mirror of
https://github.com/sinatra/sinatra
synced 2023-03-27 23:18:01 -04:00
8ae87a87f3
* Initialize rubocop * Style/StringLiterals: prefer single quotes * Style/AndOr: use `&&` and `||`, instead of `and` and `or` * Style/HashSyntax: use new hash syntax * Layout/EmptyLineAfterGuardClause: add empty lines after guard clause * Style/SingleLineMethods: temporary disable It breaks layout of the code, it is better to fix it manually * Style/Proc: prefer `proc` vs `Proc.new` * Disable Lint/AmbiguousBlockAssociation It affects proc definitions for sinatra DSL * Disable Style/CaseEquality * Lint/UnusedBlockArgument: put underscore in front of it * Style/Alias: prefer alias vs alias_method in a class body * Layout/EmptyLineBetweenDefs: add empty lines between defs * Style/ParallelAssignment: don't use parallel assigment * Style/RegexpLiteral: prefer %r for regular expressions * Naming/UncommunicativeMethodParamName: fix abbrevs * Style/PerlBackrefs: disable cop * Layout/SpaceAfterComma: add missing spaces * Style/Documentation: disable cop * Style/FrozenStringLiteralComment: add frozen_string_literal * Layout/AlignHash: align hash * Layout/ExtraSpacing: allow for alignment * Layout/SpaceAroundOperators: add missing spaces * Style/Not: prefer `!` instead of `not` * Style/GuardClause: add guard conditions * Style/MutableConstant: freeze contants * Lint/IneffectiveAccessModifier: disable cop * Lint/RescueException: disable cop * Style/SpecialGlobalVars: disable cop * Layout/DotPosition: fix position of dot for multiline method chains * Layout/SpaceInsideArrayLiteralBrackets: don't use spaces inside arrays * Layout/SpaceInsideBlockBraces: add space for blocks * Layout/SpaceInsideHashLiteralBraces: add spaces for hashes * Style/FormatString: use format string syntax * Style/StderrPuts: `warn` is preferable to `$stderr.puts` * Bundler/DuplicatedGem: disable cop * Layout/AlignArray: fix warning * Lint/AssignmentInCondition: remove assignments from conditions * Layout/IndentHeredoc: disable cop * Layout/SpaceInsideParens: remove extra spaces * Lint/UnusedMethodArgument: put underscore in front of unused arg * Naming/RescuedExceptionsVariableName: use `e` for exceptions * Style/CommentedKeyword: put comments before the method * Style/FormatStringToken: disable cop * Style/MultilineIfModifier: move condition before the method * Style/SignalException: prefer `raise` to `fail` * Style/SymbolArray: prefer %i for array of symbols * Gemspec/OrderedDependencies: Use alphabetical order for dependencies * Lint/UselessAccessModifier: disable cop * Naming/HeredocDelimiterNaming: change delimiter's name * Style/ClassCheck: prefer `is_a?` to `kind_of?` * Style/ClassVars: disable cop * Style/Encoding: remove coding comment * Style/RedundantParentheses: remove extra parentheses * Style/StringLiteralsInInterpolation: prefer singl quotes * Layout/AlignArguments: fix alignment * Layout/ClosingHeredocIndentation: align heredoc * Layout/EmptyLineAfterMagicComment: add empty line * Set RubyVersion for rubocop * Lint/UselessAssignment: disable cop * Style/EmptyLiteral: disable cop Causes test failures * Minor code-style fixes with --safe-auto-correct option * Disable the rest of the cops that cause warnings It would be easier to re-enable them in separate PRs * Add rubocop check to the default Rake task * Update to rubocop 1.32.0 * Rubocop updates for rack-protection and sinatra-contrib * Disable Style/SlicingWithRange cop * Make suggested updates Co-authored-by: Jordan Owens <jkowens@gmail.com>
61 lines
3.4 KiB
Ruby
61 lines
3.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rack/protection/version'
|
|
require 'rack'
|
|
|
|
module Rack
|
|
module Protection
|
|
autoload :AuthenticityToken, 'rack/protection/authenticity_token'
|
|
autoload :Base, 'rack/protection/base'
|
|
autoload :CookieTossing, 'rack/protection/cookie_tossing'
|
|
autoload :ContentSecurityPolicy, 'rack/protection/content_security_policy'
|
|
autoload :Encryptor, 'rack/protection/encryptor'
|
|
autoload :EncryptedCookie, 'rack/protection/encrypted_cookie'
|
|
autoload :EscapedParams, 'rack/protection/escaped_params'
|
|
autoload :FormToken, 'rack/protection/form_token'
|
|
autoload :FrameOptions, 'rack/protection/frame_options'
|
|
autoload :HttpOrigin, 'rack/protection/http_origin'
|
|
autoload :IPSpoofing, 'rack/protection/ip_spoofing'
|
|
autoload :JsonCsrf, 'rack/protection/json_csrf'
|
|
autoload :PathTraversal, 'rack/protection/path_traversal'
|
|
autoload :ReferrerPolicy, 'rack/protection/referrer_policy'
|
|
autoload :RemoteReferrer, 'rack/protection/remote_referrer'
|
|
autoload :RemoteToken, 'rack/protection/remote_token'
|
|
autoload :SessionHijacking, 'rack/protection/session_hijacking'
|
|
autoload :StrictTransport, 'rack/protection/strict_transport'
|
|
autoload :XSSHeader, 'rack/protection/xss_header'
|
|
|
|
def self.new(app, options = {})
|
|
# does not include: RemoteReferrer, AuthenticityToken and FormToken
|
|
except = Array options[:except]
|
|
use_these = Array options[:use]
|
|
|
|
if options.fetch(:without_session, false)
|
|
except += %i[session_hijacking remote_token]
|
|
end
|
|
|
|
Rack::Builder.new do
|
|
# Off by default, unless added
|
|
use ::Rack::Protection::AuthenticityToken, options if use_these.include? :authenticity_token
|
|
use ::Rack::Protection::ContentSecurityPolicy, options if use_these.include? :content_security_policy
|
|
use ::Rack::Protection::CookieTossing, options if use_these.include? :cookie_tossing
|
|
use ::Rack::Protection::EscapedParams, options if use_these.include? :escaped_params
|
|
use ::Rack::Protection::FormToken, options if use_these.include? :form_token
|
|
use ::Rack::Protection::ReferrerPolicy, options if use_these.include? :referrer_policy
|
|
use ::Rack::Protection::RemoteReferrer, options if use_these.include? :remote_referrer
|
|
use ::Rack::Protection::StrictTransport, options if use_these.include? :strict_transport
|
|
|
|
# On by default, unless skipped
|
|
use ::Rack::Protection::FrameOptions, options unless except.include? :frame_options
|
|
use ::Rack::Protection::HttpOrigin, options unless except.include? :http_origin
|
|
use ::Rack::Protection::IPSpoofing, options unless except.include? :ip_spoofing
|
|
use ::Rack::Protection::JsonCsrf, options unless except.include? :json_csrf
|
|
use ::Rack::Protection::PathTraversal, options unless except.include? :path_traversal
|
|
use ::Rack::Protection::RemoteToken, options unless except.include? :remote_token
|
|
use ::Rack::Protection::SessionHijacking, options unless except.include? :session_hijacking
|
|
use ::Rack::Protection::XSSHeader, options unless except.include? :xss_header
|
|
run app
|
|
end.to_app
|
|
end
|
|
end
|
|
end
|