extra_sanitize 0.1.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 [Amit Kumar]
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Manifest

@@ -0,0 +1,18 @@
+MIT-LICENSE
+Manifest
+README
+Rakefile
+extra_sanitize.gemspec
+init.rb
+install.rb
+lib/extra_sanitize.rb
+tasks/extra_sanitize_tasks.rake
+test/extra_sanitize_test.rb
+test/models/article.rb
+test/models/book.rb
+test/models/comment.rb
+test/models/post.rb
+test/models/tag.rb
+test/schema.rb
+test/test_helper.rb
+uninstall.rb

data/README

@@ -0,0 +1,31 @@
+EtraSanitize
+============================================================================================================================================
+
+This plugin provides the ability to put an extra layer of sanitization for you database columns - if you are already using xss_terminate. 
+
+
+Example
+============================================================================================================================================
+class Book < ActiveRecord::Base
+  extra_sanitize :columns => :title
+end
+
+OR
+
+class Article < ActiveRecord::Base
+  extra_sanitize :columns => [:title, :body], :except => [:body]
+end
+
+OR
+
+class Post < ActiveRecord::Base
+  extra_sanitize :columns => :all
+end
+
+OR
+
+class Tag < ActiveRecord::Base
+  extra_sanitize :columns => :all, :reg_exp => /[~?�]/  #you can replace the default regular expression
+end
+
+Copyright (c) 2009 (Amit Kumar), released under the MIT license

data/Rakefile

@@ -0,0 +1,35 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+require 'rubygems'  
+require 'echoe'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the extra_sanitize plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the extra_sanitize plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ExtraSanitize'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+Echoe.new('extra_sanitize', '0.1.0') do |p|  
+  p.description     = "Extra sanitize your database columns"  
+  p.url             = "http://github.com/toamitkumar/extra_sanitize"  
+  p.author          = "Amit Kumar"  
+  p.email           = "toamitkumar@gmail.com"  
+  p.ignore_pattern  = ["tmp/*", "script/*"]  
+  p.development_dependencies = []  
+end  
+
+Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }

data/extra_sanitize.gemspec

@@ -0,0 +1,31 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{extra_sanitize}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Amit Kumar"]
+  s.date = %q{2010-05-02}
+  s.description = %q{Extra sanitize your database columns}
+  s.email = %q{toamitkumar@gmail.com}
+  s.extra_rdoc_files = ["README", "extra_sanitize.gemspec", "lib/extra_sanitize.rb", "tasks/extra_sanitize_tasks.rake"]
+  s.files = ["MIT-LICENSE", "Manifest", "README", "Rakefile", "extra_sanitize.gemspec", "init.rb", "install.rb", "lib/extra_sanitize.rb", "tasks/extra_sanitize_tasks.rake", "test/extra_sanitize_test.rb", "test/models/article.rb", "test/models/book.rb", "test/models/comment.rb", "test/models/post.rb", "test/models/tag.rb", "test/schema.rb", "test/test_helper.rb", "uninstall.rb"]
+  s.homepage = %q{http://github.com/toamitkumar/extra_sanitize}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Extra_sanitize", "--main", "README"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{extra_sanitize}
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Extra sanitize your database columns}
+  s.test_files = ["test/extra_sanitize_test.rb", "test/test_helper.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/init.rb

@@ -0,0 +1,3 @@
+require File.dirname(__FILE__) + '/lib/extra_sanitize'
+
+ActiveRecord::Base.send(:include, ExtraSanitize)

data/install.rb

@@ -0,0 +1 @@
+# Install hook code here

data/lib/extra_sanitize.rb

@@ -0,0 +1,47 @@
+module ExtraSanitize
+  def self.included(base)
+    base.extend(ClassMethods)
+  end
+
+  module ClassMethods
+    def extra_sanitize(options = {})
+      before_validation :extra_sanitize_fields
+
+      write_inheritable_attribute(:extra_sanitize_options, {
+        :except => (options[:except] || []),
+        :columns => ([options[:columns]]).flatten,
+        :reg_exp => options[:reg_exp] || /[~*<>\"‘“’”?¿%\/]/
+      })
+
+      class_inheritable_reader :extra_sanitize_options
+
+      include ExtraSanitize::InstanceMethods
+    end
+  end
+
+  module InstanceMethods
+    def extra_sanitize_fields
+      return if extra_sanitize_options.nil?
+      extra_sanitize_options[:columns] = self.class.columns.map { |column| column.name.to_sym } if(extra_sanitize_options[:columns] == [:all])
+
+      self.class.columns.each do |column|
+        next unless (column.type == :string || column.type == :text)
+
+        field = column.name.to_sym
+        value = self[field]
+
+        next if value.nil?
+
+        if extra_sanitize_options[:except].include?(field)
+          next
+        elsif(extra_sanitize_options[:columns].include?(field))
+          self[field] = sanitize_value(value)
+        end
+      end
+    end
+
+    def sanitize_value(val)
+      val.gsub(extra_sanitize_options[:reg_exp], "")
+    end
+  end
+end

data/tasks/extra_sanitize_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :extra_sanitize do
+#   # Task goes here
+# end

