clean_room 0.1.3 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/clean_room.rb +1 -0
- data/lib/clean_room/air_lock.rb +21 -46
- data/lib/clean_room/dsl.rb +3 -7
- data/lib/clean_room/filter.rb +60 -0
- data/lib/clean_room/version.rb +1 -1
- data/test/clean_room_test.rb +8 -8
- metadata +8 -7
data/lib/clean_room.rb
CHANGED
data/lib/clean_room/air_lock.rb
CHANGED
|
@@ -1,55 +1,30 @@
|
|
|
1
|
-
require 'sanitize'
|
|
2
|
-
require 'sanitize-url'
|
|
3
|
-
|
|
4
1
|
module CleanRoom
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
module AirLock
|
|
3
|
+
class Parameters
|
|
4
|
+
class << self
|
|
5
|
+
def activate
|
|
6
|
+
ActionController::Base.send :include, CleanParameters
|
|
7
|
+
end
|
|
8
|
+
end
|
|
10
9
|
end
|
|
11
10
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
Hash[dirty_value.map {|k,dv| [determine_and_clean(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),determine_and_clean(dv, options)]}]
|
|
19
|
-
when Fixnum
|
|
20
|
-
dirty_value
|
|
21
|
-
when Symbol
|
|
22
|
-
clean(dirty_value, options).to_sym
|
|
23
|
-
when FalseClass
|
|
24
|
-
false
|
|
25
|
-
when NilClass
|
|
26
|
-
nil
|
|
27
|
-
else
|
|
28
|
-
clean(dirty_value, options)
|
|
11
|
+
class ModelBasedFilter
|
|
12
|
+
class << self
|
|
13
|
+
def filter(parameters)
|
|
14
|
+
# TODO: check the parameter names against the model sanitization rules, when no rules found do a 'normal' sanitization
|
|
15
|
+
HashWithIndifferentAccess.new(CleanRoom::Filter.clean(parameters))
|
|
16
|
+
end
|
|
29
17
|
end
|
|
30
18
|
end
|
|
31
19
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
when :strict
|
|
40
|
-
regex = /[^#{options[:character_class] || "a-zA-Z0-9 "}]/
|
|
41
|
-
Sanitize.clean(dirty_value).gsub(regex, "")
|
|
42
|
-
when :url
|
|
43
|
-
sanitize_url(dirty_value)
|
|
44
|
-
when :symbol
|
|
45
|
-
Sanitize.clean(dirty_value).gsub(/[^a-zA-Z0-9]/, "").to_sym
|
|
46
|
-
when :fixnum
|
|
47
|
-
Sanitize.clean(dirty_value).gsub(/[^0-9]\.\,/, "").gsub(",",".").to_i
|
|
48
|
-
when :float
|
|
49
|
-
Sanitize.clean(dirty_value).gsub(/[^0-9\.\,]/, "").gsub(",",".").to_f
|
|
50
|
-
else
|
|
51
|
-
Sanitize.clean(dirty_value)
|
|
20
|
+
module CleanParameters
|
|
21
|
+
def params
|
|
22
|
+
@_params ||= ModelBasedFilter.filter(request.parameters)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def params=(val)
|
|
26
|
+
@_params = val.is_a?(Hash) ? ModelBasedFilter.filter(val) : val
|
|
52
27
|
end
|
|
53
28
|
end
|
|
54
29
|
end
|
|
55
|
-
end
|
|
30
|
+
end
|
data/lib/clean_room/dsl.rb
CHANGED
|
@@ -5,8 +5,8 @@ module CleanRoom
|
|
|
5
5
|
base.extend ClassMethods
|
|
6
6
|
base.sanitizable_attributes = {}
|
|
7
7
|
|
|
8
|
-
if base.respond_to? :
|
|
9
|
-
base.
|
|
8
|
+
if base.respond_to? :before_validate
|
|
9
|
+
base.before_validate :sanitize_attributes
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -18,16 +18,12 @@ module CleanRoom
|
|
|
18
18
|
|
|
19
19
|
def sanitize_attribute(name, options = {})
|
|
20
20
|
current_value = self.send(name)
|
|
21
|
-
cleaned_value =
|
|
21
|
+
cleaned_value = Filter.clean(current_value, options)
|
|
22
22
|
|
|
23
23
|
raise Exceptions::Contaminated.new("#{name} contained unacceptable data") if options[:raise] && (current_value != cleaned_value)
|
|
24
24
|
self.send("#{name}=".to_sym, cleaned_value)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
def air_lock
|
|
28
|
-
@air_lock ||= AirLock.new
|
|
29
|
-
end
|
|
30
|
-
|
|
31
27
|
module ClassMethods
|
|
32
28
|
attr_accessor :sanitizable_attributes
|
|
33
29
|
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
require 'sanitize'
|
|
2
|
+
require 'sanitize-url'
|
|
3
|
+
|
|
4
|
+
module CleanRoom
|
|
5
|
+
class Filter
|
|
6
|
+
|
|
7
|
+
class << self
|
|
8
|
+
include SanitizeUrl
|
|
9
|
+
|
|
10
|
+
def clean(dirty_value, options = {})
|
|
11
|
+
determine_and_filter(dirty_value, options)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def determine_and_filter(dirty_value, options)
|
|
17
|
+
|
|
18
|
+
case dirty_value
|
|
19
|
+
when Array
|
|
20
|
+
dirty_value.map{ |dv| determine_and_filter(dv, options) }
|
|
21
|
+
when Hash
|
|
22
|
+
Hash[dirty_value.map {|k,dv| [determine_and_filter(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),determine_and_filter(dv, options)]}]
|
|
23
|
+
when Fixnum
|
|
24
|
+
dirty_value
|
|
25
|
+
when Symbol
|
|
26
|
+
filter(dirty_value, options).to_sym
|
|
27
