strict_request_uri 1.0.2 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 738571a4631e7084c03451d4fd855a6c3cc0ed70
-  data.tar.gz: ac07e480bb801f3ff018354ea1589243415b66a3
+  metadata.gz: b9190765e80ce93ec09388f7f375b4e7b8fada8f
+  data.tar.gz: 1e1e610be8f501730f9c37d54f3e4a947959c8d8
 SHA512:
-  metadata.gz: 582c0060f97ccfb5dba596ab0c9d8a4f5c23acf364a57d7b21077ff66c20cd42a020f4e2d0380dff439c876ee88a00ff9b349099e4b576f19cc92e3a35e14835
-  data.tar.gz: 36eb35790951f82a32eba98f78feed081d5b9558010089950ab28cae62f5ebe37230415cbc83a7f658ee63223a0bc83881260e2b71ea8df8e7b13cb1d92382e5
+  metadata.gz: ca5931fbf8b37a3a5d54cf60f3de9f7441b077a8206f371eca6422b5429c5d47e72262871cf4501abdb74d30b9dee88b8ff066fc10acd253cc9eb4a8d3fbdf5f
+  data.tar.gz: ea47b279ea46da534e7a9f12127ebb5850fab91b653dc7a0d27fce2c74ecfb9c0486a47fa0591a04d4bf1249bf0e9b9aef70ad71090debdd62d043c8c6225bad

data/.gitignore

@@ -0,0 +1,50 @@
+# rcov generated
+coverage
+coverage.data
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
+.bundle
+Gemfile.lock
+
+# jeweler generated
+pkg
+
+# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore: 
+#
+# * Create a file at ~/.gitignore
+# * Include files you want ignored
+# * Run: git config --global core.excludesfile ~/.gitignore
+#
+# After doing this, these files will be ignored in all your git projects,
+# saving you from having to 'pollute' every project you touch with them
+#
+# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
+#
+# For MacOS:
+#
+#.DS_Store
+
+# For TextMate
+#*.tmproj
+#tmtags
+
+# For emacs:
+#*~
+#\#*
+#.\#*
+
+# For vim:
+#*.swp
+
+# For redcar:
+#.redcar
+
+# For rubinius:
+#*.rbc

data/.travis.yml

@@ -1,8 +1,6 @@
 rvm:
-- 2.1
-- 2.2
+- 2.2.2
 - 2.3.0
-- jruby-9.0
 sudo: false
 cache: bundler
 script: bundle exec rspec

data/Gemfile

@@ -1,12 +1,4 @@
-source "http://rubygems.org"
+source 'https://rubygems.org'
 
-gem 'rack', '~> 1'
-
-group :development do
-  gem 'gemfury'
-  gem "rspec", "~> 3.0"
-  gem "rdoc", "~> 3.12"
-  gem "bundler", "~> 1.0"
-  gem "jeweler", "~> 2.2.1"
-  gem "simplecov", ">= 0"
-end
+# Specify your gem's dependencies in zip_tricks.gemspec
+gemspec

data/Rakefile

@@ -1,34 +1,12 @@
 # encoding: utf-8
 
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
+require 'bundler/gem_tasks'
 require 'rake'
+require 'rspec/core'
+require 'rspec/core/rake_task'
 
 require_relative 'lib/strict_request_uri'
 
