whiny-mass-assignment 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +2 -0
- data/Gemfile.lock +17 -0
- data/LICENSE +21 -0
- data/Manifest +15 -0
- data/README.md +22 -0
- data/Rakefile +15 -0
- data/lib/whiny-mass-assignment.rb +19 -0
- data/lib/whiny-mass-assignment/configuration.rb +21 -0
- data/lib/whiny-mass-assignment/sanitizer.rb +22 -0
- data/lib/whiny_mass_assignment.rb +1 -0
- data/rails/init.rb +1 -0
- data/spec/config_spec.rb +33 -0
- data/spec/sanitizer_spec.rb +24 -0
- data/spec/spec_helper.rb +5 -0
- data/tasks/spec.rake +8 -0
- data/whiny-mass-assignment.gemspec +33 -0
- metadata +103 -0
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
GEM
|
2
|
+
specs:
|
3
|
+
diff-lcs (1.1.2)
|
4
|
+
rspec (2.5.0)
|
5
|
+
rspec-core (~> 2.5.0)
|
6
|
+
rspec-expectations (~> 2.5.0)
|
7
|
+
rspec-mocks (~> 2.5.0)
|
8
|
+
rspec-core (2.5.1)
|
9
|
+
rspec-expectations (2.5.0)
|
10
|
+
diff-lcs (~> 1.1.2)
|
11
|
+
rspec-mocks (2.5.0)
|
12
|
+
|
13
|
+
PLATFORMS
|
14
|
+
ruby
|
15
|
+
|
16
|
+
DEPENDENCIES
|
17
|
+
rspec
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
Dual licensed under MIT License and GPL, pick what suits you best.
|
2
|
+
|
3
|
+
Copyright (c) 2011 Apps In Your Pants
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/Manifest
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
Gemfile
|
2
|
+
Gemfile.lock
|
3
|
+
LICENSE
|
4
|
+
Manifest
|
5
|
+
README.md
|
6
|
+
Rakefile
|
7
|
+
lib/whiny-mass-assignment.rb
|
8
|
+
lib/whiny-mass-assignment/configuration.rb
|
9
|
+
lib/whiny-mass-assignment/sanitizer.rb
|
10
|
+
lib/whiny_mass_assignment.rb
|
11
|
+
rails/init.rb
|
12
|
+
spec/config_spec.rb
|
13
|
+
spec/sanitizer_spec.rb
|
14
|
+
spec/spec_helper.rb
|
15
|
+
tasks/spec.rake
|
data/README.md
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Complain loudly when protected attributes are set through mass assignment.
|
2
|
+
|
3
|
+
By default, in rails 3, attempting to assign values to attributes that are protected from mass assignment,
|
4
|
+
rails will issue a warning to the logger and then proceed to ignore those values. That might be a sane
|
5
|
+
default for many developers but I believe that attempting to assign to protected attributes is an error,
|
6
|
+
not a warning and should be treated as such. During development rails should raise an exception so that
|
7
|
+
it's obvious you're doing something you shouldn't. In production it is a security violation and should be
|
8
|
+
available in an audit log.
|
9
|
+
|
10
|
+
|
11
|
+
## Usage
|
12
|
+
|
13
|
+
To enable whiny mass assignment errors simply set `whiny_mass_assignment` to `:raise` in your environment
|
14
|
+
configuration.
|
15
|
+
|
16
|
+
Application.configure do
|
17
|
+
config.whiny_mass_assignment = :raise
|
18
|
+
end
|
19
|
+
|
20
|
+
|
21
|
+
Other options are `:log` and `:invalidate`. `:log` uses the default rails behavior while `:invalidate` will
|
22
|
+
add a generic error message to the model validation errors in addition to the default log.
|
data/Rakefile
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
require 'echoe'
|
4
|
+
|
5
|
+
Echoe.new( 'whiny-mass-assignment', '0.1.0', ) do |p|
|
6
|
+
p.description = "Complain loudly when protected attributes are set through mass assignment."
