hash_keys_sanitizer 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +18 -0
- data/.rspec +2 -0
- data/.ruby-version +1 -0
- data/.travis.yml +5 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README.md +40 -0
- data/Rakefile +7 -0
- data/hash_keys_sanitizer.gemspec +23 -0
- data/lib/hash_keys_sanitizer/hash_keys_sanitizer.rb +55 -0
- data/lib/hash_keys_sanitizer/version.rb +3 -0
- data/lib/hash_keys_sanitizer.rb +3 -0
- data/spec/lib/hash_keys_sanitizer/hash_keys_sanitizer_spec.rb +62 -0
- data/spec/spec_helper.rb +89 -0
- metadata +102 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: a3c5bce97d346dbbbcca89d585915eb11719b3bb
|
4
|
+
data.tar.gz: 51a9fecfcd71bee9dd82a40a7bc725d394a688d9
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 7b2757714a924666984281e8fe6807a9775e7683d81c8ce20667b4ed3fb5d46029329cffae05fe9f684cbaf94cd9ccc293eb4efd0d405263c33f66f1ae320ecb
|
7
|
+
data.tar.gz: ff18bc1acd6fa71d1b310092d8f6b874b26a8f039d8d2801eefb2016ac959527b551b1b7a0226e709373bdaacfd6e64345bf39102516b230c3b261581117fcad
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby-2.1.5
|
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2015 Thomas Baustert
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
[![Build Status](https://travis-ci.org/thomasbaustert/hash_keys_sanitizer.svg?branch=master)](https://travis-ci.org/thomasbaustert/hash_keys_sanitizer)
|
2
|
+
|
3
|
+
# hash_keys_sanitizer
|
4
|
+
|
5
|
+
Sanitizes a hash keys according to a whitelist.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
gem 'hash_keys_sanitizer'
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
|
15
|
+
$ bundle
|
16
|
+
|
17
|
+
Or install it yourself as:
|
18
|
+
|
19
|
+
$ gem install hash_keys_sanitizer
|
20
|
+
|
21
|
+
## Usage
|
22
|
+
|
23
|
+
The sanitizer is initialized with the whitelist, for example:
|
24
|
+
|
25
|
+
HashKeysSanitizer.new(whitelist: [:name, address: [:street, :city, email: [:type]]])
|
26
|
+
|
27
|
+
The whitelist contains the permitted (nested keys). In the example above the top level keys `name`
|
28
|
+
and `address` are permitted. For the key `address` the nested keys `street`, `city` and `email` are
|
29
|
+
permitted. And for `email` the nested key `type` is permitted.
|
30
|
+
|
31
|
+
To sanitizes the hash call `sanitize` and pass the hash:
|
32
|
+
|
33
|
+
sanitized_params = sanitizer.sanitize(name: 'John', unknown: 'dummy',
|
34
|
+
address: { street: "John Street", unknown: "BANG",
|
35
|
+
email: { type: 'job', unknown: 'BANG' } })
|
36
|
+
p sanitized_params
|
37
|
+
{:name=>"John", :address=>{:street=>"John Street", :email=>{:type=>"job"}}}
|
38
|
+
|
39
|
+
The whitelist and hash can have stringified or symbolized keys. All combinations are supported.
|
40
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
lib = File.expand_path('../lib', __FILE__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
require 'hash_keys_sanitizer/version'
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = "hash_keys_sanitizer"
|
7
|
+
spec.version = HashKeysSanitizer::VERSION
|
8
|
+
spec.authors = ["Thomas Baustert"]
|
9
|
+
spec.email = ["business@thomasbaustert.de"]
|
10
|
+
spec.summary = %q{Hash keys sanitizer}
|
11
|
+
spec.description = %q{Sanitizes hash keys according to a whitelist}
|
12
|
+
spec.homepage = "https://github.com/thomasbuatsert/hash_keys_sanitizer"
|
13
|
+
spec.license = "MIT"
|
14
|
+
|
15
|
+
spec.files = `git ls-files -z`.split("\x0")
|
16
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
17
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
18
|
+
spec.require_paths = ["lib"]
|
19
|
+
|
20
|
+
spec.add_development_dependency "bundler"
|
21
|
+
spec.add_development_dependency 'rake'
|
22
|
+
spec.add_development_dependency 'rspec'
|
23
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
class HashKeysSanitizer
|
2
|
+
|
3
|
+
class HashKeysSanitizerError < StandardError
|
4
|
+
end
|
5
|
+
|
6
|
+
def initialize(options = {})