|
+
when FalseClass
|
|
28
|
+
false
|
|
29
|
+
when NilClass
|
|
30
|
+
nil
|
|
31
|
+
else
|
|
32
|
+
filter(dirty_value, options)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def filter(dirty_value, options)
|
|
37
|
+
dirty_value = dirty_value.to_s
|
|
38
|
+
case (options[:allow] || :plain_text)
|
|
39
|
+
when :html
|
|
40
|
+
Sanitize.clean(dirty_value, Sanitize::Config::RELAXED)
|
|
41
|
+
when :simple_html
|
|
42
|
+
Sanitize.clean(dirty_value, Sanitize::Config::BASIC)
|
|
43
|
+
when :strict
|
|
44
|
+
regex = /[^#{options[:character_class] || "a-zA-Z0-9 "}]/
|
|
45
|
+
Sanitize.clean(dirty_value).gsub(regex, "")
|
|
46
|
+
when :url
|
|
47
|
+
sanitize_url(dirty_value)
|
|
48
|
+
when :symbol
|
|
49
|
+
Sanitize.clean(dirty_value).gsub(/[^a-zA-Z0-9]/, "").to_sym
|
|
50
|
+
when :fixnum
|
|
51
|
+
Sanitize.clean(dirty_value).gsub(/[^0-9]\.\,/, "").gsub(",",".").to_i
|
|
52
|
+
when :float
|
|
53
|
+
Sanitize.clean(dirty_value).gsub(/[^0-9\.\,]/, "").gsub(",",".").to_f
|
|
54
|
+
else
|
|
55
|
+
Sanitize.clean(dirty_value)
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
data/lib/clean_room/version.rb
CHANGED
data/test/clean_room_test.rb
CHANGED
|
@@ -33,13 +33,13 @@ class CleanRoomTest < MiniTest::Unit::TestCase
|
|
|
33
33
|
attribute_test(:url, "www.google.com/?q=<script>test</script>", "http://www.google.com/?q=%3Cscript%3Etest%3C/script%3E")
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
def
|
|
37
|
-
assert_equal ["test1","test2"], CleanRoom::
|
|
38
|
-
assert_equal [{"test1" => "test3"},"test2"], CleanRoom::
|
|
39
|
-
assert_equal [{test1: "test3"},"test2"], CleanRoom::
|
|
40
|
-
assert_equal ["123.", "456.3", "789.8"], CleanRoom::
|
|
41
|
-
assert_equal [123, 456, 789], CleanRoom::
|
|
42
|
-
assert_equal [123.0, 456.3, 789.8], CleanRoom::
|
|
36
|
+
def test_filter
|
|
37
|
+
assert_equal ["test1","test2"], CleanRoom::Filter.clean(["<b>test1</b>","<b>test2</b>"])
|
|
38
|
+
assert_equal [{"test1" => "test3"},"test2"], CleanRoom::Filter.clean([{"<b>test1</b>" => "<b>test3</b>"},"<b>test2</b>"])
|
|
39
|
+
assert_equal [{test1: "test3"},"test2"], CleanRoom::Filter.clean([{:"<b>te * st1</b>" => "<b>test3</b>"},"<b>test2</b>"])
|
|
40
|
+
assert_equal ["123.", "456.3", "789.8"], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8])
|
|
41
|
+
assert_equal [123, 456, 789], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], allow: :fixnum)
|
|
42
|
+
assert_equal [123.0, 456.3, 789.8], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], allow: :float)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
def attribute_test(field, value_in, value_out)
|
|
@@ -69,7 +69,7 @@ class CleanRoomTest < MiniTest::Unit::TestCase
|
|
|
69
69
|
def test_with_before_save
|
|
70
70
|
assert_output("sanitize_attributes\n") do
|
|
71
71
|
test_class = Class.new do
|
|
72
|
-
def self.
|
|
72
|
+
def self.before_validate(method_name)
|
|
73
73
|
puts method_name
|
|
74
74
|
end
|
|
75
75
|
include CleanRoom::DSL
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clean_room
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2012-06-19 00:00:00.000000000 Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: sanitize
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70156494356660 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 2.0.0
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70156494356660
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: sanitize-url
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70156494356120 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: 0.1.4
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70156494356120
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: pry
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70156494355660 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
version: '0'
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70156494355660
|
|
47
47
|
description: Work in progress, this will be a generic attribute sanitizer which can
|
|
48
48
|
be used for sanitizing models and other objects holding data
|
|
49
49
|
email:
|
|
@@ -62,6 +62,7 @@ files:
|
|
|
62
62
|
- lib/clean_room/air_lock.rb
|
|
63
63
|
- lib/clean_room/dsl.rb
|
|
64
64
|
- lib/clean_room/exceptions.rb
|
|
65
|
+
- lib/clean_room/filter.rb
|
|
65
66
|
- lib/clean_room/version.rb
|
|
66
67
|
- test/clean_room_test.rb
|
|
67
68
|
- test/test_helper.rb
|