clean_room 0.1.3 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/clean_room.rb +1 -0
- data/lib/clean_room/air_lock.rb +21 -46
- data/lib/clean_room/dsl.rb +3 -7
- data/lib/clean_room/filter.rb +60 -0
- data/lib/clean_room/version.rb +1 -1
- data/test/clean_room_test.rb +8 -8
- metadata +8 -7
data/lib/clean_room.rb
CHANGED
data/lib/clean_room/air_lock.rb
CHANGED
@@ -1,55 +1,30 @@
|
|
1
|
-
require 'sanitize'
|
2
|
-
require 'sanitize-url'
|
3
|
-
|
4
1
|
module CleanRoom
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
2
|
+
module AirLock
|
3
|
+
class Parameters
|
4
|
+
class << self
|
5
|
+
def activate
|
6
|
+
ActionController::Base.send :include, CleanParameters
|
7
|
+
end
|
8
|
+
end
|
10
9
|
end
|
11
10
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
Hash[dirty_value.map {|k,dv| [determine_and_clean(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),determine_and_clean(dv, options)]}]
|
19
|
-
when Fixnum
|
20
|
-
dirty_value
|
21
|
-
when Symbol
|
22
|
-
clean(dirty_value, options).to_sym
|
23
|
-
when FalseClass
|
24
|
-
false
|
25
|
-
when NilClass
|
26
|
-
nil
|
27
|
-
else
|
28
|
-
clean(dirty_value, options)
|
11
|
+
class ModelBasedFilter
|
12
|
+
class << self
|
13
|
+
def filter(parameters)
|
14
|
+
# TODO: check the parameter names against the model sanitization rules, when no rules found do a 'normal' sanitization
|
15
|
+
HashWithIndifferentAccess.new(CleanRoom::Filter.clean(parameters))
|
16
|
+
end
|
29
17
|
end
|
30
18
|
end
|
31
19
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
when :strict
|
40
|
-
regex = /[^#{options[:character_class] || "a-zA-Z0-9 "}]/
|
41
|
-
Sanitize.clean(dirty_value).gsub(regex, "")
|
42
|
-
when :url
|
43
|
-
sanitize_url(dirty_value)
|
44
|
-
when :symbol
|
45
|
-
Sanitize.clean(dirty_value).gsub(/[^a-zA-Z0-9]/, "").to_sym
|
46
|
-
when :fixnum
|
47
|
-
Sanitize.clean(dirty_value).gsub(/[^0-9]\.\,/, "").gsub(",",".").to_i
|
48
|
-
when :float
|
49
|
-
Sanitize.clean(dirty_value).gsub(/[^0-9\.\,]/, "").gsub(",",".").to_f
|
50
|
-
else
|
51
|
-
Sanitize.clean(dirty_value)
|
20
|
+
module CleanParameters
|
21
|
+
def params
|
22
|
+
@_params ||= ModelBasedFilter.filter(request.parameters)
|
23
|
+
end
|
24
|
+
|
25
|
+
def params=(val)
|
26
|
+
@_params = val.is_a?(Hash) ? ModelBasedFilter.filter(val) : val
|
52
27
|
end
|
53
28
|
end
|
54
29
|
end
|
55
|
-
end
|
30
|
+
end
|
data/lib/clean_room/dsl.rb
CHANGED
@@ -5,8 +5,8 @@ module CleanRoom
|
|
5
5
|
base.extend ClassMethods
|
6
6
|
base.sanitizable_attributes = {}
|
7
7
|
|
8
|
-
if base.respond_to? :
|
9
|
-
base.
|
8
|
+
if base.respond_to? :before_validate
|
9
|
+
base.before_validate :sanitize_attributes
|
10
10
|
end
|
11
11
|
end
|
12
12
|
|
@@ -18,16 +18,12 @@ module CleanRoom
|
|
18
18
|
|
19
19
|
def sanitize_attribute(name, options = {})
|
20
20
|
current_value = self.send(name)
|
21
|
-
cleaned_value =
|
21
|
+
cleaned_value = Filter.clean(current_value, options)
|
22
22
|
|
23
23
|
raise Exceptions::Contaminated.new("#{name} contained unacceptable data") if options[:raise] && (current_value != cleaned_value)
|
24
24
|
self.send("#{name}=".to_sym, cleaned_value)
|
25
25
|
end
|
26
26
|
|
27
|
-
def air_lock
|
28
|
-
@air_lock ||= AirLock.new
|
29
|
-
end
|
30
|
-
|
31
27
|
module ClassMethods
|
32
28
|
attr_accessor :sanitizable_attributes
|
33
29
|
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'sanitize'
|
2
|
+
require 'sanitize-url'
|
3
|
+
|
4
|
+
module CleanRoom
|
5
|
+
class Filter
|
6
|
+
|
7
|
+
class << self
|
8
|
+
include SanitizeUrl
|
9
|
+
|
10
|
+
def clean(dirty_value, options = {})
|
11
|
+
determine_and_filter(dirty_value, options)
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def determine_and_filter(dirty_value, options)
|
17
|
+
|
18
|
+
case dirty_value
|
19
|
+
when Array
|
20
|
+
dirty_value.map{ |dv| determine_and_filter(dv, options) }
|
21
|
+
when Hash
|
22
|
+
Hash[dirty_value.map {|k,dv| [determine_and_filter(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),determine_and_filter(dv, options)]}]
|
23
|
+
when Fixnum
|
24
|
+
dirty_value
|
25
|
+
when Symbol
|
26
|
+
filter(dirty_value, options).to_sym
|
27
|
+
when FalseClass
|
28
|
+
false
|
29
|
+
when NilClass
|
30
|
+
