thumblemonks-inquisition 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +56 -0
- data/VERSION.yml +1 -1
- data/lib/inquisition.rb +18 -10
- data/test/inquisition_test.rb +3 -3
- data/test/models.rb +29 -0
- data/test/test_helper.rb +5 -10
- metadata +3 -4
- data/test/lib/animal.rb +0 -13
- data/test/lib/whisky.rb +0 -14
data/Rakefile
ADDED
@@ -0,0 +1,56 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
|
4
|
+
begin
|
5
|
+
require 'jeweler'
|
6
|
+
Jeweler::Tasks.new do |gem|
|
7
|
+
gem.name = "inquisition"
|
8
|
+
gem.summary = %Q{TODO}
|
9
|
+
gem.email = "scissorjammer@gmail.com"
|
10
|
+
gem.homepage = "http://github.com/toothrot/inquisition"
|
11
|
+
gem.authors = ["toothrot"]
|
12
|
+
|
13
|
+
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
14
|
+
end
|
15
|
+
rescue LoadError
|
16
|
+
puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
|
17
|
+
end
|
18
|
+
|
19
|
+
require 'rake/testtask'
|
20
|
+
Rake::TestTask.new(:test) do |test|
|
21
|
+
test.libs << 'lib' << 'test'
|
22
|
+
test.pattern = 'test/**/*_test.rb'
|
23
|
+
test.verbose = false
|
24
|
+
end
|
25
|
+
|
26
|
+
begin
|
27
|
+
require 'rcov/rcovtask'
|
28
|
+
Rcov::RcovTask.new do |test|
|
29
|
+
test.libs << 'test'
|
30
|
+
test.pattern = 'test/**/*_test.rb'
|
31
|
+
test.verbose = true
|
32
|
+
end
|
33
|
+
rescue LoadError
|
34
|
+
task :rcov do
|
35
|
+
abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
|
40
|
+
task :default => :test
|
41
|
+
|
42
|
+
require 'rake/rdoctask'
|
43
|
+
Rake::RDocTask.new do |rdoc|
|
44
|
+
if File.exist?('VERSION.yml')
|
45
|
+
config = YAML.load(File.read('VERSION.yml'))
|
46
|
+
version = "#{config[:major]}.#{config[:minor]}.#{config[:patch]}"
|
47
|
+
else
|
48
|
+
version = ""
|
49
|
+
end
|
50
|
+
|
51
|
+
rdoc.rdoc_dir = 'rdoc'
|
52
|
+
rdoc.title = "inquisition #{version}"
|
53
|
+
rdoc.rdoc_files.include('README*')
|
54
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
55
|
+
end
|
56
|
+
|
data/VERSION.yml
CHANGED
data/lib/inquisition.rb
CHANGED
@@ -11,29 +11,37 @@ module Inquisition
|
|
11
11
|
end
|
12
12
|
|
13
13
|
module ClassMethods
|
14
|
-
|
15
|
-
# cleanse_attr creates getters and setters for the specified list of attributes.
|
16
14
|
def cleanse_attr(*attributes)
|
17
15
|
cleanse_attr_reader(*attributes)
|
18
16
|
cleanse_attr_writer(*attributes)
|
19
17
|
end
|
20
18
|
|
21
19
|
def cleanse_attr_reader(*attributes)
|
22
|
-
attributes
|
23
|
-
|
24
|
-
|
25
|
-
|
20
|
+
write_inheritable_attribute(:cleansed_attr_readers, attributes)
|
21
|
+
class_inheritable_reader(:cleansed_attr_readers)
|
22
|
+
|
23
|
+
define_method(:read_attribute_with_cleansing) do |attribute|
|
24
|
+
if cleansed_attr_readers.include?(attribute.to_sym)
|
25
|
+
HTML5libSanitize.sanitize_html(read_attribute_without_cleansing(attribute))
|
26
|
+
else
|
27
|
+
read_attribute_without_cleansing(attribute)
|
26
28
|
end
|
27
29
|
end
|
30
|
+
alias_method_chain :read_attribute, :cleansing
|
28
31
|
end
|
29
32
|
|
30
33
|
def cleanse_attr_writer(*attributes)
|
31
|
-
attributes
|
32
|
-
|
33
|
-
|
34
|
-
|
34
|
+
write_inheritable_attribute(:cleansed_attr_writers, attributes)
|
35
|
+
class_inheritable_reader(:cleansed_attr_writers)
|
36
|
+
|
37
|
+
define_method(:write_attribute_with_cleansing) do |attribute, value|
|
38
|
+
if cleansed_attr_writers.include?(attribute.to_sym)
|
39
|
+
write_attribute_without_cleansing(attribute, HTML5libSanitize.sanitize_html(value))
|
40
|
+
else
|
41
|
+
write_attribute_without_cleansing(attribute, value)
|
35
42
|
end
|
36
43
|
end
|
44
|
+
alias_method_chain :write_attribute, :cleansing
|
37
45
|
end
|
38
46
|
end #Class Methods
|
39
47
|
end #Inquisition
|
data/test/inquisition_test.rb
CHANGED
@@ -4,7 +4,7 @@ class InquisitionTest < Test::Unit::TestCase
|
|
4
4
|
context "a fine Whisky" do
|
5
5
|
setup do
|
6
6
|
@whisky = Whisky.new(:name => "<script>alert('Cragganmore')</script>",
|
7
|
-
:origin => "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", :abv => 42
|
7
|
+
:origin => "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", :abv => 42,
|
8
8
|
:description => %Q['';!--"<XSS>=&{()}a buttery scotch])
|
9
9
|
end
|
10
10
|
|
@@ -19,7 +19,7 @@ class InquisitionTest < Test::Unit::TestCase
|
|
19
19
|
|
20
20
|
should "cleanse heresy before setting" do
|
21
21
|
@whisky.name = "<script>alert('Cragganmore')</script>"
|
22
|
-
private_name = @whisky.
