stairwell 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 16226c907ec3dc09521135fd9daf686284c6f7520a7abd3672517fe6b81f1614
4
+ data.tar.gz: f4ffdb12c04f2fa6dc4cf2f0451790f86dfd66bf2e11af3c0ca265a9d05cd92c
5
+ SHA512:
6
+ metadata.gz: 801f301a216a8e5cce25b1e1ec4a6a821b23636b1a07d817d61924b363f3febbbedd9aa77ad6757d954ac682747efc2df45f03107d7f24aed3a3a33039a2bd7a
7
+ data.tar.gz: 3bac00beda3087c312582d7bd1d187ba06c607190ab8a3ed02c2fc45bd47cffb98a02090bb5be207ebd15b7515b64711b486c0eba9526cc4b6f061887cbdbdeb
@@ -0,0 +1,10 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ *.gem
@@ -0,0 +1,6 @@
1
+ ---
2
+ language: ruby
3
+ cache: bundler
4
+ rvm:
5
+ - 2.7.1
6
+ before_install: gem install bundler -v 2.1.4
data/Gemfile ADDED
@@ -0,0 +1,8 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in stairwell.gemspec
4
+ gemspec
5
+
6
+ gem "rake", "~> 12.0"
7
+ gem "minitest", "~> 5.0"
8
+ gem "pry"
@@ -0,0 +1,29 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ stairwell (0.1.0)
5
+ zeitwerk (~> 2.4.0)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ coderay (1.1.3)
11
+ method_source (1.0.0)
12
+ minitest (5.14.1)
13
+ pry (0.13.1)
14
+ coderay (~> 1.1)
15
+ method_source (~> 1.0)
16
+ rake (12.3.3)
17
+ zeitwerk (2.4.0)
18
+
19
+ PLATFORMS
20
+ ruby
21
+
22
+ DEPENDENCIES
23
+ minitest (~> 5.0)
24
+ pry
25
+ rake (~> 12.0)
26
+ stairwell!
27
+
28
+ BUNDLED WITH
29
+ 2.1.4
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2020 Toby
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
@@ -0,0 +1,101 @@
1
+ # Stairwell
2
+
3
+ Making SQL more accessible while maintaining safety in Rails projects.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'stairwell'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle install
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install stairwell
20
+
21
+ ## Usage
22
+
23
+ Define a class in your app that inherits from `Stairwell::Query`. We're going to assume you are in a rails app, but this will work in any ruby app, ActiveRecord is not a dependency here.
24
+ In rails you could create a directory called `app/queries` for instance.
25
+
26
+ Define your `validate_type`, which will be the arguments you send in, and their type. For instance, if your query looks like this: `SELECT * FROM users WHERE name = :name`, and name is a `String`, your `validate_type` will look like this `validate_type :name, :string`, and you'll pass in a hash of your binds like this: `{ name: "<name value>" }`
27
+
28
+ Here's an example:
29
+ ```ruby
30
+ class UsersSql < Stairwell::Query
31
+ validate_type :name, :string
32
+ validate_type :age, :integer
33
+ validate_type :active, :boolean
34
+ validate_type :gpa, :float
35
+ validate_type :date_joined, :sql_date
36
+ validate_type :created_at, :sql_date_time
37
+
38
+ query <<-SQL
39
+ SELECT
40
+ *
41
+ FROM users
42
+ WHERE name = :name
43
+ AND age = :age
44
+ AND active = :active
45
+ AND gpa = :gpa
46
+ AND date_joined = :date_joined
47
+ AND created_at >= :created_at
48
+ ;
49
+ SQL
50
+ end
51
+
52
+ # if you pass in the following named binds:
53
+
54
+ binds = {
55
+ name: "First",
56
+ age: 99,
57
+ active: true,
58
+ gpa: 4.2
59
+ date_joined: "2008-08-28",
60
+ created_at: "2008-08-28 23:41:18",
61
+ }
62
+
63
+ # and call the following:
64
+
65
+ UsersSql.sql(binds)
66
+
67
+ # You will receive the following result:
68
+
69
+ "SELECT * FROM users WHERE name = 'First' age = 99 active = TRUE date_joined = '2008-08-28' created_at = '2008-08-28 23:41:18' gpa = 4.2;"
70
+ ```
71
+
72
+ Binds passed in are validated against the validate_type, so if you have a validate_type you must include that value in your binds hash.
73
+ They types of the binds are validated too.
74
+ The names binds in your sql are also validated.
75
+ Strings are quoted. Dates are quoted. Datetime is quoted.
76
+
77
+ Tested in both Mysql and Postgres.
78
+
79
+ ## Known issues
80
+
81
+ * nil/NULL values are not currently supported. Just use `IS NULL` or `IS NOT NULL` in your query for the time being.
82
+ * Date/Datetime are not validated for their format, it is expected that you will pass the correct format.
83
+ * Datetime in postgres is not currently working for equality, only for `>` or `<` or `>=` or `<=`
84
+ * Column/table quoting is not currently available.
85
+ * `IN` statements with arrays support is forthcoming.
