Sha256: 371e7b0e5574468a78efe1fd5862639d8c60d6dc82548d32c22a0ea9d08646da
Contents?: true
Size: 1.16 KB
Versions: 36
Compression:
Stored size: 1.16 KB
Contents
# frozen_string_literal: true
require "uri"
require "pact_broker/messages"
# This class is for https://github.com/pact-foundation/pact_broker/issues/101
# curl -i "http://127.0.0.1:9292/<script>"
module Rack
module PactBroker
class InvalidUriProtection
include ::PactBroker::Messages
def initialize app
@app = app
end
def call env
if (uri = valid_uri?(env))
if (error_message = validate(uri))
[422, {"Content-Type" => "text/plain"}, [error_message]]
else
app.call(env)
end
else
[404, {}, []]
end
end
private
attr_reader :app
def valid_uri? env
begin
parse(::Rack::Request.new(env).url)
rescue URI::InvalidURIError, ArgumentError
nil
end
end
def parse uri
URI.parse(uri)
end
def validate(uri)
decoded_path = URI.decode(uri.path)
if decoded_path.include?("\n")
message("errors.new_line_in_url_path")
elsif decoded_path.include?("\t")
message("errors.tab_in_url_path")
end
end
end
end
end
Version data entries
36 entries across 36 versions & 1 rubygems