moderate_parameters 0.2.6 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +40 -40
- data/README.md +14 -1
- data/lib/generators/templates/moderate_parameters.rb +2 -0
- data/lib/moderate_parameters/logger.rb +1 -3
- data/lib/moderate_parameters/parameters.rb +64 -7
- data/lib/moderate_parameters/version.rb +1 -1
- data/moderate_parameters.gemspec +2 -2
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ccebf986537b995e0dda4aaba0fac77329a0f87b885f36eb4b1a0b85b03dfb9b
|
4
|
+
data.tar.gz: a8fd30ef1653f7376370643772066700535effc2f2a6eef88e410f3724cc3314
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ef57958d1feb5a3a7d965bba16e829ddcfecdf881a17ae5ef4c9413ae2a13447b76999ee463381b376abb029055407e4bc99dbadbf1df510a9f888958133caf9
|
7
|
+
data.tar.gz: b65cc1997e65da4ae7c88045652edef1f73fa6efe417a4f0e6c41b711b89ed21f9eb8f97cfdd576dd09e7b307d4960cd82cf60cd4613620c5d0cd44ebed2c2b0
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
moderate_parameters (0.
|
4
|
+
moderate_parameters (0.3.4)
|
5
5
|
actionpack (>= 4.2, < 6.1)
|
6
6
|
activemodel (>= 4.2, < 6.1)
|
7
7
|
activesupport (>= 4.2, < 6.1)
|
@@ -10,51 +10,51 @@ PATH
|
|
10
10
|
GEM
|
11
11
|
remote: https://rubygems.org/
|
12
12
|
specs:
|
13
|
-
actionpack (6.0.
|
14
|
-
actionview (= 6.0.
|
15
|
-
activesupport (= 6.0.
|
16
|
-
rack (~> 2.0)
|
13
|
+
actionpack (6.0.3.4)
|
14
|
+
actionview (= 6.0.3.4)
|
15
|
+
activesupport (= 6.0.3.4)
|
16
|
+
rack (~> 2.0, >= 2.0.8)
|
17
17
|
rack-test (>= 0.6.3)
|
18
18
|
rails-dom-testing (~> 2.0)
|
19
19
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
20
|
-
actionview (6.0.
|
21
|
-
activesupport (= 6.0.
|
20
|
+
actionview (6.0.3.4)
|
21
|
+
activesupport (= 6.0.3.4)
|
22
22
|
builder (~> 3.1)
|
23
23
|
erubi (~> 1.4)
|
24
24
|
rails-dom-testing (~> 2.0)
|
25
25
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
26
|
-
activemodel (6.0.
|
27
|
-
activesupport (= 6.0.
|
28
|
-
activesupport (6.0.
|
26
|
+
activemodel (6.0.3.4)
|
27
|
+
activesupport (= 6.0.3.4)
|
28
|
+
activesupport (6.0.3.4)
|
29
29
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
30
30
|
i18n (>= 0.7, < 2)
|
31
31
|
minitest (~> 5.1)
|
32
32
|
tzinfo (~> 1.1)
|
33
|
-
zeitwerk (~> 2.
|
33
|
+
zeitwerk (~> 2.2, >= 2.2.2)
|
34
34
|
appraisal (2.2.0)
|
35
35
|
bundler
|
36
36
|
rake
|
37
37
|
thor (>= 0.14.0)
|
38
|
-
builder (3.2.
|
38
|
+
builder (3.2.4)
|
39
39
|
coderay (1.1.2)
|
40
|
-
concurrent-ruby (1.1.
|
41
|
-
crass (1.0.
|
40
|
+
concurrent-ruby (1.1.7)
|
41
|
+
crass (1.0.6)
|
42
42
|
diff-lcs (1.3)
|
43
43
|
erubi (1.9.0)
|
44
|
-
i18n (1.
|
44
|
+
i18n (1.8.5)
|
45
45
|
concurrent-ruby (~> 1.0)
|
46
|
-
loofah (2.
|
46
|
+
loofah (2.7.0)
|
47
47
|
crass (~> 1.0.2)
|
48
48
|
nokogiri (>= 1.5.9)
|
49
49
|
method_source (0.9.2)
|
50
50
|
mini_portile2 (2.4.0)
|
51
|
-
minitest (5.