86
+
87
+
88
+ ## Development
89
+
90
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
91
+
92
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
93
+
94
+ ## Contributing
95
+
96
+ Bug reports and pull requests are welcome on GitHub at https://github.com/tobyond/stairwell.
97
+
98
+
99
+ ## License
100
+
101
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
@@ -0,0 +1,10 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new(:test) do |t|
5
+ t.libs << "test"
6
+ t.libs << "lib"
7
+ t.test_files = FileList["test/**/*_test.rb"]
8
+ end
9
+
10
+ task :default => :test
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "stairwell"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ require "pry"
11
+ Pry.start
12
+
13
+ # require "irb"
14
+ # IRB.start(__FILE__)
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,14 @@
1
+ require "date"
2
+ require "zeitwerk"
3
+ require "ostruct"
4
+ loader = Zeitwerk::Loader.for_gem
5
+ loader.setup
6
+
7
+ module Stairwell
8
+ class Error < StandardError; end
9
+ class InvalidBindType < StandardError; end
10
+ class InvalidBindCount < StandardError; end
11
+ class SqlBindMismatch < StandardError; end
12
+ end
13
+
14
+ loader.eager_load
@@ -0,0 +1,44 @@
1
+ module Stairwell
2
+ class BindTransformer
3
+
4
+ attr_accessor :sql, :bind_hash, :depleting_bind_hash
5
+
6
+ def initialize(sql, bind_hash)
7
+ @sql = sql
8
+ @bind_hash = bind_hash
9
+ @depleting_bind_hash = bind_hash.dup
10
+ end
11
+
12
+ # taking the sql string like "SELECT * WHERE name = :name AND id = :id"
13
+ # and confirming that the bind_hash has all the named binds like
14
+ # { name: "First", id: 22 }
15
+ # if the sql string or the bind_hash have incorrect or extra values
16
+ # and error will raise
17
+ # The sql string will then have the appropropriate values substituted
18
+ # with quoted values to ensure safety.
19
+ # Note: $2 is The match for the first, second, etc. parenthesized groups in the last regex
20
+ def transform
21
+ converted_sql = sql.gsub(/(:?):([a-zA-Z]\w*)/) do |_|
22
+ replace = $2.to_sym
23
+ validate_sql(replace)
24
+ bind_hash[replace].sql_quote
25
+ end
26
+
27
+ validate_bind_hash
28
+ converted_sql
29
+ end
30
+
31
+ private
32
+
33
+ def validate_sql(attr)
34
+ raise SqlBindMismatch, ":#{attr} in your query is missing from your bind hash: #{bind_hash}" unless bind_hash[attr]
35
+
36
+ depleting_bind_hash.delete(attr)
37
+ end
38
+
39
+ def validate_bind_hash
40
+ raise SqlBindMismatch, "#{depleting_bind_hash} in your bind hash is missing from your query: #{sql}" unless depleting_bind_hash.empty?
41
+ end
42
+
43
+ end
44
+ end
@@ -0,0 +1,73 @@
1
+ module Stairwell::CoreExtensions::Core; end
2
+
3
+ class String
4
+ def squish!
5
+ gsub!(/[[:space:]]+/, " ")
6
+ strip!
7
+ self
8
+ end
9
+
10
+ def underscore
11
+ self.gsub(/::/, '/').
12
+ gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
13
+ gsub(/([a-z\d])([A-Z])/,'\1_\2').
14
+ tr("-", "_").
15
+ downcase
16
+ end
17
+
18
+ def sql_quote
19
+ "'#{self.gsub('\\', '\&\&').gsub("'", "''")}'"
20
+ end
21
+ end
22
+
23
+ class TrueClass
24
+ def sql_quote
25
+ "TRUE"
26
+ end
27
+ end
28
+
29
+ class FalseClass
30
+ def sql_quote
31
+ "FALSE"
32
+ end
33
+ end
34
+
35
+ class NilClass
36
+ def sql_quote
37
+ "IS NULL"
38
+ end
39
+ end
40
+
41
+ class Integer
42
+ def sql_quote
43
+ self
44
+ end
45
+ end
46
+
47
+ class Float
48
+ def sql_quote
49
+ self
50
+ end
51
+ end
52
+
53
+ class Date
54
+ def self.parsable?(string)
55
+ begin
56
+ parse(string)
57
+ true
58
+ rescue ArgumentError
59
+ false
60
+ end
61
+ end
62
+ end
63
+
64
+ class DateTime
65
+ def self.parsable?(string)
66
+ begin
67
+ parse(string)
68
+ true
69
+ rescue ArgumentError
70
+ false
71
+ end
72
+ end
73
+ end
@@ -0,0 +1,9 @@
1
+ module Stairwell::CoreExtensions::Types; end
2
+
3
+ module Boolean; end
4
+ class TrueClass; include Boolean; end
5
+ class FalseClass; include Boolean; end
6
+
7
+ module SqlDate; end
8
+ module SqlDateTime; end
9
+ class String; include SqlDate; include SqlDateTime; end
@@ -0,0 +1,45 @@
1
+ module Stairwell
2
+ class Query
3
+
4
+ class << self
5
+ attr_accessor :bind_hash, :all_validations, :sql_string, :bind_object_array
6
+
7
+ def validate_type(*args)
8
+ @all_validations ||= {}
9
+ @all_validations.merge!(Hash[*args])
10
+ end
11
+
12
+ def sql(**args)
13
+ @bind_hash = args
14
+ @bind_object_array = []
15
+ validate!
16
+ transformed_sql_string
17
+ end
18
+
19
+ def query(string)
20
+ @sql_string = string
21
+ end
22
+
23
+ private
24
+
25
+ def validate!
26
+ raise InvalidBindCount.new("Incorrect amount of args passed") unless correct_args?
27
+
28
+ bind_hash.each do |bind_name, bind_value|
29
+ type = all_validations[bind_name]
30
+ valid = TypeValidator.send(type, bind_value)
31
+
32
+ raise InvalidBindType.new("#{bind_name} is not #{all_validations[bind_name]}") unless valid
33
+ end
34
+ end
35
+
36
+ def transformed_sql_string
37
+ BindTransformer.new(sql_string.squish!, bind_hash).transform
38
+ end
39
+
40
+ def correct_args?
41
+ bind_hash.keys.sort == all_validations.keys.sort
42
+ end
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,24 @@
1
+ require "stairwell/core_extensions/types"
2
+ require "stairwell/core_extensions/core"
3
+
4
+ module Stairwell
5
+ class TypeValidator
6
+
7
+ class << self
8
+ TYPES = [
9
+ String,
10
+ Boolean,
11
+ Integer,
12
+ Float,
13
+ SqlDate,
14
+ SqlDateTime
15
+ ].freeze
16
+
17
+ TYPES.each do |type|
18
+ define_method(type.to_s.underscore.to_sym) do |arg|
19
+ arg.is_a?(type)
20
+ end
21
+ end
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,3 @@
1
+ module Stairwell
2
+ VERSION = "0.1.0"
3
+ end
@@ -0,0 +1,30 @@
1
+ require_relative 'lib/stairwell/version'
2
+
3
+ Gem::Specification.new do |spec|
4
+ spec.name = "stairwell"
5
+ spec.version = Stairwell::VERSION
6
+ spec.authors = ["tobyond"]
7
+
8
+ spec.summary = %q{stairwell for sql}
9
+ spec.description = %q{Sanitize and quote raw SQL for rails and any project in ruby}
10
+ spec.homepage = "https://github.com/tobyond/stairwell"
11
+ spec.license = "MIT"
12
+ spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
13
+
14
+ # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
15
+
16
+ spec.metadata["homepage_uri"] = spec.homepage
17
+ spec.metadata["source_code_uri"] = "https://github.com/tobyond/stairwell"
18
+ # spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
19
+
20
+ # Specify which files should be added to the gem when it is released.
21
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
22
+ spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
23
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
24
+ end
25
+ spec.bindir = "exe"
26
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
27
+ spec.require_paths = ["lib"]
28
+
29
+ spec.add_dependency 'zeitwerk', '~> 2.4.0'
30
+ end
metadata ADDED
@@ -0,0 +1,75 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: stairwell
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - tobyond
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2020-09-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: zeitwerk
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 2.4.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 2.4.0
27
+ description: Sanitize and quote raw SQL for rails and any project in ruby
28
+ email:
29
+ executables: []
30
+ extensions: []
31
+ extra_rdoc_files: []
32
+ files:
33
+ - ".gitignore"
34
+ - ".travis.yml"
35
+ - Gemfile
36
+ - Gemfile.lock
37
+ - LICENSE.txt
38
+ - README.md
39
+ - Rakefile
40
+ - bin/console
41
+ - bin/setup
42
+ - lib/stairwell.rb
43
+ - lib/stairwell/bind_transformer.rb
44
+ - lib/stairwell/core_extensions/core.rb
45
+ - lib/stairwell/core_extensions/types.rb
46
+ - lib/stairwell/query.rb
47
+ - lib/stairwell/type_validator.rb
48
+ - lib/stairwell/version.rb
49
+ - stairwell.gemspec
50
+ homepage: https://github.com/tobyond/stairwell
51
+ licenses:
52
+ - MIT
53
+ metadata:
54
+ homepage_uri: https://github.com/tobyond/stairwell
55
+ source_code_uri: https://github.com/tobyond/stairwell
56
+ post_install_message:
57
+ rdoc_options: []
58
+ require_paths:
59
+ - lib
60
+ required_ruby_version: !ruby/object:Gem::Requirement
61
+ requirements:
62
+ - - ">="
63
+ - !ruby/object:Gem::Version
64
+ version: 2.3.0
65
+ required_rubygems_version: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - ">="
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ requirements: []
71
+ rubygems_version: 3.1.2
72
+ signing_key:
73
+ specification_version: 4
74
+ summary: stairwell for sql
75
+ test_files: []