SafeRedirect.configuration.default_path).to eq('https://www.bukalapak.com')
|
22
22
|
end
|
23
23
|
|
24
|
-
it
|
24
|
+
it 'can update domain_whitelists' do
|
25
25
|
SafeRedirect.configure do |config|
|
26
26
|
config.domain_whitelists = ['www.bukalapak.com']
|
27
27
|
end
|
@@ -10,81 +10,36 @@ module SafeRedirect
|
|
10
10
|
load_config
|
11
11
|
end
|
12
12
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
it "considers // an unsafe domain" do
|
22
|
-
expect(Controller.safe_domain?('//')).to eq(false)
|
23
|
-
end
|
24
|
-
|
25
|
-
it "considers http://www.twitter.com a safe domain" do
|
26
|
-
expect(Controller.safe_domain?('http://www.twitter.com')).to eq(true)
|
27
|
-
end
|
13
|
+
SAFE_PATHS = [
|
14
|
+
'https://www.bukalapak.com',
|
15
|
+
'/',
|
16
|
+
'http://www.twitter.com',
|
17
|
+
:back,
|
18
|
+
{ controller: 'home', action: 'index' }
|
19
|
+
]
|
28
20
|
|
29
|
-
|
30
|
-
|
31
|
-
|
21
|
+
UNSAFE_PATHS = %w(// https://www.bukalapak.com@google.com http://////@@@@@@attacker.com//evil.com
|
22
|
+
.@@@google.com //bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com
|
23
|
+
%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com
|
24
|
+
%@%@%@%@%@%@%@%@%@%@evil.com https://www-bukalapak.com)
|
32
25
|
|
33
|
-
|
34
|
-
|
26
|
+
SAFE_PATHS.each do |path|
|
27
|
+
it "considers #{path} a safe path" do
|
28
|
+
expect(Controller.safe_path(path)).to eq(path)
|
29
|
+
end
|
35
30
|
end
|
36
31
|
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
it "considers // an unsafe path" do
|
42
|
-
expect(Controller.safe_path('//')).to eq('/')
|
43
|
-
end
|
44
|
-
|
45
|
-
it "considers http://www.twitter.com a safe path" do
|
46
|
-
expect(Controller.safe_path('http://www.twitter.com')).to eq('http://www.twitter.com')
|
47
|
-
end
|
48
|
-
|
49
|
-
it "considers :back a safe path" do
|
50
|
-
expect(Controller.safe_path(:back)).to eq(:back)
|
51
|
-
end
|
52
|
-
|
53
|
-
it "considers {controller: 'home', action: 'index'} a safe path" do
|
54
|
-
expect(Controller.safe_path({controller: 'home', action: 'index'})).to eq({controller: 'home', action: 'index'})
|
55
|
-
end
|
56
|
-
|
57
|
-
it "considers https://www.bukalapak.com@google.com an unsafe path" do
|
58
|
-
expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('/')
|
59
|
-
end
|
60
|
-
|
61
|
-
it "considers .@@@google.com an unsafe path" do
|
62
|
-
expect(Controller.safe_path('.@@@google.com')).to eq('/')
|
63
|
-
expect(Controller.safe_path('.@@@google.com/search')).to eq('/search')
|
64
|
-
end
|
65
|
-
|
66
|
-
it "considers http://////@@@@@@attacker.com//evil.com an unsafe path" do
|
67
|
-
expect(Controller.safe_path('http://////@@@@@@attacker.com//evil.com')).to eq('/')
|
68
|
-
end
|
69
|
-
|
70
|
-
it "considers //bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
|
71
|
-
expect(Controller.safe_path('//bukalapak.com%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
|
72
|
-
end
|
73
|
-
|
74
|
-
it "considers %25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com an unsafe path" do
|
75
|
-
expect(Controller.safe_path('%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40%25%40evil.com')).to eq('/')
|
76
|
-
end
|
77
|
-
|
78
|
-
|
79
|
-
it "considers %@%@%@%@%@%@%@%@%@%@evil.com an unsafe path" do
|
80
|
-
expect(Controller.safe_path('%@%@%@%@%@%@%@%@%@%@evil.com')).to eq('/')
|
32
|
+
UNSAFE_PATHS.each do |path|
|
33
|
+
it "considers #{path} an unsafe path" do
|
34
|
+
expect(Controller.safe_path(path)).to eq('/')
|
35
|
+
end
|
81
36
|
end
|
82
37
|
|
83
|
-
it
|
38
|
+
it 'can use redirect_to method with only the target path' do
|
84
39
|
Controller.redirect_to '/'
|
85
40
|
end
|
86
41
|
|
87
|
-
it
|
42
|
+
it 'can use redirect_to method with both the target path and the options' do
|
88
43
|
Controller.redirect_to '/', notice: 'Back to home page'
|
89
44
|
end
|
90
45
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: safe_redirect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edwin Tunggawan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-07-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -71,3 +71,4 @@ test_files:
|
|
71
71
|
- spec/lib/safe_redirect/configuration_spec.rb
|
72
72
|
- spec/lib/safe_redirect/safe_redirect_spec.rb
|
73
73
|
- spec/spec_helper.rb
|
74
|
+
has_rdoc:
|