extra_sanitize 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/Manifest +18 -0
- data/README +31 -0
- data/Rakefile +35 -0
- data/extra_sanitize.gemspec +31 -0
- data/init.rb +3 -0
- data/install.rb +1 -0
- data/lib/extra_sanitize.rb +47 -0
- data/tasks/extra_sanitize_tasks.rake +4 -0
- data/test/extra_sanitize_test.rb +50 -0
- data/test/models/article.rb +3 -0
- data/test/models/book.rb +3 -0
- data/test/models/comment.rb +2 -0
- data/test/models/post.rb +3 -0
- data/test/models/tag.rb +3 -0
- data/test/schema.rb +24 -0
- data/test/test_helper.rb +14 -0
- data/uninstall.rb +1 -0
- metadata +81 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 [Amit Kumar]
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Manifest
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
MIT-LICENSE
|
2
|
+
Manifest
|
3
|
+
README
|
4
|
+
Rakefile
|
5
|
+
extra_sanitize.gemspec
|
6
|
+
init.rb
|
7
|
+
install.rb
|
8
|
+
lib/extra_sanitize.rb
|
9
|
+
tasks/extra_sanitize_tasks.rake
|
10
|
+
test/extra_sanitize_test.rb
|
11
|
+
test/models/article.rb
|
12
|
+
test/models/book.rb
|
13
|
+
test/models/comment.rb
|
14
|
+
test/models/post.rb
|
15
|
+
test/models/tag.rb
|
16
|
+
test/schema.rb
|
17
|
+
test/test_helper.rb
|
18
|
+
uninstall.rb
|
data/README
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
EtraSanitize
|
2
|
+
============================================================================================================================================
|
3
|
+
|
4
|
+
This plugin provides the ability to put an extra layer of sanitization for you database columns - if you are already using xss_terminate.
|
5
|
+
|
6
|
+
|
7
|
+
Example
|
8
|
+
============================================================================================================================================
|
9
|
+
class Book < ActiveRecord::Base
|
10
|
+
extra_sanitize :columns => :title
|
11
|
+
end
|
12
|
+
|
13
|
+
OR
|
14
|
+
|
15
|
+
class Article < ActiveRecord::Base
|
16
|
+
extra_sanitize :columns => [:title, :body], :except => [:body]
|
17
|
+
end
|
18
|
+
|
19
|
+
OR
|
20
|
+
|
21
|
+
class Post < ActiveRecord::Base
|
22
|
+
extra_sanitize :columns => :all
|
23
|
+
end
|
24
|
+
|
25
|
+
OR
|
26
|
+
|
27
|
+
class Tag < ActiveRecord::Base
|
28
|
+
extra_sanitize :columns => :all, :reg_exp => /[~?�]/ #you can replace the default regular expression
|
29
|
+
end
|
30
|
+
|
31
|
+
Copyright (c) 2009 (Amit Kumar), released under the MIT license
|
data/Rakefile
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rake/rdoctask'
|
4
|
+
require 'rubygems'
|
5
|
+
require 'echoe'
|
6
|
+
|
7
|
+
desc 'Default: run unit tests.'
|
8
|
+
task :default => :test
|
9
|
+
|
10
|
+
desc 'Test the extra_sanitize plugin.'
|
11
|
+
Rake::TestTask.new(:test) do |t|
|
12
|
+
t.libs << 'lib'
|
13
|
+
t.pattern = 'test/**/*_test.rb'
|
14
|
+
t.verbose = true
|
15
|
+
end
|
16
|
+
|
17
|
+
desc 'Generate documentation for the extra_sanitize plugin.'
