Class: Rack::InvalidUriProtector

Inherits:

Object

Object
Rack::InvalidUriProtector

show all

Defined in:: lib/rack/invalid_uri_protector.rb,
lib/rack/invalid_uri_protector/version.rb

Constant Summary collapse

SANITIZE_ENV_KEYS =

%w(
  HTTP_REFERER
  PATH_INFO
  REQUEST_URI
  REQUEST_PATH
  QUERY_STRING
)

VERSION =

'0.2.0'

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ InvalidUriProtector constructor

A new instance of InvalidUriProtector.

Constructor Details

#initialize(app) ⇒ `InvalidUriProtector`

Returns a new instance of InvalidUriProtector.



12
13
14

# File 'lib/rack/invalid_uri_protector.rb', line 12

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/rack/invalid_uri_protector.rb', line 16

def call(env)
  SANITIZE_ENV_KEYS.each do |key|
    string = env[key].to_s
    valid = URI.decode(string).force_encoding('UTF-8').valid_encoding?
    # Don't accept requests with invalid byte sequence
    return [400, {}, ['Bad request']] unless valid
  end

  @app.call(env)
end

Class: Rack::InvalidUriProtector

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ InvalidUriProtector

Instance Method Details

#call(env) ⇒ Object

#initialize(app) ⇒ `InvalidUriProtector`

#call(env) ⇒ `Object`