|
7
|
+
@whitelist = options[:whitelist] || {}
|
8
|
+
end
|
9
|
+
|
10
|
+
##
|
11
|
+
# Sanitizes given hash and returns new hash.
|
12
|
+
#
|
13
|
+
def sanitize(raw_parameters = {})
|
14
|
+
kept_params = {}
|
15
|
+
sanitize_nesting(kept_params, @whitelist, symbolize_recursive(raw_parameters))
|
16
|
+
kept_params
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
|
21
|
+
def sanitize_nesting(kept_params, whitelist, raw_parameters)
|
22
|
+
# example whitelist: [:name, address: [:street, :city, email: [:type]]]
|
23
|
+
whitelist.each do |entry|
|
24
|
+
# :name
|
25
|
+
if entry.is_a?(Symbol) || entry.is_a?(String)
|
26
|
+
key = entry.to_sym
|
27
|
+
kept_params[key] = raw_parameters[key] if raw_parameters.has_key?(key)
|
28
|
+
# { address: [:street, :city, ...] }
|
29
|
+
elsif entry.is_a?(Hash)
|
30
|
+
key = entry.keys.first.to_sym
|
31
|
+
kept_params[key] ||= {}
|
32
|
+
sanitize_nesting(kept_params[key], entry.values.first, raw_parameters[key])
|
33
|
+
else
|
34
|
+
raise HashKeysSanitizerError, "Unsupported whitelist entry type #{entry.class}: #{entry.inspect}"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def symbolize_recursive(hash)
|
40
|
+
{}.tap do |h|
|
41
|
+
hash.each { |key, value| h[key.to_sym] = map_value(value) }
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def map_value(thing)
|
46
|
+
case thing
|
47
|
+
when Hash
|
48
|
+
symbolize_recursive(thing)
|
49
|
+
when Array
|
50
|
+
thing.map { |v| map_value(v) }
|
51
|
+
else
|
52
|
+
thing
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'hash_keys_sanitizer'
|
3
|
+
|
4
|
+
describe HashKeysSanitizer do
|
5
|
+
|
6
|
+
let(:whitelist) { [:name, address: [:street, :city, email: [:type]]] }
|
7
|
+
let(:sanitizer) { described_class.new(whitelist: whitelist) }
|
8
|
+
|
9
|
+
describe "#sanitize" do
|
10
|
+
|
11
|
+
context "unknown names given" do
|
12
|
+
let(:raw_hash) {
|
13
|
+
{ name: 'John', unknown: 'dummy', address: { street: "John Street", unknown: "BANG",
|
14
|
+
email: { type: 'job', unknown: 'BANG' } } }
|
15
|
+
}
|
16
|
+
|
17
|
+
it "filters out hash keys" do
|
18
|
+
filtered_params = sanitizer.sanitize(raw_hash)
|
19
|
+
expect(filtered_params).to eq(name: 'John', address: { street: "John Street", email: { type: 'job' } })
|
20
|
+
end
|
21
|
+
|
22
|
+
it "does not modify original hash" do
|
23
|
+
filtered_params = sanitizer.sanitize(raw_hash)
|
24
|
+
expect(raw_hash).to eq(name: 'John', unknown: 'dummy', address: { street: "John Street", unknown: "BANG",
|
25
|
+
email: { type: 'job', unknown: 'BANG' } })
|
26
|
+
end
|
27
|
+
|
28
|
+
it "accepts stringified hash keys" do
|
29
|
+
filtered_params = sanitizer.sanitize('name' => 'John', 'unknown' => 'dummy',
|
30
|
+
'address' => { 'street' => "John Street", 'unknown' => "BANG",
|
31
|
+
'email' => { 'type' => 'job', 'unknown' => 'BANG' } })
|
32
|
+
expect(filtered_params).to eq(name: 'John', address: { street: "John Street", email: { type: 'job' } })
|
33
|
+
end
|
34
|
+
|
35
|
+
it "accepts stringified whitelist" do
|
36
|
+
sanitizer = described_class.new(whitelist: ['name', 'address' => ['street', 'city', 'email' => ['type']]])
|
37
|
+
|
38
|
+
filtered_params = sanitizer.sanitize(raw_hash)
|
39
|
+
expect(filtered_params).to eq(name: 'John', address: { street: "John Street", email: { type: 'job' } })
|
40
|
+
end
|
41
|
+
|
42
|
+
it "accepts stringified hash keys and whitelist" do
|
43
|
+
sanitizer = described_class.new(whitelist: ['name', 'address' => ['street', 'city', 'email' => ['type']]])
|
44
|
+
|
45
|
+
filtered_params = sanitizer.sanitize('name' => 'John', 'unknown' => 'dummy',
|
46
|
+
'address' => { 'street' => "John Street", 'unknown' => "BANG",