|
18
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
19
|
+
rdoc.rdoc_dir = 'rdoc'
|
20
|
+
rdoc.title = 'ExtraSanitize'
|
21
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
22
|
+
rdoc.rdoc_files.include('README')
|
23
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
24
|
+
end
|
25
|
+
|
26
|
+
Echoe.new('extra_sanitize', '0.1.0') do |p|
|
27
|
+
p.description = "Extra sanitize your database columns"
|
28
|
+
p.url = "http://github.com/toamitkumar/extra_sanitize"
|
29
|
+
p.author = "Amit Kumar"
|
30
|
+
p.email = "toamitkumar@gmail.com"
|
31
|
+
p.ignore_pattern = ["tmp/*", "script/*"]
|
32
|
+
p.development_dependencies = []
|
33
|
+
end
|
34
|
+
|
35
|
+
Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = %q{extra_sanitize}
|
5
|
+
s.version = "0.1.0"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Amit Kumar"]
|
9
|
+
s.date = %q{2010-05-02}
|
10
|
+
s.description = %q{Extra sanitize your database columns}
|
11
|
+
s.email = %q{toamitkumar@gmail.com}
|
12
|
+
s.extra_rdoc_files = ["README", "extra_sanitize.gemspec", "lib/extra_sanitize.rb", "tasks/extra_sanitize_tasks.rake"]
|
13
|
+
s.files = ["MIT-LICENSE", "Manifest", "README", "Rakefile", "extra_sanitize.gemspec", "init.rb", "install.rb", "lib/extra_sanitize.rb", "tasks/extra_sanitize_tasks.rake", "test/extra_sanitize_test.rb", "test/models/article.rb", "test/models/book.rb", "test/models/comment.rb", "test/models/post.rb", "test/models/tag.rb", "test/schema.rb", "test/test_helper.rb", "uninstall.rb"]
|
14
|
+
s.homepage = %q{http://github.com/toamitkumar/extra_sanitize}
|
15
|
+
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Extra_sanitize", "--main", "README"]
|
16
|
+
s.require_paths = ["lib"]
|
17
|
+
s.rubyforge_project = %q{extra_sanitize}
|
18
|
+
s.rubygems_version = %q{1.3.5}
|
19
|
+
s.summary = %q{Extra sanitize your database columns}
|
20
|
+
s.test_files = ["test/extra_sanitize_test.rb", "test/test_helper.rb"]
|
21
|
+
|
22
|
+
if s.respond_to? :specification_version then
|
23
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
24
|
+
s.specification_version = 3
|
25
|
+
|
26
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
27
|
+
else
|
28
|
+
end
|
29
|
+
else
|
30
|
+
end
|
31
|
+
end
|
data/init.rb
ADDED
data/install.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# Install hook code here
|
@@ -0,0 +1,47 @@
|
|
1
|
+
module ExtraSanitize
|
2
|
+
def self.included(base)
|
3
|
+
base.extend(ClassMethods)
|
4
|
+
end
|
5
|
+
|
6
|
+
module ClassMethods
|
7
|
+
def extra_sanitize(options = {})
|
8
|
+
before_validation :extra_sanitize_fields
|
9
|
+
|
10
|
+
write_inheritable_attribute(:extra_sanitize_options, {
|
11
|
+
:except => (options[:except] || []),
|
12
|
+
:columns => ([options[:columns]]).flatten,
|
13
|
+
:reg_exp => options[:reg_exp] || /[~*<>\"‘“’”?¿%\/]/
|
14
|
+
})
|
15
|
+
|
16
|
+
class_inheritable_reader :extra_sanitize_options
|
17
|
+
|
18
|
+
include ExtraSanitize::InstanceMethods
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
module InstanceMethods
|
23
|
+
def extra_sanitize_fields
|
24
|
+
return if extra_sanitize_options.nil?
|
25
|
+
extra_sanitize_options[:columns] = self.class.columns.map { |column| column.name.to_sym } if(extra_sanitize_options[:columns] == [:all])
|
26
|
+
|
27
|
+
self.class.columns.each do |column|
|
28
|
+
next unless (column.type == :string || column.type == :text)
|
29
|
+
|
30
|
+
field = column.name.to_sym
|
31
|
+
value = self[field]
|
32
|
+
|
33
|
+
next if value.nil?
|
34
|
+
|
35
|
+
if extra_sanitize_options[:except].include?(field)
|
36
|
+
next
|
37
|
+
elsif(extra_sanitize_options[:columns].include?(field))
|
38
|
+
self[field] = sanitize_value(value)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def sanitize_value(val)
|
44
|
+
val.gsub(extra_sanitize_options[:reg_exp], "")
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), "/test_helper")
|
2
|
+
|
3
|
+
class ExtraSanitizeTest < Test::Unit::TestCase
|
4
|
+
|
5
|
+
def test_should_sanitize_only_specified_columns
|
6
|
+
article = Article.new(:title => "~*<some title>\"‘“’”?¿", :body => "some body~~~~")
|
7
|
+
article.valid?
|
8
|
+
assert_equal article.title, "some title"
|
9
|
+
end
|
10
|
+
|
11
|
+
def test_should_sanitize_column_name_with_percentage_in_it
|
12
|
+
article = Article.new(:title => "%%%some %%%title%%%", :body => "some body~~~~")
|
13
|
+
article.valid?
|
14
|
+
assert_equal article.title, "some title"
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_should_sanitize_column_name_with_forward_slash_in_it
|
18
|
+
article = Article.new(:title => "some ///title///", :body => "some body~~~~")
|
19
|
+
article.valid?
|
20
|
+
assert_equal article.title, "some title"
|
21
|
+
end
|
22
|
+
|
23
|
+
def test_should_not_sanitize_excluded_columns
|
24
|
+
article = Article.new(:title => "~*<some title>\"‘“’”?¿", :body => "some body~~~~")
|
25
|
+
article.valid?
|
26
|
+
assert_equal article.body, "some body~~~~"
|
27
|
+
end
|
28
|
+
|
29
|
+
def test_should_not_sanitize_if_not_included
|
30
|
+
comment = Comment.new(:title => "some title~*<>\"‘“’”?¿", :description => "some body~~~~")
|
31
|
+
|
32
|
+
comment.valid?
|
33
|
+
assert_equal comment.title, "some title~*<>\"‘“’”?¿"
|
34
|
+
assert_equal comment.description, "some body~~~~"
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_should_sanitize_all_string_text_columns
|
38
|
+
post = Post.new(:title => "<some title>\"‘“’”?¿", :description => "“some~~~~ ‘body’~~~~”")
|
39
|
+
post.valid?
