input_sanitizer 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4830f8e0493abf23ddd9af334427529fd4075fbc4e5cab74f263921e21bd9310
4
- data.tar.gz: c416c81bb32662258bc645325cec329736dccd9b250b9860f750ee292ec39888
3
+ metadata.gz: 4f2a20c5da1c65b87f1e817d27093de8f9353a6c06b542780d27e3462b64a855
4
+ data.tar.gz: d48d86aac58840dfc42932c1240635552bc3229d297d8f717615088582e6b31c
5
5
  SHA512:
6
- metadata.gz: 51b81975793f215b595b64585e6f1bcdff0fa60a92756dec511cca368bd2064c6a269aeb205dcbe01f5a36186b499d471867e45e0262e14344300a4210cd0be5
7
- data.tar.gz: 383cc4f7ed8c87530796941f6a35dae1ec84739a166499b400e82a923bc78b4ade54fedc9c25052fa49f085a4fed7965027d3187b22f4f4206e4c93d47360162
6
+ metadata.gz: 3dcfbf917beba6d666b964658b8ef569152d74beca656f14640fec37a9bc413273da22988e4eeebfe4aa399841086673519bb3a1eb8c6533d0ada93ac474021b
7
+ data.tar.gz: 56cb28724e2cfbd5eb1755615463e26226cca48ba287d3ee94448da1f5918261d4a8aa430a4b14e82b9bbc6d2fa96888799ecc144ccf6ee585fece7709eee5e1
@@ -0,0 +1,26 @@
1
+ name: CI
2
+
3
+ on:
4
+ push:
5
+ branches:
6
+ - master
7
+ pull_request:
8
+ branches:
9
+ - master
10
+
11
+ jobs:
12
+ build:
13
+ runs-on: ubuntu-18.04
14
+ strategy:
15
+ matrix:
16
+ rvm: [2.1.9,2.2.10,2.5.8,jruby-head]
17
+ steps:
18
+ - uses: zendesk/checkout@v2
19
+ - name: Set up Ruby
20
+ uses: zendesk/setup-ruby@v1
21
+ with:
22
+ ruby-version: ${{ matrix.rvm }}
23
+ - name: Test ${{ matrix.rvm }}
24
+ run: |
25
+ bundle install
26
+ bundle exec rspec spec
data/CHANGELOG CHANGED
@@ -1,3 +1,6 @@
1
+ 0.4.1
2
+ * Added `strip_4byte_chars` option to String V2 sanitizer
3
+
1
4
  0.4.0
2
5
  * Stopped supporting Ruby 1.8 and 1.9
3
6
  * Added support for Rails 5.1 and ruby 2.5.8
data/README.md CHANGED
@@ -1,4 +1,5 @@
1
- # InputSanitizer [![Build Status](https://secure.travis-ci.org/futuresimple/input_sanitizer.png?branch=master)](http://travis-ci.org/futuresimple/input_sanitizer)
1
+ # InputSanitizer
2
+ ![CI](https://github.com/zendesk/input_sanitizer/workflows/CI/badge.svg)
2
3
 
3
4
  Gem to sanitize hash of incoming data
4
5
 
@@ -93,8 +93,22 @@ module InputSanitizer::V2::Types
93
93
  raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && string.length < options[:minimum]
94
94
  raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && string.length > options[:maximum]
95
95
  end
96
+
97
+ if options[:strip_4byte_chars] && !options[:already_stripped]
98
+ value_without_4byte_chars = strip_4byte_chars(value)
99
+ updated_options = options.merge(:already_stripped => true) # to prevent infinite loop
100
+ call(value_without_4byte_chars, updated_options) # run checks once again to ensure string is still valid after stripping 4-byte chars
101
+ else
102
+ value
103
+ end
96
104
  end
97
105
  end
106
+
107
+ private
108
+
109
+ def strip_4byte_chars(string)
110
+ string.each_char.with_object(String.new) { |char, output| output << char if char.bytesize < 4 }
111
+ end
98
112
  end
99
113
 
100
114
  class BooleanCheck
@@ -1,3 +1,3 @@
1
1
  module InputSanitizer
2
- VERSION = "0.4.0"
2
+ VERSION = "0.4.1"
3
3
  end
@@ -17,6 +17,10 @@ class TestedPayloadSanitizer < InputSanitizer::V2::PayloadSanitizer
17
17
  string :status, :allow => ['current', 'past']
18
18
  string :status_with_empty, :allow => ['', 'current', 'past']
19
19
  string :regexp_string, :regexp => /^#?([a-f0-9]{6}|[a-f0-9]{3})$/
20
+ string :utf8mb4_string, :strip_4byte_chars => true
21
+ string :value_restricted_utf8mb4_string, :strip_4byte_chars => true, :allow => ['test']
22
+ string :non_blank_utf8mb4_string, :strip_4byte_chars => true, :allow_blank => false
23
+ string :size_restricted_utf8mb4_string, :strip_4byte_chars => true, :minimum => 2, :maximum => 4
20
24
  nested :address, :sanitizer => AddressSanitizer
21
25
  nested :nullable_address, :sanitizer => AddressSanitizer, :allow_nil => true
22
26
  nested :tags, :sanitizer => TagSanitizer, :collection => true
@@ -155,6 +159,76 @@ describe InputSanitizer::V2::PayloadSanitizer do
155
159
  end
156
160
  end
157
161
 
