RubyGems - unxf - Versions diffs - 2.0.0 → 2.0.0.2.g32d0 - Mend

unxf 2.0.0 → 2.0.0.2.g32d0

Files changed (3) hide show

data/lib/unxf.rb CHANGED

@@ -10,15 +10,20 @@ class UnXF
   HTTP_X_FORWARDED_FOR = "HTTP_X_FORWARDED_FOR"
   HTTP_X_FORWARDED_PROTO = "HTTP_X_FORWARDED_PROTO"
   RACK_URL_SCHEME = "rack.url_scheme".freeze
+  UNXF_FOR = "unxf.for".freeze
+  UNXF_PROTO = "unxf.proto".freeze
   HTTPS = "https"
   # :startdoc:
   # local LAN addresses described in RFC 1918
   RFC_1918 = %w(10.0.0.0/8 172.16.0.0/12 192.168.0.0/16)
-  # localhost addresses (127.0.0.0/8)
+  # IPv4 localhost addresses (127.0.0.0/8)
   LOCALHOST = %w(127.0.0.0/8)
+  # IPv6 localhost address (::1/128)
+  LOCALHOST6 = %w(::1/128)
   # In your Rack config.ru:
   #
   #   use UnXF
@@ -32,12 +37,15 @@ class UnXF
   #
   #   use UnXF, [ :RFC_1918, :LOCALHOST, "0.6.6.6" ]
   #
-  def initialize(app, trusted = [:RFC_1918, :LOCALHOST])
+  def initialize(app, trusted = [:RFC_1918, :LOCALHOST, :LOCALHOST6])
     @app = app
     @trusted = Patricia.new
+    @trusted6 = Patricia.new(:AF_INET6)
     Array(trusted).each do |mask|
       mask = UnXF.const_get(mask) if Symbol === mask
-      Array(mask).each { |m| @trusted.add(m, true) }
+      Array(mask).each do |prefix|
+        (/:/ =~ prefix ? @trusted6 : @trusted).add(prefix, true)
+      end
     end
   end
@@ -51,10 +59,12 @@ class UnXF
   # into the middleware stack (to avoid increasing stack depth and GC time)
   def unxf!(env)
     if xff_str = env.delete(HTTP_X_FORWARDED_FOR)
+      env[UNXF_FOR] = xff_str
       xff = xff_str.split(/\s*,\s*/)
       addr = env[REMOTE_ADDR]
       begin
-        while @trusted.include?(addr) && tmp = xff.pop
+        while (/:/ =~ addr ? @trusted6 : @trusted).include?(addr) &&
+              tmp = xff.pop
           addr = tmp
         end
       rescue ArgumentError
@@ -65,8 +75,10 @@ class UnXF
       # proxy in the chain, so we don't support that
       if xff.empty?
         env[REMOTE_ADDR] = addr
-        env.delete(HTTP_X_FORWARDED_PROTO) =~ /\Ahttps\b/ and
-                                             env[RACK_URL_SCHEME] = HTTPS
+        if xfp = env.delete(HTTP_X_FORWARDED_PROTO)
+          env[UNXF_PROTO] = xfp
+          /\Ahttps\b/ =~ xfp and env[RACK_URL_SCHEME] = HTTPS
+        end
       else
         return on_untrusted_addr(env, xff_str)
       end

