active_median 0.2.4 → 0.2.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 86998cba53771c73de5fcc9c5dc8a869a4ff061029828dcf0ce8fab89852e346
4
- data.tar.gz: 23482bad0017c7b16422e9be9961783a6674576a65955a6d228db22f556ef84b
3
+ metadata.gz: cbc48a266db4698647e93b35bdad3e2ed1fc131ec48a2a00e1ac33583f693c4d
4
+ data.tar.gz: 9e49da11f496e63c1fca879b7f6b509cbc80b6551f22743f9f586dfdf6f3d2f3
5
5
  SHA512:
6
- metadata.gz: 6c5f02aa5f51169214536006caa8509b4fcc7041d1be680805388019d092f1517c54fbdb0738f4fa80d89609ea959ba1c741a83460c651da62288916c47e1a5e
7
- data.tar.gz: d53d94e2835a54521a17977f035c04d40766d958473890cfcacfd4cae5d99d792fdea5c8f18ff975155f0d25d5854134c7770f1d0e578e70d5c4aceddeed115c
6
+ metadata.gz: 7c37697facc95126f6b11bd29831f0aa685b781242a729c86e938e9f4be0a0b7fbfadbdf8ae246f987f452bb7977de21f2f879860f945f1a7bc9db005f85dc49
7
+ data.tar.gz: d37c90a02b845b8a2cd8e41ed5109da758ca51c9921675f7f63e30e0921e430eed193d6ae02676e3aa08c5eaf97207d29fd8f50540e1be060924022aa818dc03
@@ -1,3 +1,7 @@
1
+ ## 0.2.5 (2020-09-07)
2
+
3
+ - Added warning for non-attribute argument
4
+
1
5
  ## 0.2.4 (2020-03-12)
2
6
 
3
7
  - Added `percentile` method
data/README.md CHANGED
@@ -8,6 +8,7 @@ Supports:
8
8
  - MariaDB 10.3.3+
9
9
  - MySQL and SQL (with extensions)
10
10
  - SQL Server 2012+
11
+ - MongoDB 2.1+
11
12
 
12
13
  :fire: Uses native functions for blazing performance
13
14
 
@@ -34,7 +35,7 @@ Item.median(:price)
34
35
  Percentile
35
36
 
36
37
  ```ruby
37
- Item.percentile(:price, 0.95)
38
+ Request.percentile(:response_time, 0.95)
38
39
  ```
39
40
 
40
41
  Works with grouping, too
@@ -43,6 +44,19 @@ Works with grouping, too
43
44
  Order.group(:store_id).median(:total)
44
45
  ```
45
46
 
47
+ ## User Input
48
+
49
+ If passing user input as the column, be sure to sanitize it first [like you must](https://rails-sqli.org/) with other aggregate methods like `sum`.
50
+
51
+ ```ruby
52
+ column = params[:column]
53
+
54
+ # check against permitted columns
55
+ raise "Unpermitted column" unless ["column_a", "column_b"].include?(column)
56
+
57
+ User.median(column)
58
+ ```
59
+
46
60
  ## Arrays and Hashes
47
61
 
48
62
  Median
@@ -54,7 +68,7 @@ Median
54
68
  Percentile
55
69
 
56
70
  ```ruby
57
- [1, 2, 3].percentile(0.75)
71
+ [1, 2, 3].percentile(0.95)
58
72
  ```
59
73
 
60
74
  You can also pass a block
@@ -63,19 +77,6 @@ You can also pass a block
63
77
  {a: 1, b: 2, c: 3}.median { |k, v| v }
64
78
  ```
65
79
 
66
- ## User Input
67
-
68
- If passing user input as the column, be sure to sanitize it first [like you must](https://rails-sqli.org/) with other aggregate methods like `sum`.
69
-
70
- ```ruby
71
- column = params[:column]
72
-
73
- # check against permitted columns
74
- raise "Unpermitted column" unless ["column_a", "column_b"].include?(column)
75
-
76
- User.median(column)
77
- ```
78
-
79
80
  ## Additional Instructions
80
81
 
81
82
  ### MySQL
@@ -8,6 +8,18 @@ module ActiveMedian
8
8
  percentile = percentile.to_f
9
9
  raise ArgumentError, "percentile is not between 0 and 1" if percentile < 0 || percentile > 1
10
10
 
11
+ # basic version of Active Record disallow_raw_sql!
12
+ # symbol = column (safe), Arel node = SQL (safe), other = untrusted
13
+ # matches table.column and column
14
+ unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral) || /\A\w+(\.\w+)?\z/i.match(column.to_s)
15
+ warn "[active_median] Non-attribute argument: #{column}. Use Arel.sql() for known-safe values. This will raise an error in ActiveMedian 0.3.0"
16
+ end
17
+
18
+ # column resolution
19
+ node = relation.send(:arel_columns, [column]).first
20
+ node = Arel::Nodes::SqlLiteral.new(node) if node.is_a?(String)
21
+ column = relation.connection.visitor.accept(node, Arel::Collectors::SQLString.new).value
22
+
11
23
  # prevent SQL injection
12
24
  percentile = connection.quote(percentile)
13
25
 
@@ -1,3 +1,3 @@
1
1
  module ActiveMedian
2
- VERSION = "0.2.4"
2
+ VERSION = "0.2.5"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: active_median
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.4
4
+ version: 0.2.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-03-13 00:00:00.000000000 Z
11
+ date: 2020-09-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport