From 52202ae51fbe061b4848a514def6538cf2b66e5c Mon Sep 17 00:00:00 2001 From: Peter Hankiewicz Date: Fri, 10 Jul 2020 16:19:40 +0200 Subject: [PATCH] Replace "allowed" with "safelisted" --- .gitignore | 1 - CHANGELOG.md | 4 ++-- app/helpers/application_helper.rb | 4 ++-- config/application.rb | 6 +++--- config/initializers/comfortable_mexican_sofa.rb | 4 ++-- lib/rack-attack/request.rb | 4 ++-- spec/integration/viewing_notices.spec.rb | 4 ++-- 7 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index ab09c1395..d22e17eb3 100644 --- a/.gitignore +++ b/.gitignore @@ -41,7 +41,6 @@ config/database.yml .rubocop.yml rspec_examples.txt .reek.yml -allowed_ips.rb safelisted_ips.rb public/usercron/ .ssh/* diff --git a/CHANGELOG.md b/CHANGELOG.md index f241ab66a..cb153fe44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -112,7 +112,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Added * Compresses http responses * `get_approximate_count` method on `Notice` and `InfringingUrl` (uses postgres reltuples) -* Allows logged-in users using the web interface (if they would not be throttled using the API) +* Safelists logged-in users using the web interface (if they would not be throttled using the API) ### Changed * Updates numerous dependencies @@ -158,7 +158,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed * Asset-pipeline-related gems no longer loaded in prod to save on memory * Prevent deep pagination on search results, since Elasticsearch doesn't support it -* Much lower throttling limits in rack-attack, coupled with mechanism for allowing IPs +* Much lower throttling limits in rack-attack, coupled with mechanism for safelisting IPs * Increased cache time-to-live ## [2.1.6.2](https://github.com/berkmancenter/lumendatabase/releases/tag/2.1.6.2) - 2019-02-04 diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 9a4d21d1d..642467d46 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -35,10 +35,10 @@ def active_advanced_search_parameters? end def can_see_full_notice_version?(notice) - allowed_notices = (ENV['ALLOWED_NOTICES_FULL'] || []).split(',') + safelisted_notices = (ENV['SAFELISTED_NOTICES_FULL'] || []).split(',') return true if can?(:view_full_version, notice) || - allowed_notices.include?(notice.id.to_s) + safelisted_notices.include?(notice.id.to_s) TokenUrl.valid?(params[:access_token], notice) end diff --git a/config/application.rb b/config/application.rb index 8bea9ea5c..264d702dd 100644 --- a/config/application.rb +++ b/config/application.rb @@ -58,9 +58,9 @@ class Application < Rails::Application # like if you have constraints or database-specific column types # config.active_record.schema_format = :sql - # Enforce allow mode for mass assignment. - # This will create an empty list of allowed attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly allow or deny accessible + # Enforce safelist mode for mass assignment. + # This will create an empty safelisted attributes available for mass-assignment for all models + # in your app. As such, your models will need to explicitly safelist or blocklist accessible # parameters by using an attr_accessible or attr_protected declaration. # Enable the asset pipeline diff --git a/config/initializers/comfortable_mexican_sofa.rb b/config/initializers/comfortable_mexican_sofa.rb index 3e9e3b38b..41ff35179 100644 --- a/config/initializers/comfortable_mexican_sofa.rb +++ b/config/initializers/comfortable_mexican_sofa.rb @@ -63,12 +63,12 @@ # <% User.delete_all %> but if you really want to allow it... # config.allow_erb = false - # A list of all allowed helper methods that can be used via {{cms:helper}} tag. By default + # Safelist of all helper methods that can be used via {{cms:helper}} tag. By default # all helpers are allowed except `eval`, `send`, `call` and few others. Empty array # will prevent rendering of all helpers. # config.allowed_helpers = nil - # A list of allowed partials paths that can be used via {{cms:partial}} tag. All partials + # Safelist of partials paths that can be used via {{cms:partial}} tag. All partials # are accessible by default. Empty array will prevent rendering of all partials. # config.allowed_partials = nil diff --git a/lib/rack-attack/request.rb b/lib/rack-attack/request.rb index b5a1db598..7f6ef2959 100644 --- a/lib/rack-attack/request.rb +++ b/lib/rack-attack/request.rb @@ -74,8 +74,8 @@ def user_from_token # IP addresses of known legitimate researchers who might otherwise be # caught up in low rate limits. def special_ip? - if defined? AllowedIps::IPS - AllowedIps::IPS.map { |iprange| iprange.include? ip }.any? + if defined? SafelistedIps::IPS + SafelistedIps::IPS.map { |iprange| iprange.include? ip }.any? else false end diff --git a/spec/integration/viewing_notices.spec.rb b/spec/integration/viewing_notices.spec.rb index 2d24763a5..bac0bfb53 100644 --- a/spec/integration/viewing_notices.spec.rb +++ b/spec/integration/viewing_notices.spec.rb @@ -60,8 +60,8 @@ check_full_works_urls end - scenario 'as an anonymous user viewing allowed notice' do - ENV['ALLOWED_NOTICES_FULL'] = "1234,#{Notice.last.id}" + scenario 'as an anonymous user viewing safelisted notice' do + ENV['SAFELISTED_NOTICES_FULL'] = "1234,#{Notice.last.id}" visit notice_url(Notice.last)