unxf 1.0.0 → 2.0.0

data/GIT-VERSION-GEN

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 GVF=GIT-VERSION-FILE
-DEF_VER=v1.0.0.GIT
+DEF_VER=v2.0.0.GIT
 
 LF='
 '

data/GNUmakefile

@@ -4,8 +4,3 @@ RSYNC_DEST := bogomips.org:/srv/bogomips/unxf
 rfproject := rainbows
 rfpackage := unxf
 include pkg.mk
-ifneq ($(VERSION),)
-release::
-	$(RAKE) raa_update VERSION=$(VERSION)
-	$(RAKE) publish_news VERSION=$(VERSION)
-endif

data/README

@@ -1,14 +1,49 @@
 = UnXF - Un-X-Forward* the Rack environment
 
-Removes X-Forwarded-For in the Rack environment and replaces REMOTE_ADDR
-with the correct value (assuming REMOTE_ADDR and the X-Forwarded-For
-chain is provided).
+Rack middleware to remove "HTTP_X_FORWARDED_FOR" in the Rack environment and
+replace "REMOTE_ADDR" with the value of the original client address.
+
+This uses the "rpatricia" RubyGem to filter out spoofed requests from
+clients outside your LAN.  The list of trusted address defaults to
+private LAN addresses defined RFC 1918 and those belonging to localhost.
+
+This will also read "HTTP_X_FORWARDED_PROTO" and set "rack.url_scheme"
+to "https" if the "X-Forwarded-Proto" header is set properly and sent
+from a trusted address chain.
+
+== Install
+
+If you use RubyGems:
+
+    gem install unxf
+
+You will need a C compiler and Ruby development headers to install the
+"rpatricia" RubyGem if it is not already installed.
 
 === Hacking
 
+You can get the latest source via git from the following locations:
+
 * git clone git://bogomips.org/unxf.git
+* git clone git://repo.or.cz/unxf.git (mirror)
+
+You may browse the code from the web and download the latest snapshot
+tarballs here:
+
+* http://bogomips.org/unxf.git (cgit)
+* http://repo.or.cz/w/unxf.git (gitweb)
+
+Inline patches (from "git format-patch") to the
+{mailing list}[mailto:unxf@librelist.org] are
+preferred because they allow code review and comments in the reply to
+the patch.
+
+We will adhere to mostly the same conventions for patch submissions as
+git itself.  See the Documentation/SubmittingPatches document
+distributed with git on on patch submission guidelines to follow.  Just
+don't email the git mailing list or maintainer with unxf patches.
 
-=== Contact
+== Contact
 
-* Email our mailing list for all support questions, patches, bug reports, pull
-  requests: mailto:unxf@librelist.org
+All feedback (bug reports, user/development discussion, patches, pull
+requests) go to the mailing list: mailto:unxf@librelist.org

data/lib/unxf.rb

@@ -1,6 +1,8 @@
 # -*- encoding: binary -*-
 require 'rpatricia'
 
+# Rack middleware to remove "HTTP_X_FORWARDED_FOR" in the Rack environment and
+# replace "REMOTE_ADDR" with the value of the original client address.
 class UnXF
   # :stopdoc:
   # reduce garbage overhead by using constant strings
@@ -17,6 +19,19 @@ class UnXF
   # localhost addresses (127.0.0.0/8)
   LOCALHOST = %w(127.0.0.0/8)
 
+  # In your Rack config.ru:
+  #
+  #   use UnXF
+  #
+  # If you do not want to trust any hosts other than "0.6.6.6",
+  # you may only specify one host to trust:
+  #
+  #   use UnXF, "0.6.6.6"
+  #
+  # If you want to trust "0.6.6.6" in addition to the default set of hosts:
+  #
+  #   use UnXF, [ :RFC_1918, :LOCALHOST, "0.6.6.6" ]
+  #
   def initialize(app, trusted = [:RFC_1918, :LOCALHOST])
     @app = app
     @trusted = Patricia.new
@@ -26,7 +41,15 @@ class UnXF
     end
   end
 
-  def call(env)
+  # Rack entry point
+  def call(env) # :nodoc:
+    unxf!(env) || @app.call(env)
+  end
+
+  # returns +nil+ on success and a Rack response triplet on failure
+  # This allows existing applications to use UnXF without putting it
+  # into the middleware stack (to avoid increasing stack depth and GC time)
+  def unxf!(env)
     if xff_str = env.delete(HTTP_X_FORWARDED_FOR)
       xff = xff_str.split(/\s*,\s*/)
       addr = env[REMOTE_ADDR]
@@ -35,33 +58,31 @@ class UnXF
           addr = tmp
         end
       rescue ArgumentError
-        return on_bad_addr(env, xff_str)
+        return on_broken_addr(env, xff_str)
       end
 
