weasel_diesel 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +23 -1
- data/lib/params_verification.rb +3 -1
- data/lib/weasel_diesel/version.rb +1 -1
- data/spec/params_verification_spec.rb +13 -0
- metadata +10 -10
data/README.md
CHANGED
@@ -2,7 +2,12 @@
|
|
2
2
|
|
3
3
|
Weasel Diesel is a DSL to describe and document your web API.
|
4
4
|
|
5
|
-
To get you going quickly,
|
5
|
+
To get you going quickly, see the [generator for sinatra apps](https://github.com/mattetti/wd-sinatra).
|
6
|
+
The wd_sinatra gem allows you to generate the structure for a sinatra app using Weasel Diesel and with lots of goodies.
|
7
|
+
Updating is trivial since the core features are provided by this library and the wd_sinatra gem.
|
8
|
+
|
9
|
+
|
10
|
+
You can also check out this Sinatra-based [example
|
6
11
|
application](https://github.com/mattetti/sinatra-web-api-example) that
|
7
12
|
you can fork and use as a base for your application.
|
8
13
|
|
@@ -174,6 +179,23 @@ Other JSON DSL examples:
|
|
174
179
|
end
|
175
180
|
```
|
176
181
|
|
182
|
+
```
|
183
|
+
{"name": "Example"}
|
184
|
+
```
|
185
|
+
|
186
|
+
``` Ruby
|
187
|
+
describe_service "example" do |service|
|
188
|
+
service.formats :json
|
189
|
+
service.response do |response|
|
190
|
+
response.object do |node|
|
191
|
+
node.string :name
|
192
|
+
end
|
193
|
+
end
|
194
|
+
end
|
195
|
+
```
|
196
|
+
|
197
|
+
|
198
|
+
|
177
199
|
|
178
200
|
## Test Suite & Dependencies
|
179
201
|
|
data/lib/params_verification.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'erb' # used to sanitize the error message and avoid XSS attacks
|
2
|
+
|
1
3
|
# ParamsVerification module.
|
2
4
|
# Written to verify a service params without creating new objects.
|
3
5
|
# This module is used on all requests requiring validation and therefore performance
|
@@ -208,7 +210,7 @@ module ParamsVerification
|
|
208
210
|
# Raise an exception unless no unexpected params were found
|
209
211
|
unexpected_keys = (params.keys - param_names)
|
210
212
|
unless unexpected_keys.empty?
|
211
|
-
raise UnexpectedParam, "Request included unexpected parameter(s): #{unexpected_keys.join(', ')}"
|
213
|
+
raise UnexpectedParam, "Request included unexpected parameter(s): #{unexpected_keys.map{|k| ERB::Util.html_escape(k)}.join(', ')}"
|
212
214
|
end
|
213
215
|
end
|
214
216
|
|
@@ -98,5 +98,18 @@ describe ParamsVerification do
|
|
98
98
|
params = @valid_params.dup
|
99
99
|
lambda{ ParamsVerification.validate!(params, service.defined_params) }.should raise_exception
|
100
100
|
end
|
101
|
+
|
102
|
+
it "should raise an exception when an unexpected param is found" do
|
103
|
+
params = @valid_params.dup
|
104
|
+
params['attack'] = true
|
105
|
+
lambda{ ParamsVerification.validate!(params, @service.defined_params) }.should raise_exception(ParamsVerification::UnexpectedParam)
|
106
|
+
end
|
107
|
+
|
108
|
+
it "should prevent XSS attack on unexpected param name being listed in the exception message" do
|
109
|
+
params = @valid_params.dup
|
110
|
+
params["7e22c<script>alert('xss vulnerability')</script>e88ff3f0952"] = 1
|
111
|
+
escaped_error_message = /7e22c<script>alert\('xss vulnerability'\)<\/script>e88ff3f0952/
|
112
|
+
lambda{ ParamsVerification.validate!(params, @service.defined_params) }.should raise_exception(ParamsVerification::UnexpectedParam, escaped_error_message)
|
113
|
+
end
|
101
114
|
|
102
115
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: weasel_diesel
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-05-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
16
|
-
requirement: &
|
16
|
+
requirement: &70245501824860 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: '0'
|
22
22
|
type: :development
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *70245501824860
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: rack-test
|
27
|
-
requirement: &
|
27
|
+
requirement: &70245501824280 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: '0'
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *70245501824280
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: yard
|
38
|
-
requirement: &
|
38
|
+
requirement: &70245501823640 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ! '>='
|
@@ -43,10 +43,10 @@ dependencies:
|
|
43
43
|
version: '0'
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *70245501823640
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: sinatra
|
49
|
-
requirement: &
|
49
|
+
requirement: &70245501823060 !ruby/object:Gem::Requirement
|
50
50
|
none: false
|
51
51
|
requirements:
|
52
52
|
- - ! '>='
|
@@ -54,7 +54,7 @@ dependencies:
|
|
54
54
|
version: '0'
|
55
55
|
type: :development
|
56
56
|
prerelease: false
|
57
|
-
version_requirements: *
|
57
|
+
version_requirements: *70245501823060
|
58
58
|
description: Ruby DSL describing Web Services without implementation details.
|
59
59
|
email:
|
60
60
|
- mattaimonetti@gmail.com
|