RubyGems - corny-sql_filter - Versions diffs - 0.0.1 - Mend

corny-sql_filter 0.0.1

Files changed (7) hide show

data/MIT-LICENSE ADDED

@@ -0,0 +1,20 @@
+Copyright (c) 2009 [Julian K., Can Filip S.]
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc ADDED

@@ -0,0 +1,53 @@
+= sql_filter
+sql_filter helps you to build sql-conditions from parameters
+and avoids sql injections.
+== INSTALL:
+coming soon
+== EXAMPLE:
+=== Options for attributes
+ * value => fixed value or array of allowed values
+ * operator => fixed operator or list of allowed operators [default: =]
+ * default_operator => operator or first element of operator
+ * ignore_blank => Boolean [default: true]
+ * escape => Boolean [default: true]
+=== Simple
+ MyFilter < SqlFilter
+   attributes :foo
+ end
+ filter = MyFilter.new(:foo => 'bar')
+ filter.to_a == ["1 AND (`foo` = ?)",'bar']
+=== With default
+ MyFilter < SqlFilter
+   attributes :name, :default => 'any', :operator => :like
+ end
+ filter = MyFilter.new(:foo => 'bar')
+ filter.to_a == ["1 AND (`foo` LIKE ?)",'%bar%']
+=== Custom method
+ MyFilter < SqlFilter
+   attributes :name
+   def name_to_sql
+     ["foreign_id IN (SELECT id FROM foreigns WHERE name LIKE ?)",name]
+   end
+ end
+ filter = MyFilter.new(:foo => 'bar')
+ filter.to_a == ["1 AND `foreign_id` IN (SELECT id FROM foreigns WHERE name LIKE ?))","bar"]
+Copyright (c) 2009 Julian K., released under the MIT license

data/init.rb ADDED

	@@ -0,0 +1,2 @@
1	+ # Include hook code here
2	+ require File.join(File.dirname(__FILE__), "/lib/sql_filter")

