ssrf_filter 1.0.6 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/ssrf_filter/patch/ssl_socket.rb +1 -0
- data/lib/ssrf_filter/ssrf_filter.rb +7 -4
- data/lib/ssrf_filter/version.rb +1 -1
- metadata +13 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 17984597a9ad2c3dd852793334951478090086e5c6b7f86d67cf827fa98bff4c
|
|
4
|
+
data.tar.gz: 99c09e926f2b2c3a040dd0deed245ebb005f6cb242a185a7bca15592183f0b82
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ad60b8c2efaca1de0b7d89de0102eef87d23c65d1c6b73e674092e7740e8c5fe1a006801c648529bf9150eb590df9b3c160af519b666176f41697ef69218918e
|
|
7
|
+
data.tar.gz: '062843311bfdb75b9de842fb29e4864da4a4acc4c41d454fec593ee3c0a86f306cddd30d4cc9c46b6d6b169b2e3e3480c2e8499cb637eaf97d96afa534b41569'
|
|
@@ -53,11 +53,12 @@ class SsrfFilter
|
|
|
53
53
|
::IPAddr.new('2002::/16'), # 6to4
|
|
54
54
|
::IPAddr.new('fc00::/7'), # Unique local address
|
|
55
55
|
::IPAddr.new('fe80::/10'), # Link-local address
|
|
56
|
-
::IPAddr.new('ff00::/8')
|
|
56
|
+
::IPAddr.new('ff00::/8') # Multicast
|
|
57
57
|
] + IPV4_BLACKLIST.flat_map do |ipaddr|
|
|
58
58
|
prefixlen = prefixlen_from_ipaddr(ipaddr)
|
|
59
59
|
|
|
60
|
-
|
|
60
|
+
# Don't call ipaddr.ipv4_compat because it prints out a deprecation warning on ruby 2.5+
|
|
61
|
+
ipv4_compatible = IPAddr.new(ipaddr.to_i, Socket::AF_INET6).mask(96 + prefixlen)
|
|
61
62
|
ipv4_mapped = ipaddr.ipv4_mapped.mask(80 + prefixlen)
|
|
62
63
|
|
|
63
64
|
[ipv4_compatible, ipv4_mapped]
|
|
@@ -188,9 +189,11 @@ class SsrfFilter
|
|
|
188
189
|
block.call(request) if block_given?
|
|
189
190
|
validate_request(request)
|
|
190
191
|
|
|
191
|
-
|
|
192
|
+
http_options = options[:http_options] || {}
|
|
193
|
+
http_options[:use_ssl] = (uri.scheme == 'https')
|
|
194
|
+
|
|
192
195
|
with_forced_hostname(hostname) do
|
|
193
|
-
::Net::HTTP.start(uri.hostname, uri.port,
|
|
196
|
+
::Net::HTTP.start(uri.hostname, uri.port, http_options) do |http|
|
|
194
197
|
http.request(request)
|
|
195
198
|
end
|
|
196
199
|
end
|
data/lib/ssrf_filter/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssrf_filter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Arkadiy Tetelman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-10-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler-audit
|
|
@@ -16,70 +16,70 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.6.
|
|
19
|
+
version: 0.6.1
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.6.
|
|
26
|
+
version: 0.6.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: coveralls
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.8.
|
|
33
|
+
version: 0.8.22
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.8.
|
|
40
|
+
version: 0.8.22
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 3.
|
|
47
|
+
version: 3.8.0
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 3.
|
|
54
|
+
version: 3.8.0
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: webmock
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 3.
|
|
61
|
+
version: 3.5.1
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 3.
|
|
68
|
+
version: 3.5.1
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rubocop
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 0.
|
|
75
|
+
version: 0.65.0
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 0.
|
|
82
|
+
version: 0.65.0
|
|
83
83
|
description: A gem that makes it easy to prevent server side request forgery (SSRF)
|
|
84
84
|
attacks
|
|
85
85
|
email:
|
|
@@ -111,8 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
111
111
|
- !ruby/object:Gem::Version
|
|
112
112
|
version: '0'
|
|
113
113
|
requirements: []
|
|
114
|
-
|
|
115
|
-
rubygems_version: 2.6.14
|
|
114
|
+
rubygems_version: 3.0.3
|
|
116
115
|
signing_key:
|
|
117
116
|
specification_version: 4
|
|
118
117
|
summary: A gem that makes it easy to prevent server side request forgery (SSRF) attacks
|