|
40
|
+
assert_equal post.title, "some title"
|
41
|
+
assert_equal post.description, "some body"
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_should_replace_default_reg_exp_to_sanitize
|
45
|
+
tag = Tag.new(:name => "<some ~title>\"‘“’”?¿")
|
46
|
+
tag.valid?
|
47
|
+
|
48
|
+
assert_equal(tag.name, "<some title>\"‘“’”")
|
49
|
+
end
|
50
|
+
end
|
data/test/models/book.rb
ADDED
data/test/models/post.rb
ADDED
data/test/models/tag.rb
ADDED
data/test/schema.rb
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
ActiveRecord::Schema.define(:version => 0) do
|
2
|
+
create_table :articles, :force => true do |t|
|
3
|
+
t.column :title, :string
|
4
|
+
t.column :body, :text
|
5
|
+
end
|
6
|
+
|
7
|
+
create_table :books, :force => true do |t|
|
8
|
+
t.column :title, :string
|
9
|
+
end
|
10
|
+
|
11
|
+
create_table :comments, :force => true do |t|
|
12
|
+
t.column :title, :string
|
13
|
+
t.column :description, :text
|
14
|
+
end
|
15
|
+
|
16
|
+
create_table :posts, :force => true do |t|
|
17
|
+
t.column :title, :string
|
18
|
+
t.column :description, :text
|
19
|
+
end
|
20
|
+
|
21
|
+
create_table :tags, :force => true do |t|
|
22
|
+
t.column :name, :string
|
23
|
+
end
|
24
|
+
end
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
$:.unshift(File.dirname(__FILE__) + '/../lib')
|
2
|
+
|
3
|
+
RAILS_ENV = 'test'
|
4
|
+
require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb'))
|
5
|
+
require 'mocha'
|
6
|
+
require 'test/unit'
|
7
|
+
|
8
|
+
load(File.dirname(__FILE__) + "/schema.rb")
|
9
|
+
|
10
|
+
require File.join(File.dirname(__FILE__), 'models/article')
|
11
|
+
require File.join(File.dirname(__FILE__), 'models/book')
|
12
|
+
require File.join(File.dirname(__FILE__), 'models/comment')
|
13
|
+
require File.join(File.dirname(__FILE__), 'models/post')
|
14
|
+
require File.join(File.dirname(__FILE__), 'models/tag')
|
data/uninstall.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# Uninstall hook code here
|
metadata
ADDED
@@ -0,0 +1,81 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: extra_sanitize
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Amit Kumar
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2010-05-02 00:00:00 -03:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description: Extra sanitize your database columns
|
17
|
+
email: toamitkumar@gmail.com
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files:
|
23
|
+
- README
|
24
|
+
- extra_sanitize.gemspec
|
25
|
+
- lib/extra_sanitize.rb
|
26
|
+
- tasks/extra_sanitize_tasks.rake
|
27
|
+
files:
|
28
|
+
- MIT-LICENSE
|
29
|
+
- Manifest
|
30
|
+
- README
|
31
|
+
- Rakefile
|
32
|
+
- extra_sanitize.gemspec
|
33
|
+
- init.rb
|
34
|
+
- install.rb
|
35
|
+
- lib/extra_sanitize.rb
|
36
|
+
- tasks/extra_sanitize_tasks.rake
|
37
|
+
- test/extra_sanitize_test.rb
|
38
|
+
- test/models/article.rb
|
39
|
+
- test/models/book.rb
|
40
|
+
- test/models/comment.rb
|
41
|
+
- test/models/post.rb
|
42
|
+
- test/models/tag.rb
|
43
|
+
- test/schema.rb
|
44
|
+
- test/test_helper.rb
|
45
|
+
- uninstall.rb
|
46
|
+
has_rdoc: true
|
47
|
+
homepage: http://github.com/toamitkumar/extra_sanitize
|
48
|
+
licenses: []
|
49
|
+
|
50
|
+
post_install_message:
|
51
|
+
rdoc_options:
|
52
|
+
- --line-numbers
|
53
|
+
- --inline-source
|
54
|
+
- --title
|
55
|
+
- Extra_sanitize
|
56
|
+
- --main
|
57
|
+
- README
|
58
|
+
require_paths:
|
59
|
+
- lib
|
60
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
61
|
+
requirements:
|
62
|
+
- - ">="
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: "0"
|
65
|
+
version:
|
66
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
67
|
+
requirements:
|
68
|
+
- - ">="
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: "1.2"
|
71
|
+
version:
|
72
|
+
requirements: []
|
73
|
+
|
74
|
+
rubyforge_project: extra_sanitize
|
75
|
+
rubygems_version: 1.3.5
|
76
|
+
signing_key:
|
77
|
+
specification_version: 3
|
78
|
+
summary: Extra sanitize your database columns
|
79
|
+
test_files:
|
80
|
+
- test/extra_sanitize_test.rb
|
81
|
+
- test/test_helper.rb
|