|
47
|
+
'email' => { 'type' => 'job', 'unknown' => 'BANG' } })
|
48
|
+
expect(filtered_params).to eq(name: 'John', address: { street: "John Street", email: { type: 'job' } })
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
context "valid names given" do
|
53
|
+
it "does not sanitize hash" do
|
54
|
+
raw_hash = { name: 'John Doe', address: { street: 'John Street', city: 'London', email: { type: 'job' } } }
|
55
|
+
|
56
|
+
expect(sanitizer.sanitize(raw_hash)).to eq(raw_hash)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
# This file was generated by the `rspec --init` command. Conventionally, all
|
2
|
+
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
3
|
+
# The generated `.rspec` file contains `--require spec_helper` which will cause this
|
4
|
+
# file to always be loaded, without a need to explicitly require it in any files.
|
5
|
+
#
|
6
|
+
# Given that it is always loaded, you are encouraged to keep this file as
|
7
|
+
# light-weight as possible. Requiring heavyweight dependencies from this file
|
8
|
+
# will add to the boot time of your test suite on EVERY test run, even for an
|
9
|
+
# individual file that may not need all of that loaded. Instead, consider making
|
10
|
+
# a separate helper file that requires the additional dependencies and performs
|
11
|
+
# the additional setup, and require it from the spec files that actually need it.
|
12
|
+
#
|
13
|
+
# The `.rspec` file also contains a few flags that are not defaults but that
|
14
|
+
# users commonly want.
|
15
|
+
#
|
16
|
+
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
17
|
+
RSpec.configure do |config|
|
18
|
+
# rspec-expectations config goes here. You can use an alternate
|
19
|
+
# assertion/expectation library such as wrong or the stdlib/minitest
|
20
|
+
# assertions if you prefer.
|
21
|
+
config.expect_with :rspec do |expectations|
|
22
|
+
# This option will default to `true` in RSpec 4. It makes the `description`
|
23
|
+
# and `failure_message` of custom matchers include text for helper methods
|
24
|
+
# defined using `chain`, e.g.:
|
25
|
+
# be_bigger_than(2).and_smaller_than(4).description
|
26
|
+
# # => "be bigger than 2 and smaller than 4"
|
27
|
+
# ...rather than:
|
28
|
+
# # => "be bigger than 2"
|
29
|
+
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
30
|
+
end
|
31
|
+
|
32
|
+
# rspec-mocks config goes here. You can use an alternate test double
|
33
|
+
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
34
|
+
config.mock_with :rspec do |mocks|
|
35
|
+
# Prevents you from mocking or stubbing a method that does not exist on
|
36
|
+
# a real object. This is generally recommended, and will default to
|
37
|
+
# `true` in RSpec 4.
|
38
|
+
mocks.verify_partial_doubles = true
|
39
|
+
end
|
40
|
+
|
41
|
+
# The settings below are suggested to provide a good initial experience
|
42
|
+
# with RSpec, but feel free to customize to your heart's content.
|
43
|
+
=begin
|
44
|
+
# These two settings work together to allow you to limit a spec run
|
45
|
+
# to individual examples or groups you care about by tagging them with
|
46
|
+
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
|
47
|
+
# get run.
|
48
|
+
config.filter_run :focus
|
49
|
+
config.run_all_when_everything_filtered = true
|
50
|
+
|
51
|
+
# Limits the available syntax to the non-monkey patched syntax that is recommended.
|
52
|
+
# For more details, see:
|
53
|
+
# - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
|
54
|
+
# - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
55
|
+
# - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
|
56
|
+
config.disable_monkey_patching!