data/lib/sql_filter.rb ADDED

@@ -0,0 +1,152 @@
+# SqlFilter
+module SqlFilterAttributes
+  def self.included(base)
+    base.extend(ClassMethods)
+  end
+  module ClassMethods
+    def inherited(subclass)
+      subclass.instance_variable_set('@attributes', instance_variable_get('@attributes').clone)
+    end
+    # returns the configuration hash
+    def attributes
+      @attributes
+    end
+  end
+end
+class SqlFilter
+  include SqlFilterAttributes
+  @attributes = {}
+  def self.attribute(*args)
+    options   = args.delete_at(args.size-1) if args.last.is_a?(Hash)
+    options ||= {}
+    #puts "#############################"
+    #puts self
+    #puts "#############################"
+    for attr in args
+      class_method_lines = []
+      options[:escape]       ||= true
+      options[:ignore_blank] ||= true
+      value    = options[:value]
+      operator = options[:operator] || "="
+      if operator.is_a?(Array)
+        attr_accessor "operator_for_#{attr}"
+        class_method_lines << "def operator_for_#{attr}"
+        class_method_lines << "  options = self.class.attributes[:#{attr}]"
+        class_method_lines << "  @operator_for_#{attr} ||= options[:default_operator]"
+        if options[:ignore_blank]
+          class_method_lines << "  return nil if @operator_for_#{attr}.to_s.empty?"
+        end
+        class_method_lines << "  raise 'unknown operator '+@operator_for_#{attr}+' for #{attr}' unless options[:operator].include?(@operator_for_#{attr})"
+        class_method_lines << "  @operator_for_#{attr}"
+        class_method_lines << "end"
+      else
+        class_method_lines << "def operator_for_#{attr}"
+        class_method_lines << "  '#{operator.to_s.upcase}'"
+        class_method_lines << "end"
+      end
+      class_method_lines << "def #{attr}_to_sql"
+      class_method_lines << "return nil unless operator_for_#{attr}"
+      # wenn kein statischer Wert vorgegeben ist
+      unless options[:value].is_a?(String)
+        attr_accessor attr
+        # leere Werte bei Wunsch ignorieren
+        if options[:ignore_blank]
+          class_method_lines << "return nil if @#{attr}.to_s.empty?"
+        end
+      end
+      right_sql = nil
+      if value
+        if value.is_a?(Array)
+          # eingabe überprüfen
+          class_method_lines << "raise 'xxx' unless self.class.attributes[:#{attr}][:value].include?(#{attr})"
+          right_sql = attr.to_s
+        else
+          # vorgabe einsetzen
+          right_sql = value.inspect
+        end
+      else
+        if operator==:like
+          right_sql = "'%'+#{attr}+'%'"
+        else
+          # nur methode aufrufen
+          right_sql = attr.to_s
+        end
+      end
+      field = options[:field] ? options[:field]  : attr
+      field = field.to_s.split(".").collect{|c| "`"+c+"`"}.join "."
+      if options[:escape] == false
+        class_method_lines << "  '#{field} ' + operator_for_#{attr} + " + right_sql
+      else
+        class_method_lines << "  ['#{field} ' + operator_for_#{attr} + ' ?', " + right_sql + ']'
+      end
+      class_method_lines << "end"
+      @attributes[attr] = options
+      #puts class_method_lines.join "\n"
+      class_eval class_method_lines.join "\n"
+      operator = options[:operators]
+    end
+  end
+  def initialize(vars=nil)
+    # set default values
+    for attr,options in self.class.attributes
+      instance_variable_set '@'+attr.to_s, options[:default]
+    end
+    if vars
+      # send input values to setter methods
+      for key,val in vars
+        send "#{key}=", val
+      end
+    end
+  end
+  # Build the whole conditions array
+  def to_a
+    sql = ["1"]
+    for key, options in self.class.attributes
+      val = instance_variable_get("@#{key}") || options[:default]
+      res = send "#{key}_to_sql"
+      if res.is_a?(Array)
+        sql[0] << " AND (#{res.shift})"
+        sql = sql + res
+      elsif res # nicht nil
+        sql[0] << " AND (#{res})"
+      end
+    end
+    sql
+  end
+end

data/sql_filter.gemspec ADDED

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{sql_filter}
+  s.version = "0.0.1"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Corny", "Averell"]
+  s.date = %q{2009-02-04}
+  s.description = %q{sql_filter helps you to build sql-conditions from parameters and avoids sql injections.}
+  s.email = %q{mail@digineo.de}
+  s.files = %w(
+    MIT-LICENSE
+    README.rdoc
+    init.rb
+    sql_filter.gemspec
+    lib/sql_filter.rb
+    test/sql_filter_test.rb
+  )
+  s.has_rdoc = true
+  s.homepage = %q{http://github.com/corny/sql_filter/tree/master}
+  s.rdoc_options = ["--inline-source", "--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.0}
+  s.summary = %q{sql_filter helps you to build sql-conditions from parameters and avoids sql injections.}
+end

