active_median 0.2.4 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +16 -15
- data/lib/active_median/model.rb +12 -0
- data/lib/active_median/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cbc48a266db4698647e93b35bdad3e2ed1fc131ec48a2a00e1ac33583f693c4d
|
4
|
+
data.tar.gz: 9e49da11f496e63c1fca879b7f6b509cbc80b6551f22743f9f586dfdf6f3d2f3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7c37697facc95126f6b11bd29831f0aa685b781242a729c86e938e9f4be0a0b7fbfadbdf8ae246f987f452bb7977de21f2f879860f945f1a7bc9db005f85dc49
|
7
|
+
data.tar.gz: d37c90a02b845b8a2cd8e41ed5109da758ca51c9921675f7f63e30e0921e430eed193d6ae02676e3aa08c5eaf97207d29fd8f50540e1be060924022aa818dc03
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -8,6 +8,7 @@ Supports:
|
|
8
8
|
- MariaDB 10.3.3+
|
9
9
|
- MySQL and SQL (with extensions)
|
10
10
|
- SQL Server 2012+
|
11
|
+
- MongoDB 2.1+
|
11
12
|
|
12
13
|
:fire: Uses native functions for blazing performance
|
13
14
|
|
@@ -34,7 +35,7 @@ Item.median(:price)
|
|
34
35
|
Percentile
|
35
36
|
|
36
37
|
```ruby
|
37
|
-
|
38
|
+
Request.percentile(:response_time, 0.95)
|
38
39
|
```
|
39
40
|
|
40
41
|
Works with grouping, too
|
@@ -43,6 +44,19 @@ Works with grouping, too
|
|
43
44
|
Order.group(:store_id).median(:total)
|
44
45
|
```
|
45
46
|
|
47
|
+
## User Input
|
48
|
+
|
49
|
+
If passing user input as the column, be sure to sanitize it first [like you must](https://rails-sqli.org/) with other aggregate methods like `sum`.
|
50
|
+
|
51
|
+
```ruby
|
52
|
+
column = params[:column]
|
53
|
+
|
54
|
+
# check against permitted columns
|
55
|
+
raise "Unpermitted column" unless ["column_a", "column_b"].include?(column)
|
56
|
+
|
57
|
+
User.median(column)
|
58
|
+
```
|
59
|
+
|
46
60
|
## Arrays and Hashes
|
47
61
|
|
48
62
|
Median
|
@@ -54,7 +68,7 @@ Median
|
|
54
68
|
Percentile
|
55
69
|
|
56
70
|
```ruby
|
57
|
-
[1, 2, 3].percentile(0.
|
71
|
+
[1, 2, 3].percentile(0.95)
|
58
72
|
```
|
59
73
|
|
60
74
|
You can also pass a block
|
@@ -63,19 +77,6 @@ You can also pass a block
|
|
63
77
|
{a: 1, b: 2, c: 3}.median { |k, v| v }
|
64
78
|
```
|
65
79
|
|
66
|
-
## User Input
|
67
|
-
|
68
|
-
If passing user input as the column, be sure to sanitize it first [like you must](https://rails-sqli.org/) with other aggregate methods like `sum`.
|
69
|
-
|
70
|
-
```ruby
|
71
|
-
column = params[:column]
|
72
|
-
|
73
|
-
# check against permitted columns
|
74
|
-
raise "Unpermitted column" unless ["column_a", "column_b"].include?(column)
|
75
|
-
|
76
|
-
User.median(column)
|
77
|
-
```
|
78
|
-
|
79
80
|
## Additional Instructions
|
80
81
|
|
81
82
|
### MySQL
|
data/lib/active_median/model.rb
CHANGED
@@ -8,6 +8,18 @@ module ActiveMedian
|
|
8
8
|
percentile = percentile.to_f
|
9
9
|
raise ArgumentError, "percentile is not between 0 and 1" if percentile < 0 || percentile > 1
|
10
10
|
|
11
|
+
# basic version of Active Record disallow_raw_sql!
|
12
|
+
# symbol = column (safe), Arel node = SQL (safe), other = untrusted
|
13
|
+
# matches table.column and column
|
14
|
+
unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral) || /\A\w+(\.\w+)?\z/i.match(column.to_s)
|
15
|
+
warn "[active_median] Non-attribute argument: #{column}. Use Arel.sql() for known-safe values. This will raise an error in ActiveMedian 0.3.0"
|
16
|
+
end
|
17
|
+
|
18
|
+
# column resolution
|
19
|
+
node = relation.send(:arel_columns, [column]).first
|
20
|
+
node = Arel::Nodes::SqlLiteral.new(node) if node.is_a?(String)
|
21
|
+
column = relation.connection.visitor.accept(node, Arel::Collectors::SQLString.new).value
|
22
|
+
|
11
23
|
# prevent SQL injection
|
12
24
|
percentile = connection.quote(percentile)
|
13
25
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: active_median
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Kane
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|