clean_room 0.1.3 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/lib/clean_room.rb +1 -0
  2. data/lib/clean_room/air_lock.rb +21 -46
  3. data/lib/clean_room/dsl.rb +3 -7
  4. data/lib/clean_room/filter.rb +60 -0
  5. data/lib/clean_room/version.rb +1 -1
  6. data/test/clean_room_test.rb +8 -8
  7. metadata +8 -7
data/lib/clean_room.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require "clean_room/air_lock"
2
2
  require "clean_room/dsl"
3
3
  require "clean_room/exceptions"
4
+ require "clean_room/filter"
4
5
  require "clean_room/version"
data/lib/clean_room/air_lock.rb CHANGED
@@ -1,55 +1,30 @@
1
- require 'sanitize'
2
- require 'sanitize-url'
3
-
4
1
  module CleanRoom
5
- class AirLock
6
- include SanitizeUrl
7
-
8
- def shower(dirty_value, options = {})
9
- determine_and_clean(dirty_value, options)
2
+ module AirLock
3
+ class Parameters
4
+ class << self
5
+ def activate
6
+ ActionController::Base.send :include, CleanParameters
7
+ end
8
+ end
10
9
  end
11
10
 
12
- def determine_and_clean(dirty_value, options)
13
-
14
- case dirty_value
15
- when Array
16
- dirty_value.map{ |dv| determine_and_clean(dv, options) }
17
- when Hash
18
- Hash[dirty_value.map {|k,dv| [determine_and_clean(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),determine_and_clean(dv, options)]}]
19
- when Fixnum
20
- dirty_value
21
- when Symbol
22
- clean(dirty_value, options).to_sym
23
- when FalseClass
24
- false
25
- when NilClass
26
- nil
27
- else
28
- clean(dirty_value, options)
11
+ class ModelBasedFilter
12
+ class << self
13
+ def filter(parameters)
14
+ # TODO: check the parameter names against the model sanitization rules, when no rules found do a 'normal' sanitization
15
+ HashWithIndifferentAccess.new(CleanRoom::Filter.clean(parameters))
16
+ end
29
17
  end
30
18
  end
31
19
 
32
- def clean(dirty_value, options)
33
- dirty_value = dirty_value.to_s
34
- case (options[:allow] || :plain_text)
35
- when :html
36
- Sanitize.clean(dirty_value, Sanitize::Config::RELAXED)
37
- when :simple_html
38
- Sanitize.clean(dirty_value, Sanitize::Config::BASIC)
39
- when :strict
40
- regex = /[^#{options[:character_class] || "a-zA-Z0-9 "}]/
41
- Sanitize.clean(dirty_value).gsub(regex, "")
42
- when :url
43
- sanitize_url(dirty_value)
44
- when :symbol
45
- Sanitize.clean(dirty_value).gsub(/[^a-zA-Z0-9]/, "").to_sym
46
- when :fixnum
47
- Sanitize.clean(dirty_value).gsub(/[^0-9]\.\,/, "").gsub(",",".").to_i
48
- when :float
49
- Sanitize.clean(dirty_value).gsub(/[^0-9\.\,]/, "").gsub(",",".").to_f
50
- else
51
- Sanitize.clean(dirty_value)
20
+ module CleanParameters
21
+ def params
22
+ @_params ||= ModelBasedFilter.filter(request.parameters)
23
+ end
24
+
25
+ def params=(val)
26
+ @_params = val.is_a?(Hash) ? ModelBasedFilter.filter(val) : val
52
27
  end
53
28
  end
54
29
  end
55
- end
30
+ end
data/lib/clean_room/dsl.rb CHANGED
@@ -5,8 +5,8 @@ module CleanRoom
5
5
  base.extend ClassMethods
6
6
  base.sanitizable_attributes = {}
7
7
 
8
- if base.respond_to? :before_save
9
- base.before_save :sanitize_attributes
8
+ if base.respond_to? :before_validate
9
+ base.before_validate :sanitize_attributes
10
10
  end
11
11
  end
12
12
 
@@ -18,16 +18,12 @@ module CleanRoom
18
18
 
19
19
  def sanitize_attribute(name, options = {})
20
20
  current_value = self.send(name)
21
- cleaned_value = air_lock.shower(current_value, options)
21
+ cleaned_value = Filter.clean(current_value, options)
22
22
 
23
23
  raise Exceptions::Contaminated.new("#{name} contained unacceptable data") if options[:raise] && (current_value != cleaned_value)
24
24
  self.send("#{name}=".to_sym, cleaned_value)
25
25
  end
26
26
 
27
- def air_lock
28
- @air_lock ||= AirLock.new
29
- end
30
-
31
27
  module ClassMethods
32
28
  attr_accessor :sanitizable_attributes
33
29
 