-      env[REMOTE_ADDR] = addr
-
       # it's stupid to have https at any point other than the first
       # proxy in the chain, so we don't support that
       if xff.empty?
+        env[REMOTE_ADDR] = addr
         env.delete(HTTP_X_FORWARDED_PROTO) =~ /\Ahttps\b/ and
                                              env[RACK_URL_SCHEME] = HTTPS
       else
-        return on_bad_addr(env, xff_str)
+        return on_untrusted_addr(env, xff_str)
       end
     end
+    nil
+  end
+
+  # Our default action on a broken address is to just fall back to calling
+  # the app without modifying the env
+  def on_broken_addr(env, xff_str)
     @app.call(env)
   end
 
-  # Our default action on a bad address is to just continue dispatching
-  # the application with the existing environment
-  # You may extend this object to override this error
-  def on_bad_addr(env, xff_str)
-    # be sure to inspect xff_str to escape it, control characters may be
-    # present in the HTTP headers may appear in the header value and
-    # used to exploit anyone who opens the log file.  nginx doesn't
-    # filter/reject control characters, nor does Mongrel...
-    env["rack.logger"].error(
-                    "bad XFF #{xff_str.inspect} from #{env[REMOTE_ADDR]}")
-    [ 400, [ %w(Content-Length 0), %w(Content-Type text/html) ], [] ]
+  # Our default action on an untrusted address is to just fall back to calling
+  # the app without modifying the env
+  def on_untrusted_addr(env, xff_str)
+    @app.call(env)
   end
 end

data/test/test_unxf.rb

@@ -46,7 +46,8 @@ class TestUnXF < Test::Unit::TestCase
       "REMOTE_ADDR" => "227.0.0.1",
     }
     r = req.get("http://example.com/", @req.merge(env))
-    assert_equal r.status.to_i, 400
+    assert_equal "227.0.0.1", @env["REMOTE_ADDR"]
+    assert_equal r.status.to_i, 200
   end
 
   def test_trusted_chain
@@ -68,8 +69,8 @@ class TestUnXF < Test::Unit::TestCase
       "REMOTE_ADDR" => "127.0.0.1",
     }
     r = req.get("http://example.com/", @req.merge(env))
-    assert_equal r.status.to_i, 400
-    assert_match /0\.6\.6\.6,8\.8\.8\.8/, @io.string
+    assert_equal "127.0.0.1", @env["REMOTE_ADDR"]
+    assert_equal r.status.to_i, 200
   end
 
   def test_spoofed_null_safe
@@ -79,7 +80,31 @@ class TestUnXF < Test::Unit::TestCase
       "REMOTE_ADDR" => "127.0.0.1",
     }
     r = req.get("http://example.com/", @req.merge(env))
-    assert_equal r.status.to_i, 400
-    assert_match /\\x00\.6\.6\.6,8\.8\.8\.8/, @io.string
+    assert_equal "127.0.0.1", @env["REMOTE_ADDR"]
+    assert_equal r.status.to_i, 200
+  end
+
+  def test_more_trust
+    req = Rack::MockRequest.new(UnXF.new(@app, [ :LOCALHOST, "0.6.6.6" ]))
+    env = {
+      "HTTP_X_FORWARDED_FOR" => "1.6.6.6,0.6.6.6",
+      "REMOTE_ADDR" => "127.0.0.1",
+    }
+    r = req.get("http://example.com/", @req.merge(env))
+    assert_equal r.status.to_i, 200
+    assert_equal "1.6.6.6", @env["REMOTE_ADDR"]
+    assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+  end
+
+  def test_one_trusted
+    req = Rack::MockRequest.new(UnXF.new(@app, "0.6.6.6"))
+    env = {
+      "HTTP_X_FORWARDED_FOR" => "1.6.6.6",
+      "REMOTE_ADDR" => "0.6.6.6",
+    }
+    r = req.get("http://example.com/", @req.merge(env))
+    assert_equal r.status.to_i, 200
+    assert_equal "1.6.6.6", @env["REMOTE_ADDR"]
+    assert ! @env.key?("HTTP_X_FORWARDED_FOR")
   end
 end

data/unxf.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.test_files = test_files
   s.add_dependency('rack', '~> 1.1')
   s.add_development_dependency('wrongdoc', '~> 1.5')
-  s.add_development_dependency('rpatricia', '~> 0.07')
+  s.add_dependency('rpatricia', '~> 0.07')
 
   # s.license = %w(GPL) # disabled for compatibility with older RubyGems
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: unxf
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 15
   prerelease: 
   segments: 
-  - 1
+  - 2
   - 0
   - 0
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors: 
 - UnXF hackers
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-24 00:00:00 Z
+date: 2011-05-26 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rack
@@ -60,12 +60,11 @@ dependencies:
         - 0
         - 7
         version: "0.07"
-  type: :development
+  type: :runtime
   version_requirements: *id003
 description: |-
-  Removes X-Forwarded-For in the Rack environment and replaces REMOTE_ADDR
-  with the correct value (assuming REMOTE_ADDR and the X-Forwarded-For
-  chain is provided).
+  Rack middleware to remove "HTTP_X_FORWARDED_FOR" in the Rack environment and
+  replace "REMOTE_ADDR" with the value of the original client address.
 email: unxf@librelist.org
 executables: []