input_sanitizer 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yaml +26 -0
- data/CHANGELOG +6 -0
- data/README.md +2 -1
- data/lib/input_sanitizer/v2/types.rb +15 -0
- data/lib/input_sanitizer/version.rb +1 -1
- data/spec/v2/payload_sanitizer_spec.rb +74 -0
- metadata +4 -4
- data/.travis.yml +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b17187da279365f142d7fe151cde0475bc79bd906eaa517a394d0345dfa959da
|
|
4
|
+
data.tar.gz: ae5b758685cba665827b5616e7bd2af11e9e20199fb38162355876c64df26e7f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dac569cd500bf5f3c25be2aba2d863b74083d47704aa737fe2670dc8051fbc59e4bcc81de2468d2899dbe1b0d3700d8b6e2446dad0910a0d554aa3fec3f7f888
|
|
7
|
+
data.tar.gz: eb1bae9cfa2759748ac63af0f5e582d74e06fc70ebd2e4ffc979b7c62fa36bca0d17780e01ca177be33dc3e7d61511f5926e8581cc977dbfdc926b21ae35af70
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
on: push
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
build:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
strategy:
|
|
9
|
+
matrix:
|
|
10
|
+
ruby-version:
|
|
11
|
+
- 2.3.8
|
|
12
|
+
- 2.5.8
|
|
13
|
+
- 2.6.8
|
|
14
|
+
- 2.7.6
|
|
15
|
+
- 3.0.4
|
|
16
|
+
- 3.1.2
|
|
17
|
+
steps:
|
|
18
|
+
- uses: zendesk/checkout@v2
|
|
19
|
+
- name: Set up Ruby
|
|
20
|
+
uses: zendesk/setup-ruby@v1
|
|
21
|
+
with:
|
|
22
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
23
|
+
- name: Test ${{ matrix.ruby-version }}
|
|
24
|
+
run: |
|
|
25
|
+
bundle install
|
|
26
|
+
bundle exec rspec spec
|
data/CHANGELOG
CHANGED
data/README.md
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
# InputSanitizer
|
|
1
|
+
# InputSanitizer
|
|
2
|
+
|
|
2
3
|
|
|
3
4
|
Gem to sanitize hash of incoming data
|
|
4
5
|
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'active_support/core_ext/object/blank'
|
|
2
|
+
require 'uri'
|
|
2
3
|
|
|
3
4
|
module InputSanitizer::V2::Types
|
|
4
5
|
class IntegerCheck
|
|
@@ -93,8 +94,22 @@ module InputSanitizer::V2::Types
|
|
|
93
94
|
raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:minimum] && string.length < options[:minimum]
|
|
94
95
|
raise InputSanitizer::ValueError.new(value, options[:minimum], options[:maximum]) if options[:maximum] && string.length > options[:maximum]
|
|
95
96
|
end
|
|
97
|
+
|
|
98
|
+
if options[:strip_4byte_chars] && !options[:already_stripped]
|
|
99
|
+
value_without_4byte_chars = strip_4byte_chars(value)
|
|
100
|
+
updated_options = options.merge(:already_stripped => true) # to prevent infinite loop
|
|
101
|
+
call(value_without_4byte_chars, updated_options) # run checks once again to ensure string is still valid after stripping 4-byte chars
|
|
102
|
+
else
|
|
103
|
+
value
|
|
104
|
+
end
|
|
96
105
|
end
|
|
97
106
|
end
|
|
107
|
+
|
|
108
|
+
private
|
|
109
|
+
|
|
110
|
+
def strip_4byte_chars(string)
|
|
111
|
+
string.each_char.with_object(String.new) { |char, output| output << char if char.bytesize < 4 }
|
|
112
|
+
end
|
|
98
113
|
end
|
|
99
114
|
|
|
100
115
|
class BooleanCheck
|
|
@@ -17,6 +17,10 @@ class TestedPayloadSanitizer < InputSanitizer::V2::PayloadSanitizer
|
|
|
17
17
|
string :status, :allow => ['current', 'past']
|
|
18
18
|
string :status_with_empty, :allow => ['', 'current', 'past']
|
|
19
19
|
string :regexp_string, :regexp => /^#?([a-f0-9]{6}|[a-f0-9]{3})$/
|
|
20
|
+
string :utf8mb4_string, :strip_4byte_chars => true
|
|
21
|
+
string :value_restricted_utf8mb4_string, :strip_4byte_chars => true, :allow => ['test']
|
|
22
|
+
string :non_blank_utf8mb4_string, :strip_4byte_chars => true, :allow_blank => false
|
|
23
|
+
string :size_restricted_utf8mb4_string, :strip_4byte_chars => true, :minimum => 2, :maximum => 4
|
|
20
24
|
nested :address, :sanitizer => AddressSanitizer
|
|
21
25
|
nested :nullable_address, :sanitizer => AddressSanitizer, :allow_nil => true
|
|
22
26
|
nested :tags, :sanitizer => TagSanitizer, :collection => true
|
|
@@ -155,6 +159,76 @@ describe InputSanitizer::V2::PayloadSanitizer do
|
|
|
155
159
|
end
|
|
156
160
|
end
|
|
157
161
|
|
|
162
|
+
describe "strip_4byte_chars option" do
|
|
163
|
+
it "is valid when given a string with 4-byte chars" do
|
|
164
|
+