|
52
|
-
nokogiri (1.10.
|
51
|
+
minitest (5.14.2)
|
52
|
+
nokogiri (1.10.10)
|
53
53
|
mini_portile2 (~> 2.4.0)
|
54
54
|
pry (0.12.2)
|
55
55
|
coderay (~> 1.1.0)
|
56
56
|
method_source (~> 0.9.0)
|
57
|
-
rack (2.
|
57
|
+
rack (2.2.3)
|
58
58
|
rack-test (1.1.0)
|
59
59
|
rack (>= 1.0, < 3)
|
60
60
|
rails-dom-testing (2.0.3)
|
@@ -62,45 +62,45 @@ GEM
|
|
62
62
|
nokogiri (>= 1.6)
|
63
63
|
rails-html-sanitizer (1.3.0)
|
64
64
|
loofah (~> 2.3)
|
65
|
-
railties (6.0.
|
66
|
-
actionpack (= 6.0.
|
67
|
-
activesupport (= 6.0.
|
65
|
+
railties (6.0.3.4)
|
66
|
+
actionpack (= 6.0.3.4)
|
67
|
+
activesupport (= 6.0.3.4)
|
68
68
|
method_source
|
69
69
|
rake (>= 0.8.7)
|
70
70
|
thor (>= 0.20.3, < 2.0)
|
71
|
-
rake (
|
72
|
-
rspec (3.
|
73
|
-
rspec-core (~> 3.
|
74
|
-
rspec-expectations (~> 3.
|
75
|
-
rspec-mocks (~> 3.
|
76
|
-
rspec-core (3.
|
77
|
-
rspec-support (~> 3.
|
78
|
-
rspec-expectations (3.
|
71
|
+
rake (13.0.1)
|
72
|
+
rspec (3.9.0)
|
73
|
+
rspec-core (~> 3.9.0)
|
74
|
+
rspec-expectations (~> 3.9.0)
|
75
|
+
rspec-mocks (~> 3.9.0)
|
76
|
+
rspec-core (3.9.1)
|
77
|
+
rspec-support (~> 3.9.1)
|
78
|
+
rspec-expectations (3.9.0)
|
79
79
|
diff-lcs (>= 1.2.0, < 2.0)
|
80
|
-
rspec-support (~> 3.
|
81
|
-
rspec-mocks (3.
|
80
|
+
rspec-support (~> 3.9.0)
|
81
|
+
rspec-mocks (3.9.1)
|
82
82
|
diff-lcs (>= 1.2.0, < 2.0)
|
83
|
-
rspec-support (~> 3.
|
84
|
-
rspec-support (3.
|
83
|
+
rspec-support (~> 3.9.0)
|
84
|
+
rspec-support (3.9.2)
|
85
85
|
rspec_junit_formatter (0.4.1)
|
86
86
|
rspec-core (>= 2, < 4, != 2.12.0)
|
87
|
-
thor (0.
|
87
|
+
thor (1.0.1)
|
88
88
|
thread_safe (0.3.6)
|
89
|
-
tzinfo (1.2.
|
89
|
+
tzinfo (1.2.7)
|
90
90
|
thread_safe (~> 0.1)
|
91
|
-
zeitwerk (2.
|
91
|
+
zeitwerk (2.4.0)
|
92
92
|
|
93
93
|
PLATFORMS
|
94
94
|
ruby
|
95
95
|
|
96
96
|
DEPENDENCIES
|
97
97
|
appraisal (= 2.2.0)
|
98
|
-
bundler (~> 2.0
|
98
|
+
bundler (~> 2.0)
|
99
99
|
moderate_parameters!
|
100
100
|
pry (~> 0.12.2)
|
101
|
-
rake (~>
|
101
|
+
rake (~> 13.0)
|
102
102
|
rspec (~> 3.0)
|
103
103
|
rspec_junit_formatter (= 0.4.1)
|
104
104
|
|
105
105
|
BUNDLED WITH
|
106
|
-
2.
