Class: Rack::Protection::Base
- Inherits:
-
Object
show all
- Defined in:
- lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb
Direct Known Subclasses
AuthenticityToken, ContentSecurityPolicy, CookieTossing, EscapedParams, FrameOptions, HttpOrigin, IPSpoofing, JsonCsrf, PathTraversal, ReferrerPolicy, RemoteReferrer, SessionHijacking, StrictTransport, XSSHeader
Constant Summary
collapse
- DEFAULT_OPTIONS =
{
reaction: :default_reaction, logging: true,
message: 'Forbidden', encryptor: Digest::SHA1,
session_key: 'rack.session', status: 403,
allow_empty_referrer: true,
report_key: 'protection.failed',
html_types: %w[text/html application/xhtml text/xml application/xml]
}
Instance Attribute Summary collapse
Class Method Summary
collapse
Instance Method Summary
collapse
Constructor Details
#initialize(app, options = {}) ⇒ Base
Returns a new instance of Base.
35
36
37
38
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 35
def initialize(app, options = {})
@app = app
@options = default_options.merge(options)
end
|
Instance Attribute Details
Returns the value of attribute app.
21
22
23
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 21
def app
@app
end
|
Returns the value of attribute options.
21
22
23
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 21
def options
@options
end
|
Class Method Details
.default_options(options) ⇒ Object
23
24
25
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 23
def self.default_options(options)
define_method(:default_options) { super().merge(options) }
end
|
.default_reaction(reaction) ⇒ Object
27
28
29
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 27
def self.default_reaction(reaction)
alias_method(:default_reaction, reaction)
end
|
Instance Method Details
#accepts?(env) ⇒ Boolean
44
45
46
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 44
def accepts?(env)
raise NotImplementedError, "#{self.class} implementation pending"
end
|
#call(env) ⇒ Object
48
49
50
51
52
53
54
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 48
def call(env)
unless accepts? env
instrument env
result = react env
end
result or app.call(env)
end
|
#default_options ⇒ Object
31
32
33
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 31
def default_options
DEFAULT_OPTIONS
end
|
#deny(env) ⇒ Object
Also known as:
default_reaction
75
76
77
78
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 75
def deny(env)
warn env, "attack prevented by #{self.class}"
[options[:status], { 'Content-Type' => 'text/plain' }, [options[:message]]]
end
|
#drop_session(env) ⇒ Object
95
96
97
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 95
def drop_session(env)
session(env).clear if session? env
end
|
#encrypt(value) ⇒ Object
117
118
119
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 117
def encrypt(value)
options[:encryptor].hexdigest value.to_s
end
|
#html?(headers) ⇒ Boolean
127
128
129
130
131
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 127
def html?()
return false unless ( = .detect { |k, _v| k.downcase == 'content-type' })
options[:html_types].include? .last[%r{^\w+/\w+}]
end
|
#instrument(env) ⇒ Object
68
69
70
71
72
73
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 68
def instrument(env)
return unless (i = options[:instrumenter])
env['rack.protection.attack'] = self.class.name.split('::').last.downcase
i.instrument('rack.protection', env)
end
|
#origin(env) ⇒ Object
107
108
109
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 107
def origin(env)
env['HTTP_ORIGIN'] || env['HTTP_X_ORIGIN']
end
|
#random_string(secure = defined? SecureRandom)) ⇒ Object
111
112
113
114
115
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 111
def random_string(secure = defined? SecureRandom)
secure ? SecureRandom.hex(16) : '%032x' % rand((2**128) - 1)
rescue NotImplementedError
random_string false
end
|
#react(env) ⇒ Object
56
57
58
59
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 56
def react(env)
result = send(options[:reaction], env)
result if (Array === result) && (result.size == 3)
end
|
#referrer(env) ⇒ Object
99
100
101
102
103
104
105
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 99
def referrer(env)
ref = env['HTTP_REFERER'].to_s
return if !options[:allow_empty_referrer] && ref.empty?
URI.parse(ref).host || Request.new(env).host
rescue URI::InvalidURIError
end
|
#report(env) ⇒ Object
80
81
82
83
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 80
def report(env)
warn env, "attack reported by #{self.class}"
env[options[:report_key]] = true
end
|
#safe?(env) ⇒ Boolean
40
41
42
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 40
def safe?(env)
%w[GET HEAD OPTIONS TRACE].include? env['REQUEST_METHOD']
end
|
#secure_compare(a, b) ⇒ Object
121
122
123
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 121
def secure_compare(a, b)
Rack::Utils.secure_compare(a.to_s, b.to_s)
end
|
#session(env) ⇒ Object
89
90
91
92
93
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 89
def session(env)
return env[options[:session_key]] if session? env
raise "you need to set up a session middleware *before* #{self.class}"
end
|
#session?(env) ⇒ Boolean
85
86
87
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 85
def session?(env)
env.include? options[:session_key]
end
|
#warn(env, message) ⇒ Object
61
62
63
64
65
66
|
# File 'lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/base.rb', line 61
def warn(env, message)
return unless options[:logging]
l = options[:logger] || env['rack.logger'] || ::Logger.new(env['rack.errors'])
l.warn(message)
end
|