|
57
|
+
|
58
|
+
# This setting enables warnings. It's recommended, but in some cases may
|
59
|
+
# be too noisy due to issues in dependencies.
|
60
|
+
config.warnings = true
|
61
|
+
|
62
|
+
# Many RSpec users commonly either run the entire suite or an individual
|
63
|
+
# file, and it's useful to allow more verbose output when running an
|
64
|
+
# individual spec file.
|
65
|
+
if config.files_to_run.one?
|
66
|
+
# Use the documentation formatter for detailed output,
|
67
|
+
# unless a formatter has already been configured
|
68
|
+
# (e.g. via a command-line flag).
|
69
|
+
config.default_formatter = 'doc'
|
70
|
+
end
|
71
|
+
|
72
|
+
# Print the 10 slowest examples and example groups at the
|
73
|
+
# end of the spec run, to help surface which specs are running
|
74
|
+
# particularly slow.
|
75
|
+
config.profile_examples = 10
|
76
|
+
|
77
|
+
# Run specs in random order to surface order dependencies. If you find an
|
78
|
+
# order dependency and want to debug it, you can fix the order by providing
|
79
|
+
# the seed, which is printed after each run.
|
80
|
+
# --seed 1234
|
81
|
+
config.order = :random
|
82
|
+
|
83
|
+
# Seed global randomization in this process using the `--seed` CLI option.
|
84
|
+
# Setting this allows you to use `--seed` to deterministically reproduce
|
85
|
+
# test failures related to randomization by passing the same `--seed` value
|
86
|
+
# as the one that triggered the failure.
|
87
|
+
Kernel.srand config.seed
|
88
|
+
=end
|
89
|
+
end
|
metadata
ADDED
@@ -0,0 +1,102 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: hash_keys_sanitizer
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Thomas Baustert
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-01-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
description: Sanitizes hash keys according to a whitelist
|
56
|
+
email:
|
57
|
+
- business@thomasbaustert.de
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- ".gitignore"
|
63
|
+
- ".rspec"
|
64
|
+
- ".ruby-version"
|
65
|
+
- ".travis.yml"
|
66
|
+
- Gemfile
|
67
|
+
- LICENSE
|
68
|
+
- README.md
|
69
|
+
- Rakefile
|
70
|
+
- hash_keys_sanitizer.gemspec
|
71
|
+
- lib/hash_keys_sanitizer.rb
|
72
|
+
- lib/hash_keys_sanitizer/hash_keys_sanitizer.rb
|
73
|
+
- lib/hash_keys_sanitizer/version.rb
|
74
|
+
- spec/lib/hash_keys_sanitizer/hash_keys_sanitizer_spec.rb
|
75
|
+
- spec/spec_helper.rb
|
76
|
+
homepage: https://github.com/thomasbuatsert/hash_keys_sanitizer
|
77
|
+
licenses:
|
78
|
+
- MIT
|
79
|
+
metadata: {}
|
80
|
+
post_install_message:
|
81
|
+
rdoc_options: []
|
82
|
+
require_paths:
|
83
|
+
- lib
|
84
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ">="
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
90
|
+
requirements:
|
91
|
+
- - ">="
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '0'
|
94
|
+
requirements: []
|
95
|
+
rubyforge_project:
|
96
|
+
rubygems_version: 2.4.3
|
97
|
+
signing_key:
|
98
|
+
specification_version: 4
|
99
|
+
summary: Hash keys sanitizer
|
100
|
+
test_files:
|
101
|
+
- spec/lib/hash_keys_sanitizer/hash_keys_sanitizer_spec.rb
|
102
|
+
- spec/spec_helper.rb
|