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  gem.version = StrictRequestUri::VERSION
-  gem.name = "strict_request_uri"
-  gem.homepage = "https://github.com/WeTransfer/strict_request_uri"
-  gem.license = "MIT"
-  gem.description = %Q{Reject Rack requests with an invalid URL}
-  gem.summary = %Q{and show an error page instead}
-  gem.email = "me@julik.nl"
-  gem.authors = ["Julik Tarkhanov"]
-  # dependencies defined in Gemfile
-end
-# Jeweler::RubygemsDotOrgTasks.new
-
-require 'rspec/core'
-require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec) do |spec|
   spec.pattern = FileList['spec/**/*_spec.rb']
 end
@@ -50,20 +28,3 @@ Rake::RDocTask.new do |rdoc|
   rdoc.rdoc_files.include('README*')
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
-
-namespace :fury do
-  desc "Pick up the .gem file from pkg/ and push it to Gemfury"
-  task :release do
-    # IMPORTANT: You need to have the `fury` gem installed, and you need to be logged in.
-    # Please DO READ about "impersonation", which is how you push to your company account instead
-    # of your personal account!
-    # https://gemfury.com/help/collaboration#impersonation
-    paths = Dir.glob(__dir__ + '/pkg/*.gem')
-    if paths.length != 1
-      raise "Must have found only 1 .gem path, but found %s" % paths.inspect
-    end
-    escaped_gem_path = Shellwords.escape(paths.shift)
-    `fury push #{escaped_gem_path} --as=wetransfer`
-  end
-end
-task :release => [:clean, 'gemspec:generate', 'git:release', :build, 'fury:release']

data/lib/strict_request_uri.rb

@@ -1,4 +1,5 @@
 require 'rack'
+require_relative 'strict_request_uri/version'
 
 # Sometimes junk gets appended to the URLs clicked in e-mails.
 # This junk then gets sent by browsers undecoded, and causes Unicode-related
@@ -10,8 +11,6 @@ require 'rack'
 # welcome. This also allows us to tell the users that they are using a URL which is in fact
 # not really valid.
 class StrictRequestUri
-  VERSION = '1.0.2'
-  
   # Inits the middleware. The optional proc should be a Rack application that 
   # will render the error page. To make a controller render that page,
   # use <ControllerClass>.action()

data/lib/strict_request_uri/version.rb

@@ -0,0 +1,3 @@
+class StrictRequestUri
+  VERSION = '1.0.3'
+end

data/strict_request_uri.gemspec

@@ -1,71 +1,46 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
-# stub: strict_request_uri 1.0.2 ruby lib
+# coding: utf-8
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'strict_request_uri/version'
 
 Gem::Specification.new do |s|
   s.name = "strict_request_uri"
-  s.version = "1.0.2"
+  s.version = StrictRequestUri::VERSION
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Julik Tarkhanov"]
-  s.date = "2016-11-25"
   s.description = "Reject Rack requests with an invalid URL"
   s.email = "me@julik.nl"
+
+  # Prevent pushing this gem to RubyGems.org.
+  # To allow pushes either set the 'allowed_push_host'
+  # To allow pushing to a single host or delete this section to allow pushing to any host.
+  if s.respond_to?(:metadata)
+    s.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against ' \
+      'public gem pushes.'
+  end
+  
   s.extra_rdoc_files = [
     "LICENSE.txt",
     "README.md"
   ]
-  s.files = [
-    ".document",
-    ".rspec",
-    ".travis.yml",
-    "Gemfile",
-    "LICENSE.txt",
-    "README.md",
-    "Rakefile",
-    "images/icon.png",
-    "images/strict_uri.png",
-    "lib/strict_request_uri.rb",
-    "spec/spec_helper.rb",
-    "spec/strict_request_uri_spec.rb",
-    "strict_request_uri.gemspec"
-  ]
+  s.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
   s.homepage = "https://github.com/WeTransfer/strict_request_uri"
   s.licenses = ["MIT"]
   s.rubygems_version = "2.4.5.1"
   s.summary = "and show an error page instead"
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 4
-
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<rack>, ["~> 1"])
-      s.add_development_dependency(%q<gemfury>, [">= 0"])
-      s.add_development_dependency(%q<rspec>, ["~> 3.0"])
-      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_development_dependency(%q<jeweler>, ["~> 2.2.1"])
-      s.add_development_dependency(%q<simplecov>, [">= 0"])
-    else
-      s.add_dependency(%q<rack>, ["~> 1"])
-      s.add_dependency(%q<gemfury>, [">= 0"])
-      s.add_dependency(%q<rspec>, ["~> 3.0"])
-      s.add_dependency(%q<rdoc>, ["~> 3.12"])
-      s.add_dependency(%q<bundler>, ["~> 1.0"])
-      s.add_dependency(%q<jeweler>, ["~> 2.2.1"])
-      s.add_dependency(%q<simplecov>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<rack>, ["~> 1"])
-    s.add_dependency(%q<gemfury>, [">= 0"])
-    s.add_dependency(%q<rspec>, ["~> 3.0"])
-    s.add_dependency(%q<rdoc>, ["~> 3.12"])
-    s.add_dependency(%q<bundler>, ["~> 1.0"])
-    s.add_dependency(%q<jeweler>, ["~> 2.2.1"])
-    s.add_dependency(%q<simplecov>, [">= 0"])
-  end
+  s.specification_version = 4
+  s.add_runtime_dependency 'rack'
+  s.add_development_dependency 'rake', '~> 12'
+  s.add_development_dependency 'rspec', '~> 3'
+  s.add_development_dependency 'rdoc', '~> 3'
+  s.add_development_dependency 'bundler', '~> 1'
+  s.add_development_dependency 'simplecov', '>= 0'
 end
-

