update license to bsd and readme

Author: jhchen

LICENSE

@@ -1,20 +1,31 @@
-The MIT License (MIT)
+The 3-Clause BSD License (BSD-3-Clause)
 
-Copyright (c) 2021 Include Security
+Copyright (c) 2022 Slab, Inc.
+Copyright (c) 2021 Include Security LLC
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -1,31 +1,20 @@
-SafeURL
-=======
+# SafeURL
 
 [![Build Status][badge-github]][github-build]
 [![Version][badge-version]][hexpm]
 [![Downloads][badge-downloads]][hexpm]
 [![License][badge-license]][github-license]
 
-
 > SSRF Protection in Elixir 🛡️
 
-
 SafeURL is a library that aids developers in protecting against a class of vulnerabilities
 known as Server Side Request Forgery. It does this by validating a URL against a configurable
-allow or block list before making an HTTP request. SafeURL is open-source and licensed under
-MIT.
-
-This library was originally created by Nick Fox at [Include Security][includesecurity],
-with substantial improvements contributed by the [Slab][slab] team. As of January 2022, this
-library is now officially maintained by Slab.
+allow or block list before making an HTTP request.
 
 See the [Documentation][docs] on HexDocs.
 
 <br>
 
-
-
-
 ## Installation
 
 To get started, add `safeurl` to your project dependencies in `mix.exs`. Optionally, you may
@@ -45,9 +34,6 @@ To use SafeURL with your favorite HTTP Client, see the [HTTP Clients][readme-htt
 
 <br>
 
-
-
-
 ## Usage
 
 `SafeURL` blocks private/reserved IP addresses are by default, and users can add additional
@@ -58,7 +44,6 @@ You can use `allowed?/2` or `validate/2` to check if a URL is safe to call. If y
 [`HTTPoison`][lib-httpoison] application available, you can also call `get/4` which will
 validate the host automatically before making a web request, and return an error otherwise.
 
-
 ```elixir
 iex> SafeURL.allowed?("https://includesecurity.com")
 true
@@ -83,26 +68,23 @@ iex> SafeURL.get("https://google.com/")
 
 <br>
 
-
-
-
 ## Configuration
 
 `SafeURL` can be configured to customize and override validation behaviour by passing the
 following options:
 
-  * `:block_reserved` - Block reserved/private IP ranges. Defaults to `true`.
+- `:block_reserved` - Block reserved/private IP ranges. Defaults to `true`.
 
-  * `:blocklist` - List of CIDR ranges to block. This is additive with `:block_reserved`.
-    Defaults to `[]`.
+- `:blocklist` - List of CIDR ranges to block. This is additive with `:block_reserved`.
+  Defaults to `[]`.
 
-  * `:allowlist` - List of CIDR ranges to allow. If specified, blocklist will be ignored.
-    Defaults to `[]`.
+- `:allowlist` - List of CIDR ranges to allow. If specified, blocklist will be ignored.
+  Defaults to `[]`.
 
-  * `:schemes` - List of allowed URL schemes. Defaults to `["http, "https"]`.
+- `:schemes` - List of allowed URL schemes. Defaults to `["http, "https"]`.
 
-  * `:dns_module` - Any module that implements the `SafeURL.DNSResolver` behaviour.
-    Defaults to `DNS` from the [`:dns`][lib-dns] package.
+- `:dns_module` - Any module that implements the `SafeURL.DNSResolver` behaviour.
+  Defaults to `DNS` from the [`:dns`][lib-dns] package.
 
 These options can be passed to the function directly or set globally in your `config.exs`
 file:
@@ -119,16 +101,12 @@ Find detailed documentation on [HexDocs][docs].
 
 <br>
 
-
-
-
 ## HTTP Clients
 
 While SafeURL already provides a convenient [`get/4`][docs-get] method to validate hosts
 before making GET HTTP requests, you can also write your own wrappers, helpers or
 middleware to work with the HTTP Client of your choice.
 
-
 ### HTTPoison
 
 For [HTTPoison][lib-httpoison], you can create a wrapper module that validates hosts
@@ -157,7 +135,6 @@ iex> CustomClient.get("http://230.10.10.10/data.json", [], safeurl: [block_reser
 {:ok, %HTTPoison.Response{...}}
 ```
 
-
 ### Tesla
 
 For [Tesla][lib-tesla], you can write a custom middleware to halt requests that are not
@@ -192,9 +169,6 @@ end
 
 <br>
 
-
-
-
 ## Custom DNS Resolver
 
 In some cases you might want to use a custom strategy for DNS resolution. You can do so by
@@ -203,13 +177,12 @@ config.
 