data/lib/clean_room/filter.rb ADDED
@@ -0,0 +1,60 @@
1
+ require 'sanitize'
2
+ require 'sanitize-url'
3
+
4
+ module CleanRoom
5
+ class Filter
6
+
7
+ class << self
8
+ include SanitizeUrl
9
+
10
+ def clean(dirty_value, options = {})
11
+ determine_and_filter(dirty_value, options)
12
+ end
13
+
14
+ private
15
+
16
+ def determine_and_filter(dirty_value, options)
17
+
18
+ case dirty_value
19
+ when Array
20
+ dirty_value.map{ |dv| determine_and_filter(dv, options) }
21
+ when Hash
22
+ Hash[dirty_value.map {|k,dv| [determine_and_filter(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),determine_and_filter(dv, options)]}]
23
+ when Fixnum
24
+ dirty_value
25
+ when Symbol
26
+ filter(dirty_value, options).to_sym
27
+ when FalseClass
28
+ false
29
+ when NilClass
30
+ nil
31
+ else
32
+ filter(dirty_value, options)
33
+ end
34
+ end
35
+
36
+ def filter(dirty_value, options)
37
+ dirty_value = dirty_value.to_s
38
+ case (options[:allow] || :plain_text)
39
+ when :html
40
+ Sanitize.clean(dirty_value, Sanitize::Config::RELAXED)
41
+ when :simple_html
42
+ Sanitize.clean(dirty_value, Sanitize::Config::BASIC)
43
+ when :strict
44
+ regex = /[^#{options[:character_class] || "a-zA-Z0-9 "}]/
45
+ Sanitize.clean(dirty_value).gsub(regex, "")
46
+ when :url
47
+ sanitize_url(dirty_value)
48
+ when :symbol
49
+ Sanitize.clean(dirty_value).gsub(/[^a-zA-Z0-9]/, "").to_sym
50
+ when :fixnum
51
+ Sanitize.clean(dirty_value).gsub(/[^0-9]\.\,/, "").gsub(",",".").to_i
52
+ when :float
53
+ Sanitize.clean(dirty_value).gsub(/[^0-9\.\,]/, "").gsub(",",".").to_f
54
+ else
55
+ Sanitize.clean(dirty_value)
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end
data/lib/clean_room/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CleanRoom
2
- VERSION = "0.1.3"
2
+ VERSION = "0.2.0"
3
3
  end
data/test/clean_room_test.rb CHANGED
@@ -33,13 +33,13 @@ class CleanRoomTest < MiniTest::Unit::TestCase
33
33
  attribute_test(:url, "www.google.com/?q=<script>test</script>", "http://www.google.com/?q=%3Cscript%3Etest%3C/script%3E")
34
34
  end
35
35
 
36
- def test_air_lock
37
- assert_equal ["test1","test2"], CleanRoom::AirLock.new.shower(["<b>test1</b>","<b>test2</b>"])
38
- assert_equal [{"test1" => "test3"},"test2"], CleanRoom::AirLock.new.shower([{"<b>test1</b>" => "<b>test3</b>"},"<b>test2</b>"])
39
- assert_equal [{test1: "test3"},"test2"], CleanRoom::AirLock.new.shower([{:"<b>te * st1</b>" => "<b>test3</b>"},"<b>test2</b>"])
40
- assert_equal ["123.", "456.3", "789.8"], CleanRoom::AirLock.new.shower(["<b>123.</b>","456.3", 789.8])
41
- assert_equal [123, 456, 789], CleanRoom::AirLock.new.shower(["<b>123.</b>","456.3", 789.8], allow: :fixnum)
42
- assert_equal [123.0, 456.3, 789.8], CleanRoom::AirLock.new.shower(["<b>123.</b>","456.3", 789.8], allow: :float)
36
+ def test_filter
37
+ assert_equal ["test1","test2"], CleanRoom::Filter.clean(["<b>test1</b>","<b>test2</b>"])
38
+ assert_equal [{"test1" => "test3"},"test2"], CleanRoom::Filter.clean([{"<b>test1</b>" => "<b>test3</b>"},"<b>test2</b>"])
39
+ assert_equal [{test1: "test3"},"test2"], CleanRoom::Filter.clean([{:"<b>te * st1</b>" => "<b>test3</b>"},"<b>test2</b>"])
40
+ assert_equal ["123.", "456.3", "789.8"], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8])
41
+ assert_equal [123, 456, 789], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], allow: :fixnum)
42
+ assert_equal [123.0, 456.3, 789.8], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], allow: :float)
43
43
  end
44
44
 
45
45
  def attribute_test(field, value_in, value_out)
@@ -69,7 +69,7 @@ class CleanRoomTest < MiniTest::Unit::TestCase
69
69
  def test_with_before_save
70
70
  assert_output("sanitize_attributes\n") do
71
71
  test_class = Class.new do
72
- def self.before_save(method_name)
72
+ def self.before_validate(method_name)
73
73
  puts method_name
74
74
  end
75
75
  include CleanRoom::DSL
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clean_room
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.2.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2012-06-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: sanitize
16
- requirement: &70175557841960 !ruby/object:Gem::Requirement
16
+ requirement: &70156494356660 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 2.0.0
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70175557841960
24
+ version_requirements: *70156494356660
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: sanitize-url
27
- requirement: &70175557841420 !ruby/object:Gem::Requirement
27
+ requirement: &70156494356120 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 0.1.4
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70175557841420
35
+ version_requirements: *70156494356120
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: pry
38
- requirement: &70175557841000 !ruby/object:Gem::Requirement
38
+ requirement: &70156494355660 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: '0'
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *70175557841000
46
+ version_requirements: *70156494355660
47
47
  description: Work in progress, this will be a generic attribute sanitizer which can
48
48
  be used for sanitizing models and other objects holding data
49
49
  email:
@@ -62,6 +62,7 @@ files:
62
62
  - lib/clean_room/air_lock.rb
63
63
  - lib/clean_room/dsl.rb
64
64
  - lib/clean_room/exceptions.rb
65
+ - lib/clean_room/filter.rb
65
66
  - lib/clean_room/version.rb
66
67
  - test/clean_room_test.rb
67
68
  - test/test_helper.rb