bullet_train-scope_validator 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +6 -12
- data/lib/bullet_train/scope_validator/version.rb +1 -1
- data/lib/bullet_train/scope_validator.rb +2 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f7deee0cb7bca1d0e45c645f5845e598c6b7efa35da8d5bd21c9d2f3c0c0c0ee
|
|
4
|
+
data.tar.gz: 255b5f4fce08fa730d3280254b9d3b149775e849cf118410d73d59f901aa25cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5f5b4778c1f8b4d48fa0ace2026f36fa7690f2b5692bbfec4fdb0a9cb8ebf8ebce7cb1b0df7c8a7a50f08f548c06d2448642798b644606df43abdaf1e777583e
|
|
7
|
+
data.tar.gz: 92c1011af64d3647dfc3ed183fafded26b962f0fce604f96b5928fdbe710b16e4addfd599b86f57a2343f0a7b9d79584dace0fadc9f5b6077ced4e86595080e2
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,13 +1,10 @@
|
|
|
1
1
|
# Bullet Train Scope Validator
|
|
2
2
|
|
|
3
|
-
Bullet Train Scope Validator provides a simple pattern for protecting `belongs_to` associations from malicious ID
|
|
4
|
-
stuffing. It was created by [Andrew Culver](https://twitter.com/andrewculver).
|
|
3
|
+
Bullet Train Scope Validator provides a simple pattern for protecting `belongs_to` associations from malicious ID stuffing. It was created by [Andrew Culver](https://twitter.com/andrewculver) and extracted from [Bullet Train](https://bullettrain.co).
|
|
5
4
|
|
|
6
5
|
## Illustrating the Problem
|
|
7
6
|
|
|
8
|
-
By default in a multitenant Rails application, unless special care is given to validating the ID assigned to a
|
|
9
|
-
`belongs_to` association, malicious users can stuff arbitrary IDs into their request and cause an application to bleed
|
|
10
|
-
data from other tenants.
|
|
7
|
+
By default in a multitenant Rails application, unless special care is given to validating the ID assigned to a `belongs_to` association, malicious users can stuff arbitrary IDs into their request and cause an application to bleed data from other tenants.
|
|
11
8
|
|
|
12
9
|
Consider the following example from a customer relationship management (CRM) system that two competitive companies use:
|
|
13
10
|
|
|
@@ -49,9 +46,7 @@ class DealsController < ApplicationController
|
|
|
49
46
|
end
|
|
50
47
|
```
|
|
51
48
|
|
|
52
|
-
☝️ Note that Strong Parameters allows `customer_id` to be set by incoming requests and isn't responsible for validating
|
|
53
|
-
the value. We also wouldn't _want_ Strong Parameters to be responible for this, since we'd end up with duplicate
|
|
54
|
-
validation logic in our API controllers and other places. This is a responsibility of the model.
|
|
49
|
+
☝️ Note that Strong Parameters allows `customer_id` to be set by incoming requests and isn't responsible for validating the value. We also wouldn't _want_ Strong Parameters to be responible for this, since we'd end up with duplicate validation logic in our API controllers and other places. This is a responsibility of the model.
|
|
55
50
|
|
|
56
51
|
### Example Form
|
|
57
52
|
|
|
@@ -75,8 +70,7 @@ A malicious user can:
|
|
|
75
70
|
- Inspect the DOM and replace the `<select>` element for `customer_id` with an `<input type="text">` element.
|
|
76
71
|
- Set the value to any number, particularly numbers that are IDs they know don't belong to their account.
|
|
77
72
|
- Submit the form to create the deal.
|
|
78
|
-
- When the deal is shown, it will say "We have a deal with Nintendo!", where "Nintendo" is actually the customer of
|
|
79
|
-
another team in the system. ☠️ We've bled customer data across our application's tenant boundary.
|
|
73
|
+
- When the deal is shown, it will say "We have a deal with Nintendo!", where "Nintendo" is actually the customer of another team in the system. ☠️ We've bled customer data across our application's tenant boundary.
|
|
80
74
|
|
|
81
75
|
## Usage
|
|
82
76
|
|
|
@@ -105,13 +99,13 @@ class Deal < ApplicationRecord
|
|
|
105
99
|
end
|
|
106
100
|
```
|
|
107
101
|
|
|
108
|
-
|
|
102
|
+
If you're wondering what the connection between `validates :customer, scope: true` and `def valid_customers` is, it's just a convention that the former will call the latter based on the name of the attibute being validated. We've favored a full-blown method definition for this instead of simply passing in a proc into the validator because having a method allows us to also DRY up our form view to use the same definition of valid options, like so:
|
|
109
103
|
|
|
110
104
|
```
|
|
111
105
|
<%= form.collection_select(:customer_id, form.object.valid_customers, :id, :name) %>
|
|
112
106
|
```
|
|
113
107
|
|
|
114
|
-
|
|
108
|
+
So with that, you're done! Any attempts to stuff IDs will be met with an "invalid" Active Record error message.
|
|
115
109
|
|
|
116
110
|
## Contributing
|
|
117
111
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bullet_train-scope_validator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Culver
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-01-
|
|
11
|
+
date: 2022-01-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Protect `belongs_to` attributes from ID stuffing.
|
|
14
14
|
email:
|