metadata

@@ -1,37 +1,23 @@
 --- !ruby/object:Gem::Specification
 name: strict_request_uri
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors:
 - Julik Tarkhanov
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-25 00:00:00.000000000 Z
+date: 2017-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1'
-- !ruby/object:Gem::Dependency
-  name: gemfury
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -39,61 +25,61 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '12'
 - !ruby/object:Gem::Dependency
-  name: rdoc
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.12'
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: jeweler
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: '1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: '1'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -117,6 +103,7 @@ extra_rdoc_files:
 - README.md
 files:
 - ".document"
+- ".gitignore"
 - ".rspec"
 - ".travis.yml"
 - Gemfile
@@ -126,13 +113,13 @@ files:
 - images/icon.png
 - images/strict_uri.png
 - lib/strict_request_uri.rb
-- spec/spec_helper.rb
-- spec/strict_request_uri_spec.rb
+- lib/strict_request_uri/version.rb
 - strict_request_uri.gemspec
 homepage: https://github.com/WeTransfer/strict_request_uri
 licenses:
 - MIT
-metadata: {}
+metadata:
+  allowed_push_host: https://rubygems.org
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -149,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: and show an error page instead

data/spec/spec_helper.rb

@@ -1,9 +0,0 @@
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
-$LOAD_PATH.unshift(File.dirname(__FILE__))
-
-require 'rspec'
-require 'strict_request_uri'
-
-RSpec.configure do |config|
-  config.order = 'random'
-end

