class Rack::Protection::Base
Constants
- DEFAULT_OPTIONS
Attributes
app[R]
options[R]
Public Class Methods
default_options(options)
click to toggle source
Calls superclass method
# File lib/rack/protection/base.rb, line 23 def self.default_options(options) define_method(:default_options) { super().merge(options) } end
default_reaction(reaction)
click to toggle source
# File lib/rack/protection/base.rb, line 27 def self.default_reaction(reaction) alias_method(:default_reaction, reaction) end
new(app, options = {})
click to toggle source
# File lib/rack/protection/base.rb, line 35 def initialize(app, options = {}) @app = app @options = default_options.merge(options) end
Public Instance Methods
accepts?(env)
click to toggle source
# File lib/rack/protection/base.rb, line 44 def accepts?(env) raise NotImplementedError, "#{self.class} implementation pending" end
call(env)
click to toggle source
# File lib/rack/protection/base.rb, line 48 def call(env) unless accepts? env instrument env result = react env end result or app.call(env) end
default_options()
click to toggle source
# File lib/rack/protection/base.rb, line 31 def default_options DEFAULT_OPTIONS end
deny(env)
click to toggle source
# File lib/rack/protection/base.rb, line 75 def deny(env) warn env, "attack prevented by #{self.class}" [options[:status], { 'Content-Type' => 'text/plain' }, [options[:message]]] end
Also aliased as: default_reaction
drop_session(env)
click to toggle source
# File lib/rack/protection/base.rb, line 95 def drop_session(env) session(env).clear if session? env end
encrypt(value)
click to toggle source
# File lib/rack/protection/base.rb, line 117 def encrypt(value) options[:encryptor].hexdigest value.to_s end
html?(headers)
click to toggle source
# File lib/rack/protection/base.rb, line 127 def html?(headers) return false unless (header = headers.detect { |k, _v| k.downcase == 'content-type' }) options[:html_types].include? header.last[%r{^\w+/\w+}] end
instrument(env)
click to toggle source
# File lib/rack/protection/base.rb, line 68 def instrument(env) return unless (i = options[:instrumenter]) env['rack.protection.attack'] = self.class.name.split('::').last.downcase i.instrument('rack.protection', env) end
origin(env)
click to toggle source
# File lib/rack/protection/base.rb, line 107 def origin(env) env['HTTP_ORIGIN'] || env['HTTP_X_ORIGIN'] end
random_string(secure = defined? SecureRandom)
click to toggle source
# File lib/rack/protection/base.rb, line 111 def random_string(secure = defined? SecureRandom) secure ? SecureRandom.hex(16) : '%032x' % rand((2**128) - 1) rescue NotImplementedError random_string false end
react(env)
click to toggle source
# File lib/rack/protection/base.rb, line 56 def react(env) result = send(options[:reaction], env) result if (Array === result) && (result.size == 3) end
referrer(env)
click to toggle source
# File lib/rack/protection/base.rb, line 99 def referrer(env) ref = env['HTTP_REFERER'].to_s return if !options[:allow_empty_referrer] && ref.empty? URI.parse(ref).host || Request.new(env).host rescue URI::InvalidURIError end
report(env)
click to toggle source
# File lib/rack/protection/base.rb, line 80 def report(env) warn env, "attack reported by #{self.class}" env[options[:report_key]] = true end
safe?(env)
click to toggle source
# File lib/rack/protection/base.rb, line 40 def safe?(env) %w[GET HEAD OPTIONS TRACE].include? env['REQUEST_METHOD'] end
secure_compare(a, b)
click to toggle source
# File lib/rack/protection/base.rb, line 121 def secure_compare(a, b) Rack::Utils.secure_compare(a.to_s, b.to_s) end
session(env)
click to toggle source
# File lib/rack/protection/base.rb, line 89 def session(env) return env[options[:session_key]] if session? env raise "you need to set up a session middleware *before* #{self.class}" end
session?(env)
click to toggle source
# File lib/rack/protection/base.rb, line 85 def session?(env) env.include? options[:session_key] end
warn(env, message)
click to toggle source
# File lib/rack/protection/base.rb, line 61 def warn(env, message) return unless options[:logging] l = options[:logger] || env['rack.logger'] || ::Logger.new(env['rack.errors']) l.warn(message) end