data/test/test_unxf.rb CHANGED

@@ -25,6 +25,36 @@ class TestUnXF < Test::Unit::TestCase
     assert_equal 200, r.status.to_i
     assert_equal "0.6.6.6", @env["REMOTE_ADDR"]
     assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+    assert_equal "0.6.6.6", @env["unxf.for"]
+  end
+  def test_single_proxy_https
+    req = Rack::MockRequest.new(UnXF.new(@app))
+    env = {
+      "HTTP_X_FORWARDED_FOR" => "0.6.6.6",
+      "HTTP_X_FORWARDED_PROTO" => "https",
+      "REMOTE_ADDR" => "127.0.0.1",
+    }
+    r = req.get("http://example.com/", @req.merge(env))
+    assert_equal 200, r.status.to_i
+    assert_equal "0.6.6.6", @env["REMOTE_ADDR"]
+    assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+    assert_equal "0.6.6.6", @env["unxf.for"]
+    assert_equal "https", @env["unxf.proto"]
+    assert_equal "https", @env["rack.url_scheme"]
+  end
+  def test_ipv6_localhost
+    req = Rack::MockRequest.new(UnXF.new(@app))
+    env = {
+      "HTTP_X_FORWARDED_FOR" => "2600:3c01::f03c:91ff:fe96:f5d6",
+      "REMOTE_ADDR" => "::1",
+    }
+    r = req.get("http://example.com/", @req.merge(env))
+    assert_equal 200, r.status.to_i
+    assert_equal "2600:3c01::f03c:91ff:fe96:f5d6", @env["REMOTE_ADDR"]
+    assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+    assert_equal "2600:3c01::f03c:91ff:fe96:f5d6", @env["unxf.for"]
   end
   def test_multiple_proxies
@@ -37,6 +67,7 @@ class TestUnXF < Test::Unit::TestCase
     assert_equal "0.6.6.6", @env["REMOTE_ADDR"]
     assert_equal 200, r.status.to_i
     assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+    assert_equal "0.6.6.6,192.168.1.1", @env["unxf.for"]
   end
   def test_spoofed
@@ -48,6 +79,7 @@ class TestUnXF < Test::Unit::TestCase
     r = req.get("http://example.com/", @req.merge(env))
     assert_equal "227.0.0.1", @env["REMOTE_ADDR"]
     assert_equal r.status.to_i, 200
+    assert_equal "0.6.6.6", @env["unxf.for"]
   end
   def test_trusted_chain
@@ -60,6 +92,7 @@ class TestUnXF < Test::Unit::TestCase
     assert_equal 200, r.status.to_i
     assert_equal "0.6.6.6", @env["REMOTE_ADDR"]
     assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+    assert_equal "0.6.6.6,192.168.0.1", @env["unxf.for"]
   end
   def test_spoofed_in_chain
@@ -71,6 +104,7 @@ class TestUnXF < Test::Unit::TestCase
     r = req.get("http://example.com/", @req.merge(env))
     assert_equal "127.0.0.1", @env["REMOTE_ADDR"]
     assert_equal r.status.to_i, 200
+    assert_equal "0.6.6.6,8.8.8.8", @env["unxf.for"]
   end
   def test_spoofed_null_safe
@@ -82,6 +116,7 @@ class TestUnXF < Test::Unit::TestCase
     r = req.get("http://example.com/", @req.merge(env))
     assert_equal "127.0.0.1", @env["REMOTE_ADDR"]
     assert_equal r.status.to_i, 200
+    assert_equal "\0.6.6.6,8.8.8.8", @env["unxf.for"]
   end
   def test_more_trust
@@ -94,6 +129,7 @@ class TestUnXF < Test::Unit::TestCase
     assert_equal r.status.to_i, 200
     assert_equal "1.6.6.6", @env["REMOTE_ADDR"]
     assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+    assert_equal "1.6.6.6,0.6.6.6", @env["unxf.for"]
   end
   def test_one_trusted
@@ -106,5 +142,7 @@ class TestUnXF < Test::Unit::TestCase
     assert_equal r.status.to_i, 200
     assert_equal "1.6.6.6", @env["REMOTE_ADDR"]
     assert ! @env.key?("HTTP_X_FORWARDED_FOR")
+    assert_equal "1.6.6.6", @env["unxf.for"]
+    assert_nil @env["unxf.proto"]
   end
 end

metadata CHANGED

@@ -1,13 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: unxf
 version: !ruby/object:Gem::Version
-  hash: 15
-  prerelease:
+  hash: 2091
+  prerelease: 8
   segments:
   - 2
   - 0
   - 0
-  version: 2.0.0
+  - 2
+  - g
+  - 32
+  - d
+  - 0
+  version: 2.0.0.2.g32d0
 platform: ruby
 authors:
 - UnXF hackers
@@ -15,7 +20,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-05-26 00:00:00 Z
+date: 2011-08-09 00:00:00 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -119,16 +124,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      hash: 3
+      hash: 25
       segments:
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 rubyforge_project: rainbows
-rubygems_version: 1.8.2
+rubygems_version: 1.8.5
 signing_key:
 specification_version: 3
 summary: Un-X-Forward* the Rack environment