MYSQLSafe 0.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +15 -0
  2. data/lib/mysqlsafe.rb +120 -0
  3. metadata +44 -0
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ YTZiNmU3NjU1MTM2ODAxMThjYWM1NjljNTcxZjQzZTUyNzgxMmMyNA==
5
+ data.tar.gz: !binary |-
6
+ YTJhYmNjZTE5NTQ2OGMxZWUxMjZmNzFmYzExYzg5OTAyYzNmNDg0YQ==
7
+ !binary "U0hBNTEy":
8
+ metadata.gz: !binary |-
9
+ NDQ0Y2IyYmJjODdmYzRkM2FhMDNkODhiMDFkNzE2NWQxMmM2MjJhMDJhNThi
10
+ MDVmMTcyZDBmOGEwZmQ5N2U1M2UzOGI0NTVhNDNhM2Q0ZTBhYTNiMmJlNjRh
11
+ NWRlMzY2MjE3YzExYTg4ZmVmZWY0NDBjODk1MDAwMjMyYWJlOWM=
12
+ data.tar.gz: !binary |-
13
+ Mjk2NzA1ZmIzMzdhMGQ3MGRmMTk1MWYyZDc0ZmQwZGI4OGJiMjVlMjczOTE2
14
+ OTdjNWU3NjljOWM3NTk4Yzg1YzM4YzM0YmZjZGVkNTJlYjcwMDU2MGNlMzYz
15
+ ODljNmVkMDRhMDRhNTAzMWI0Y2Y5NjRhZDA1YmI2NmUwN2NjN2Q=
data/lib/mysqlsafe.rb ADDED
@@ -0,0 +1,120 @@
1
+ require 'mysql'
2
+
3
+ class MYSQLSafe
4
+ attr_accessor :encoding
5
+ attr_reader :host, :database, :user, :password
6
+
7
+ def host=(host_string)
8
+ @host = esc_enc_string(host_string)
9
+ end
10
+ def database=(database_string)
11
+ @database = esc_enc_string(database_string)
12
+ end
13
+ def user=(user_string)
14
+ @user = esc_enc_string(user_string)
15
+ end
16
+ def password=(password_string)
17
+ @password = esc_enc_string(password_string)
18
+ end
19
+
20
+ def connect_safe(raw_sql)
21
+ sql = esc_enc_string(raw_sql)
22
+ if @host && @database && @user && password
23
+ begin
24
+ @cxtn = Mysql.new(@host, @db, @user, @password)
25
+ table_names = get_table_names
26
+ table_match = match_name(table_names, sql)
27
+
28
+ if table_match
29
+ column_names = get_column_names(match)
30
+ column_match = match_name(column_names, sql)
31
+ else
32
+ raise 'MYSQLSafe error: no valid table name could be found in your SQL statement'
33
+ end
34
+
35
+ if column_match
36
+ ticked_sql = tick_sql(sql, table_match, column_match)
37
+ else
38
+ raise 'MYSQLSafe error: no valid column name(s) could be found in your SQL statement'
39
+ end
40
+
41
+ mysql_object = cxtn.query(ticked_sql)
42
+ mysql_array = []
43
+ mysql_object.each { |row| mysql_array.push(row) }
44
+
45
+ return mysql_array
46
+ ensure
47
+ @cxtn.close
48
+ end
49
+ else
50
+ raise 'MYSQLSafe error: Host, Database, User and Password must be set to run a query'
51
+ end
52
+ end
53
+
54
+ private
55
+ def tick_sql(sql, table_array, column_array)
56
+ ticked_sql = sql.delete("`")
57
+ table_array.each do |name|
58
+ ticked_sql = ticked_sql.gsub(name, "`#{name}`")
59
+ end
60
+ column_array.each do |col|
61
+ ticked_sql = ticked_sql.gsub(col, "`#{col}`")
62
+ end
63
+
64
+ return ticked_sql
65
+ end
66
+
67
+ def get_column_names(table_name)
68
+ column_names_sql = "SELECT `COLUMN_NAME` FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE `TABLE_SCHEMA`='#{@database}' AND `TABLE_NAME`='#{table_name}';"
69
+ column_names_results_sql = query_safe(column_names_sql)
70
+
71
+ column_names = []
72
+ column_names_results_sql.each do |name|
73
+ column_names.push(name)
74
+ end
75
+
76
+ return column_names
77
+ end
78
+
79
+ def match_name(name_array, sql)
80
+ match = []
81
+
82
+ name_array.each do |name|
83
+ match.push(name) if sql.to_s.include?("#{name}=") || sql.to_s.match?(/#{name}\s+=/) || sql.to_s.match?(/#{name}`\s+=/)
84
+ end
85
+
86
+ if match.size > 0
87
+ return match
88
+ else
89
+ return false
90
+ end
91
+ end
92
+
93
+ def query_safe(dangerous_sql)
94
+ @cxtn.query(Mysql.escape_string(dangerous_sql))
95
+ end
96
+
97
+ def get_table_names
98
+ table_names_sql = "SHOW TABLES FROM `#{@database}`;"
99
+ table_names_results_sql = query_safe(table_names_sql)
100
+
101
+ table_names = []
102
+ table_names_results_sql.each do |name|
103
+ table_names.push(name)
104
+ end
105
+
106
+ return table_names
107
+ end
108
+
109
+ def esc_enc_string(string)
110
+ return esc_string(enc_string(string))
111
+ end
112
+
113
+ def enc_string(string)
114
+ return string.encode!("#{@encoding}", "#{@encoding}", :invalid => :replace)
115
+ end
116
+
117
+ def esc_string(string)
118
+ return Mysql.escape_string(string)
119
+ end
120
+ end
metadata ADDED
@@ -0,0 +1,44 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: MYSQLSafe
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Sam Nissen
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2013-08-29 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Abstract common MYSQL functions to safely get and store data.
14
+ email: scnissen@gmail.com
15
+ executables: []
16
+ extensions: []
17
+ extra_rdoc_files: []
18
+ files:
19
+ - lib/mysqlsafe.rb
20
+ homepage:
21
+ licenses:
22
+ - MIT
23
+ metadata: {}
24
+ post_install_message:
25
+ rdoc_options: []
26
+ require_paths:
27
+ - lib
28
+ required_ruby_version: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ required_rubygems_version: !ruby/object:Gem::Requirement
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ requirements: []
39
+ rubyforge_project:
40
+ rubygems_version: 2.0.3
41
+ signing_key:
42
+ specification_version: 4
43
+ summary: Safe MYSQL Connections
44
+ test_files: []