csv-safe 1.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of csv-safe might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/lib/csv-safe.rb +26 -13
- metadata +13 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: f955fe07010ba3139c0a7033ba4e37e636c899eae24606fbbd1cf8d7753bf232
|
|
4
|
+
data.tar.gz: f91468bc10dc52e1aed34db81ecddc3b60f0771399cdb8ed2e156926b3d434d0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4ef6dbf20be9eb6f7ea3b21ba10240897e20a98773709a34e981d5b880acc351bf08c0ed5cba34a8f57541a428a6c867fae12567aa10fd49ec057ace7f840d1b
|
|
7
|
+
data.tar.gz: b096c0122e6ae7f060b8fd923d74227b2d76a6931bb56b91fa54b97fe82e9d5893a58a8cad1ad7c9236e5ed7f787781e221356c4e43c30ca46d2310b9fd4af27
|
data/lib/csv-safe.rb
CHANGED
|
@@ -4,43 +4,56 @@ require 'csv'
|
|
|
4
4
|
# Override << to sanitize incoming rows
|
|
5
5
|
# Override initialize to add a converter that will sanitize fields being read
|
|
6
6
|
class CSVSafe < CSV
|
|
7
|
-
def initialize(data,
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
super
|
|
7
|
+
def initialize(data, converters: nil, **options)
|
|
8
|
+
updated_converters = converters || []
|
|
9
|
+
updated_converters << lambda(&method(:sanitize_field))
|
|
10
|
+
super(data, **options.merge(converters: updated_converters))
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def <<(row)
|
|
14
14
|
super(sanitize_row(row))
|
|
15
15
|
end
|
|
16
|
+
alias_method :add_row, :<<
|
|
17
|
+
alias_method :puts, :<<
|
|
16
18
|
|
|
17
19
|
private
|
|
18
20
|
|
|
21
|
+
# TODO: performance test if i'm adding
|
|
22
|
+
# too many method calls to hot code
|
|
23
|
+
def starts_with_special_character?(str)
|
|
24
|
+
%w[- = + @].include?(str[0])
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def prefix(field)
|
|
28
|
+
encoded = field.encode(CSV::ConverterEncoding)
|
|
29
|
+
"'" + encoded
|
|
30
|
+
rescue StandardError
|
|
31
|
+
"'" + field
|
|
32
|
+
end
|
|
33
|
+
|
|
19
34
|
def prefix_if_necessary(field)
|
|
20
|
-
|
|
21
|
-
|
|
35
|
+
as_string = field.to_s
|
|
36
|
+
if starts_with_special_character?(as_string)
|
|
37
|
+
prefix(as_string)
|
|
22
38
|
else
|
|
23
39
|
field
|
|
24
40
|
end
|
|
25
41
|
end
|
|
26
42
|
|
|
27
43
|
def sanitize_field(field)
|
|
28
|
-
if field.nil?
|
|
44
|
+
if field.nil? || field.is_a?(Numeric)
|
|
29
45
|
field
|
|
30
46
|
else
|
|
31
|
-
|
|
32
|
-
prefix_if_necessary(encoded)
|
|
47
|
+
prefix_if_necessary(field)
|
|
33
48
|
end
|
|
34
|
-
rescue StandardError # encoding conversion errors
|
|
35
|
-
field
|
|
36
49
|
end
|
|
37
50
|
|
|
38
51
|
def sanitize_row(row)
|
|
39
52
|
case row
|
|
40
53
|
when self.class::Row
|
|
41
|
-
|
|
54
|
+
then row.fields.map { |field| sanitize_field(field) }
|
|
42
55
|
when Hash
|
|
43
|
-
|
|
56
|
+
then @headers.map { |header| sanitize_field(row[header]) }
|
|
44
57
|
else
|
|
45
58
|
row.map { |field| sanitize_field(field) }
|
|
46
59
|
end
|
metadata
CHANGED
|
@@ -1,43 +1,43 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: csv-safe
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alex Zvorygin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-10-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 2.1.4
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 2.1.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 12.3.3
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 12.3.3
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -54,7 +54,7 @@ dependencies:
|
|
|
54
54
|
version: '3.0'
|
|
55
55
|
description:
|
|
56
56
|
email:
|
|
57
|
-
-
|
|
57
|
+
- grafetu@gmail.com
|
|
58
58
|
executables: []
|
|
59
59
|
extensions: []
|
|
60
60
|
extra_rdoc_files: []
|
|
@@ -72,15 +72,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - ">="
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version:
|
|
75
|
+
version: 2.7.0
|
|
76
76
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
77
77
|
requirements:
|
|
78
78
|
- - ">="
|
|
79
79
|
- !ruby/object:Gem::Version
|
|
80
80
|
version: '0'
|
|
81
81
|
requirements: []
|
|
82
|
-
|
|
83
|
-
rubygems_version: 2.6.12
|
|
82
|
+
rubygems_version: 3.2.22
|
|
84
83
|
signing_key:
|
|
85
84
|
specification_version: 4
|
|
86
85
|
summary: Decorate ruby CSV library to sanitize output CSV against CSV injection attacks.
|