Module: StillActive::HttpHelper

Extended by:: HttpHelper

Included in:: HttpHelper

Defined in:: lib/helpers/http_helper.rb

Constant Summary collapse

TRUSTED_HOSTS =

["github.com", "gitlab.com", "codeberg.org", "api.deps.dev", "endoflife.date", "rubygems.pkg.github.com"].freeze

MAX_REDIRECTS =

MAX_BODY_BYTES = Ceiling on a single response body. These are metadata endpoints (version lists, scorecards, advisories); legitimate responses are well under this. A source URL is lockfile-derived and a ‘*.jfrog.io` host is attacker- registerable, so without a cap a hostile or broken source could stream a multi-GB body and OOM the process. 16 MiB leaves generous headroom for a gem with thousands of versions while bounding worst-case memory.

16 * 1024 * 1024

Instance Method Summary collapse

#get_json(base_uri, path, headers: {}, params: {}) ⇒ Object
#post_json(base_uri, path, body:, headers: {}) ⇒ Object

Instance Method Details

#get_json(base_uri, path, headers: {}, params: {}) ⇒ `Object`

# File 'lib/helpers/http_helper.rb', line 20

def get_json(base_uri, path, headers: {}, params: {})
  uri = base_uri.dup
  uri.path = path
  uri.query = URI.encode_www_form(params) unless params.empty?

  request_json(uri, headers) { |target| Net::HTTP::Get.new(target) }
end

#post_json(base_uri, path, body:, headers: {}) ⇒ `Object`

# File 'lib/helpers/http_helper.rb', line 28

def post_json(base_uri, path, body:, headers: {})
  uri = base_uri.dup
  uri.path = path

  request_json(uri, headers) do |target|
    request = Net::HTTP::Post.new(target)
    request.body = body
    request
  end
end