RubyGems - weasel_diesel - Versions diffs - 1.0.1 → 1.0.2 - Mend

weasel_diesel 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/README.md +23 -1
data/lib/params_verification.rb +3 -1
data/lib/weasel_diesel/version.rb +1 -1
data/spec/params_verification_spec.rb +13 -0
metadata +10 -10

data/README.md CHANGED Viewed

@@ -2,7 +2,12 @@
 Weasel Diesel is a DSL to describe and document your web API.
-To get you going quickly, there's a Sinatra-based [example
+To get you going quickly, see the [generator for sinatra apps](https://github.com/mattetti/wd-sinatra).
+The wd_sinatra gem allows you to generate the structure for a sinatra app using Weasel Diesel and with lots of goodies.
+Updating is trivial since the core features are provided by this library and the wd_sinatra gem.
+You can also check out this Sinatra-based [example
 application](https://github.com/mattetti/sinatra-web-api-example) that
 you can fork and use as a base for your application.
@@ -174,6 +179,23 @@ Other JSON DSL examples:
   end
 ```
+```
+ {"name": "Example"}
+```
+``` Ruby
+describe_service "example" do |service|
+  service.formats  :json
+  service.response do |response|
+    response.object do |node|
+      node.string :name
+    end
+  end
+end
+```
 ## Test Suite & Dependencies

data/lib/params_verification.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require 'erb' # used to sanitize the error message and avoid XSS attacks
 # ParamsVerification module.
 # Written to verify a service params without creating new objects.
 # This module is used on all requests requiring validation and therefore performance
@@ -208,7 +210,7 @@ module ParamsVerification
     # Raise an exception unless no unexpected params were found
     unexpected_keys = (params.keys - param_names)
     unless unexpected_keys.empty?
-      raise UnexpectedParam, "Request included unexpected parameter(s): #{unexpected_keys.join(', ')}"
+      raise UnexpectedParam, "Request included unexpected parameter(s): #{unexpected_keys.map{|k| ERB::Util.html_escape(k)}.join(', ')}"
     end
   end

data/lib/weasel_diesel/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class WeaselDiesel
-  VERSION = "1.0.1"
+  VERSION = "1.0.2"
 end

data/spec/params_verification_spec.rb CHANGED Viewed

@@ -98,5 +98,18 @@ describe ParamsVerification do
     params = @valid_params.dup
     lambda{ ParamsVerification.validate!(params, service.defined_params) }.should raise_exception
   end
+  it "should raise an exception when an unexpected param is found" do
+    params = @valid_params.dup
+    params['attack'] = true
+    lambda{ ParamsVerification.validate!(params, @service.defined_params) }.should raise_exception(ParamsVerification::UnexpectedParam)
+  end
+  it "should prevent XSS attack on unexpected param name being listed in the exception message" do
+    params = @valid_params.dup
+    params["7e22c<script>alert('xss vulnerability')</script>e88ff3f0952"] = 1
+    escaped_error_message = /7e22c&lt;script&gt;alert\('xss vulnerability'\)&lt;\/script&gt;e88ff3f0952/
+    lambda{ ParamsVerification.validate!(params, @service.defined_params) }.should raise_exception(ParamsVerification::UnexpectedParam, escaped_error_message)
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: weasel_diesel
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
   prerelease:
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-06 00:00:00.000000000 Z
+date: 2012-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70204984229320 !ruby/object:Gem::Requirement
+  requirement: &70245501824860 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70204984229320
+  version_requirements: *70245501824860
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &70204984228900 !ruby/object:Gem::Requirement
+  requirement: &70245501824280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70204984228900
+  version_requirements: *70245501824280
 - !ruby/object:Gem::Dependency
   name: yard
-  requirement: &70204984228480 !ruby/object:Gem::Requirement
+  requirement: &70245501823640 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70204984228480
+  version_requirements: *70245501823640
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &70204984228060 !ruby/object:Gem::Requirement
+  requirement: &70245501823060 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,7 +54,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70204984228060
+  version_requirements: *70245501823060
 description: Ruby DSL describing Web Services without implementation details.
 email:
 - mattaimonetti@gmail.com