├── .gitignore ├── .rspec ├── .travis.yml ├── CODE_OF_CONDUCT.md ├── Gemfile ├── Gemfile.lock ├── LICENSE.txt ├── README.md ├── Rakefile ├── bin ├── console └── setup ├── lib ├── reredos.rb └── reredos │ └── version.rb ├── reredos.gemspec └── spec ├── reredos_spec.rb └── spec_helper.rb /.gitignore: -------------------------------------------------------------------------------- 1 | /.bundle/ 2 | /.yardoc 3 | /_yardoc/ 4 | /coverage/ 5 | /doc/ 6 | /pkg/ 7 | /spec/reports/ 8 | /tmp/ 9 | 10 | # rspec failure tracking 11 | .rspec_status 12 | -------------------------------------------------------------------------------- /.rspec: -------------------------------------------------------------------------------- 1 | --format documentation 2 | --color 3 | --require spec_helper 4 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | sudo: false 3 | language: ruby 4 | cache: bundler 5 | rvm: 6 | - 2.6.3 7 | before_install: gem install bundler -v 2.0.1 8 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, gender identity and expression, level of experience, 9 | nationality, personal appearance, race, religion, or sexual identity and 10 | orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at expajp@gmail.com. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at [http://contributor-covenant.org/version/1/4][version] 72 | 73 | [homepage]: http://contributor-covenant.org 74 | [version]: http://contributor-covenant.org/version/1/4/ 75 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | # Specify your gem's dependencies in reredos.gemspec 4 | gemspec 5 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | PATH 2 | remote: . 3 | specs: 4 | reredos (0.1.3) 5 | 6 | GEM 7 | remote: https://rubygems.org/ 8 | specs: 9 | diff-lcs (1.4.4) 10 | rake (13.0.1) 11 | rspec (3.9.0) 12 | rspec-core (~> 3.9.0) 13 | rspec-expectations (~> 3.9.0) 14 | rspec-mocks (~> 3.9.0) 15 | rspec-core (3.9.2) 16 | rspec-support (~> 3.9.3) 17 | rspec-expectations (3.9.2) 18 | diff-lcs (>= 1.2.0, < 2.0) 19 | rspec-support (~> 3.9.0) 20 | rspec-mocks (3.9.1) 21 | diff-lcs (>= 1.2.0, < 2.0) 22 | rspec-support (~> 3.9.0) 23 | rspec-support (3.9.3) 24 | 25 | PLATFORMS 26 | ruby 27 | 28 | DEPENDENCIES 29 | bundler (~> 2.0) 30 | rake (~> 13.0) 31 | reredos! 32 | rspec (~> 3.0) 33 | 34 | BUNDLED WITH 35 | 2.1.0 36 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2019 Shu OGAWARA 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Reredos 2 | 3 | Reredos is the email address validator, which is free from [ReDoS Attack](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS). 4 | 5 | You can examine if an email address is based on [RFC1035](https://www.ietf.org/rfc/rfc1035.txt) and [RFC5321](https://www.ietf.org/rfc/rfc5321.txt). 6 | 7 | ## Installation 8 | 9 | Add this line to your application's Gemfile: 10 | 11 | ```ruby 12 | gem 'reredos' 13 | ``` 14 | 15 | And then execute: 16 | 17 | $ bundle 18 | 19 | Or install it yourself as: 20 | 21 | $ gem install reredos 22 | 23 | ## Usage 24 | ```ruby 25 | Reredos.valid_email?('user@example.com') 26 | # => true 27 | 28 | Reredos.valid_email?('user@@example.com') 29 | # => false 30 | ``` 31 | 32 | ## Development 33 | 34 | After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. 35 | 36 | To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). 37 | 38 | ## Contributing 39 | 40 | Bug reports and pull requests are welcome on GitHub at https://github.com/expajp/reredos. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. 