Class: Rack::Protection::PathTraversal
- Defined in:
- lib/rack/protection/path_traversal.rb
Overview
- Prevented attack
-
Directory traversal
- Supported browsers
-
all
- More infos
Unescapes ‘/’ and ‘.’, expands path_info
. Thus GET /foo/%2e%2e%2fbar
becomes GET /bar
.
Constant Summary
Constants inherited from Base
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
Methods inherited from Base
#accepts?, #debug, #default_options, default_options, default_reaction, #deny, #drop_session, #encrypt, #html?, #initialize, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#call(env) ⇒ Object
15 16 17 18 19 20 21 |
# File 'lib/rack/protection/path_traversal.rb', line 15 def call(env) path_was = env['PATH_INFO'] env['PATH_INFO'] = cleanup path_was if path_was && !path_was.empty? app.call env ensure env['PATH_INFO'] = path_was end |
#cleanup(path) ⇒ Object
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/rack/protection/path_traversal.rb', line 23 def cleanup(path) encoding = path.encoding dot = '.'.encode(encoding) slash = '/'.encode(encoding) backslash = '\\'.encode(encoding) parts = [] unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash).gsub(/%5c/i, backslash) unescaped = unescaped.gsub(backslash, slash) unescaped.split(slash).each do |part| next if part.empty? || (part == dot) part == '..' ? parts.pop : parts << part end cleaned = slash + parts.join(slash) cleaned << slash if parts.any? && unescaped =~ (%r{/\.{0,2}$}) cleaned end |