sanitize_user_agent_header 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 108290424f2d89412961132a44c5285e03547c42
+  data.tar.gz: e2f08105b183eb152ea976a0f81ff8de6ce9d697
+SHA512:
+  metadata.gz: fabbc5e3c05aaccd421f1703973a328b74efd13ab06181047415d572b0a41da3c598d9d7357b6a38d3be9a48f42012f53a2837c530c02e2c852d3e7370cda7a7
+  data.tar.gz: fe8acd9a4bf5e55ad64403e9f1eaad04c7b279804cec8de2c40ec42518445231d5f38b24db0d126b955a9dfc3004512f615abdc6cc72381dad93613f86e95557

data/.gitignore

@@ -0,0 +1,54 @@
+# rbenv/rvm
+.ruby-version
+
+# rcov generated
+coverage
+coverage.data
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
+.bundle
+Gemfile.lock
+gemfiles/*.lock
+
+# jeweler generated
+pkg
+
+# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore: 
+#
+# * Create a file at ~/.gitignore
+# * Include files you want ignored
+# * Run: git config --global core.excludesfile ~/.gitignore
+#
+# After doing this, these files will be ignored in all your git projects,
+# saving you from having to 'pollute' every project you touch with them
+#
+# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
+#
+# For MacOS:
+#
+#.DS_Store
+
+# For TextMate
+#*.tmproj
+#tmtags
+
+# For emacs:
+#*~
+#\#*
+#.\#*
+
+# For vim:
+#*.swp
+
+# For redcar:
+#.redcar
+
+# For rubinius:
+#*.rbc

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.2.6
+before_install: gem install bundler -v 1.13.6

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sanitize_user_agent_header.gemspec
+gemspec

data/README.md

@@ -0,0 +1,38 @@
+Decodes the `User-Agent` header in your Rack request hash to be UTF-8. Mostly useful for headers like
+
+    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; Telecomunicaciones espa��olas`
+
+which get inserted by (rather clueless) telcos, especially in packaged Android distributions (one of the many reasons why letting telcos
+customize the handset is a bad idea). This library will do it's best to reencode the header in good UTF-8, and barring that will do a lossy
+replacement with question-mark substitions.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sanitize_user_agent_header'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sanitize_user_agent_header
+
+In Rails the gem will be inserted into your application stack automatically. In raw Rack, install the middleware in `config.ru` like so:
+
+    use SanitizeUserAgentHeader
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sanitize_user_agent_header.
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/sanitize_user_agent_header.rb

@@ -0,0 +1,42 @@
+require "sanitize_user_agent_header/version"
+
+# This middleware will ensure that the User-Agent request header is actually
+# UTF-8, which will prevent bad things down the road. Strictly speaking,
+# the _string_ must be kept in an ISO encoding (single byte header limitations).
+# But pragmatically we use this header in many places, and applying an explicit
+# decode to it is a chore. Also, we are not violating the spec, merely "matching"
+# the encoding of an input variable to the internal encoding of the system.
+class SanitizeUserAgentHeader
+  HTTP_USER_AGENT = 'HTTP_USER_AGENT'.freeze
+  private_constant :HTTP_USER_AGENT
+  
+  def initialize(app)
+    @app = app
+  end
+  
+  def call(env)
+    if env[HTTP_USER_AGENT]
+      env[HTTP_USER_AGENT] = opportunistically_convert_to_utf8(env[HTTP_USER_AGENT])
+    end
+    @app.call(env)
+  end
+  
+  # http://stackoverflow.com/questions/10384741/is-a-unicode-user-agent-legal-inside-an-http-header
+  def opportunistically_convert_to_utf8(str)
+    try_encodings = %w( ISO-8859-1 CP1252 )
+    try_encodings.each do |enc|
+      begin
+        encoded_as_utf8 = str.force_encoding(enc).encode(Encoding::UTF_8)
+        return encoded_as_utf8
+      rescue Encoding::UndefinedConversionError
+      end
+    end
+    # Last resort, just strip it of everything
+    str.force_encoding(Encoding::ISO8859_1)
+    str.encode(Encoding::ASCII, invalid: :replace, undef: :replace, replace: '?').encode(Encoding::UTF_8)
+  end
+  
+  if defined?(Rails)
+    require_relative 'sanitize_user_agent_header/railtie'
+  end
+end

