clean_room 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/clean_room/air_lock.rb +6 -5
- data/lib/clean_room/filter.rb +9 -9
- data/lib/clean_room/version.rb +1 -1
- data/test/clean_room_test.rb +3 -0
- metadata +8 -8
data/lib/clean_room/air_lock.rb
CHANGED
@@ -3,20 +3,21 @@ module CleanRoom
|
|
3
3
|
module Parameters
|
4
4
|
def self.included(base)
|
5
5
|
base.extend ClassMethods
|
6
|
-
base.clean_room_rules = {}
|
7
6
|
end
|
8
7
|
|
9
8
|
def params
|
10
|
-
@_params ||= HashWithIndifferentAccess.new(CleanRoom::Filter.clean(request.parameters, nested_rules: self.class.
|
9
|
+
@_params ||= HashWithIndifferentAccess.new(CleanRoom::Filter.clean(request.parameters, nested_rules: self.class.cr_rules))
|
11
10
|
end
|
12
11
|
|
13
12
|
def params=(val)
|
14
|
-
@_params = val.is_a?(Hash) ? HashWithIndifferentAccess.new(CleanRoom::Filter.clean(val, nested_rules: self.class.
|
13
|
+
@_params = val.is_a?(Hash) ? HashWithIndifferentAccess.new(CleanRoom::Filter.clean(val, nested_rules: self.class.cr_rules)) : val
|
15
14
|
end
|
16
15
|
|
17
|
-
|
16
|
+
module ClassMethods
|
17
|
+
attr_accessor :cr_rules
|
18
|
+
|
18
19
|
def clean_room_rules(rules = {})
|
19
|
-
|
20
|
+
cr_rules = rules
|
20
21
|
end
|
21
22
|
end
|
22
23
|
end
|
data/lib/clean_room/filter.rb
CHANGED
@@ -8,19 +8,13 @@ module CleanRoom
|
|
8
8
|
include SanitizeUrl
|
9
9
|
|
10
10
|
def clean(dirty_value, rules = {})
|
11
|
-
determine_and_filter(dirty_value, rules)
|
12
|
-
end
|
13
|
-
|
14
|
-
private
|
15
|
-
|
16
|
-
def determine_and_filter(dirty_value, rules)
|
17
11
|
nested_rules = rules[:nested_rules] || {}
|
18
12
|
|
19
13
|
case dirty_value
|
20
14
|
when Array
|
21
|
-
dirty_value.map{ |dv|
|
15
|
+
dirty_value.map{ |dv| clean(dv, rules) }
|
22
16
|
when Hash
|
23
|
-
Hash[dirty_value.map {|k,dv| [
|
17
|
+
Hash[dirty_value.map {|k,dv| [clean(k, allow: (k.is_a?(Symbol) ? :symbol : :string)),clean(dv, nested_rules[k] ? nested_rules[k] : rules)]}]
|
24
18
|
when Fixnum
|
25
19
|
dirty_value
|
26
20
|
when Symbol
|
@@ -30,10 +24,16 @@ module CleanRoom
|
|
30
24
|
when NilClass
|
31
25
|
nil
|
32
26
|
else
|
33
|
-
|
27
|
+
if dirty_value.class.to_s == "ActionDispatch::Http::UploadedFile"
|
28
|
+
dirty_value
|
29
|
+
else
|
30
|
+
filter(dirty_value, rules)
|
31
|
+
end
|
34
32
|
end
|
35
33
|
end
|
36
34
|
|
35
|
+
private
|
36
|
+
|
37
37
|
def filter(dirty_value, rules)
|
38
38
|
dirty_value = dirty_value.to_s
|
39
39
|
intermediate_value = case (rules[:rule] || :plain_text)
|
data/lib/clean_room/version.rb
CHANGED
data/test/clean_room_test.rb
CHANGED
@@ -41,6 +41,9 @@ class CleanRoomTest < MiniTest::Unit::TestCase
|
|
41
41
|
assert_equal [123, 456, 789], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], rule: :fixnum)
|
42
42
|
assert_equal [123.0, 456.3, 789.8], CleanRoom::Filter.clean(["<b>123.</b>","456.3", 789.8], rule: :float)
|
43
43
|
|
44
|
+
# Errors
|
45
|
+
assert_equal({"action"=>"new", "controller"=>"devise/sessions"}, CleanRoom::Filter.clean({"action"=>"new", "controller"=>"devise/sessions"}))
|
46
|
+
|
44
47
|
# SQL injection
|
45
48
|
assert_equal "test", CleanRoom::Filter.clean("test' ; DROP TABLE ")
|
46
49
|
assert_equal "test", CleanRoom::Filter.clean("test'DROP TABLE `sdfdsf`")
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clean_room
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-06-
|
12
|
+
date: 2012-06-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: sanitize
|
16
|
-
requirement: &
|
16
|
+
requirement: &70093767202980 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: 2.0.0
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70093767202980
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: sanitize-url
|
27
|
-
requirement: &
|
27
|
+
requirement: &70093767202480 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: 0.1.4
|
33
33
|
type: :runtime
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *70093767202480
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: pry
|
38
|
-
requirement: &
|
38
|
+
requirement: &70093767202080 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ! '>='
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
version: '0'
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *70093767202080
|
47
47
|
description: Work in progress, this will be a generic attribute sanitizer which can
|
48
48
|
be used for sanitizing models and other objects holding data
|
49
49
|
email:
|