162
+ describe "strip_4byte_chars option" do
163
+ it "is valid when given a string with 4-byte chars" do
164
+ @params = { :utf8mb4_string => "test \u{1F435} value" }
165
+ sanitizer.should be_valid
166
+ end
167
+
168
+ it "returns sanitized string without 4-byte chars" do
169
+ @params = { :utf8mb4_string => "test\u{1F435}" }
170
+ sanitizer[:utf8mb4_string].should eq "test"
171
+ end
172
+
173
+ it "properly handles string with 4-byte char at the beginning" do
174
+ @params = { :utf8mb4_string => "\u{1F435} 4-byte char at the beginning" }
175
+ sanitizer[:utf8mb4_string].should eq ' 4-byte char at the beginning'
176
+ end
177
+
178
+ it "properly handles string with 4-byte char in the middle" do
179
+ @params = { :utf8mb4_string => "4-byte char\u{1F435} in the middle" }
180
+ sanitizer[:utf8mb4_string].should eq '4-byte char in the middle'
181
+ end
182
+
183
+ it "properly handles string with 4-byte char at the end" do
184
+ @params = { :utf8mb4_string => "4-byte char at the end \u{1F435}" }
185
+ sanitizer[:utf8mb4_string].should eq '4-byte char at the end '
186
+ end
187
+
188
+ it "does not strip 3-byte chars" do
189
+ @params = { :utf8mb4_string => "Test \u{270A}" }
190
+ sanitizer[:utf8mb4_string].should eq "Test \u{270A}"
191
+ end
192
+
193
+ describe "when used with other options" do
194
+ describe "allow" do
195
+ it "is valid when string matches any value in allowlist before stripping 4-byte chars" do
196
+ @params = { :value_restricted_utf8mb4_string => "test" }
197
+ sanitizer.should be_valid
198
+ end
199
+
200
+ it "is invalid when string doesn't match any value in allowlist before stripping 4-byte chars" do
201
+ @params = { :value_restricted_utf8mb4_string => "test\u{1F435}" }
202
+ sanitizer.should_not be_valid
203
+ end
204
+ end
205
+
206
+ describe "allow_blank=false" do
207
+ it "is invalid when string is already blank before stripping 4-byte chars" do
208
+ @params = { :non_blank_utf8mb4_string => " " }
209
+ sanitizer.should_not be_valid
210
+ end
211
+
212
+ it "is invalid when string becomes blank as a result of stripping 4-byte chars" do
213
+ @params = { :non_blank_utf8mb4_string => " \u{1F435} " }
214
+ sanitizer.should_not be_valid
215
+ end
216
+ end
217
+
218
+ describe "minimum and maximum" do
219
+ it "is invalid when string is already too long before stripping 4-byte chars" do
220
+ @params = { :size_restricted_utf8mb4_string => "1234\u{1F435}" }
221
+ sanitizer.should_not be_valid
222
+ end
223
+
224
+ it "is invalid when string becomes too short as a result of stripping 4-byte chars" do
225
+ @params = { :size_restricted_utf8mb4_string => "1\u{1F435}" }
226
+ sanitizer.should_not be_valid
227
+ end
228
+ end
229
+ end
230
+ end
231
+
158
232
  describe "strict param checking" do
159
233
  it "is invalid when given extra params" do
160
234
  @params = { :extra => 'test', :extra2 => 1 }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: input_sanitizer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zendesk
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-20 00:00:00.000000000 Z
11
+ date: 2021-05-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: method_struct
@@ -87,10 +87,10 @@ executables: []
87
87
  extensions: []
88
88
  extra_rdoc_files: []
89
89
  files:
90
+ - ".github/workflows/ci.yaml"
90
91
  - ".github/workflows/gempush.yml"
91
92
  - ".gitignore"
92
93
  - ".rspec"
93
- - ".travis.yml"
94
94
  - CHANGELOG
95
95
  - Gemfile
96
96
  - LICENSE
@@ -152,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
152
152
  - !ruby/object:Gem::Version
153
153
  version: '0'
154
154
  requirements: []
155
- rubygems_version: 3.0.3
155
+ rubygems_version: 3.0.3.1
156
156
  signing_key:
157
157
  specification_version: 4
158
158
  summary: Gem to sanitize hash of incoming data
data/.travis.yml DELETED
@@ -1,8 +0,0 @@
1
- language: ruby
2
- script: bundle exec rspec spec
3
- rvm:
4
- - 2.0.0
5
- - 2.1.0
6
- - 2.2.0
7
- - 2.5.8
8
- - jruby-19mode