data/spec/strict_request_uri_spec.rb

@@ -1,205 +0,0 @@
-require_relative 'spec_helper'
-
-describe StrictRequestUri do
-  context 'with a good URL' do
-    it 'returns the downstream response for URLs without a query string' do
-      env_with_valid_chars = {
-        'SCRIPT_NAME' => 'myscript',
-        'PATH_INFO' => '/items/457',
-        'QUERY_STRING' => ''
-      }
-      app = ->(env) {
-        expect(env['QUERY_STRING']).to eq('')
-        expect(env['SCRIPT_NAME']).to eq('myscript')
-        expect(env['PATH_INFO']).to eq('/items/457')
-        :total_success
-      }
-      expect(described_class.new(app).call(env_with_valid_chars)).to eq(:total_success)
-    end
-  
-    it 'returns the downstream response for URLs with a query string' do
-      env_with_valid_chars = {
-        'SCRIPT_NAME' => 'myscript',
-        'PATH_INFO' => '/items/457',
-        'QUERY_STRING' => 'foo=bar'
-      }
-      app = ->(env) {
-        expect(env['QUERY_STRING']).to eq('foo=bar')
-        expect(env['SCRIPT_NAME']).to eq('myscript')
-        expect(env['PATH_INFO']).to eq('/items/457')
-        :total_success
-      }
-      expect(described_class.new(app).call(env_with_valid_chars)).to eq(:total_success)
-    end
-  end
-  
-  context 'with a garbage URL' do
-    it 'calls the default error app if none was set' do
-      # All of those 3 components are required as per Rack spec
-      env_with_invalid_chars = {
-        'SCRIPT_NAME' => '',
-        'PATH_INFO' => [107, 17, 52, 140].pack("C*"),
-        'QUERY_STRING' => '',
-      }
-    
-      middleware = described_class.new(nil) # will raise if the wrapped app is called
-      status, headers, body = middleware.call(env_with_invalid_chars)
-      expect(status).to eq(400)
-      expect(headers).to eq({'Content-Type' => 'text/plain'})
-      expect(body).to eq(['Invalid request URI'])
-    end
-  
-    it 'with junk after the path calls the error app instead' do
-      # The related bug ticket - https://www.assembla.com/spaces/wetransfer-2-0/tickets/1568
-      script_name = 'myscript'
-      valid_part = '/items/457'
-      invalid_part = [107, 17, 52, 140].pack("C*")
-      invalid_path_info = valid_part.encode(Encoding::BINARY) + invalid_part
-    
-      expect {
-        invalid_path_info.encode(Encoding::UTF_8)
-      }.to raise_error(Encoding::UndefinedConversionError)
-    
-      # All of those 3 components are required as per Rack spec
-      env_with_invalid_chars = {
-        'SCRIPT_NAME' => script_name,
-        'PATH_INFO' => invalid_path_info,
-        'QUERY_STRING' => '',
-        'rack.errors' => double('IO')
-      }
-    
-      # Do not render from the controller since we do not have a complete Rack env hash initialized.
-      # Instead, sneak in our own testing Proc.
-      error_handling_app = ->(env) {
-        # Make sure those are now safe to concat with each other
-        expect(env['SCRIPT_NAME']).to eq("myscript")
-        expect(env['PATH_INFO']).to eq("/invalid-url")
-        expect(env['QUERY_STRING']).to eq('')
-      
-        # Make sure the original broken URL is stashed somewhere for the error page to act on
-        expect(env['strict_uri.original_invalid_url']).to include(script_name)
-        expect(env['strict_uri.original_invalid_url']).to include(invalid_path_info)
-        expect(env['strict_uri.proposed_fixed_url']).to eq("myscript/items/457k")
-      
-        # Ensure those are valid - if this call raises the spec will fail
-        env['PATH_INFO'].encode(Encoding::UTF_8)
-      
-        [200, {'Content-Type' => 'text/plain'}, ['This is an error message']]
-      }
-      
-      expect(env_with_invalid_chars['rack.errors']).to receive(:puts).
-        with("Invalid URL received from referer (unknown)")
-    
-      middleware = described_class.new(nil, &error_handling_app) # will raise if the wrapped app is called
-      status, headers, body = middleware.call(env_with_invalid_chars)
-      expect(status).to eq(200)
-      expect(headers).to eq({'Content-Type' => 'text/plain'})
-    end
-
-    it 'after the query string calls the error app instead' do
-      # The related bug ticket - https://www.assembla.com/spaces/wetransfer-2-0/tickets/1568
-      script_name = 'myscript'
-      valid_path_info = '/items/457'
-      query_string = 'foo=bar&baz=bad'