41 | 42 | ## License 43 | 44 | The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). 45 | 46 | ## Code of Conduct 47 | 48 | Everyone interacting in the Reredos project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/reredos/blob/master/CODE_OF_CONDUCT.md). 49 | 50 | ## Release Notes 51 | ### 0.1.3 - August 4, 2019 52 | * Fixed bugs below: 53 | * it accepted consecutive dots 54 | * it accepted dots as first or last character of domain 55 | * The limit for the number of characters of email address changes from 256 to 254 56 | 57 | ### 0.1.2 - July 29, 2019 58 | * Fixed a bug, that it accepted dots as first or last character of username 59 | 60 | ### 0.1.1 - April 26, 2019 61 | * Fixed a bug, that it accepted strings including new line 62 | 63 | ### 0.1.0 - April 24, 2019 64 | * First Version -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require "bundler/gem_tasks" 2 | require "rspec/core/rake_task" 3 | 4 | RSpec::Core::RakeTask.new(:spec) 5 | 6 | task :default => :spec 7 | -------------------------------------------------------------------------------- /bin/console: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require "bundler/setup" 4 | require "reredos" 5 | 6 | # You can add fixtures and/or initialization code here to make experimenting 7 | # with your gem easier. You can also use a different console, if you like. 8 | 9 | # (If you use this, don't forget to add pry to your Gemfile!) 10 | # require "pry" 11 | # Pry.start 12 | 13 | require "irb" 14 | IRB.start(__FILE__) 15 | -------------------------------------------------------------------------------- /bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | set -vx 5 | 6 | bundle install 7 | 8 | # Do any other automated setup that you need to do here 9 | -------------------------------------------------------------------------------- /lib/reredos.rb: -------------------------------------------------------------------------------- 1 | require "reredos/version" 2 | 3 | module Reredos 4 | class Error < StandardError; end 5 | EMAIL_MAX_LENGTH = 254 # メールアドレスの最大長 6 | DOMAIN_MAX_LENGTH = 253 # ドメインの最大長 7 | DOMAIN_LABEL_MAX_LENGTH = 63 # ドメインラベルの最大長 8 | USERNAME_MAX_LENGTH = 64 # ユーザネームの最大長 9 | 10 | class << self 11 | def valid_email?(str) 12 | return false if str.length > EMAIL_MAX_LENGTH 13 | return false if str.count('@') != 1 # @は一度だけ 14 | 15 | username, domain = str.split('@') 16 | valid_username?(username) && valid_domain?(domain) 17 | end 18 | 19 | private 20 | 21 | def valid_domain?(str) 22 | return false if str.length > DOMAIN_MAX_LENGTH 23 | return false unless str.split('.', -1).all? { |l| valid_label?(l) } 24 | 25 | true 26 | end 27 | 28 | def valid_username?(str) 29 | return false if str.length > USERNAME_MAX_LENGTH 30 | return false if str.split('.', -1).any?(&:empty?) 31 | /\A[0-9a-zA-Z\.\+\-\_]+\z/ === str # 既定の文字のみで構成されている 32 | end 33 | 34 | # ラベルはアルファベットで始まり、アルファベットか数字かハイフンが続き、アルファベットか数字で終わる 35 | def valid_label?(str) 36 | return false if str.empty? 37 | return false if str.length > DOMAIN_LABEL_MAX_LENGTH 38 | return false unless letter?(str[0]) 39 | return false unless alphanumeric?(str[-1]) 40 | return true if str[1...-1].empty? 41 | 42 | str[1...-1].chars.all? { |c| hyphen_or_alphanumeric?(c) } 43 | end 44 | 45 | def letter?(char) 46 | ('a'..'z').include?(char) || ('A'..'Z').include?(char) 47 | end 48 | 49 | def digit?(char) 50 | ('0'..'9').include?(char) 51 | end 52 | 53 | def alphanumeric?(char) 54 | letter?(char) || digit?(char) 55 | end 56 | 57 | def hyphen_or_alphanumeric?(char) 58 | char == '-' || alphanumeric?(char) 59 | end 60 | end 61 | end 62 | -------------------------------------------------------------------------------- /lib/reredos/version.rb: -------------------------------------------------------------------------------- 1 | module Reredos 2 | VERSION = "0.1.3" 3 | end 4 | -------------------------------------------------------------------------------- /reredos.gemspec: -------------------------------------------------------------------------------- 1 | 2 | lib = File.expand_path("../lib", __FILE__) 3 | $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) 4 | require "reredos/version" 5 | 6 | Gem::Specification.new do |spec| 7 | spec.name = "reredos" 8 | spec.version = Reredos::VERSION 9 | spec.authors = ["expajp"] 10 | spec.email = ["expajp@gmail.com"] 11 | 12 | spec.summary = %q{email address validator, which is free from ReDoS attack} 13 | spec.homepage = "https://github.com/expajp/reredos" 14 | spec.license = "MIT" 15 | 16 | # Specify which files should be added to the gem when it is released. 17 | # The `git ls-files -z` loads the files in the RubyGem that have been added into git. 18 | spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do 19 | `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) } 20 | end 21 | spec.bindir = "exe" 22 | spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } 23 | spec.require_paths = ["lib"] 24 | 25 | spec.add_development_dependency "bundler", "~> 2.0" 26 | spec.add_development_dependency "rake", "~> 13.0" 27 | spec.add_development_dependency "rspec", "~> 3.0" 28 | end 29 | -------------------------------------------------------------------------------- /spec/reredos_spec.rb: -------------------------------------------------------------------------------- 1 | RSpec.describe Reredos do 2 | it "has a version number" do 3 | expect(Reredos::VERSION).not_to be nil 4 | end 5 | 6 | describe '#valid_email?' do 7 | describe 'length' do 8 | context 'valid total, username, and domain-label length' do 9 | let(:email){ 'user'*16 + '@' + ('a'*63+'.')*2 + 'a'*61 } 10 | it 'accept what has 254 chars' do 11 | expect(Reredos.valid_email?(email)).to be_truthy 12 | end 13 | end 14 | context 'invalid total length' do 15 | let(:email){ 'user@' + ('a'*63+'.')*3 + 'a'*58 } 16 | it 'reject what has over 254 chars' do 17 | expect(Reredos.valid_email?(email)).to be_falsy 18 | end 19 | end 20 | context 'invalid username length' do 21 | let(:email){ 'user'*16 + 'a@example.com' } 22 | it 'reject what has over 64 chars username' do 23 | expect(Reredos.valid_email?(email)).to be_falsy 24 | end 25 | end 26 | context 'invalid domain-label length' do 27 | let(:email){ 'user@' + 'a'*64 + '.com' } 28 | it 'reject what has over 63 chars domain-label' do 29 | expect(Reredos.valid_email?(email)).to be_falsy 30 | end 31 | end 32 | end 33 | 34 | describe 'available characters' do 35 | context 'valid symbols in username' do 36 | let(:email){ 'user.User-USER_0000+1111@example.com' } 37 | it 'accept .-_+' do 38 | expect(Reredos.valid_email?(email)).to be_truthy 39 | end 40 | end 41 | context 'invalid symbol in username' do 42 | let(:email){ 'user.User-USER_0000+1111~2222@example.com' } 43 | it 'reject ~' do 44 | expect(Reredos.valid_email?(email)).to be_falsy 45 | end 46 | end 47 | context 'valid symbols in domain name' do 48 | let(:email){ 'user@example-example.example.com' } 49 | it 'accept -' do 50 | expect(Reredos.valid_email?(email)).to be_truthy 51 | end 52 | end 53 | context 'invalid symbols in domain name' do 54 | let(:email){ 'user@example+example.example.com' } 55 | it 'reject +' do 56 | expect(Reredos.valid_email?