RubyGems - xss_shield - Versions diffs - 1.0.0 - Mend

xss_shield 1.0.0

Files changed (26) hide show

data/MIT-LICENSE +19 -0
data/README.rdoc +103 -0
data/Rakefile +33 -0
data/VERSION +1 -0
data/init.rb +15 -0
data/lib/xss_shield/erb_hacks.rb +101 -0
data/lib/xss_shield/safe_string.rb +42 -0
data/lib/xss_shield/secure_helpers.rb +118 -0
data/lib/xss_shield.rb +3 -0
data/test/active_record_helper_test.rb +55 -0
data/test/asset_package_test.rb +32 -0
data/test/asset_tag_helper_test.rb +66 -0
data/test/date_helper_test.rb +71 -0
data/test/erb_util_test.rb +30 -0
data/test/fixtures/hello_world.erb +1 -0
data/test/form_helper_test.rb +79 -0
data/test/form_options_helper_test.rb +69 -0
data/test/form_tag_helper_test.rb +88 -0
data/test/javascript_helper_test.rb +33 -0
data/test/prototype_helper_test.rb +60 -0
data/test/safe_string_test.rb +37 -0
data/test/template_object_test.rb +33 -0
data/test/test_helper.rb +71 -0
data/test/url_helper_test.rb +53 -0
data/xss_shield.gemspec +76 -0
metadata +92 -0

data/test/erb_util_test.rb ADDED Viewed

@@ -0,0 +1,30 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that helpers from ERB::Util are properly escaped.
+class ErbUtilTest< Test::Unit::TestCase
+  # h is an alias for html_escape.
+  def test_html_escape
+    assert_render({
+      # Test that we automatically escape
+      %(<%= "Foo & Bar" %>)     => %(Foo &amp; Bar),
+      %(<%= "Foo &amp; Bar" %>) => %(Foo &amp;amp; Bar),
+      # Test that we don't escape twice with h
+      %(<%= h "Foo & Bar" %>)     => %(Foo &amp; Bar),
+      %(<%= h "Foo &amp; Bar" %>) => %(Foo &amp;amp; Bar),
+      # Test that xss_safe works
+      %(<%= "Foo & Bar".xss_safe %>)     => %(Foo & Bar),
+      %(<%= "Foo &amp; Bar".xss_safe %>) => %(Foo &amp; Bar),
+    })
+  end
+  # j is an alias for json_escape.
+  def test_json_escape
+    assert_render(
+      %(<%= j "is a > 0 & a < 10?" %>) =>
+      %(is a \\u003E 0 \\u0026 a \\u003C 10?))
+  end
+end

data/test/fixtures/hello_world.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ Hello world!