@params = { :utf8mb4_string => "test \u{1F435} value" }
|
|
165
|
+
sanitizer.should be_valid
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
it "returns sanitized string without 4-byte chars" do
|
|
169
|
+
@params = { :utf8mb4_string => "test\u{1F435}" }
|
|
170
|
+
sanitizer[:utf8mb4_string].should eq "test"
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
it "properly handles string with 4-byte char at the beginning" do
|
|
174
|
+
@params = { :utf8mb4_string => "\u{1F435} 4-byte char at the beginning" }
|
|
175
|
+
sanitizer[:utf8mb4_string].should eq ' 4-byte char at the beginning'
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
it "properly handles string with 4-byte char in the middle" do
|
|
179
|
+
@params = { :utf8mb4_string => "4-byte char\u{1F435} in the middle" }
|
|
180
|
+
sanitizer[:utf8mb4_string].should eq '4-byte char in the middle'
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
it "properly handles string with 4-byte char at the end" do
|
|
184
|
+
@params = { :utf8mb4_string => "4-byte char at the end \u{1F435}" }
|
|
185
|
+
sanitizer[:utf8mb4_string].should eq '4-byte char at the end '
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
it "does not strip 3-byte chars" do
|
|
189
|
+
@params = { :utf8mb4_string => "Test \u{270A}" }
|
|
190
|
+
sanitizer[:utf8mb4_string].should eq "Test \u{270A}"
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
describe "when used with other options" do
|
|
194
|
+
describe "allow" do
|
|
195
|
+
it "is valid when string matches any value in allowlist before stripping 4-byte chars" do
|
|
196
|
+
@params = { :value_restricted_utf8mb4_string => "test" }
|
|
197
|
+
sanitizer.should be_valid
|
|
198
|
+
end
|
|
199
|
+
|
|
200
|
+
it "is invalid when string doesn't match any value in allowlist before stripping 4-byte chars" do
|
|
201
|
+
@params = { :value_restricted_utf8mb4_string => "test\u{1F435}" }
|
|
202
|
+
sanitizer.should_not be_valid
|
|
203
|
+
end
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
describe "allow_blank=false" do
|
|
207
|
+
it "is invalid when string is already blank before stripping 4-byte chars" do
|
|
208
|
+
@params = { :non_blank_utf8mb4_string => " " }
|
|
209
|
+
sanitizer.should_not be_valid
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
it "is invalid when string becomes blank as a result of stripping 4-byte chars" do
|
|
213
|
+
@params = { :non_blank_utf8mb4_string => " \u{1F435} " }
|
|
214
|
+
sanitizer.should_not be_valid
|
|
215
|
+
end
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
describe "minimum and maximum" do
|
|
219
|
+
it "is invalid when string is already too long before stripping 4-byte chars" do
|
|
220
|
+
@params = { :size_restricted_utf8mb4_string => "1234\u{1F435}" }
|
|
221
|
+
sanitizer.should_not be_valid
|
|
222
|
+
end
|
|
223
|
+
|
|
224
|
+
it "is invalid when string becomes too short as a result of stripping 4-byte chars" do
|
|
225
|
+
@params = { :size_restricted_utf8mb4_string => "1\u{1F435}" }
|
|
226
|
+
sanitizer.should_not be_valid
|
|
227
|
+
end
|
|
228
|
+
end
|
|
229
|
+
end
|
|
230
|
+
end
|
|
231
|
+
|
|
158
232
|
describe "strict param checking" do
|
|
159
233
|
it "is invalid when given extra params" do
|
|
160
234
|
@params = { :extra => 'test', :extra2 => 1 }
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: input_sanitizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zendesk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: method_struct
|
|
@@ -87,10 +87,10 @@ executables: []
|
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
+
- ".github/workflows/ci.yaml"
|
|
90
91
|
- ".github/workflows/gempush.yml"
|
|
91
92
|
- ".gitignore"
|
|
92
93
|
- ".rspec"
|
|
93
|
-
- ".travis.yml"
|
|
94
94
|
- CHANGELOG
|
|
95
95
|
- Gemfile
|
|
96
96
|
- LICENSE
|
|
@@ -152,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
152
152
|
- !ruby/object:Gem::Version
|
|
153
153
|
version: '0'
|
|
154
154
|
requirements: []
|
|
155
|
-
rubygems_version: 3.0.3
|
|
155
|
+
rubygems_version: 3.0.3.1
|
|
156
156
|
signing_key:
|
|
157
157
|
specification_version: 4
|
|
158
158
|
summary: Gem to sanitize hash of incoming data
|