data/lib/sanitize_user_agent_header/railtie.rb

@@ -0,0 +1,5 @@
+class SanitizeUserAgentHeader::Railtie < Rails::Railtie
+  initializer "sanitize_user_agent_header.configure_rails_initialization" do |app|
+    app.middleware.use SanitizeUserAgentHeader
+  end
+end

data/lib/sanitize_user_agent_header/version.rb

@@ -0,0 +1,3 @@
+class SanitizeUserAgentHeader
+  VERSION = "0.1.0"
+end

data/sanitize_user_agent_header.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sanitize_user_agent_header/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "sanitize_user_agent_header"
+  spec.version       = SanitizeUserAgentHeader::VERSION
+  spec.authors       = ["Julik Tarkhanov"]
+  spec.email         = ["me@julik.nl"]
+
+  spec.summary       = %q{ Decodes the User-Agent header into UTF-8 in any Rack app }
+  spec.description   = %q{ Decodes the User-Agent header into UTF-8 in any Rack app }
+  spec.homepage      = "https://github.com/WeTransfer/sanitize_user_agent_header"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = "https://rubygems.org"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "rack"
+  spec.add_development_dependency "rack-test"
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.2"
+end

data/spec/sanitize_user_agent_header_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+require 'rack'
+require 'rack/test'
+
+describe SanitizeUserAgentHeader do
+  include Rack::Test::Methods
+  
+  let(:app) {
+    app_proc = ->(env) {
+      [200, {}, [env.fetch('HTTP_USER_AGENT', '<NONE>').encode(Encoding::UTF_8)]]
+    }
+    SanitizeUserAgentHeader.new(app_proc)
+  }
+
+  it 'calls the app when no user agent header is set' do
+    get '/'
+    expect(last_response.body).to eq("<NONE>")
+  end
+
+  it 'calls the app when the user agent is just ASCII' do
+    get '/', {}, {'HTTP_USER_AGENT' => 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)'}
+    expect(last_response.body).to eq("Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)")
+  end
+
+  describe 'with non-ASCII characters in the User-Agent header combined with UTF-8 params' do
+    ['ISO-8859-1', 'CP1252'].each do | windows_encoding |
+      it "decodes the UA header and prevents encoding errors for UA header in #{windows_encoding}" do
+        # From our actual bug records
+        utf8_ua = 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Pernod Ricard España)'
+        windows_ua = utf8_ua.encode(windows_encoding)
+        post '/', {'message' => 'Voiçi un header'}, {'HTTP_USER_AGENT' => windows_ua}
+        expect(last_response).to be_ok
+        expect(last_response.body).to eq('Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Pernod Ricard España)')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'bundler'
+Bundler.require
+
+$LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
+require "sanitize_user_agent_header"
+

metadata

@@ -0,0 +1,125 @@
+--- !ruby/object:Gem::Specification
+name: sanitize_user_agent_header
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Julik Tarkhanov
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-06-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+description: " Decodes the User-Agent header into UTF-8 in any Rack app "
+email:
+- me@julik.nl
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- lib/sanitize_user_agent_header.rb
+- lib/sanitize_user_agent_header/railtie.rb
+- lib/sanitize_user_agent_header/version.rb
+- sanitize_user_agent_header.gemspec
+- spec/sanitize_user_agent_header_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/WeTransfer/sanitize_user_agent_header
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Decodes the User-Agent header into UTF-8 in any Rack app
+test_files: []