|
22
|
+
private_name = @whisky.attributes["name"]
|
23
23
|
|
24
24
|
assert_equal "<script>alert('Cragganmore')</script>", private_name
|
25
25
|
end
|
@@ -30,7 +30,7 @@ class InquisitionTest < Test::Unit::TestCase
|
|
30
30
|
|
31
31
|
should "not cleanse and set fields not targeted for cleansing" do
|
32
32
|
@whisky.origin = "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>"
|
33
|
-
private_origin = @whisky.
|
33
|
+
private_origin = @whisky.attributes["origin"]
|
34
34
|
assert_equal "<SCRIPT SRC=http://ha.ckers.org/xss.js>Scotland</SCRIPT>", @whisky.origin
|
35
35
|
end
|
36
36
|
end
|
data/test/models.rb
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => File.join(File.dirname(__FILE__), 'test.db')
|
2
|
+
|
3
|
+
class CreateSchema < ActiveRecord::Migration
|
4
|
+
def self.up
|
5
|
+
create_table :whiskies, :force => true do |t|
|
6
|
+
t.string :name, :origin, :description
|
7
|
+
t.integer :abv
|
8
|
+
end
|
9
|
+
create_table :animals, :force => true do |t|
|
10
|
+
t.string :name, :noise
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
CreateSchema.suppress_messages { CreateSchema.migrate(:up) }
|
16
|
+
|
17
|
+
class Animal < ActiveRecord::Base
|
18
|
+
def bark
|
19
|
+
"#{noise.capitalize}! #{noise.capitalize}!"
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
class Whisky < ActiveRecord::Base
|
24
|
+
cleanse_attr :name, :description
|
25
|
+
|
26
|
+
def drink
|
27
|
+
"You quaffed #{description}"
|
28
|
+
end
|
29
|
+
end
|
data/test/test_helper.rb
CHANGED
@@ -1,14 +1,9 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
1
3
|
require 'rubygems'
|
2
4
|
require 'test/unit'
|
5
|
+
require 'activerecord'
|
6
|
+
require 'activesupport'
|
3
7
|
require 'shoulda'
|
4
|
-
|
5
|
-
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
6
|
-
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
7
8
|
require 'inquisition'
|
8
|
-
|
9
|
-
#Test models, yeah.
|
10
|
-
require 'lib/animal'
|
11
|
-
require 'lib/whisky'
|
12
|
-
|
13
|
-
class Test::Unit::TestCase
|
14
|
-
end
|
9
|
+
require 'models'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: thumblemonks-inquisition
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- toothrot
|
@@ -27,12 +27,11 @@ files:
|
|
27
27
|
- README.rdoc
|
28
28
|
- lib/inquisition.rb
|
29
29
|
- lib/html5lib_sanitize.rb
|
30
|
-
- test/lib
|
31
|
-
- test/lib/animal.rb
|
32
|
-
- test/lib/whisky.rb
|
33
30
|
- test/inquisition_test.rb
|
34
31
|
- test/performance.rb
|
32
|
+
- test/models.rb
|
35
33
|
- test/test_helper.rb
|
34
|
+
- Rakefile
|
36
35
|
- LICENSE
|
37
36
|
has_rdoc: true
|
38
37
|
homepage: http://github.com/thumblemonks/inquisition
|
data/test/lib/animal.rb
DELETED
data/test/lib/whisky.rb
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
class Whisky
|
2
|
-
attr_accessor :name, :origin, :abv, :description
|
3
|
-
cleanse_attr :name, :description
|
4
|
-
|
5
|
-
def initialize(attributes)
|
6
|
-
attributes.each_pair do |k,v|
|
7
|
-
self.send(:"#{k}=",v)
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
def drink
|
12
|
-
"You quaffed #{description}"
|
13
|
-
end
|
14
|
-
end
|