RubyGems - rack-utf8_sanitizer - Versions diffs - 1.9.0 → 1.9.1 - Mend

rack-utf8_sanitizer 1.9.0 → 1.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9893353fe731d6c942263ff57af911b10d1c9f88ba2c2c2b56bb7a76586935e5
-  data.tar.gz: eeeaca39f55d680abe2707fa1aaadfe34eed06de2dd848506d184ae4ff326a8d
+  metadata.gz: 7825c2fec2176e38043c4d7a3c1fcbe1cf112bcc7a17a7ef42b249fab30118c4
+  data.tar.gz: 5090e3c92af9a74377d559be48685d343b29315e5a9ce0f76faf36a8b96437ee
 SHA512:
-  metadata.gz: 28cfbadcc1fbbf0678db3b51259618a9c9897c0cb78bcd8b8f5d87c91eddb44873a7a77fb21b9db47bcc704cb7df17d942c50436475858d0d9fcc17c2a8b59ce
-  data.tar.gz: 7e781931df60e405d533f5eb832416510a431a1c6fa74baeabffb9499533d9eba2f97ffa24f89ed79a193de5f6715c0461fff4fb0403c863a3643e4aaabbcf0a
+  metadata.gz: e20607b2c412ecfb3d2ba719a7d0aeb381cc4f685e08c6a7801fb2b60a0993c71cc5c219b9ff17cedb497f7d5d0ee907da94ab91476960143f25c704058f1ebc
+  data.tar.gz: 7df7e1d357a6d3b12f089c1d7fea0a55eeb31d2d8f7e3d2b2e2e8729c1ae21c6260a9eb370e8c54e6886344986b1dd436d55b404f7321263d6bbf120115d1788

data/README.md CHANGED Viewed

@@ -113,7 +113,7 @@ config.middleware.insert 0, Rack::UTF8Sanitizer, strategy: :exception
 ```
 ```ruby
-replace_string = lambda do |_invalid|
+replace_string = lambda do |_invalid, sanitize_null_bytes: false|
   Rails.logger.warn('Replacing invalid string')
   '<Bad Encoding>'.freeze
@@ -122,6 +122,10 @@ end
 config.middleware.insert 0, Rack::UTF8Sanitizer, strategy: replace_string
 ```
+### Sanitizing Null Bytes
+While null bytes are valid UTF-8, it can be useful to further restrict the valid character set to exclude null bytes. For example, PostgreSQL text columns do not allow storing null bytes. Passing `sanitize_null_bytes: true` in the configuration hash enables sanitizing null bytes, and the two built-in strategies both support this feature. Custom strategies should accept a keyword argument `sanitize_null_bytes` containing this configuration value.
 ## Contributing
 1. Fork it

data/lib/rack/utf8_sanitizer.rb CHANGED Viewed

@@ -34,22 +34,24 @@ module Rack
     DEFAULT_STRATEGIES = {
       replace: lambda do |input, sanitize_null_bytes: false|
-        if sanitize_null_bytes
-          input = input.gsub(NULL_BYTE_REGEX, "")
-        end
         input.
           force_encoding(Encoding::ASCII_8BIT).
           encode!(Encoding::UTF_8,
                   invalid: :replace,
                   undef:   :replace)
+        if sanitize_null_bytes
+          input = input.gsub(NULL_BYTE_REGEX, "")
+        end
+        input
       end,
       exception: lambda do |input, sanitize_null_bytes: false|
-        if sanitize_null_bytes && input =~ NULL_BYTE_REGEX
-          raise NullByteInString
-        end
         input.
           force_encoding(Encoding::ASCII_8BIT).
           encode!(Encoding::UTF_8)
+        if sanitize_null_bytes && input =~ NULL_BYTE_REGEX
+          raise NullByteInString
+        end
+        input
       end
     }.freeze

data/rack-utf8_sanitizer.gemspec CHANGED Viewed

@@ -2,7 +2,7 @@
 Gem::Specification.new do |gem|
   gem.name          = "rack-utf8_sanitizer"
-  gem.version       = '1.9.0'
+  gem.version       = '1.9.1'
   gem.authors       = ["whitequark"]
   gem.license       = "MIT"
   gem.email         = ["whitequark@whitequark.org"]

data/test/test_utf8_sanitizer.rb CHANGED Viewed

@@ -351,25 +351,25 @@ describe Rack::UTF8Sanitizer do
     it "optionally sanitizes null bytes with the replace strategy" do
       @app = Rack::UTF8Sanitizer.new(-> env { env }, sanitize_null_bytes: true)
-      input =  "foo=bla&quux=bar\x00"
+      input = "foo=bla\xED&quux=bar\x00"
       @rack_input = StringIO.new input
       sanitize_form_data do |sanitized_input|
         sanitized_input.encoding.should == Encoding::UTF_8
         sanitized_input.should.be.valid_encoding
-        sanitized_input.should == "foo=bla&quux=bar"
+        sanitized_input.should == "foo=bla%EF%BF%BD&quux=bar"
       end
     end
     it "optionally sanitizes encoded null bytes with the replace strategy" do
       @app = Rack::UTF8Sanitizer.new(-> env { env }, sanitize_null_bytes: true)
-      input =  "foo=bla&quux=bar%00"
+      input = "foo=bla%ED&quux=bar%00"
       @rack_input = StringIO.new input
       sanitize_form_data do |sanitized_input|
         sanitized_input.encoding.should == Encoding::UTF_8
         sanitized_input.should.be.valid_encoding
-        sanitized_input.should == "foo=bla&quux=bar"
+        sanitized_input.should == "foo=bla%EF%BF%BD&quux=bar"
       end
     end
@@ -392,6 +392,16 @@ describe Rack::UTF8Sanitizer do
         sanitize_form_data
       end
     end
+    it "gives precedence to encoding errors with the exception strategy and null byte sanitisation" do
+      @app = Rack::UTF8Sanitizer.new(-> env { env }, sanitize_null_bytes: true, strategy: :exception)
+      input = "foo=bla\x00&quux=bar\xED"
+      @rack_input = StringIO.new input
+      should.raise(EncodingError) do
+        sanitize_form_data
+      end
+    end
   end
   describe "with custom content-type" do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-utf8_sanitizer
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.9.1
 platform: ruby
 authors:
 - whitequark
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-05 00:00:00.000000000 Z
+date: 2023-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -112,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.5
+rubygems_version: 3.3.15
 signing_key:
 specification_version: 4
 summary: Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters