apicasso 0.7.0 → 0.7.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '086a86d3630f5d6eacfc9c29f06cc4fc50e82396a87fe5503fbe68d52b71bf94'
4
- data.tar.gz: 226636f006ebcb055aef0a6ec01757f13e3270f729d8e05c18f208e7d4c4964b
3
+ metadata.gz: 810b5957d80a9681e838d2e7efcc9d02ff0bc4c91ed0ad6156f58517aac54139
4
+ data.tar.gz: 34a5aeb6ede33634cf03155ab61ed849e39d12e09be73cc3594b6226f554d144
5
5
  SHA512:
6
- metadata.gz: 33338becd3fd0dc6ee19c65d07f866943d7e5358504a7732d572f694f85e80ac511424dcc10f75edaefd7d1ac88e9062c3ee81155e816f2dc79665e2c90820b6
7
- data.tar.gz: e1c2d870b61a28bc9b6ced33a19d4edfc0c7068f618a44a45dc3e7523db9ce4870840f27042a3998336d50e61ab1df12a21d276b971ef43003b1d5e716405682
6
+ metadata.gz: a94dee1047d8ddd8d5af90d6232de8d56e6724aeb2fc156fc7e4479e99251a9fbf54618812f5147cb832ee40b3a006add80b47ceeb2937f9c82cce0d167504b3
7
+ data.tar.gz: 83ecc747872fcf84f21835ad586b8140a6b7898bda2ae988792d1382c77b7a49fc255f0a765e7b2712ed55da1428d50ed4701f637021b9674de821ce1fa3358b
@@ -135,8 +135,8 @@ module Apicasso
135
135
  @records.group(params[:group][:by].split(','))
136
136
  .send(:calculate,
137
137
  params[:group][:calculate],
138
- params[:group][:fields])
139
- else
138
+ params[:group][:field])
139
+ else
140
140
  collection_response
141
141
  end
142
142
  end
@@ -31,8 +31,8 @@ module SqlSecurity
31
31
  ].freeze
32
32
 
33
33
  # Check if request is a SQL injection
34
- def sql_injection(klass)
35
- apicasso_parameters.each do |name, value|
34
+ def sql_injection(klass, hash = nil)
35
+ apicasso_parameters(hash).each do |name, value|
36
36
  next unless Array.wrap(klass).any? do |klass|
37
37
  !safe_parameter?(klass, name, value)
38
38
  end
@@ -47,8 +47,13 @@ module SqlSecurity
47
47
  def safe_parameter?(klass, name, value)
48
48
  if name.to_sym == :group
49
49
  group_sql_safe?(klass, value)
50
- elsif params[:batch].present?
51
- parameters_sql_safe?(klass.singularize.constantize, value)
50
+ elsif name.to_sym == :batch
51
+ value.each do |name, val|
52
+ parameters_sql_safe?(klass.name.singularize.constantize, name)
53
+ Array.wrap(value).each do |inner_val|
54
+ sql_injection(klass, inner_val)
55
+ end
56
+ end
52
57
  else
53
58
  parameters_sql_safe?(klass, value)
54
59
  end
@@ -120,7 +125,7 @@ module SqlSecurity
120
125
 
121
126
  # Parameters used on the APIcasso that should be checked against
122
127
  # security measures
123
- def apicasso_parameters
124
- params.to_unsafe_h.slice(:group, :resource, :nested, :sort, :include, :crud)
128
+ def apicasso_parameters(hash = nil)
129
+ (hash || params.to_unsafe_h).slice(:group, :resource, :nested, :sort, :include, :batch)
125
130
  end
126
131
  end
@@ -3,5 +3,5 @@
3
3
  # A Module to rule them all...
4
4
  module Apicasso
5
5
  # Current gem version
6
- VERSION = '0.7.0'.freeze
6
+ VERSION = '0.7.1'.freeze
7
7
  end
Binary file
@@ -13,6 +13,7 @@ RSpec.describe 'Batch requests', type: :request do
13
13
  @used_model = create(:used_model)
14
14
  @another_used_model = create(:used_model)
15
15
  while @another_used_model.send(@attribute) == @used_model.send(@attribute)
16
+ @attribute = UsedModel.column_names.sample
16
17
  @another_used_model = create(:used_model)
17
18
  end
18
19
  post '/api/v1/ql/', params: { used_models: { "#{@attribute}_eq": @used_model.send(@attribute) } }.to_json, headers: access_token
@@ -100,7 +100,7 @@ RSpec.describe 'Used Model requests', type: :request do
100
100
  end
101
101
 
102
102
  it 'returns all records sorted queried' do
103
- used_model_sorted = UsedModel.order(:brand, :model).map(&:id)
103
+ used_model_sorted = UsedModel.unscope(:order).order(brand: :asc, model: :asc).map(&:id)
104
104
  entries = JSON.parse(response.body)['entries'].map { |model| model['id'] }
105
105
  expect(entries).to eq(used_model_sorted)
106
106
  end
@@ -100,7 +100,7 @@ RSpec.describe 'Used Model requests', type: :request do
100
100
  end
101
101
 
102
102
  it 'returns all records sorted queried' do
103
- used_model_sorted = UsedModel.order(:brand, :model).map(&:id)
103
+ used_model_sorted = UsedModel.unscope(:order).order(brand: :asc, model: :asc).map(&:id)
104
104
  entries = JSON.parse(response.body)['entries'].map { |model| model['id'] }
105
105
  expect(entries).to eq(used_model_sorted)
106
106
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: apicasso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fernando Bellincanta
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-15 00:00:00.000000000 Z
11
+ date: 2019-04-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -168,16 +168,16 @@ dependencies:
168
168
  name: rails
169
169
  requirement: !ruby/object:Gem::Requirement
170
170
  requirements:
171
- - - "~>"
171
+ - - ">"
172
172
  - !ruby/object:Gem::Version
173
- version: '5.1'
173
+ version: '5'
174
174
  type: :runtime
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
- - - "~>"
178
+ - - ">"
179
179
  - !ruby/object:Gem::Version
180
- version: '5.1'
180
+ version: '5'
181
181
  - !ruby/object:Gem::Dependency
182
182
  name: ransack
183
183
  requirement: !ruby/object:Gem::Requirement