data/test/form_helper_test.rb ADDED Viewed

@@ -0,0 +1,79 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that helpers from ActionView::Helpers::FormHelper are properly escaped.
+class FormHelperTest < Test::Unit::TestCase
+  def setup
+    @options = { :locals => { :@foo => stub(:bar => "f&b") } }
+  end
+  def test_check_box
+    assert_render({
+      %(<%= check_box :foo, :bar %>) => %(
+        <input name="foo[bar]" type="checkbox" id="foo_bar" value="1" /><input name="foo[bar]" type="hidden" value="0" />)
+      }, @options)
+  end
+  def test_fields_for
+    assert_render({
+      %(<% fields_for @foo.bar do |fields| %>Field: <%= fields.check_box :field %><% end %>) => %(
+        Field: <input name="f&amp;b[field]" type="checkbox" id="f_b_field" value="1" /><input name="f&amp;b[field]" type="hidden" value="0" />)
+      }, @options)
+  end
+  def test_file_field
+    assert_render({
+      %(<%= file_field :foo, :bar, :class => "f&b" %>) => %(
+        <input name="foo[bar]" size="30" class="f&amp;b" type="file" id="foo_bar" />)
+      }, @options)
+  end
+  def test_form_for
+    assert_render({
+      %(<% form_for :foo do |f| %>Bar: <%= f.text_field :bar %><% end %>) => %(
+        <form action="/test/foobar" method="post">Bar: <input name="foo[bar]" size="30" type="text" id="foo_bar" value="f&amp;b" /></form>)
+      }, @options)
+  end
+  def test_hidden_field
+    assert_render({
+      %(<%= hidden_field :foo, :bar %>) => %(
+        <input name="foo[bar]" type="hidden" id="foo_bar" value="f&amp;b" />)
+      }, @options)
+  end
+  def test_label
+    assert_render({
+      %(<%= label :foo, :bar, 'f&b' %>) => %(<label for="foo_bar">f&b</label>)
+      }, @options)
+  end
+  def test_password_field
+    assert_render({
+      %(<%= password_field :foo, :bar %>) => %(
+        <input name="foo[bar]" size="30" type="password" id="foo_bar" value="f&amp;b" />)
+      }, @options)
+  end
+  def test_radio_button
+    assert_render({
+      %(<%= radio_button :foo, :bar, 'f&b' %>) => %(
+        <input name="foo[bar]" checked="checked" type="radio" id="foo_bar_fb" value="f&amp;b" />)
+      }, @options)
+  end
+  def test_text_area
+    assert_render({
+      %(<%= text_area :foo, :bar %>) => %(
+        <textarea name="foo[bar]" id="foo_bar" rows="20" cols="40">f&amp;b</textarea>)
+      }, @options)
+  end
+  def test_text_field
+    assert_render({
+      %(<%= text_field :foo, :bar %>) => %(
+        <input name="foo[bar]" size="30" type="text" id="foo_bar" value="f&amp;b" />)
+      }, @options)
+  end
+end

data/test/form_options_helper_test.rb ADDED Viewed

@@ -0,0 +1,69 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that helpers from ActionView::Helpers::FormOptionsHelper are properly
+# escaped.
+class FormOptionsHelperTest < Test::Unit::TestCase
+  def setup
+    @options = {
+      :locals => { :@collection => [ stub(:key => 'a&b', :val => 'c&d') ] }
+    }
+  end
+  def test_collection_select
+    assert_render({
+      %(<%= collection_select :foo, :bar, @collection, :key, :val %>) => %(
+        <select name="foo[bar]" id="foo_bar"><option value="a&amp;b">c&amp;d</option></select>)
+      }, @options)
+  end
+  def test_country_options_for_select
+    assert_render_has_no_escaped_chars %(<%= country_options_for_select %>")
+  end
+  def test_country_select
+    assert_render_has_no_escaped_chars %(<%= country_select :foo, :bar %>)
+  end
+  def test_option_groups_from_collection_for_select
+    continents = [
+      stub(:id => 1,
+           :name => 'a&b',
+           :countries => [ stub(:id => 1, :name => 'c&d') ])
+    ]
+    assert_render({
+      %(<%= option_groups_from_collection_for_select @continents, :countries, :name, :id, :name %>) => %(
+        <optgroup label="a&amp;b"><option value="1">c&amp;d</option></optgroup>)
+      },
+      { :locals => { :@continents => continents } })
+  end
+  def test_options_for_select
+    assert_render(
+      %(<%= options_for_select 'a&b', 'c&d' %>) => %(
+        <option value="a&amp;b">a&amp;b</option>))
+  end
+  def test_options_from_collection_for_select
+    assert_render({
+      %(<%= options_from_collection_for_select @collection, :key, :val %>) => %(
+        <option value="a&amp;b">c&amp;d</option>)
+      }, @options)
+  end
+  def test_select
+    assert_render({
+      %(<%= select :foo, :bar, [['a&b', 'c&d']] %>) => %(
+        <select name="foo[bar]" id="foo_bar"><option value="c&amp;d">a&amp;b</option></select>)
+      })
+  end
+  def test_time_zone_options_for_select
+    assert_render_has_no_escaped_chars %(<%= time_zone_options_for_select %>")
+  end
+  def test_time_zone_select
+    assert_render_has_no_escaped_chars %(<%= time_zone_select :foo, :bar %>)
+  end
+end

data/test/form_tag_helper_test.rb ADDED Viewed

@@ -0,0 +1,88 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that helpers from ActionView::Helpers::FormTagHelper are properly
+# escaped.
+class FormTagHelperTest < Test::Unit::TestCase
+  def test_check_box_tag
+    assert_render(
+      %(<%= check_box_tag 'foobar' %>) => %(
+        <input name="foobar" type="checkbox" id="foobar" value="1"#{XHTML_TAGS}>))
+  end
+  def test_field_set_tag
+    assert_render(
+      %(<% field_set_tag 'foo&bar' do %><%= text_field_tag 'boo' %><% end %>) => %(
+        <fieldset><legend>foo&bar</legend><input name="boo" type="text" id=\
+"boo"#{XHTML_TAGS}></fieldset>))
+  end
+  def test_file_field_tag
+    assert_render(
+      %(<%= file_field_tag 'foo&bar' %>) => %(
+        <input name="foo&amp;bar" type="file" id="foo&amp;bar"#{XHTML_TAGS}>))
+  end
+  def test_form_tag
+    assert_render(
+      %(<% form_tag '/foobar' do %><%= submit_tag 'f&b' %><% end %>) => %(
+        <form action="/foobar" method="post"><input name="commit" type="submit"\
+ value="f&amp;b"#{XHTML_TAGS}></form>))
+  end
+  def test_hidden_field_tag
+    assert_render(
+      %(<%= hidden_field_tag 'foo&bar' %>) => %(
+        <input name="foo&amp;bar" type="hidden" id="foo&amp;bar"#{XHTML_TAGS}>))
+  end
+  def test_image_submit_tag
+    assert_render(
+      %(<%= image_submit_tag 'foo&bar.png' %>) => %(
+        <input type="image" src="/images/foo&amp;bar.png"#{XHTML_TAGS}>))
+  end
+  def test_label_tag
+    assert_render(
+      %(<%= label_tag 'foo&bar' %>) => %(
+        <label for="foo&amp;bar">Foo&bar</label>))
+  end
+  def test_password_field_tag
+    assert_render(
+      %(<%= password_field_tag 'foo&bar' %>) => %(
+        <input name="foo&amp;bar" type="password" id="foo&amp;bar"#{XHTML_TAGS}>))
+  end
+  def test_radio_button_tag
+    assert_render(
+      %(<%= radio_button_tag 'foo&bar', 'a&b' %>) => %(
+        <input name="foo&amp;bar" type="radio" id="foo&amp;bar_ab" value=\
+"a&amp;b"#{XHTML_TAGS}>))
+  end
+  def test_select_tag
+    assert_render(
+      %(<%= select_tag 'foo&bar' %>) => %(
+        <select name="foo&amp;bar" id="foo&amp;bar"></select>))
+  end
+  def test_submit_tag
+    assert_render(
+      %(<%= submit_tag 'foo&bar' %>) => %(
+        <input name="commit" type="submit" value="foo&amp;bar"#{XHTML_TAGS}>))
+  end
+  def test_text_area_tag
+    assert_render(
+      %(<%= text_area_tag 'foo&bar' %>) => %(
+        <textarea name="foo&amp;bar" id="foo&amp;bar"></textarea>))
+  end
+  def test_text_field_tag
+    assert_render(
+      %(<%= text_field_tag 'foo&bar' %>) => %(
+        <input name="foo&amp;bar" type="text" id="foo&amp;bar"#{XHTML_TAGS}>))
+  end
+end

