From 3ae4772d338528c8122aa92216b05ee74de5d899 Mon Sep 17 00:00:00 2001 From: Sherwin H Date: Tue, 19 Feb 2019 17:44:26 -0800 Subject: [PATCH 1/4] Add domain validation using regex matching --- lib/imgix.rb | 1 + lib/imgix/client.rb | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/lib/imgix.rb b/lib/imgix.rb index f156c89..2d9af53 100644 --- a/lib/imgix.rb +++ b/lib/imgix.rb @@ -6,4 +6,5 @@ module Imgix STRATEGIES = [:crc, :cycle] + DOMAIN_REGEX = /^(?:[a-z\d\-_]{1,62}\.){0,125}(?:[a-z\d](?:\-(?=\-*[a-z\d])|[a-z]|\d){0,62}\.)[a-z\d]{1,63}$/i end diff --git a/lib/imgix/client.rb b/lib/imgix/client.rb index 45ff2e3..c558b16 100644 --- a/lib/imgix/client.rb +++ b/lib/imgix/client.rb @@ -75,6 +75,11 @@ def validate_hosts! unless @hosts.length > 0 raise ArgumentError, "The :host or :hosts option must be specified" end + @hosts.each do |host| + unless host.match(DOMAIN_REGEX) != nil + raise ArgumentError, "Domains must be passed in as fully-qualified domain names and should not include a protocol or any path element, i.e. \"example.imgix.net\"." + end + end end end From b68f279b2f179f3c5883d52aac558969ef4ba7cc Mon Sep 17 00:00:00 2001 From: Sherwin H Date: Tue, 19 Feb 2019 17:44:44 -0800 Subject: [PATCH 2/4] Add test cases for domain validation --- test/units/domains_test.rb | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/test/units/domains_test.rb b/test/units/domains_test.rb index 1c73d81..6316c5c 100644 --- a/test/units/domains_test.rb +++ b/test/units/domains_test.rb @@ -42,24 +42,6 @@ def test_cycling_choosing_domain_in_order assert_equal 'https://demos-1.imgix.net/bridge.png?s=0233fd6de51f20f11cff6b452b7a9a05', path.to_url end - def test_strips_out_protocol - client = Imgix::Client.new(host: "http://demos-1.imgix.net", - secure_url_token: '10adc394', - include_library_param: false) - - path = client.path('/bridge.png') - assert_equal 'https://demos-1.imgix.net/bridge.png?s=0233fd6de51f20f11cff6b452b7a9a05', path.to_url - end - - def test_strips_out_trailing_slash - client = Imgix::Client.new(host: "http://demos-1.imgix.net/", - secure_url_token: '10adc394', - include_library_param: false) - - path = client.path('/bridge.png') - assert_equal 'https://demos-1.imgix.net/bridge.png?s=0233fd6de51f20f11cff6b452b7a9a05', path.to_url - end - def test_with_full_paths client = Imgix::Client.new(hosts: [ "demos-1.imgix.net", @@ -73,4 +55,16 @@ def test_with_full_paths path = 'https://google.com/cats.gif' assert_equal "https://demos-1.imgix.net/#{CGI.escape(path)}?s=e686099fbba86fc2b8141d3c1ff60605", client.path(path).to_url end + + def test_invalid_domain_append_slash + assert_raises(ArgumentError) {Imgix::Client.new(hosts: ["assets.imgix.net/"])} + end + + def test_invalid_domain_prepend_scheme + assert_raises(ArgumentError) {Imgix::Client.new(hosts: ["https://assets.imgix.net"])} + end + + def test_invalid_domain_append_dash + assert_raises(ArgumentError) {Imgix::Client.new(hosts: ["assets.imgix.net-"])} + end end From f6be7b284836dd8efb68f9974b5cb267133f0d74 Mon Sep 17 00:00:00 2001 From: Sherwin H Date: Tue, 19 Feb 2019 17:44:57 -0800 Subject: [PATCH 3/4] Add self to authors list --- imgix.gemspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/imgix.gemspec b/imgix.gemspec index 677ee3f..0cb3ee7 100644 --- a/imgix.gemspec +++ b/imgix.gemspec @@ -6,8 +6,8 @@ require 'imgix/version' Gem::Specification.new do |spec| spec.name = 'imgix' spec.version = Imgix::VERSION - spec.authors = ['Kelly Sutton', 'Sam Soffes', 'Ryan LeFevre', 'Antony Denyer', 'Paul Straw'] - spec.email = ['kelly@imgix.com', 'sam@soff.es', 'ryan@layervault.com', 'email@antonydenyer.co.uk', 'paul@imgix.com'] + spec.authors = ['Kelly Sutton', 'Sam Soffes', 'Ryan LeFevre', 'Antony Denyer', 'Paul Straw', 'Sherwin Heydarbeygi'] + spec.email = ['kelly@imgix.com', 'sam@soff.es', 'ryan@layervault.com', 'email@antonydenyer.co.uk', 'paul@imgix.com', 'sherwin@imgix.com'] spec.description = 'Easily create and sign imgix URLs.' spec.summary = 'Official Ruby Gem for easily creating and signing imgix URLs.' spec.homepage = 'https://github.com/imgix/imgix-rb' From 99409ba1ccc4e149c96a5c8e375d07b0a9bbd588 Mon Sep 17 00:00:00 2001 From: Sherwin H Date: Wed, 20 Feb 2019 14:43:54 -0800 Subject: [PATCH 4/4] Remove unnecessary code for trimming domain; Modify double negative conditional on domain validation --- lib/imgix/client.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/imgix/client.rb b/lib/imgix/client.rb index c558b16..f4d0411 100644 --- a/lib/imgix/client.rb +++ b/lib/imgix/client.rb @@ -49,7 +49,7 @@ def prefix(path) def get_host(path) host = host_for_crc(path) if @shard_strategy == :crc host = host_for_cycle if @shard_strategy == :cycle - host.gsub("http://","").gsub("https://","").chomp("/") + host end def host_for_crc(path) @@ -76,7 +76,7 @@ def validate_hosts! raise ArgumentError, "The :host or :hosts option must be specified" end @hosts.each do |host| - unless host.match(DOMAIN_REGEX) != nil + if host.match(DOMAIN_REGEX) == nil raise ArgumentError, "Domains must be passed in as fully-qualified domain names and should not include a protocol or any path element, i.e. \"example.imgix.net\"." end end