ts_vector_tags 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/README.md +9 -1
  2. data/lib/ts_vector_tags.rb +17 -0
  3. data/spec/ts_vector_tags_spec.rb +13 -0
  4. data/ts_vector_tags.gemspec +2 -1
  5. metadata +32 -5
data/README.md CHANGED
@@ -27,11 +27,19 @@ Tags can be set using either an array, or a comma separated list.
27
27
  post.tags
28
28
  => ['bing', 'bong']
29
29
 
30
- The including class has a scope:
30
+ The including class has scopes:
31
+
32
+ Common '&'-searches:
31
33
 
32
34
  Post.with_tags('Paris, Texas')
33
35
  Post.with_tags('Paris', 'Texas')
34
36
 
37
+ Complex tsqueries:
38
+
39
+ Post.with_tags_query("foo & !(bar | baz)")
40
+
41
+ tsqueries deemed potentially dangerous raises the `TsVectorTags::InvalidTsQueryError` exception.
42
+
35
43
  Tags are normalized:
36
44
 
37
45
  post.tags = [' wtf#$%^ &*??!']
data/lib/ts_vector_tags.rb CHANGED
@@ -1,6 +1,11 @@
1
1
  # encoding: utf-8
2
2
  module TsVectorTags
3
3
 
4
+ # Regexp to reject injection attacks with ts_queries
5
+ TSQUERY_VALIDATOR = /^[[:alnum:]\*\:\(\)\&\!\|[:space:]]+$/
6
+
7
+ class InvalidTsQueryError < StandardError; end
8
+
4
9
  module Standardizer
5
10
  class << self
6
11
  def tagify(tags)
@@ -14,11 +19,23 @@ module TsVectorTags
14
19
  end
15
20
  end
16
21
 
22
+ def self.acceptable_tsquery?(query)
23
+ # TODO: Check for balanced parantheses
24
+ query =~ TSQUERY_VALIDATOR
25
+ end
26
+
17
27
  def self.included(base)
18
28
  base.class_eval do
29
+ # Accepts a comma separated list of tags and applies the 'and'-operator to them
19
30
  scope :with_tags, lambda { |tags|
20
31
  where("tags_vector @@ to_tsquery('simple', ?) ", TsVectorTags::Standardizer.tagify(tags).join(' & '))
21
32
  }
33
+
34
+ # Accepts a proper ts_query an allows complex logical expressions like "foo & !(bar | bling)"
35
+ scope :with_tags_query, lambda { |query|
36
+ raise InvalidTsQueryError, "Invalid tag query '#{query}'" unless TsVectorTags.acceptable_tsquery?(query)
37
+ where("tags_vector @@ to_tsquery('simple', '#{query}')")
38
+ }
22
39
  end
23
40
  end
24
41
 
data/spec/ts_vector_tags_spec.rb CHANGED
@@ -28,6 +28,19 @@ class Thing
28
28
  end
29
29
 
30
30
  describe TsVectorTags do
31
+
32
+ describe "tsqueries" do
33
+ it "rejects potentially dangerous tsqueries" do
34
+ TsVectorTags.acceptable_tsquery?("'").should be_false
35
+ TsVectorTags.acceptable_tsquery?('"').should be_false
36
+ end
37
+
38
+ it "accepts plain tsqueries" do
39
+ TsVectorTags.acceptable_tsquery?("foo & !(bar | fudd)")
40
+ TsVectorTags.acceptable_tsquery?("foo:*A")
41
+ end
42
+ end
43
+
31
44
  describe "accessors" do
32
45
  let(:thing) { Thing.new }
33
46
 
data/ts_vector_tags.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
  $:.push File.expand_path("../lib", __FILE__)
3
3
 
4
4
  module TsVectorTags
5
- VERSION = "0.0.5"
5
+ VERSION = "0.0.6"
6
6
  end
7
7
 
8
8
  Gem::Specification.new do |s|
@@ -22,4 +22,5 @@ Gem::Specification.new do |s|
22
22
  s.require_paths = ["lib"]
23
23
 
24
24
  s.add_development_dependency "rspec"
25
+ s.add_development_dependency "rake"
25
26
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ts_vector_tags
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,11 +10,11 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-09-04 00:00:00.000000000 Z
13
+ date: 2012-11-12 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rspec
17
- requirement: &70288914631240 !ruby/object:Gem::Requirement
17
+ requirement: !ruby/object:Gem::Requirement
18
18
  none: false
19
19
  requirements:
20
20
  - - ! '>='
@@ -22,7 +22,28 @@ dependencies:
22
22
  version: '0'
23
23
  type: :development
24
24
  prerelease: false
25
- version_requirements: *70288914631240
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ none: false
27
+ requirements:
28
+ - - ! '>='
29
+ - !ruby/object:Gem::Version
30
+ version: '0'
31
+ - !ruby/object:Gem::Dependency
32
+ name: rake
33
+ requirement: !ruby/object:Gem::Requirement
34
+ none: false
35
+ requirements:
36
+ - - ! '>='
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ type: :development
40
+ prerelease: false
41
+ version_requirements: !ruby/object:Gem::Requirement
42
+ none: false
43
+ requirements:
44
+ - - ! '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
26
47
  description: Extremely simple, if somewhat exotic, mixin that uses the tsvector feature
27
48
  in postgresql to add tags to an ActiveRecord model.
28
49
  email:
@@ -52,15 +73,21 @@ required_ruby_version: !ruby/object:Gem::Requirement
52
73
  - - ! '>='
53
74
  - !ruby/object:Gem::Version
54
75
  version: '0'
76
+ segments:
77
+ - 0
78
+ hash: -2976820661742119530
55
79
  required_rubygems_version: !ruby/object:Gem::Requirement
56
80
  none: false
57
81
  requirements:
58
82
  - - ! '>='
59
83
  - !ruby/object:Gem::Version
60
84
  version: '0'
85
+ segments:
86
+ - 0
87
+ hash: -2976820661742119530
61
88
  requirements: []
62
89
  rubyforge_project: ts_vector_tags
63
- rubygems_version: 1.8.15
90
+ rubygems_version: 1.8.24
64
91
  signing_key:
65
92
  specification_version: 3
66
93
  summary: Super simple tag mixin for postgresql and activerecord