data/test/javascript_helper_test.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that helpers from ActionView::Helpers::JavaScriptHelper are properly
+# escaped.
+class JavascriptHelperTest < Test::Unit::TestCase
+  def test_button_to_function
+    assert_render(
+      %(<%= button_to_function 'foo&bar', "alert('foo&bar')" %>) => %(
+        <input type="button" value="foo&amp;bar" onclick="alert('foo&amp;bar');\
+"#{XHTML_TAGS}>))
+  end
+  def test_escape_javascript
+    assert_render(
+      %(<%= escape_javascript "alert('foo&bar');" %>) =>
+      %(alert(\\'foo&amp;bar\\');))
+  end
+  def test_javascript_tag
+    assert_render(
+      %(<%= javascript_tag "alert('foo&bar');" %>) => %(
+        <script type="text/javascript">\n//<![CDATA[\nalert('foo&bar');\n//]]>\
+\n</script>))
+  end
+  def test_link_to_function
+    assert_render(
+      %(<%= link_to_function 'foo&bar', "alert('foo&bar')" %>) => %(
+        <a href="#" onclick="alert('foo&amp;bar'); return false;">foo&bar</a>))
+  end
+end

data/test/prototype_helper_test.rb ADDED Viewed

@@ -0,0 +1,60 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that helpers from ActionView::Helpers::PrototypeHelper are escaped
+# correctly.
+class PrototypeHelperTest < Test::Unit::TestCase
+  def test_evaluate_remote_response
+    assert_render(
+      %(<%= evaluate_remote_response %>) => %(eval(request.responseText)))
+  end
+  # Alias for remote_form_for.
+  def test_form_remote_for
+    assert_render_has_no_escaped_chars(
+      %(<% form_remote_for :post do |f| %><% end %>))
+  end
+  def test_form_remote_tag
+    assert_render_has_no_escaped_chars(%(<% form_remote_tag do %><% end %>))
+  end
+  def test_link_to_remote
+    assert_render_has_no_escaped_chars(
+      %(<%= link_to_remote 'foo&bar', :update => "alert('foo&bar')" %>))
+  end
+  def test_observe_field
+    assert_render_has_no_escaped_chars(%(<%= observe_field 'foo&bar' %>))
+  end
+  def test_observe_form
+    assert_render_has_no_escaped_chars %(<%= observe_form 'foo&bar' %>)
+  end
+  def test_periodically_call_remote
+    assert_render(
+      %(<%= periodically_call_remote %>) => %(
+      <script type="text/javascript">\n//<![CDATA[
+new PeriodicalExecuter(function() {new Ajax.Request('/test/foobar', \
+{asynchronous:true, evalScripts:true})}, 10)\n//]]>\n</script>))
+  end
+  def test_remote_form_for
+    assert_render_has_no_escaped_chars(
+      %(<% remote_form_for :post do |f| %><% end %>))
+  end
+  def test_remote_function
+    assert_render_has_no_escaped_chars(
+      %(<% remote_form_for :post do |f| %><% end %>))
+  end
+  def test_submit_to_remote
+    assert_render(
+      %(<%= submit_to_remote 'foo&bar', 'f&b' %>) => %(
+      <input name="foo&amp;bar" value="f&amp;b" type="button" onclick="\
+new Ajax.Request('/test/foobar', {asynchronous:true, evalScripts:true, \
+parameters:Form.serialize(this.form)}); return false;"#{XHTML_TAGS}>))
+  end
+end

data/test/safe_string_test.rb ADDED Viewed

@@ -0,0 +1,37 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+class SafeStringTest < Test::Unit::TestCase
+  include ERB::Util
+  def test_safe_string
+    assert_equal "foo", "foo".to_xss_safe
+    assert_equal "foo &amp; bar", "foo & bar".to_xss_safe
+    assert_equal "foo &amp; bar", "foo & bar".to_xss_safe
+    assert_equal "foo &amp;amp; bar", "foo &amp; bar".to_xss_safe
+    assert_equal "foo &amp; bar", "foo & bar".to_xss_safe.to_xss_safe
+    assert_equal "foo &amp; bar", h("foo & bar").to_xss_safe
+    assert_equal "foo &amp;amp; bar", h(h("foo & bar"))
+    assert_not_equal "foo".xss_safe.object_id, "foo".xss_safe.object_id
+    x = "foo & bar".xss_safe
+    assert_equal x.xss_safe, x
+    # Not sure if this makes sense
+    assert_not_equal x.xss_safe.object_id, x.object_id
+    assert_equal x.to_s, x
+    assert_equal x.to_s.object_id, x.object_id
+  end
+  def test_nonstring_objects
+    assert_equal "15", 15.to_xss_safe
+    assert_equal SafeString, 15.to_xss_safe.class
+  end
+  def test_nil
+    assert_equal "", nil.to_xss_safe
+    assert_equal SafeString, nil.to_xss_safe.class
+    assert_equal nil, nil.xss_safe
+  end
+end

data/test/template_object_test.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that ERBs still work correctly.
+# See /usr/lib/ruby/gems/1.8/gems/actionpack-2.1.0/test/template/template_object_test.rb.
+class TemplateObjectTest < Test::Unit::TestCase
+  def setup
+    @view = ActionView::Base.new(VIEW_PATH)
+    @path = "hello_world.erb"
+  end
+  def test_should_create_valid_template
+    template = ActionView::Template.new(@view, @path, true)
+    assert_kind_of ActionView::TemplateHandlers::ERB, template.handler
+    assert_equal "hello_world.erb", template.path
+    assert_nil template.instance_variable_get(:"@source")
+    assert_equal "erb", template.extension
+  end
+  def test_should_prepare_template_properly
+    template = ActionView::Template.new(@view, @path, true)
+    view = template.instance_variable_get(:"@view")
+    view.expects(:evaluate_assigns)
+    template.handler.expects(:compile_template).with(template)
+    view.expects(:method_names).returns({})
+    template.prepare!
+  end
+end

data/test/test_helper.rb ADDED Viewed

@@ -0,0 +1,71 @@
+# Loads the test environment. First try to load the Rails environment if we're
+# in a Rails project. Otherwise just load the libraries that we need.
+CUR_DIR = File.dirname(__FILE__)
+$LOAD_PATH << "#{CUR_DIR}/../lib"
+begin
+  require File.expand_path "#{CUR_DIR}/../../../../test/test_helper"
+rescue LoadError
+  require 'rubygems'
+  gem 'rails', '=2.1.2'
+  require 'active_record'
+  require 'action_controller'
+  require 'action_controller/test_process'
+  require 'action_view/test_case'
+  require 'mocha'
+  require 'test/unit'
+end
+require 'init'
+# Disable deprecation warnings.
+ActiveSupport::Deprecation.silenced = true
+# Rails creates all HTML form elements as XHTML by default. We override this in
+# Studio, so make sure the tests here handle that.
+XHTML_TAGS = ' /'     # set this to ' /' if  you don't override this in your app
+class ActionView::Base
+  # Disable forgery protection.
+  def protect_against_forgery?
+    false
+  end
+end
+# Define helper methods here for use in the rest of the test classes.
+class Test::Unit::TestCase
+  VIEW_PATH = File.join(File.dirname(__FILE__), 'fixtures')
+  ActionView::TemplateFinder.process_view_paths(VIEW_PATH)
+  private
+  def assert_render_has_no_escaped_chars(input, options = {})
+    actual = render_erb(input, options[:locals])
+    assert !actual.include?('&lt;'), "Output contains &lt;"
+    assert !actual.include?('&gt;'), "Output contains &gt;"
+  end
+  def assert_render(args, options = {})
+    args.each do |erb, expected|
+      expected.strip!
+      actual = render_erb(erb, options[:locals])
+      assert_dom_equal expected, actual, "#{erb} => #{expected}"
+    end
+  end
+  def render_erb(erb, locals = {})
+    # Need this to make asset packager happy.
+    request = mock()
+    request.stubs(:relative_url_root).returns('')
+    request.stubs(:request_uri).returns('/test/foobar')
+    request.stubs(:url_for).returns('/test/foobar')
+    request.stubs(:protocol).returns('http://')
+    request.stubs(:ssl?).returns(false)
+    controller = mock()
+    controller.stubs(:request).returns(request)
+    controller.stubs(:url_for).returns('/test/foobar')
+    view = ActionView::Base.new(VIEW_PATH, {}, controller)
+    ActionView::InlineTemplate.new(view, erb, locals).render.strip
+  end
+end

