clean_room 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/clean_room/air_lock.rb +6 -5
- data/lib/clean_room/filter.rb +9 -9
- data/lib/clean_room/version.rb +1 -1
- data/test/clean_room_test.rb +3 -0
- metadata +8 -8
data/lib/clean_room/air_lock.rb
CHANGED
|
@@ -3,20 +3,21 @@ module CleanRoom
|
|
|
3
3
|
module Parameters
|
|
4
4
|
def self.included(base)
|
|
5
5
|
base.extend ClassMethods
|
|
6
|
-
base.clean_room_rules = {}
|
|
7
6
|
end
|
|
8
7
|
|
|
9
8
|
def params
|
|
10
|
-
@_params ||= HashWithIndifferentAccess.new(CleanRoom::Filter.clean(request.parameters, nested_rules: self.class.
|
|
9
|
+
@_params ||= HashWithIndifferentAccess.new(CleanRoom::Filter.clean(request.parameters, nested_rules: self.class.cr_rules))
|
|
11
10
|
end
|
|
12
11
|
|
|
13
12
|
def params=(val)
|
|
14
|
-
@_params = val.is_a?(Hash) ? HashWithIndifferentAccess.new(CleanRoom::Filter.clean(val, nested_rules: self.class.
|
|
13
|
+
@_params = val.is_a?(Hash) ? HashWithIndifferentAccess.new(CleanRoom::Filter.clean(val, nested_rules: self.class.cr_rules)) : val
|
|
15
14
|
end
|
|
16
15
|
|
|
17
|
-
|
|
16
|
+
module ClassMethods
|
|
17
|
+
attr_accessor :cr_rules
|
|
18
|
+
|
|
18
19
|
def clean_room_rules(rules = {})
|
|
19
|
-
|
|
20
|
+
cr_rules = rules
|
|
20
21
|
end
|
|
21
22
|
end
|
|
22
23
|
end
|
data/lib/clean_room/filter.rb
CHANGED
|
@@ -8,19 +8,13 @@ module CleanRoom
|
|
|
8
8
|
include SanitizeUrl
|
|
9
9
|
|
|
10
10
|
def clean(dirty_value, rules = {})
|
|
11
|
-
determine_and_filter(dirty_value, rules)
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
private
|
|
15
|
-
|
|
16
|
-
def determine_and_filter(dirty_value, rules)
|
|
17
11
|
nested_rules = rules[:nested_rules] || {}
|
|
18
12
|
|
|
19
13
|
case dirty_value
|
|
20
14
|
when Array
|
|
21
|
-
dirty_value.map{ |dv|
|
|
15
|
+
dirty_value.map{ |dv| clean(dv, rules) }
|
|
22
16
|
when Hash
|
|
23
|
-
Hash[dirty_value.map {|k,dv| [
|
|
17
|
+
Hash[dirty_value.map {|k,dv| [clean(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),clean(dv, nested_rules[k] ? nested_rules[k] : rules)]}]
|
|
24
18
|
when Fixnum
|
|
25
19
|
dirty_value
|
|
26
20
|
when Symbol
|
|
@@ -30,10 +24,16 @@ module CleanRoom
|
|
|
30
24
|
when NilClass
|
|
31
25
|
nil
|
|
32
26
|
else
|
|
33
|
-
|
|
27
|
+
if dirty_value.class.to_s == "ActionDispatch::Http::UploadedFile"
|
|
28
|
+
dirty_value
|
|
29
|
+
else
|
|
30
|
+
filter(dirty_value, rules)
|
|
31
|
+
end
|
|
34
32
|
end
|
|
35
33
|
end
|
|
36
34
|
|
|
35
|
+
private
|
|
36
|
+
|
|
37
37
|
def filter(dirty_value, rules)
|
|
38
38
|
dirty_value = dirty_value.to_s
|
|
39
39
|
intermediate_value = case (rules[:rule] || :plain_text)
|
data/lib/clean_room/version.rb
CHANGED
data/test/clean_room_test.rb
CHANGED
|
@@ -41,6 +41,9 @@ class CleanRoomTest < MiniTest::Unit::TestCase
|
|
|
41
41
|
assert_equal [123, 456, 789], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], rule: :fixnum)
|
|
42
42
|
assert_equal [123.0, 456.3, 789.8], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], rule: :float)
|
|
43
43
|
|
|
44
|
+
# Errors
|
|
45
|
+
assert_equal({"action"=>"new", "controller"=>"devise/sessions"}, CleanRoom::Filter.clean({"action"=>"new", "controller"=>"devise/sessions"}))
|
|
46
|
+
|
|
44
47
|
# SQL injection
|
|
45
48
|
assert_equal "test", CleanRoom::Filter.clean("test' ; DROP TABLE ")
|
|
46
49
|
assert_equal "test", CleanRoom::Filter.clean("test'DROP TABLE `sdfdsf`")
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clean_room
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,11 +9,11 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-06-
|
|
12
|
+
date: 2012-06-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: sanitize
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70093767202980 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ! '>='
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 2.0.0
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70093767202980
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: sanitize-url
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70093767202480 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ! '>='
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: 0.1.4
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70093767202480
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: pry
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70093767202080 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ! '>='
|
|
@@ -43,7 +43,7 @@ dependencies:
|
|
|
43
43
|
version: '0'
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70093767202080
|
|
47
47
|
description: Work in progress, this will be a generic attribute sanitizer which can
|
|
48
48
|
be used for sanitizing models and other objects holding data
|
|
49
49
|
email:
|