whereable 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +11 -5
  4. data/lib/whereable.rb +1 -2
  5. data/lib/whereable/version.rb +1 -1
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e05606c44046b2bbc2afb63ad64dc40dfbd950c7e2417f8303ac9d504033fcf9
4
- data.tar.gz: e279cfd12a42d0dcc22bd33c2a934875d8c6bf16432c3fd62f53cb3d51bcdb5b
3
+ metadata.gz: ea1b122fb55b9fca4d22efd7d32057bbc198ef97f4090bdf8bdaa42da6b15a7f
4
+ data.tar.gz: 8a0d13ea659a80ca2f34df1e7e970ee6716bed272a36e288472a1827c6b61855
5
5
  SHA512:
6
- metadata.gz: 888cd81cd96258b790b2f789e001572155628837d10bc8e813219618c879540530916b62652249d3334a861ba9e091a2599dfe45acef67e388ad013d79e784f2
7
- data.tar.gz: 17764113a90b3dc10742ce4f566029c2a7bb0e9ad7249a701cd598c4666f483e3a4e9dec92a974046f11cb7b65b408cc06f3623f039ebcf3fa2339f730116af0
6
+ metadata.gz: 1e66e7d892444322c226af98aedd2639b31d3ebb1444bd6337582c6e40248dd2276b183ad70e6794430f0ed0cfa6618fccc37a9308ddf2a50c53453db74e05ac
7
+ data.tar.gz: 2552253cb5f31f90d5830a95db7f0f328b05f477e8f31709cb76234ebcfb3782709e322e1fa8c45b48b8645e413ac5d40f0f81045b7521979875d7432fece3bd
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  Release History
2
2
  ===============
3
+ # 0.1.2
4
+ * Appears to work with Ruby 2.3.0 and ActiveRecord 4.1.0 or newer.
5
+ However, there's a version conflict surrounding Treetop in Rails < 4.1.6.
6
+
3
7
  # 0.1.1
4
8
  * Make operators case-insensitive
5
9
 
data/README.md CHANGED
@@ -1,3 +1,5 @@
1
+ [![Gem Version](https://badge.fury.io/rb/whereable.svg)](https://badge.fury.io/rb/whereable)
2
+
1
3
  # Whereable
2
4
 
3
5
  Translates where-like filter syntax into an Arel-based ActiveRecord scope, so you can safely use SQL syntax in Rails controller parameters.
@@ -47,11 +49,15 @@ User.standard.where("born_on < '1970-11-11'")
47
49
  ```
48
50
  returns Neo as expected, so we're all good.
49
51
 
50
- *Meanwhile&hellip;* Your black hat API consumer passes in `filter=true) or (1=1`, and &hellip;
52
+ *Meanwhile&hellip;* Your black hat API consumer passes in `filter=true) or (true`, and &hellip;
51
53
  ``` ruby
52
- User.standard.where("true) or (1=1")
54
+ User.standard.where("true) or (true")
55
+ ```
56
+ returns **EVERYONE**, because the database query is &hellip;
57
+ ``` SQL
58
+ SELECT "users".* FROM "users" WHERE "users"."role" = 0 AND (true) or (true)
53
59
  ```
54
- returns **EVERYONE!!!** *This is how the Matrix gets hacked.*
60
+ *This is how the Matrix gets hacked.*
55
61
 
56
62
  Instead add `include Whereable` to your model, and change your controller to:
57
63
  ``` ruby
@@ -63,11 +69,11 @@ User.standard.whereable("born_on < '1970-11-11'")
63
69
  ```
64
70
  returns Neo as before, but &hellip;
65
71
  ``` ruby
66
- User.standard.whereable("true) or (1=1")
72
+ User.standard.whereable("true) or (true")
67
73
  ```
68
74
  raises exception &hellip;
69
75
  ``` ruby
70
- Whereable::FilterInvalid ('Invalid filter at ) or (1=1')
76
+ Whereable::FilterInvalid ('Invalid filter at ) or (true')
71
77
  ```
72
78
 
73
79
  ### Syntax
data/lib/whereable.rb CHANGED
@@ -4,7 +4,6 @@
4
4
 
5
5
  require 'whereable/version'
6
6
  require 'active_record'
7
- require 'active_support'
8
7
  require 'treetop'
9
8
  require 'whereable.treetop'
10
9
 
@@ -106,7 +105,7 @@ module Whereable
106
105
  )
107
106
  end
108
107
 
109
- class_methods do
108
+ module ClassMethods
110
109
  # Parse filter to hash tree using Treetop PEG
111
110
  def whereable_hash_tree(filter)
112
111
  parser = WhereableParser.new
data/lib/whereable/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  # Copyright 2020 Mack Earnhardt
4
4
 
5
5
  module Whereable
6
- VERSION = '0.1.1'
6
+ VERSION = '0.1.2'
7
7
  public_constant :VERSION
8
8
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: whereable
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mack Earnhardt
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: 4.1.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: 4.1.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: treetop
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: 1.5.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: 1.5.1
41
41
  description: |
42
42
  Translates where-like filter syntax into an Arel-based ActiveRecord scope,
43
43
  so you can safely use SQL syntax in Rails controller parameters.
@@ -69,7 +69,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
69
69
  requirements:
70
70
  - - ">="
71
71
  - !ruby/object:Gem::Version
72
- version: 2.4.0
72
+ version: 2.3.0
73
73
  required_rubygems_version: !ruby/object:Gem::Requirement
74
74
  requirements:
75
75
  - - ">="