nil
|
31
|
+
else
|
32
|
+
filter(dirty_value, options)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def filter(dirty_value, options)
|
37
|
+
dirty_value = dirty_value.to_s
|
38
|
+
case (options[:allow] || :plain_text)
|
39
|
+
when :html
|
40
|
+
Sanitize.clean(dirty_value, Sanitize::Config::RELAXED)
|
41
|
+
when :simple_html
|
42
|
+
Sanitize.clean(dirty_value, Sanitize::Config::BASIC)
|
43
|
+
when :strict
|
44
|
+
regex = /[^#{options[:character_class] || "a-zA-Z0-9 "}]/
|
45
|
+
Sanitize.clean(dirty_value).gsub(regex, "")
|
46
|
+
when :url
|
47
|
+
sanitize_url(dirty_value)
|
48
|
+
when :symbol
|
49
|
+
Sanitize.clean(dirty_value).gsub(/[^a-zA-Z0-9]/, "").to_sym
|
50
|
+
when :fixnum
|
51
|
+
Sanitize.clean(dirty_value).gsub(/[^0-9]\.\,/, "").gsub(",",".").to_i
|
52
|
+
when :float
|
53
|
+
Sanitize.clean(dirty_value).gsub(/[^0-9\.\,]/, "").gsub(",",".").to_f
|
54
|
+
else
|
55
|
+
Sanitize.clean(dirty_value)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
data/lib/clean_room/version.rb
CHANGED
data/test/clean_room_test.rb
CHANGED
@@ -33,13 +33,13 @@ class CleanRoomTest < MiniTest::Unit::TestCase
|
|
33
33
|
attribute_test(:url, "www.google.com/?q=<script>test</script>", "http://www.google.com/?q=%3Cscript%3Etest%3C/script%3E")
|
34
34
|
end
|
35
35
|
|
36
|
-
def
|
37
|
-
assert_equal ["test1","test2"], CleanRoom::
|
38
|
-
assert_equal [{"test1" => "test3"},"test2"], CleanRoom::
|
39
|
-
assert_equal [{test1: "test3"},"test2"], CleanRoom::
|
40
|
-
assert_equal ["123.", "456.3", "789.8"], CleanRoom::
|
41
|
-
assert_equal [123, 456, 789], CleanRoom::
|
42
|
-
assert_equal [123.0, 456.3, 789.8], CleanRoom::
|
36
|
+
def test_filter
|
37
|
+
assert_equal ["test1","test2"], CleanRoom::Filter.clean(["<b>test1</b>","<b>test2</b>"])
|
38
|
+
assert_equal [{"test1" => "test3"},"test2"], CleanRoom::Filter.clean([{"<b>test1</b>" => "<b>test3</b>"},"<b>test2</b>"])
|
39
|
+
assert_equal [{test1: "test3"},"test2"], CleanRoom::Filter.clean([{:"<b>te * st1</b>" => "<b>test3</b>"},"<b>test2</b>"])
|
40
|
+
assert_equal ["123.", "456.3", "789.8"], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8])
|
41
|
+
assert_equal [123, 456, 789], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], allow: :fixnum)
|
42
|
+
assert_equal [123.0, 456.3, 789.8], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], allow: :float)
|
43
43
|
end
|
44
44
|
|
45
45
|
def attribute_test(field, value_in, value_out)
|
@@ -69,7 +69,7 @@ class CleanRoomTest < MiniTest::Unit::TestCase
|
|
69
69
|
def test_with_before_save
|
70
70
|
assert_output("sanitize_attributes\n") do
|
71
71
|
test_class = Class.new do
|
72
|
-
def self.
|
72
|
+
def self.before_validate(method_name)
|
73
73
|
puts method_name
|
74
74
|
end
|
75
75
|
include CleanRoom::DSL
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clean_room
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2012-06-19 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: sanitize
|
16
|
-
requirement: &
|
16
|
+
requirement: &70156494356660 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: 2.0.0
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70156494356660
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: sanitize-url
|
27
|
-
requirement: &
|
27
|
+
requirement: &70156494356120 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 0.1.4
|
33
33
|
type: :runtime
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *70156494356120
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: pry
|
38
|
-
requirement: &
|
38
|
+
requirement: &70156494355660 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ! '>='
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
version: '0'
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *70156494355660
|
47
47
|
description: Work in progress, this will be a generic attribute sanitizer which can
|
48
48
|
be used for sanitizing models and other objects holding data
|
49
49
|
email:
|
@@ -62,6 +62,7 @@ files:
|
|
62
62
|
- lib/clean_room/air_lock.rb
|
63
63
|
- lib/clean_room/dsl.rb
|
64
64
|
- lib/clean_room/exceptions.rb
|
65
|
+
- lib/clean_room/filter.rb
|
65
66
|
- lib/clean_room/version.rb
|
66
67
|
- test/clean_room_test.rb
|
67
68
|
- test/test_helper.rb
|