class Rack::Protection::Base

Constants

DEFAULT_OPTIONS

Attributes

app[R]
options[R]

Public Class Methods

default_options(options) click to toggle source
Calls superclass method
# File lib/rack/protection/base.rb, line 21
def self.default_options(options)
  define_method(:default_options) { super().merge(options) }
end
default_reaction(reaction) click to toggle source
# File lib/rack/protection/base.rb, line 25
def self.default_reaction(reaction)
  alias_method(:default_reaction, reaction)
end
new(app, options = {}) click to toggle source
# File lib/rack/protection/base.rb, line 33
def initialize(app, options = {})
  @app, @options = app, default_options.merge(options)
end

Public Instance Methods

accepts?(env) click to toggle source
# File lib/rack/protection/base.rb, line 41
def accepts?(env)
  raise NotImplementedError, "#{self.class} implementation pending"
end
call(env) click to toggle source
# File lib/rack/protection/base.rb, line 45
def call(env)
  unless accepts? env
    instrument env
    result = react env
  end
  result or app.call(env)
end
default_options() click to toggle source
# File lib/rack/protection/base.rb, line 29
def default_options
  DEFAULT_OPTIONS
end
default_reaction(env)
Alias for: deny
deny(env) click to toggle source
# File lib/rack/protection/base.rb, line 70
def deny(env)
  warn env, "attack prevented by #{self.class}"
  [options[:status], {'Content-Type' => 'text/plain'}, [options[:message]]]
end
Also aliased as: default_reaction
drop_session(env) click to toggle source
# File lib/rack/protection/base.rb, line 89
def drop_session(env)
  session(env).clear if session? env
end
encrypt(value) click to toggle source
# File lib/rack/protection/base.rb, line 110
def encrypt(value)
  options[:encryptor].hexdigest value.to_s
end
html?(headers) click to toggle source
# File lib/rack/protection/base.rb, line 120
def html?(headers)
  return false unless header = headers.detect { |k,v| k.downcase == 'content-type' }
  options[:html_types].include? header.last[/^\w+\/\w+/]
end
instrument(env) click to toggle source
# File lib/rack/protection/base.rb, line 64
def instrument(env)
  return unless i = options[:instrumenter]
  env['rack.protection.attack'] = self.class.name.split('::').last.downcase
  i.instrument('rack.protection', env)
end
origin(env) click to toggle source
# File lib/rack/protection/base.rb, line 100
def origin(env)
  env['HTTP_ORIGIN'] || env['HTTP_X_ORIGIN']
end
random_string(secure = defined? SecureRandom) click to toggle source
# File lib/rack/protection/base.rb, line 104
def random_string(secure = defined? SecureRandom)
  secure ? SecureRandom.hex(16) : "%032x" % rand(2**128-1)
rescue NotImplementedError
  random_string false
end
react(env) click to toggle source
# File lib/rack/protection/base.rb, line 53
def react(env)
  result = send(options[:reaction], env)
  result if Array === result and result.size == 3
end
referrer(env) click to toggle source
# File lib/rack/protection/base.rb, line 93
def referrer(env)
  ref = env['HTTP_REFERER'].to_s
  return if !options[:allow_empty_referrer] and ref.empty?
  URI.parse(ref).host || Request.new(env).host
rescue URI::InvalidURIError
end
report(env) click to toggle source
# File lib/rack/protection/base.rb, line 75
def report(env)
  warn env, "attack reported by #{self.class}"
  env[options[:report_key]] = true
end
safe?(env) click to toggle source
# File lib/rack/protection/base.rb, line 37
def safe?(env)
  %w[GET HEAD OPTIONS TRACE].include? env['REQUEST_METHOD']
end
secure_compare(a, b) click to toggle source
# File lib/rack/protection/base.rb, line 114
def secure_compare(a, b)
  Rack::Utils.secure_compare(a.to_s, b.to_s)
end
session(env) click to toggle source
# File lib/rack/protection/base.rb, line 84
def session(env)
  return env[options[:session_key]] if session? env
  fail "you need to set up a session middleware *before* #{self.class}"
end
session?(env) click to toggle source
# File lib/rack/protection/base.rb, line 80
def session?(env)
  env.include? options[:session_key]
end
warn(env, message) click to toggle source
# File lib/rack/protection/base.rb, line 58
def warn(env, message)
  return unless options[:logging]
  l = options[:logger] || env['rack.logger'] || ::Logger.new(env['rack.errors'])
  l.warn(message)
end