ssrf_filter 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ssrf_filter/ssrf_filter.rb +12 -2
  3. data/lib/ssrf_filter/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f57642f5402d0d925c747c263c95da4044d92780
4
- data.tar.gz: b0b5053f7409d747e67e5cea7aa18cac907078dd
3
+ metadata.gz: 59270dd5ca4e6fdf5e70fc74e2c1593eea7cd861
4
+ data.tar.gz: f23dbbcc57ea0114ae1220e22f93b5f1fa7910da
5
5
  SHA512:
6
- metadata.gz: 0d65077b80b68974821ac24768cf5c75bfbef01bc9642703da702694f76f4ec15f74d61945d3a7db5d1df76b0fe1f5bf2f86001d903e1a4a0ca8f405f3f47365
7
- data.tar.gz: 6e6de13a260d79c16ea4ca7a890071e6b2135721f19e081ceb15e64cdbccbeca36478674dad4157cbe5efbd3ef566fa954fef077a295fa9c6c8daeb8495a52a9
6
+ metadata.gz: c6ed09a682cd405c1cf06429b173f87965ff67231bd748a9520ee4c9fe8ed27d84df373abd917c3c25935dfcee984f5cc5c1b4b327548accd3694b6587ce9249
7
+ data.tar.gz: 73697be1c1619bda43e8fc7c517380f0f40155de9f20012d79390a58ef9122bec392a443661e0ffae93fb48a04a6aa6bc874b8a7aea9d1a59a1e8c460c317881
data/lib/ssrf_filter/ssrf_filter.rb CHANGED
@@ -152,6 +152,17 @@ class SsrfFilter
152
152
  end
153
153
  private_class_method :ipaddr_has_mask?
154
154
 
155
+ def self.host_header(hostname, uri)
156
+ # Attach port for non-default as per RFC2616
157
+ if (uri.port == 80 && uri.scheme == 'http') ||
158
+ (uri.port == 443 && uri.scheme == 'https')
159
+ hostname
160
+ else
161
+ "#{hostname}:#{uri.port}"
162
+ end
163
+ end
164
+ private_class_method :host_header
165
+
155
166
  def self.fetch_once(uri, ip, verb, options, &block)
156
167
  if options[:params]
157
168
  params = uri.query ? ::Hash[::URI.decode_www_form(uri.query)] : {}
@@ -163,8 +174,7 @@ class SsrfFilter
163
174
  uri.hostname = ip
164
175
 
165
176
  request = VERB_MAP[verb].new(uri)
166
- # Attach port for non-80 as per RFC2616
167
- request['host'] = uri.port == 80 ? hostname : "#{hostname}:#{uri.port}"
177
+ request['host'] = host_header(hostname, uri)
168
178
 
169
179
  Array(options[:headers]).each do |header, value|
170
180
  request[header] = value
data/lib/ssrf_filter/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  class SsrfFilter
4
- VERSION = '1.0.4'.freeze
4
+ VERSION = '1.0.5'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssrf_filter
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Arkadiy Tetelman
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-17 00:00:00.000000000 Z
11
+ date: 2018-01-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit