scrub_params 0.0.3 → 0.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +8 -0
  3. data/Rakefile +22 -0
  4. data/lib/scrub_params/controller.rb +3 -1
  5. data/lib/scrub_params/parameters.rb +14 -13
  6. data/lib/scrub_params/version.rb +1 -1
  7. data/test/scrub_params_test.rb +3 -6
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 76694d3fbb9dd7c5926a6207d1b161ecc58295cc
4
- data.tar.gz: 8f1b4cab34cf541882230aefea4d46da76e287bb
3
+ metadata.gz: b75ad0d37dc5c37873483051587afc33f78d8a71
4
+ data.tar.gz: f192137c900b951e4de89950887744d67dc43555
5
5
  SHA512:
6
- metadata.gz: 2211116329c2250c48e041903224595a0176ad5976b89a308ec97f64194988c33286acf2f5154d5eeebcc09a58c8ee4397a4c27368fc802eb642956ed9a84186
7
- data.tar.gz: a4e35111b2f3991a0bce2fe54d338940198d222f86874189b8718a1342b7b439fa8653404a58fb10378a8f0abacdda5fe3fef62fae4e6c3f6867dbc4e07b2f66
6
+ metadata.gz: d9c2141b6cd4a3ec3e398044b039d4488754c42e9eec15f4215b22ef8b9d2fe008ed2f34e9ed34e58651ae8de0ddab7625ffb5d41827981ab3659417e4819e75
7
+ data.tar.gz: ec1469577e86bd34db3b1e7db91d7efb36864965038601d4196755e9919f5cc7c578becc6eadb80bb3a7554d45fb2e15e74890b4cc714ddd9eca8774d1713240
data/README.md CHANGED
@@ -38,6 +38,14 @@ And you should see this in your logs:
38
38
  Scrubbed parameters: name
39
39
  ```
40
40
 
41
+ ### Original Parameters
42
+
43
+ Access the original parameters with:
44
+
45
+ ```ruby
46
+ unscrubbed_params
47
+ ```
48
+
41
49
  ### Whitelist Actions
42
50
 
43
51
  To skip scrubbing for certain actions, use:
data/Rakefile CHANGED
@@ -6,3 +6,25 @@ Rake::TestTask.new do |t|
6
6
  t.libs << "test"
7
7
  t.pattern = "test/**/*_test.rb"
8
8
  end
9
+
10
+ task :benchmark do
11
+ require "bundler/setup"
12
+ Bundler.require(:default)
13
+
14
+ list = []
15
+ 1000.times do
16
+ params = ActionController::Parameters.new
17
+ 100.times do |i|
18
+ params[i] = "Hello <script>alert('World')</script>"
19
+ end
20
+ list << params
21
+ end
22
+
23
+ Benchmark.bm do |bm|
24
+ bm.report do
25
+ list.each do |params|
26
+ params.scrub
27
+ end
28
+ end
29
+ end
30
+ end
data/lib/scrub_params/controller.rb CHANGED
@@ -3,11 +3,13 @@ module ScrubParams
3
3
  extend ActiveSupport::Concern
4
4
 
5
5
  included do
6
+ attr_accessor :unscrubbed_params
6
7
  before_filter :scrub_params
7
8
  end
8
9
 
9
10
  def scrub_params
10
- params.scrub!
11
+ self.unscrubbed_params = params
12
+ self.params = params.scrub
11
13
  end
12
14
 
13
15
  end
data/lib/scrub_params/parameters.rb CHANGED
@@ -6,35 +6,36 @@ module ScrubParams
6
6
  attr_accessor :scrubbed_keys
7
7
  end
8
8
 
9
- def scrub!
9
+ def scrub
10
10
  self.scrubbed_keys = []
11
+ hash = {}
11
12
  each_pair do |k, v|
12
- self[k] = scrub_value(k, v)
13
+ hash[k] = scrub_value(k, v)
13
14
  end
14
15
  if scrubbed_keys.any?
15
- ActiveSupport::Notifications.instrument("scrubbed_parameters.action_controller", keys: scrubbed_keys)
16
+ ActiveSupport::Notifications.instrument("scrubbed_parameters.action_controller", keys: scrubbed_keys.uniq)
16
17
  end
17
- self
18
+ hash
18
19
  end
19
20
 
20
21
  protected
21
22
 
22
23
  def scrub_value(key, value)
23
24
  case value
24
- when Hash
25
- h = {}
26
- value.each do |k, v|
27
- h[k] = scrub_value(k, v)
28
- end
29
- h
30
- when Array
31
- value.map{|v| scrub_value(key, v) }
32
25
  when String
33
26
  scrubbed_value = ActionController::Base.helpers.strip_tags(value)
34
27
  if scrubbed_value != value
35
- self.scrubbed_keys << key unless scrubbed_keys.include?(key)
28
+ self.scrubbed_keys << key
36
29
  end
37
30
  scrubbed_value
31
+ when Hash
32
+ hash = {}
33
+ value.each do |k, v|
34
+ hash[k] = scrub_value(k, v)
35
+ end
36
+ hash
37
+ when Array
38
+ value.map{|v| scrub_value(key, v) }
38
39
  else
39
40
  value
40
41
  end
data/lib/scrub_params/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ScrubParams
2
- VERSION = "0.0.3"
2
+ VERSION = "0.0.4"
3
3
  end
data/test/scrub_params_test.rb CHANGED
@@ -11,7 +11,6 @@ class TestScrubParams < Minitest::Test
11
11
  "make" => "<blink>Tesla</blink>"
12
12
  }
13
13
  })
14
- params.scrub!
15
14
  expected = {
16
15
  "name" => "Hello alert('World')",
17
16
  "tags" => ["awesome", "hack"],
@@ -19,19 +18,17 @@ class TestScrubParams < Minitest::Test
19
18
  "make" => "Tesla"
20
19
  }
21
20
  }
22
- assert_equal expected, params
21
+ assert_equal expected, params.scrub
23
22
  end
24
23
 
25
24
  def test_ampersand
26
25
  params = ActionController::Parameters.new({"name" => "Ben & Jerry’s"})
27
- params.scrub!
28
- assert_equal "Ben & Jerry’s", params["name"]
26
+ assert_equal "Ben & Jerry’s", params.scrub["name"]
29
27
  end
30
28
 
31
29
  def test_arrows
32
30
  params = ActionController::Parameters.new({"name" => "2 > 1 and 1 < 2"})
33
- params.scrub!
34
- assert_equal "2 > 1 and 1 < 2", params["name"]
31
+ assert_equal "2 > 1 and 1 < 2", params.scrub["name"]
35
32
  end
36
33
 
37
34
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: scrub_params
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-04-14 00:00:00.000000000 Z
11
+ date: 2014-04-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport