whereable 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/README.md +11 -5
  4. data/lib/whereable.rb +1 -2
  5. data/lib/whereable/version.rb +1 -1
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e05606c44046b2bbc2afb63ad64dc40dfbd950c7e2417f8303ac9d504033fcf9
4
- data.tar.gz: e279cfd12a42d0dcc22bd33c2a934875d8c6bf16432c3fd62f53cb3d51bcdb5b
3
+ metadata.gz: ea1b122fb55b9fca4d22efd7d32057bbc198ef97f4090bdf8bdaa42da6b15a7f
4
+ data.tar.gz: 8a0d13ea659a80ca2f34df1e7e970ee6716bed272a36e288472a1827c6b61855
5
5
  SHA512:
6
- metadata.gz: 888cd81cd96258b790b2f789e001572155628837d10bc8e813219618c879540530916b62652249d3334a861ba9e091a2599dfe45acef67e388ad013d79e784f2
7
- data.tar.gz: 17764113a90b3dc10742ce4f566029c2a7bb0e9ad7249a701cd598c4666f483e3a4e9dec92a974046f11cb7b65b408cc06f3623f039ebcf3fa2339f730116af0
6
+ metadata.gz: 1e66e7d892444322c226af98aedd2639b31d3ebb1444bd6337582c6e40248dd2276b183ad70e6794430f0ed0cfa6618fccc37a9308ddf2a50c53453db74e05ac
7
+ data.tar.gz: 2552253cb5f31f90d5830a95db7f0f328b05f477e8f31709cb76234ebcfb3782709e322e1fa8c45b48b8645e413ac5d40f0f81045b7521979875d7432fece3bd
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  Release History
2
2
  ===============
3
+ # 0.1.2
4
+ * Appears to work with Ruby 2.3.0 and ActiveRecord 4.1.0 or newer.
5
+ However, there's a version conflict surrounding Treetop in Rails < 4.1.6.
6
+
3
7
  # 0.1.1
4
8
  * Make operators case-insensitive
5
9
 
data/README.md CHANGED
@@ -1,3 +1,5 @@
1
+ [![Gem Version](https://badge.fury.io/rb/whereable.svg)](https://badge.fury.io/rb/whereable)
2
+
1
3
  # Whereable
2
4
 
3
5
  Translates where-like filter syntax into an Arel-based ActiveRecord scope, so you can safely use SQL syntax in Rails controller parameters.
@@ -47,11 +49,15 @@ User.standard.where("born_on < '1970-11-11'")
47
49
  ```
48
50
  returns Neo as expected, so we're all good.
49
51
 
50
- *Meanwhile&hellip;* Your black hat API consumer passes in `filter=true) or (1=1`, and &hellip;
52
+ *Meanwhile&hellip;* Your black hat API consumer passes in `filter=true) or (true`, and &hellip;
51
53
  ``` ruby
52
- User.standard.where("true) or (1=1")
54
+ User.standard.where("true) or (true")
55
+ ```
56
+ returns **EVERYONE**, because the database query is &hellip;
57
+ ``` SQL
58
+ SELECT "users".* FROM "users" WHERE "users"."role" = 0 AND (true) or (true)
53
59
  ```
54
- returns **EVERYONE!!!** *This is how the Matrix gets hacked.*
60
+ *This is how the Matrix gets hacked.*
55
61
 
56
62
  Instead add `include Whereable` to your model, and change your controller to:
57
63
  ``` ruby
@@ -63,11 +69,11 @@ User.standard.whereable("born_on < '1970-11-11'")
63
69
  ```
64
70
  returns Neo as before, but &hellip;
65
71
  ``` ruby
66
- User.standard.whereable("true) or (1=1")
72
+ User.standard.whereable("true) or (true")
67
73
  ```
68
74
  raises exception &hellip;
69
75
  ``` ruby
70
- Whereable::FilterInvalid ('Invalid filter at ) or (1=1')
76
+ Whereable::FilterInvalid ('Invalid filter at ) or (true')
71
77
  ```
72
78
 
73
79
  ### Syntax
data/lib/whereable.rb CHANGED
@@ -4,7 +4,6 @@
4
4
 
5
5
  require 'whereable/version'
6
6
  require 'active_record'
7
- require 'active_support'
8
7
  require 'treetop'
9
8
  require 'whereable.treetop'
10
9
 
@@ -106,7 +105,7 @@ module Whereable
106
105
  )
107
106
  end
108
107
 
109
- class_methods do
108
+ module ClassMethods
110
109
  # Parse filter to hash tree using Treetop PEG
111
110
  def whereable_hash_tree(filter)
112
111
  parser = WhereableParser.new
data/lib/whereable/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  # Copyright 2020 Mack Earnhardt
4
4
 
5
5
  module Whereable
6
- VERSION = '0.1.1'
6
+ VERSION = '0.1.2'
7
7
  public_constant :VERSION
8
8
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: whereable
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mack Earnhardt
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: 4.1.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: 4.1.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: treetop
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: 1.5.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: 1.5.1
41
41
  description: |
42
42
  Translates where-like filter syntax into an Arel-based ActiveRecord scope,
43
43
  so you can safely use SQL syntax in Rails controller parameters.
@@ -69,7 +69,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
69
69
  requirements:
70
70
  - - ">="
71
71
  - !ruby/object:Gem::Version
72
- version: 2.4.0
72
+ version: 2.3.0
73
73
  required_rubygems_version: !ruby/object:Gem::Requirement
74
74
  requirements:
75
75
  - - ">="