data/test/extra_sanitize_test.rb

@@ -0,0 +1,50 @@
+require File.join(File.dirname(__FILE__), "/test_helper")
+
+class ExtraSanitizeTest < Test::Unit::TestCase
+  
+  def test_should_sanitize_only_specified_columns
+    article = Article.new(:title => "~*<some title>\"‘“’”?¿", :body => "some body~~~~")
+    article.valid?
+    assert_equal article.title, "some title"
+  end
+
+  def test_should_sanitize_column_name_with_percentage_in_it
+    article = Article.new(:title => "%%%some %%%title%%%", :body => "some body~~~~")
+    article.valid?
+    assert_equal article.title, "some title"
+  end
+
+  def test_should_sanitize_column_name_with_forward_slash_in_it
+    article = Article.new(:title => "some ///title///", :body => "some body~~~~")
+    article.valid?
+    assert_equal article.title, "some title"
+  end
+
+  def test_should_not_sanitize_excluded_columns
+    article = Article.new(:title => "~*<some title>\"‘“’”?¿", :body => "some body~~~~")
+    article.valid?
+    assert_equal article.body, "some body~~~~"
+  end
+
+  def test_should_not_sanitize_if_not_included
+    comment = Comment.new(:title => "some title~*<>\"‘“’”?¿", :description => "some body~~~~")
+
+    comment.valid?
+    assert_equal comment.title, "some title~*<>\"‘“’”?¿"
+    assert_equal comment.description, "some body~~~~"
+  end
+
+  def test_should_sanitize_all_string_text_columns
+    post = Post.new(:title => "<some title>\"‘“’”?¿", :description => "“some~~~~ ‘body’~~~~”")
+    post.valid?
+    assert_equal post.title, "some title"
+    assert_equal post.description, "some body"
+  end
+
+  def test_should_replace_default_reg_exp_to_sanitize
+    tag = Tag.new(:name => "<some ~title>\"‘“’”?¿")
+    tag.valid?
+
+    assert_equal(tag.name, "<some title>\"‘“’”")
+  end
+end

data/test/models/article.rb

@@ -0,0 +1,3 @@
+class Article < ActiveRecord::Base
+  extra_sanitize :columns => [:title, :body], :except => [:body]
+end

data/test/models/book.rb

@@ -0,0 +1,3 @@
+class Book < ActiveRecord::Base
+  extra_sanitize :columns => :title
+end

data/test/models/comment.rb

@@ -0,0 +1,2 @@
+class Comment < ActiveRecord::Base  
+end

data/test/models/post.rb

@@ -0,0 +1,3 @@
+class Post < ActiveRecord::Base
+  extra_sanitize :columns => :all
+end

data/test/models/tag.rb

@@ -0,0 +1,3 @@
+class Tag < ActiveRecord::Base
+  extra_sanitize :columns => :all, :reg_exp => /[~?¿]/
+end

data/test/schema.rb

@@ -0,0 +1,24 @@
+ActiveRecord::Schema.define(:version => 0) do
+  create_table :articles, :force => true do |t|
+    t.column :title, :string
+    t.column :body, :text
+  end
+  
+  create_table :books, :force => true do |t|
+    t.column :title, :string
+  end
+
+  create_table :comments, :force => true do |t|
+    t.column :title, :string
+    t.column :description, :text
+  end
+
+  create_table :posts, :force => true do |t|
+    t.column :title, :string
+    t.column :description, :text
+  end
+  
+  create_table :tags, :force => true do |t|
+    t.column :name, :string
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,14 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+RAILS_ENV = 'test'
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb'))
+require 'mocha'
+require 'test/unit'
+
+load(File.dirname(__FILE__) + "/schema.rb")
+
+require File.join(File.dirname(__FILE__), 'models/article')
+require File.join(File.dirname(__FILE__), 'models/book')
+require File.join(File.dirname(__FILE__), 'models/comment')
+require File.join(File.dirname(__FILE__), 'models/post')
+require File.join(File.dirname(__FILE__), 'models/tag')

data/uninstall.rb

@@ -0,0 +1 @@
+# Uninstall hook code here

metadata

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification 
+name: extra_sanitize
+version: !ruby/object:Gem::Version 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Amit Kumar
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-05-02 00:00:00 -03:00
+default_executable: 
+dependencies: []
+
+description: Extra sanitize your database columns
+email: toamitkumar@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- extra_sanitize.gemspec
+- lib/extra_sanitize.rb
+- tasks/extra_sanitize_tasks.rake
+files: 
+- MIT-LICENSE
+- Manifest
+- README
+- Rakefile
+- extra_sanitize.gemspec
+- init.rb
+- install.rb
+- lib/extra_sanitize.rb
+- tasks/extra_sanitize_tasks.rake
+- test/extra_sanitize_test.rb
+- test/models/article.rb
+- test/models/book.rb
+- test/models/comment.rb
+- test/models/post.rb
+- test/models/tag.rb
+- test/schema.rb
+- test/test_helper.rb
+- uninstall.rb
+has_rdoc: true
+homepage: http://github.com/toamitkumar/extra_sanitize
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Extra_sanitize
+- --main
+- README
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: extra_sanitize
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Extra sanitize your database columns
+test_files: 
+- test/extra_sanitize_test.rb
+- test/test_helper.rb