From 6f20c27094d3f12b1fc671e99e14cf11ed0e0b0a Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Mon, 13 Jul 2015 12:50:07 -0400 Subject: [PATCH 1/3] Update middleman-hashicorp --- website/Gemfile.lock | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/website/Gemfile.lock b/website/Gemfile.lock index 63a621742..f1398c369 100644 --- a/website/Gemfile.lock +++ b/website/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/hashicorp/middleman-hashicorp - revision: 7796ba44d303ac8e1b566e855e2766e6d0f695fc + revision: 76f0f284ad44cea0457484ea83467192f02daf87 specs: middleman-hashicorp (0.1.0) bootstrap-sass (~> 3.3) @@ -11,6 +11,7 @@ GIT middleman-minify-html (~> 3.4) middleman-syntax (~> 2.0) rack-contrib (~> 1.2) + rack-protection (~> 1.5) rack-rewrite (~> 1.5) rack-ssl-enforcer (~> 0.2) redcarpet (~> 3.2) @@ -72,7 +73,7 @@ GEM http_parser.rb (0.6.0) i18n (0.7.0) json (1.8.3) - kramdown (1.7.0) + kramdown (1.8.0) less (2.6.0) commonjs (~> 0.2.7) libv8 (3.16.14.11) @@ -80,18 +81,18 @@ GEM celluloid (~> 0.16.0) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) - middleman (3.3.12) + middleman (3.3.13) coffee-script (~> 2.2) compass (>= 1.0.0, < 2.0.0) compass-import-once (= 1.0.5) execjs (~> 2.0) haml (>= 4.0.5) kramdown (~> 1.2) - middleman-core (= 3.3.12) + middleman-core (= 3.3.13) middleman-sprockets (>= 3.1.2) sass (>= 3.4.0, < 4.0) uglifier (~> 2.5) - middleman-core (3.3.12) + middleman-core (3.3.13) activesupport (~> 4.1.0) bundler (~> 1.1) erubis @@ -119,7 +120,7 @@ GEM middleman-core (~> 3.2) rouge (~> 1.0) minitest (5.7.0) - multi_json (1.11.1) + multi_json (1.11.2) padrino-helpers (0.12.5) i18n (~> 0.6, >= 0.6.7) padrino-support (= 0.12.5) @@ -130,7 +131,9 @@ GEM rack-contrib (1.3.0) git-version-bump (~> 0.15) rack (~> 1.4) - rack-livereload (0.3.15) + rack-livereload (0.3.16) + rack + rack-protection (1.5.3) rack rack-rewrite (1.5.1) rack-ssl-enforcer (0.2.8) @@ -140,9 +143,9 @@ GEM rb-inotify (0.9.5) ffi (>= 0.5.0) redcarpet (3.3.2) - ref (1.0.5) - rouge (1.9.0) - sass (3.4.15) + ref (2.0.0) + rouge (1.9.1) + sass (3.4.16) sprockets (2.12.4) hike (~> 1.2) multi_json (~> 1.0) From 954965a5aaf67b01b979a49221fa5d68ca79ec27 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Mon, 13 Jul 2015 12:50:17 -0400 Subject: [PATCH 2/3] Add Rack::Protection --- website/config.ru | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/website/config.ru b/website/config.ru index 5cf4e322d..669f200cf 100644 --- a/website/config.ru +++ b/website/config.ru @@ -3,6 +3,17 @@ require "rack/contrib/not_found" require "rack/contrib/response_headers" require "rack/contrib/static_cache" require "rack/contrib/try_static" +require "rack/protection" + +# Protect against various bad things +use Rack::Protection::JsonCsrf +use Rack::Protection::RemoteReferrer +use Rack::Protection::HttpOrigin +use Rack::Protection::EscapedParams +use Rack::Protection::XSSHeader +use Rack::Protection::FrameOptions +use Rack::Protection::PathTraversal +use Rack::Protection::IPSpoofing # Properly compress the output if the client can handle it. use Rack::Deflater From db24fedc5070503df2b09032a92f3828d05c027c Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Mon, 13 Jul 2015 13:15:53 -0400 Subject: [PATCH 3/3] Weird bundler. Weird --- website/Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/Gemfile.lock b/website/Gemfile.lock index f1398c369..8e4867a68 100644 --- a/website/Gemfile.lock +++ b/website/Gemfile.lock @@ -81,18 +81,18 @@ GEM celluloid (~> 0.16.0) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) - middleman (3.3.13) + middleman (3.3.12) coffee-script (~> 2.2) compass (>= 1.0.0, < 2.0.0) compass-import-once (= 1.0.5) execjs (~> 2.0) haml (>= 4.0.5) kramdown (~> 1.2) - middleman-core (= 3.3.13) + middleman-core (= 3.3.12) middleman-sprockets (>= 3.1.2) sass (>= 3.4.0, < 4.0) uglifier (~> 2.5) - middleman-core (3.3.13) + middleman-core (3.3.12) activesupport (~> 4.1.0) bundler (~> 1.1) erubis