bullet_train-scope_validator 1.0.1 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -1
- data/LICENSE.txt +1 -1
- data/README.md +7 -13
- data/lib/bullet_train/scope_validator/version.rb +1 -1
- data/lib/bullet_train/scope_validator.rb +2 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6e6ff9937e99a2db86d2a11e59c2ccb68bad991f08fa9001c0065a402831b7ef
|
4
|
+
data.tar.gz: baefbc0f181bd28ec6ef0599f23644e306d7f8f0bea9d5b8400c0dd06ca53c7f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8280fcc5d0c7108eecf676fb46091f7beba8d69f5ca717f170b00e06069197def6026f3fec272375dd8f499400ac99ee235417f2fd8192b6c6fe3085dc382793
|
7
|
+
data.tar.gz: 8b24138c75c75e34c763ac6d184401462a85b282f8a2f7618b26ee8faa3fa5e8b3ffaaea04737ff60f3d36437a10a6526898f4cb2daa5332cb5bdd08bc7dbd76
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
bullet_train-scope_validator (1.0
|
4
|
+
bullet_train-scope_validator (1.2.0)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
@@ -36,6 +36,7 @@ GEM
|
|
36
36
|
unicode-display_width (2.1.0)
|
37
37
|
|
38
38
|
PLATFORMS
|
39
|
+
arm64-darwin-20
|
39
40
|
arm64-darwin-21
|
40
41
|
|
41
42
|
DEPENDENCIES
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -1,13 +1,10 @@
|
|
1
1
|
# Bullet Train Scope Validator
|
2
2
|
|
3
|
-
Bullet Train Scope Validator provides a simple pattern for protecting `belongs_to` associations from malicious ID
|
4
|
-
stuffing. It was created by [Andrew Culver](https://twitter.com/andrewculver).
|
3
|
+
Bullet Train Scope Validator provides a simple pattern for protecting `belongs_to` associations from malicious ID stuffing. It was created by [Andrew Culver](https://twitter.com/andrewculver) and extracted from [Bullet Train](https://bullettrain.co).
|
5
4
|
|
6
5
|
## Illustrating the Problem
|
7
6
|
|
8
|
-
By default in a multitenant Rails application, unless special care is given to validating the ID assigned to a
|
9
|
-
`belongs_to` association, malicious users can stuff arbitrary IDs into their request and cause an application to bleed
|
10
|
-
data from other tenants.
|
7
|
+
By default in a multitenant Rails application, unless special care is given to validating the ID assigned to a `belongs_to` association, malicious users can stuff arbitrary IDs into their request and cause an application to bleed data from other tenants.
|
11
8
|
|
12
9
|
Consider the following example from a customer relationship management (CRM) system that two competitive companies use:
|
13
10
|
|
@@ -49,9 +46,7 @@ class DealsController < ApplicationController
|
|
49
46
|
end
|
50
47
|
```
|
51
48
|
|
52
|
-
☝️ Note that Strong Parameters allows `customer_id` to be set by incoming requests and isn't responsible for validating
|
53
|
-
the value. We also wouldn't _want_ Strong Parameters to be responible for this, since we'd end up with duplicate
|
54
|
-
validation logic in our API controllers and other places. This is a responsibility of the model.
|
49
|
+
☝️ Note that Strong Parameters allows `customer_id` to be set by incoming requests and isn't responsible for validating the value. We also wouldn't _want_ Strong Parameters to be responible for this, since we'd end up with duplicate validation logic in our API controllers and other places. This is a responsibility of the model.
|
55
50
|
|
56
51
|
### Example Form
|
57
52
|
|
@@ -75,8 +70,7 @@ A malicious user can:
|
|
75
70
|
- Inspect the DOM and replace the `<select>` element for `customer_id` with an `<input type="text">` element.
|
76
71
|
- Set the value to any number, particularly numbers that are IDs they know don't belong to their account.
|
77
72
|
- Submit the form to create the deal.
|
78
|
-
- When the deal is shown, it will say "We have a deal with Nintendo!", where "Nintendo" is actually the customer of
|
79
|
-
another team in the system. ☠️ We've bled customer data across our application's tenant boundary.
|
73
|
+
- When the deal is shown, it will say "We have a deal with Nintendo!", where "Nintendo" is actually the customer of another team in the system. ☠️ We've bled customer data across our application's tenant boundary.
|
80
74
|
|
81
75
|
## Usage
|
82
76
|
|
@@ -92,7 +86,7 @@ gem "bullet_train-scope_validator"
|
|
92
86
|
|
93
87
|
Then we add a `scope: true` validation and `def valid_customers` method in the model, like so:
|
94
88
|
|
95
|
-
```
|
89
|
+
```ruby
|
96
90
|
class Deal < ApplicationRecord
|
97
91
|
belongs_to :team
|
98
92
|
belongs_to :customer
|
@@ -105,13 +99,13 @@ class Deal < ApplicationRecord
|
|
105
99
|
end
|
106
100
|
```
|
107
101
|
|
108
|
-
|
102
|
+
If you're wondering what the connection between `validates :customer, scope: true` and `def valid_customers` is, it's just a convention that the former will call the latter based on the name of the attibute being validated. We've favored a full-blown method definition for this instead of simply passing in a proc into the validator because having a method allows us to also DRY up our form view to use the same definition of valid options, like so:
|
109
103
|
|
110
104
|
```
|
111
105
|
<%= form.collection_select(:customer_id, form.object.valid_customers, :id, :name) %>
|
112
106
|
```
|
113
107
|
|
114
|
-
|
108
|
+
So with that, you're done! Any attempts to stuff IDs will be met with an "invalid" Active Record error message.
|
115
109
|
|
116
110
|
## Contributing
|
117
111
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bullet_train-scope_validator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Culver
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-12-15 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Protect `belongs_to` attributes from ID stuffing.
|
14
14
|
email:
|
@@ -52,7 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
52
52
|
- !ruby/object:Gem::Version
|
53
53
|
version: '0'
|
54
54
|
requirements: []
|
55
|
-
rubygems_version: 3.
|
55
|
+
rubygems_version: 3.3.7
|
56
56
|
signing_key:
|
57
57
|
specification_version: 4
|
58
58
|
summary: Protect `belongs_to` attributes from ID stuffing.
|