(email)).to be_falsy 57 | end 58 | end 59 | context 'including new line' do 60 | let(:email){ "username\nusername@example.com" } 61 | it 'reject new line' do 62 | expect(Reredos.valid_email?(email)).to be_falsy 63 | end 64 | end 65 | end 66 | 67 | describe 'structure' do 68 | describe 'the number of @' do 69 | context 'only one' do 70 | let(:email){ 'user@example.com' } 71 | it 'accept what has one @' do 72 | expect(Reredos.valid_email?(email)).to be_truthy 73 | end 74 | end 75 | context 'no @' do 76 | let(:email){ 'userexample.com' } 77 | it 'accept what has no @' do 78 | expect(Reredos.valid_email?(email)).to be_falsy 79 | end 80 | end 81 | context 'two @s' do 82 | let(:email){ 'user@user@example.com' } 83 | it 'accept what has two @s' do 84 | expect(Reredos.valid_email?(email)).to be_falsy 85 | end 86 | end 87 | end 88 | describe 'dots' do 89 | context 'consecutive dots in username' do 90 | let(:email){ 'user..user@example.com' } 91 | it 'reject' do 92 | expect(Reredos.valid_email?(email)).to be_falsy 93 | end 94 | end 95 | context 'consecutive dots in domain' do 96 | let(:email){ 'user@example..example.com' } 97 | it 'reject ruthlessly, even if used in past' do 98 | expect(Reredos.valid_email?(email)).to be_falsy 99 | end 100 | end 101 | context 'dots on first of username' do 102 | let(:email){ '.user@example.com' } 103 | it 'reject' do 104 | expect(Reredos.valid_email?(email)).to be_falsy 105 | end 106 | end 107 | context 'dots on last of username' do 108 | let(:email){ 'user.@example.com' } 109 | it 'reject' do 110 | expect(Reredos.valid_email?(email)).to be_falsy 111 | end 112 | end 113 | context 'dots on first of domain' do 114 | let(:email){ 'user@.example.com' } 115 | it 'reject' do 116 | expect(Reredos.valid_email?(email)).to be_falsy 117 | end 118 | end 119 | context 'dots on last of domain' do 120 | let(:email){ 'user@example.com.' } 121 | it 'reject' do 122 | expect(Reredos.valid_email?(email)).to be_falsy 123 | end 124 | end 125 | end 126 | context 'starting with numeric' do 127 | let(:email){ 'user@example.0abc.com' } 128 | it 'reject what has label that starts with numeric' do 129 | expect(Reredos.valid_email?(email)).to be_falsy 130 | end 131 | end 132 | context 'ending with hypyen' do 133 | let(:email){ 'user@example.abc-.com' } 134 | it 'reject what has label that ends with hyphen' do 135 | expect(Reredos.valid_email?(email)).to be_falsy 136 | end 137 | end 138 | context 'single letter label' do 139 | let(:email){ 'user@example.a.com' } 140 | it 'accept what has single letter label' do 141 | expect(Reredos.valid_email?(email)).to be_truthy 142 | end 143 | end 144 | end 145 | 146 | describe 'TLD' do 147 | context 'ended by -, which does not exist as TLD' do 148 | let(:email){ 'user@example.com-' } 149 | it 'reject' do 150 | expect(Reredos.valid_email?(email)).to be_falsy 151 | end 152 | end 153 | end 154 | end 155 | end 156 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require "bundler/setup" 2 | require "reredos" 3 | 4 | RSpec.configure do |config| 5 | # Enable flags like --only-failures and --next-failure 6 | config.example_status_persistence_file_path = ".rspec_status" 7 | 8 | # Disable RSpec exposing methods globally on `Module` and `main` 9 | config.disable_monkey_patching! 10 | 11 | config.expect_with :rspec do |c| 12 | c.syntax = :expect 13 | end 14 | end 15 | --------------------------------------------------------------------------------