data/test/sql_filter_test.rb ADDED

@@ -0,0 +1,133 @@
+require 'test/unit'
+require File.join(File.dirname(__FILE__), "../init")
+class SqlFilterTest < Test::Unit::TestCase
+  # erwartet: nichts
+  class EmptyFilter < SqlFilter
+  end
+  # erwartet:
+  # * name
+  class NameFilter < SqlFilter
+    attribute :name, :field=>'certificate.issuer'
+  end
+  # erwartet:
+  # * name
+  class NameLikeFilter < SqlFilter
+    attribute :name, :operator => :like
+  end
+  # erwartet:
+  # * state
+  class OptionsFilter < SqlFilter
+    attribute :state, :value => %w(new open closed)
+  end
+  # erwartet:
+  # * operator_for_issued_at
+  class OperatorFilter < SqlFilter
+    attribute :issued_at, :operator => %w(< >), :value => "NOW()", :escape => false, :default_operator=>"<"
+  end
+  # erwartet:
+  # * updated_at
+  # * operator_for_updated_at
+  class OperatorValueFilter < SqlFilter
+    attribute :issued_at, :operator => %w(< = >)
+  end
+  # empty filter
+  def test_empty_filter
+    filter = EmptyFilter.new
+    # darf nicht auf :name reagieren
+    assert !filter.respond_to?(:name)
+    # Conditions muss leer sein
+    assert_equal ["1"], filter.to_a
+  end
+  def test_assertion
+    value = 'foo bar'
+    filter = NameFilter.new
+    assert_nil filter.name
+    filter.name = value
+    assert_equal value, filter.name
+    filter = NameFilter.new :name => value
+    assert_equal value, filter.name
+  end
+  def test_name_filter
+    text   = 'hello world'
+    filter = NameFilter.new(:name => text)
+    # sollte auf :name reagieren
+    assert_respond_to filter, :name
+    assert_equal ["1 AND (`certificate`.`issuer` = ?)",text], filter.to_a
+    text = 'Test'
+    filter.name = text
+    assert_equal ["1 AND (`certificate`.`issuer` = ?)",text], filter.to_a
+  end
+  def test_name_like_filter
+    filter = EmptyFilter.new
+    text   = 'hello world'
+    filter = NameLikeFilter.new(:name => text)
+    assert_equal ["1 AND (`name` LIKE ?)","%#{text}%"], filter.to_a
+  end
+  def test_options_filter
+    filter = OptionsFilter.new
+    # leerer wert
+    assert_equal ["1"], filter.to_a
+    filter = OptionsFilter.new(:state => 'closed')
+    assert_equal ["1 AND (`state` = ?)", "closed"], filter.to_a
+    assert_raises RuntimeError do
+      filter = OptionsFilter.new(:state => 'sldjfh sdkjfh oiz3 4 zr')
+      assert_equal ["1 AND (`state` = ?)", "sldjfh sdkjfh oiz3 4 zr"], filter.to_a
+    end
+  end
+  def test_operator_filter
+    # leerer wert
+    filter = OperatorFilter.new
+    assert_equal ["1 AND (`issued_at` < ?)", "NOW()"], filter.to_a
+    # Gültiger Wert
+    filter = OperatorFilter.new(:operator_for_issued_at=>">")
+    assert_equal ["1 AND (`issued_at` > ?)", "NOW()"], filter.to_a
+    # Ungültiger Wert
+    assert_raises RuntimeError do
+      filter = OperatorFilter.new(:operator_for_issued_at=>"sddlkh234097f ")
+      assert_equal ["1 AND (`issued_at` < ?)", "sddlkh234097f"], filter.to_a
+    end
+  end
+  def test_operator_value_filter
+    filter = OptionsFilter.new
+    # leerer wert
+    assert_equal ["1"], filter.to_a
+    filter = OperatorValueFilter.new(:issued_at => "NOW()", :operator_for_issued_at=>">")
+    assert_equal ["1 AND (`issued_at` > ?)", "NOW()"], filter.to_a
+    assert_raises RuntimeError do
+      filter = OperatorValueFilter.new(:issued_at => "NOW()", :operator_for_issued_at=>"sdfsklödf")
+      assert_equal ["1 AND (`issued_at` sdfsklödf ?)", "NOW()"], filter.to_a
+    end
+  end
+end

metadata ADDED

@@ -0,0 +1,60 @@
+--- !ruby/object:Gem::Specification
+name: corny-sql_filter
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Corny
+- Averell
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2009-02-04 00:00:00 -08:00
+default_executable:
+dependencies: []
+description: sql_filter helps you to build sql-conditions from parameters and avoids sql injections.
+email: mail@digineo.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.rdoc
+- init.rb
+- sql_filter.gemspec
+- lib/sql_filter.rb
+- test/sql_filter_test.rb
+has_rdoc: true
+homepage: http://github.com/corny/sql_filter/tree/master
+post_install_message:
+rdoc_options:
+- --inline-source
+- --charset=UTF-8
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+requirements: []
+rubyforge_project:
+rubygems_version: 1.2.0
+signing_key:
+specification_version: 2
+summary: sql_filter helps you to build sql-conditions from parameters and avoids sql injections.
+test_files: []