 Example use-cases of this are:
 
- - Using a specific DNS server
- - Avoiding network access in specific environments
- - Mocking DNS resolution in tests
+- Using a specific DNS server
+- Avoiding network access in specific environments
+- Mocking DNS resolution in tests
 
 You can do so by implementing `DNSResolver`:
 
-
 ```elixir
 defmodule TestDNSResolver do
   @behaviour SafeURL.DNSResolver
@@ -229,47 +202,36 @@ For more examples, see [`SafeURL.DNSResolver`][docs-dns] docs.
 
 <br>
 
-
-
-
 ## Contributing
 
- - [Fork][github-fork], Enhance, Send PR
- - Lock issues with any bugs or feature requests
- - Implement something from Roadmap
- - Spread the word :heart:
+- [Fork][github-fork], Enhance, Send PR
+- Lock issues with any bugs or feature requests
+- Implement something from Roadmap
+- Spread the word :heart:
 
 <br>
 
+## About
 
-
-
-## License
-
-This package is available as open source under the terms of the [MIT License][github-license].
+SafeURL is officially maintained by the team at [Slab][slab]. It was originally created by Nick Fox at
+[Include Security][includesecurity].
 
 <br>
 
-
-
-
-[badge-github]:     https://github.com/slab/safeurl-elixir/actions/workflows/ci.yml/badge.svg
-[badge-version]:    https://img.shields.io/hexpm/v/safeurl.svg
-[badge-license]:    https://img.shields.io/hexpm/l/safeurl.svg
-[badge-downloads]:  https://img.shields.io/hexpm/dt/safeurl.svg
-
-[hexpm]:            https://hex.pm/packages/safeurl
-[github-build]:     https://github.com/slab/safeurl-elixir/actions/workflows/ci.yml
-[github-license]:   https://github.com/slab/safeurl-elixir/blob/master/LICENSE
-[github-fork]:      https://github.com/slab/safeurl-elixir/fork
-[slab]:             https://slab.com/
-[includesecurity]:  https://github.com/IncludeSecurity
-[readme-http]:      #http-clients
-
-[docs]:             https://hexdocs.pm/safeurl
-[docs-get]:         https://hexdocs.pm/safeurl/SafeURL.html#get/4
-[docs-dns]:         https://hexdocs.pm/safeurl/SafeURL.DNSResolver.html
-
-[lib-dns]:          https://github.com/tungd/elixir-dns
-[lib-tesla]:        https://github.com/elixir-tesla/tesla
-[lib-httpoison]:    https://github.com/edgurgel/httpoison
+[badge-github]: https://github.com/slab/safeurl-elixir/actions/workflows/ci.yml/badge.svg
+[badge-version]: https://img.shields.io/hexpm/v/safeurl.svg
+[badge-license]: https://img.shields.io/hexpm/l/safeurl.svg
+[badge-downloads]: https://img.shields.io/hexpm/dt/safeurl.svg
+[hexpm]: https://hex.pm/packages/safeurl
+[github-build]: https://github.com/slab/safeurl-elixir/actions/workflows/ci.yml
+[github-license]: https://github.com/slab/safeurl-elixir/blob/main/LICENSE
+[github-fork]: https://github.com/slab/safeurl-elixir/fork
+[slab]: https://slab.com/
+[includesecurity]: https://github.com/IncludeSecurity
+[readme-http]: #http-clients
+[docs]: https://hexdocs.pm/safeurl
+[docs-get]: https://hexdocs.pm/safeurl/SafeURL.html#get/4
+[docs-dns]: https://hexdocs.pm/safeurl/SafeURL.DNSResolver.html
+[lib-dns]: https://github.com/tungd/elixir-dns
+[lib-tesla]: https://github.com/elixir-tesla/tesla
+[lib-httpoison]: https://github.com/edgurgel/httpoison

mix.exs

@@ -74,8 +74,8 @@ defmodule SafeURL.MixProject do
   defp package do
     [
       name: @app,
-      maintainers: ["Sheharyar Naseer", "Include Security", "Jason Chen"],
-      licenses: ["MIT"],
+      maintainers: ["Slab"],
+      licenses: ["BSD-3-Clause"],
       files: ~w(mix.exs lib README.md),
       links: %{
         "Github" => @github,