|
106
|
+
2.1.4
|
data/README.md
CHANGED
@@ -5,6 +5,8 @@
|
|
5
5
|
|
6
6
|
By [Hint.io](https://hint.io)
|
7
7
|
|
8
|
+
[![Gem Version](https://badge.fury.io/rb/moderate_parameters.svg)](https://badge.fury.io/rb/moderate_parameters) ![CI](https://github.com/hintmedia/moderate_parameters/workflows/CI/badge.svg) ![Appraisals](https://github.com/hintmedia/moderate_parameters/workflows/Appraisals/badge.svg) [![Maintainability](https://api.codeclimate.com/v1/badges/4971eb01d5bd98dbac8b/maintainability)](https://codeclimate.com/github/hintmedia/moderate_parameters/maintainability)
|
9
|
+
|
8
10
|
In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet.
|
9
11
|
|
10
12
|
Moderate Parameters is a set of tools providing logging of data sources in the controller by extending `ActionController::Parameters` functionality.
|
@@ -111,7 +113,7 @@ end
|
|
111
113
|
|
112
114
|
We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_parameters.log` file.
|
113
115
|
|
114
|
-
This means that we can remove `moderate_parameters` and move to using `permit` as
|
116
|
+
This means that we can remove `moderate_parameters` and move to using `permit` as the final migration step of `strong_parameters`:
|
115
117
|
|
116
118
|
```ruby
|
117
119
|
class PeopleController < ActionController::Base
|
@@ -129,6 +131,17 @@ class PeopleController < ActionController::Base
|
|
129
131
|
end
|
130
132
|
```
|
131
133
|
|
134
|
+
It is only _**AFTER**_ this final step of the `strong_parameters` migration has been completed that you can safely remove the `protected_attributes` line in the model:
|
135
|
+
|
136
|
+
```ruby
|
137
|
+
class Person < ActiveRecord::Base
|
138
|
+
# attr_accessible :name, :age, :height
|
139
|
+
|
140
|
+
. . .
|
141
|
+
|
142
|
+
end
|
143
|
+
```
|
144
|
+
|
132
145
|
## Contributing
|
133
146
|
|
134
147
|
Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_parameters. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
@@ -4,4 +4,6 @@ ModerateParameters.configure do |config|
|
|
4
4
|
# Enables/Disables logging occurrences of
|
5
5
|
# reading/writing from ActionController::Parameters.
|
6
6
|
config.breadcrumbs_enabled = false
|
7
|
+
# Sets where to log the ModerateParameters output
|
8
|
+
config.logger = ActiveSupport::Logger.new('log/moderate_parameters.log')
|
7
9
|
end
|
@@ -1,7 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
$moderate_parameters_logger = ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')
|
4
|
-
|
5
3
|
ActiveSupport::Notifications.subscribe('moderate_parameters') do |_, _, _, _, payload|
|
6
|
-
|
4
|
+
(ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
|
7
5
|
end
|
@@ -8,25 +8,50 @@ module ModerateParameters
|
|
8
8
|
filters.each do |filter|
|
9
9
|
case filter
|
10
10
|
when Symbol, String
|
11
|
-
|
11
|
+
if non_scalar?(self[filter])
|
12
|
+
non_scalar_value_filter(params, filter, controller_name, action)
|
13
|
+
else
|
14
|
+
permitted_scalar_filter(params, filter)
|
15
|
+
end
|
12
16
|
when Hash
|
13
17
|
cust_hash_filter(params, filter, controller_name, action)
|
14
18
|
end
|
15
19
|
end
|
16
20
|
|
17
21
|
incoming_params_logging(params, controller_name, action)
|
18
|
-
permit!
|
22
|
+
dup.permit!
|
19
23
|
end
|
20
24
|
|
21
25
|
private
|
22
26
|
|
27
|
+
def write_to_log(options)
|
28
|
+
ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
|
29
|
+
payload.merge!(options)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
23
33
|
def incoming_params_logging(params, controller_name, action)
|
24
34
|
unpermitted_keys(params).each do |k|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
35
|
+
write_to_log(message: "#{@context || 'Top Level'} is missing: #{k}",
|
36
|
+
action: action,
|
37
|
+
controller: controller_name)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def non_scalar_value_filter(params, key, controller_name, action)
|
42
|
+
if has_key?(key) && !permitted_scalar?(self[key])
|
43
|
+
params[key] = self[key].class.new
|
44
|
+
write_to_log(message: "#{@context || 'Top Level'} is missing: #{params[key]} value for #{key}",
|
45
|
+
action: action,
|
46
|
+
controller: controller_name)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
def array_of_permitted_scalars?(value)
|
51
|
+
if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
|
52
|
+
return true unless block_given?
