diff options
author | pavel <pavel.rosicky@easy.cz> | 2019-07-23 21:17:44 +0200 |
---|---|---|
committer | pavel <pavel.rosicky@easy.cz> | 2019-07-23 21:17:44 +0200 |
commit | 77b1b52a406d68df21018637040cd7bcb96b42b0 (patch) | |
tree | 61785af3d01b3d33dc5d9f9490fb3394356c53b9 | |
parent | 91e492a56a4eb1d26f5a8e647f12e364458818de (diff) | |
download | rack-77b1b52a406d68df21018637040cd7bcb96b42b0.tar.gz |
return boolean in trusted_proxy?
-rw-r--r-- | lib/rack/request.rb | 6 | ||||
-rw-r--r-- | test/spec_request.rb | 40 |
2 files changed, 25 insertions, 21 deletions
diff --git a/lib/rack/request.rb b/lib/rack/request.rb index 951fe8cb..20266185 100644 --- a/lib/rack/request.rb +++ b/lib/rack/request.rb @@ -3,6 +3,8 @@ require 'rack/utils' require 'rack/media_type' +require_relative 'core_ext/regexp' + module Rack # Rack::Request provides a convenient interface to a Rack # environment. It is stateless, the environment +env+ passed to the @@ -13,11 +15,13 @@ module Rack # req.params["data"] class Request + using ::Rack::RegexpExtensions + class << self attr_accessor :ip_filter end - self.ip_filter = lambda { |ip| ip =~ /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i } + self.ip_filter = lambda { |ip| /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i.match?(ip) } ALLOWED_SCHEMES = %w(https http).freeze SCHEME_WHITELIST = ALLOWED_SCHEMES if Object.respond_to?(:deprecate_constant) diff --git a/test/spec_request.rb b/test/spec_request.rb index 5c7a9639..4dd30707 100644 --- a/test/spec_request.rb +++ b/test/spec_request.rb @@ -1321,26 +1321,26 @@ EOF it "regards local addresses as proxies" do req = make_request(Rack::MockRequest.env_for("/")) - req.trusted_proxy?('127.0.0.1').must_equal 0 - req.trusted_proxy?('10.0.0.1').must_equal 0 - req.trusted_proxy?('172.16.0.1').must_equal 0 - req.trusted_proxy?('172.20.0.1').must_equal 0 - req.trusted_proxy?('172.30.0.1').must_equal 0 - req.trusted_proxy?('172.31.0.1').must_equal 0 - req.trusted_proxy?('192.168.0.1').must_equal 0 - req.trusted_proxy?('::1').must_equal 0 - req.trusted_proxy?('fd00::').must_equal 0 - req.trusted_proxy?('localhost').must_equal 0 - req.trusted_proxy?('unix').must_equal 0 - req.trusted_proxy?('unix:/tmp/sock').must_equal 0 - - req.trusted_proxy?("unix.example.org").must_be_nil - req.trusted_proxy?("example.org\n127.0.0.1").must_be_nil - req.trusted_proxy?("127.0.0.1\nexample.org").must_be_nil - req.trusted_proxy?("11.0.0.1").must_be_nil - req.trusted_proxy?("172.15.0.1").must_be_nil - req.trusted_proxy?("172.32.0.1").must_be_nil - req.trusted_proxy?("2001:470:1f0b:18f8::1").must_be_nil + req.trusted_proxy?('127.0.0.1').must_equal true + req.trusted_proxy?('10.0.0.1').must_equal true + req.trusted_proxy?('172.16.0.1').must_equal true + req.trusted_proxy?('172.20.0.1').must_equal true + req.trusted_proxy?('172.30.0.1').must_equal true + req.trusted_proxy?('172.31.0.1').must_equal true + req.trusted_proxy?('192.168.0.1').must_equal true + req.trusted_proxy?('::1').must_equal true + req.trusted_proxy?('fd00::').must_equal true + req.trusted_proxy?('localhost').must_equal true + req.trusted_proxy?('unix').must_equal true + req.trusted_proxy?('unix:/tmp/sock').must_equal true + + req.trusted_proxy?("unix.example.org").must_equal false + req.trusted_proxy?("example.org\n127.0.0.1").must_equal false + req.trusted_proxy?("127.0.0.1\nexample.org").must_equal false + req.trusted_proxy?("11.0.0.1").must_equal false + req.trusted_proxy?("172.15.0.1").must_equal false + req.trusted_proxy?("172.32.0.1").must_equal false + req.trusted_proxy?("2001:470:1f0b:18f8::1").must_equal false end it "sets the default session to an empty hash" do |