csv-safe 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of csv-safe might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/lib/csv-safe.rb +48 -0
- metadata +87 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: bb010abb98b2115fcf5cc26ca41a5978a48e6227
|
|
4
|
+
data.tar.gz: 3211e1a6684a8a9f39b9236fd97640c864664f19
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 9592cb999ccdbbfb807d63e4418b700f757aef57b7be49bfa26cdc2923cf73edad981214669a8dd080e5b620fe13c630f5cc879c10ca01f0008f88058314ba10
|
|
7
|
+
data.tar.gz: 8fda9200e55cf73dcb49505adde5a38dc524294d9ca80fe3e6bc9a9c44b43cc7648e9ba21b870ef98dc7beccfbc8b3e2cbbb5ffe0e9a95915adbe8c317a03408
|
data/lib/csv-safe.rb
ADDED
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
require 'csv'
|
|
2
|
+
|
|
3
|
+
# Decorate the built in CSV library
|
|
4
|
+
# Override << to sanitize incoming rows
|
|
5
|
+
# Override initialize to add a converter that will sanitize fields being read
|
|
6
|
+
class CSVSafe < CSV
|
|
7
|
+
def initialize(data, options = {})
|
|
8
|
+
options[:converters] = [] if options[:converters].nil?
|
|
9
|
+
options[:converters] << lambda(&method(:sanitize_field))
|
|
10
|
+
super
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def <<(row)
|
|
14
|
+
super(sanitize_row(row))
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
private
|
|
18
|
+
|
|
19
|
+
def prefix_if_necessary(field)
|
|
20
|
+
if field.is_a?(String) && %w[- = + @].include?(field[0])
|
|
21
|
+
"'" + field
|
|
22
|
+
else
|
|
23
|
+
field
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def sanitize_field(field)
|
|
28
|
+
if field.nil?
|
|
29
|
+
field
|
|
30
|
+
else
|
|
31
|
+
encoded = field.encode(CSV::ConverterEncoding)
|
|
32
|
+
prefix_if_necessary(encoded)
|
|
33
|
+
end
|
|
34
|
+
rescue StandardError # encoding conversion errors
|
|
35
|
+
field
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def sanitize_row(row)
|
|
39
|
+
case row
|
|
40
|
+
when self.class::Row
|
|
41
|
+
then row.fields.map { |field| sanitize_field(field) }
|
|
42
|
+
when Hash
|
|
43
|
+
then @headers.map { |header| sanitize_field(row[header]) }
|
|
44
|
+
else
|
|
45
|
+
row.map { |field| sanitize_field(field) }
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: csv-safe
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Alex Zvorygin
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: exe
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2018-07-27 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: bundler
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '1.16'
|
|
20
|
+
type: :development
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '1.16'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: rake
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '10.0'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '10.0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: rspec
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '3.0'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '3.0'
|
|
55
|
+
description:
|
|
56
|
+
email:
|
|
57
|
+
- alexander.zvorygin@influitive.com
|
|
58
|
+
executables: []
|
|
59
|
+
extensions: []
|
|
60
|
+
extra_rdoc_files: []
|
|
61
|
+
files:
|
|
62
|
+
- lib/csv-safe.rb
|
|
63
|
+
homepage: https://github.com/zvory/csv-safe
|
|
64
|
+
licenses:
|
|
65
|
+
- MIT
|
|
66
|
+
metadata: {}
|
|
67
|
+
post_install_message:
|
|
68
|
+
rdoc_options: []
|
|
69
|
+
require_paths:
|
|
70
|
+
- lib
|
|
71
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0'
|
|
76
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
77
|
+
requirements:
|
|
78
|
+
- - ">="
|
|
79
|
+
- !ruby/object:Gem::Version
|
|
80
|
+
version: '0'
|
|
81
|
+
requirements: []
|
|
82
|
+
rubyforge_project:
|
|
83
|
+
rubygems_version: 2.6.12
|
|
84
|
+
signing_key:
|
|
85
|
+
specification_version: 4
|
|
86
|
+
summary: Decorate ruby CSV library to sanitize output CSV against CSV injection attacks.
|
|
87
|
+
test_files: []
|