|
53
|
+
|
54
|
+
yield value
|
30
55
|
end
|
31
56
|
end
|
32
57
|
|
@@ -34,6 +59,38 @@ module ModerateParameters
|
|
34
59
|
value.is_a?(Array) || value.is_a?(Parameters)
|
35
60
|
end
|
36
61
|
|
62
|
+
def permit_any_in_array(array)
|
63
|
+
[].tap do |sanitized|
|
64
|
+
array.each do |element|
|
65
|
+
case element
|
66
|
+
when ->(e) { permitted_scalar?(e) }
|
67
|
+
sanitized << element
|
68
|
+
when Parameters
|
69
|
+
sanitized << permit_any_in_parameters(element)
|
70
|
+
else
|
71
|
+
# Log it
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
def permit_any_in_parameters(params)
|
78
|
+
self.class.new.tap do |sanitized|
|
79
|
+
params.each do |key, value|
|
80
|
+
case value
|
81
|
+
when ->(v) { permitted_scalar?(v) }
|
82
|
+
sanitized[key] = value
|
83
|
+
when Array
|
84
|
+
sanitized[key] = permit_any_in_array(value)
|
85
|
+
when Parameters
|
86
|
+
sanitized[key] = permit_any_in_parameters(value)
|
87
|
+
else
|
88
|
+
# Log It
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
37
94
|
EMPTY_HASH ||= {}
|
38
95
|
EMPTY_ARRAY ||= []
|
39
96
|
def cust_hash_filter(params, filter, controller_name, action)
|
data/moderate_parameters.gemspec
CHANGED
@@ -41,9 +41,9 @@ Gem::Specification.new do |spec|
|
|
41
41
|
spec.add_dependency 'activesupport', '>= 4.2', '< 6.1'
|
42
42
|
spec.add_dependency 'railties', '>= 4.2', '< 6.1'
|
43
43
|
|
44
|
-
spec.add_development_dependency 'bundler', '~> 2.0
|
44
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
45
45
|
spec.add_development_dependency 'pry', '~> 0.12.2'
|
46
|
-
spec.add_development_dependency 'rake', '~>
|
46
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
47
47
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
48
48
|
spec.add_development_dependency 'rspec_junit_formatter', '0.4.1'
|
49
49
|
spec.add_development_dependency 'appraisal', '2.2.0'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: moderate_parameters
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kyle Boe
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-11-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionpack
|
@@ -96,14 +96,14 @@ dependencies:
|
|
96
96
|
requirements:
|
97
97
|
- - "~>"
|
98
98
|
- !ruby/object:Gem::Version
|
99
|
-
version: 2.0
|
99
|
+
version: '2.0'
|
100
100
|
type: :development
|
101
101
|
prerelease: false
|
102
102
|
version_requirements: !ruby/object:Gem::Requirement
|
103
103
|
requirements:
|
104
104
|
- - "~>"
|
105
105
|
- !ruby/object:Gem::Version
|
106
|
-
version: 2.0
|
106
|
+
version: '2.0'
|
107
107
|
- !ruby/object:Gem::Dependency
|
108
108
|
name: pry
|
109
109
|
requirement: !ruby/object:Gem::Requirement
|
@@ -124,14 +124,14 @@ dependencies:
|
|
124
124
|
requirements:
|
125
125
|
- - "~>"
|
126
126
|
- !ruby/object:Gem::Version
|
127
|
-
version: '
|
127
|
+
version: '13.0'
|
128
128
|
type: :development
|
129
129
|
prerelease: false
|
130
130
|
version_requirements: !ruby/object:Gem::Requirement
|
131
131
|
requirements:
|
132
132
|
- - "~>"
|
133
133
|
- !ruby/object:Gem::Version
|
134
|
-
version: '
|
134
|
+
version: '13.0'
|
135
135
|
- !ruby/object:Gem::Dependency
|
136
136
|
name: rspec
|
137
137
|
requirement: !ruby/object:Gem::Requirement
|