data/test/url_helper_test.rb ADDED Viewed

@@ -0,0 +1,53 @@
+require File.dirname(__FILE__) + '/../test/test_helper'
+# Test that helpers from ActionView::Helpers::UrlHelper are properly
+# escaped.
+class UrlHelperTest < Test::Unit::TestCase
+  def test_button_to
+    assert_render(
+      %(<%= button_to 'foo&bar', :action => :boo %>) => %(
+        <form class="button-to" action="/test/foobar" method="post"><div>\
+<input type="submit" value="foo&amp;bar"#{XHTML_TAGS}></div></form>))
+  end
+  def test_current_page?
+    assert_render(
+      %(<%= current_page? :action => :foobar %>) => %(true))
+  end
+  def test_link_to
+    assert_render(
+      %(<%= link_to 'foo&bar', :action => :boo %>) => %(
+        <a href="/test/foobar">foo&amp;bar</a>))
+  end
+  def test_link_to_if
+    assert_render(
+      %(<%= link_to_if true, 'foo&bar', :action => :boo %>) => %(
+        <a href="/test/foobar">foo&amp;bar</a>))
+  end
+  def test_link_to_unless
+    assert_render(
+      %(<%= link_to_unless false, 'foo&bar', :action => :boo %>) => %(
+        <a href="/test/foobar">foo&amp;bar</a>))
+  end
+  def test_link_to_unless_current
+    assert_render(
+      %(<%= link_to_unless_current 'foo&bar', :action => :boo %>) => %(
+        foo&amp;bar))
+  end
+  def test_mail_to
+    assert_render(
+      %(<%= mail_to 'foo@bar.com' %>) => %(
+        <a href="mailto:foo@bar.com">foo@bar.com</a>))
+  end
+  def test_url_for
+    assert_render %(<%= url_for :action => :foobar %>) => %(/test/foobar)
+  end
+end

data/xss_shield.gemspec ADDED Viewed

@@ -0,0 +1,76 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{xss_shield}
+  s.version = "1.0.0"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["James Tan"]
+  s.date = %q{2009-10-07}
+  s.description = %q{This Rails plugin provides automatic cross site scripting (XSS) protection for your views. Once installed, you no longer have to manually and painstakingly sanitize all your views with HTML escaping.}
+  s.email = %q{jamestyj@gmail.com}
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files = [
+    "MIT-LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "init.rb",
+     "lib/xss_shield.rb",
+     "lib/xss_shield/erb_hacks.rb",
+     "lib/xss_shield/safe_string.rb",
+     "lib/xss_shield/secure_helpers.rb",
+     "test/active_record_helper_test.rb",
+     "test/asset_package_test.rb",
+     "test/asset_tag_helper_test.rb",
+     "test/date_helper_test.rb",
+     "test/erb_util_test.rb",
+     "test/fixtures/hello_world.erb",
+     "test/form_helper_test.rb",
+     "test/form_options_helper_test.rb",
+     "test/form_tag_helper_test.rb",
+     "test/javascript_helper_test.rb",
+     "test/prototype_helper_test.rb",
+     "test/safe_string_test.rb",
+     "test/template_object_test.rb",
+     "test/test_helper.rb",
+     "test/url_helper_test.rb",
+     "xss_shield.gemspec"
+  ]
+  s.homepage = %q{http://github.com/jamestyj/xss_shield}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Protect your Rails site from XSS attacks.}
+  s.test_files = [
+    "test/asset_tag_helper_test.rb",
+     "test/asset_package_test.rb",
+     "test/prototype_helper_test.rb",
+     "test/erb_util_test.rb",
+     "test/date_helper_test.rb",
+     "test/template_object_test.rb",
+     "test/form_options_helper_test.rb",
+     "test/url_helper_test.rb",
+     "test/test_helper.rb",
+     "test/active_record_helper_test.rb",
+     "test/javascript_helper_test.rb",
+     "test/safe_string_test.rb",
+     "test/form_helper_test.rb",
+     "test/form_tag_helper_test.rb"
+  ]
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end