-      invalid_part = [107, 17, 52, 140].pack("C*")
-      invalid_qs = query_string.encode(Encoding::BINARY) + invalid_part
-    
-      expect {
-        invalid_qs.encode(Encoding::UTF_8)
-      }.to raise_error(Encoding::UndefinedConversionError)
-    
-      # All of those 3 components are required as per Rack spec
-      env_with_invalid_chars = {
-        'SCRIPT_NAME' => script_name,
-        'PATH_INFO' => valid_path_info,
-        'QUERY_STRING' => invalid_qs,
-        'HTTP_REFERER' => 'https://megacorp.co/webmail.asp',
-        'rack.errors' => double('IO')
-      }
-    
-      error_handling_app = ->(env) {
-        # Make sure those are now safe to concat with each other
-        expect(env['SCRIPT_NAME']).to eq("myscript")
-        expect(env['PATH_INFO']).to eq("/invalid-url")
-        expect(env['QUERY_STRING']).to eq('')
-      
-        expect(env['strict_uri.original_invalid_url']).to include(valid_path_info)
-        expect(env['strict_uri.original_invalid_url']).to include(invalid_qs)
-      
-        # Ensure those are valid - if this call raises the spec will fail
-        env['QUERY_STRING'].encode(Encoding::UTF_8)
-      
-        [200, {'Content-Type' => 'text/plain'}, ['This is an error message']]
-      }
-      expect(env_with_invalid_chars['rack.errors']).to receive(:puts).
-        with('Invalid URL received from referer https://megacorp.co/webmail.asp')
-      
-      # nil  will raise if the wrapped app is called
-      middleware = described_class.new(nil, &error_handling_app)
-      status, headers, body = middleware.call(env_with_invalid_chars)
-      expect(status).to eq(200)
-      expect(headers).to eq({'Content-Type' => 'text/plain'})
-    end
-  end
-
-  context 'with production examples of garbled PATH_INFO' do
-    it 'triggers with URL-encoded bytes that are invalid UTF-8 when decoded' do
-      # Example from production - here at the end of the url you have
-      # \xC2 in percent-encoded form, which cannot be converted to UTF-8.
-      # If we let it through, it _can_ be rendered using request.original_url
-      # but _cannot_ be used by Journey when url_for is called.
-      #
-      # So we have to intercept this as well. 
-      path = '/downloads/918ab1e20586c0b4e1875b3789b84ec720150615173920' +
-        '/a480d026f46b0f0533cec47545cd5e2820150615173920/0130a0%C2'
-      fake_action = ->(env) {
-        # Make sure those are now safe to concat with each other
-        expect(env['SCRIPT_NAME']).to eq('')
-        expect(env['PATH_INFO']).to eq('/invalid-url')
-        expect(env['QUERY_STRING']).to eq('')
-        
-        expect(env['strict_uri.original_invalid_url']).not_to be_nil
-        expect(env['strict_uri.proposed_fixed_url']).to match(/\/0130a0$/)
-        expect(env['strict_uri.proposed_fixed_url']).to match(/^\/downloads\//)
-        [200, :h, :b]
-      }
-      invalid_env = {
-        'SCRIPT_NAME' => '',
-        'PATH_INFO' => path,
-        'QUERY_STRING' => '',
-      }
-      # nil will raise if the wrapped app is called
-      middleware = described_class.new(nil, &fake_action)
-      status, headers, body = middleware.call(invalid_env)
-      expect(status).to eq(200)
-      expect(headers).to eq(:h)
-    end
-    
-    it 'triggers with raw bytes that cannot be URL-decoded' do
-      # Example from production - just random gunk appended to the end of the URL
-      path = '/downloads/918ab1e20586c0b4e1875b3789b84ec720150615173920' +
-        '/a480d026f46b0f0533cec47545cd5e2820150615173920/0130a' + '���'
-      
-      fake_action = ->(env) {
-        # Make sure those are now safe to concat with each other
-        expect(env['SCRIPT_NAME']).to eq('')
-        expect(env['PATH_INFO']).to eq('/invalid-url')
-        expect(env['QUERY_STRING']).to eq('')
-        
-        expect(env['request_uri_cleanup.original_invalid_url']).not_to be_nil
-        expect(env['request_uri_cleanup.proposed_fixed_url']).to match(/^\/downloads\//)
-        expect(env['request_uri_cleanup.proposed_fixed_url']).to match(/0130$/)
-        
-        [200, :h, :b]
-      }
-      invalid_env = {
-        'SCRIPT_NAME' => '',
-        'PATH_INFO' => path,
-        'QUERY_STRING' => '',
-      }
-      middleware = described_class.new(nil)
-      status, headers, body = middleware.call(invalid_env)
-      expect(status).to eq(400)
-    end
-  end
-end