|
7
|
+
p.url = "https://github.com/appsinyourpants/whiny-mass-assignment"
|
8
|
+
p.author = "Paul Alexander"
|
9
|
+
p.email = "paul@appsinyourpants.com"
|
10
|
+
p.ignore_pattern = [ "tmp/*" ]
|
11
|
+
p.development_dependencies = ["rspec"]
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
Dir[ File.join File.dirname(__FILE__), "tasks/*.rake" ].sort.each { |ext| load ext }
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module WhinyMassAssignment
|
2
|
+
module Config
|
3
|
+
|
4
|
+
def self.mode
|
5
|
+
@mode ||= :raise
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.mode=(value)
|
9
|
+
@mode = value
|
10
|
+
end
|
11
|
+
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
|
16
|
+
require 'whiny-mass-assignment/sanitizer'
|
17
|
+
if defined? Rails
|
18
|
+
require 'whiny-mass-assignment/configuration'
|
19
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module WhinyMassAssignment
|
2
|
+
module Application
|
3
|
+
|
4
|
+
def whiny_mass_assignment
|
5
|
+
Config.mode
|
6
|
+
end
|
7
|
+
|
8
|
+
def whiny_mass_assignment=(value)
|
9
|
+
raise ArgumentError.new("invalid configuration value") unless %w{ log raise invalidate }.index(value.to_s)
|
10
|
+
Config.mode = value
|
11
|
+
end
|
12
|
+
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
|
17
|
+
class Rails::Application
|
18
|
+
extend WhinyMassAssignment::Application
|
19
|
+
end
|
20
|
+
|
21
|
+
|
@@ -0,0 +1,22 @@
|
|
1
|
+
module WhinyMassAssignment
|
2
|
+
module Sanitizer
|
3
|
+
|
4
|
+
def whine!(attrs)
|
5
|
+
raise "Can't mass-assign protected attributes: #{attrs.join(', ')}"
|
6
|
+
end
|
7
|
+
|
8
|
+
def warn!(attrs)
|
9
|
+
super if Config.options[:mode] == :log
|
10
|
+
whine! attrs if Config.options[:mode] == :raise
|
11
|
+
end
|
12
|
+
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
class ActiveModel::MassAssignmentSecurity::WhiteList
|
17
|
+
include WhinyMassAssignment::Sanitizer
|
18
|
+
end
|
19
|
+
|
20
|
+
class ActiveModel::MassAssignmentSecurity::BlackList
|
21
|
+
include WhinyMassAssignment::Sanitizer
|
22
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'whiny-mass-assignment'
|
data/rails/init.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'whiny-mass-assignment'
|
data/spec/config_spec.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'rails/all'
|
3
|
+
require 'whiny-mass-assignment'
|
4
|
+
|
5
|
+
module Whiny
|
6
|
+
class Application < ::Rails::Application
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
describe WhinyMassAssignment::Config do
|
11
|
+
|
12
|
+
it "it should integrate with Application::Configuration" do
|
13
|
+
Whiny::Application.should respond_to(:whiny_mass_assignment)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should be :raise by default" do
|
17
|
+
Whiny::Application.whiny_mass_assignment.should == :raise
|
18
|
+
end
|
19
|
+
|
20
|
+
describe ".whiny_mass_assignment" do
|
21
|
+
%w{ raise log invalidate }.each do |setting|
|
22
|
+
it "should accept #{setting} " do
|
23
|
+
Whiny::Application.whiny_mass_assignment = setting
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
it "should not accept none" do
|
28
|
+
lambda{ Whiny::Application.whiny_mass_assignment = :none }.should raise_error
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'active_model'
|
2
|
+
require 'spec_helper'
|
3
|
+
require 'whiny-mass-assignment'
|
4
|
+
|
5
|
+
class List < ActiveModel::MassAssignmentSecurity::WhiteList
|
6
|
+
public :warn!
|
7
|
+
end
|
8
|
+
|
9
|
+
describe ActiveModel::MassAssignmentSecurity::WhiteList do
|
10
|
+
|
11
|
+
before do
|
12
|
+
@whitelist = List.new()
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should respond to whine!" do
|
16
|
+
@whitelist.should respond_to :whine!
|
17
|
+
end
|
18
|
+
|
19
|
+
describe "when :raise" do
|
20
|
+
it "should raise exception" do
|
21
|
+
lambda{ @whitelist.warn!(["example"]) }.should raise_error
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/spec/spec_helper.rb
ADDED
data/tasks/spec.rake
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = %q{whiny-mass-assignment}
|
5
|
+
s.version = "0.1.0"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Paul Alexander"]
|
9
|
+
s.date = %q{2011-02-22}
|
10
|
+
s.description = %q{Complain loudly when protected attributes are set through mass assignment.}
|
11
|
+
s.email = %q{paul@appsinyourpants.com}
|
12
|
+
s.extra_rdoc_files = ["LICENSE", "README.md", "lib/whiny-mass-assignment.rb", "lib/whiny-mass-assignment/configuration.rb", "lib/whiny-mass-assignment/sanitizer.rb", "lib/whiny_mass_assignment.rb", "tasks/spec.rake"]
|
13
|
+
s.files = ["Gemfile", "Gemfile.lock", "LICENSE", "Manifest", "README.md", "Rakefile", "lib/whiny-mass-assignment.rb", "lib/whiny-mass-assignment/configuration.rb", "lib/whiny-mass-assignment/sanitizer.rb", "lib/whiny_mass_assignment.rb", "rails/init.rb", "spec/config_spec.rb", "spec/sanitizer_spec.rb", "spec/spec_helper.rb", "tasks/spec.rake", "whiny-mass-assignment.gemspec"]
|
14
|
+
s.homepage = %q{https://github.com/appsinyourpants/whiny-mass-assignment}
|
15
|
+
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Whiny-mass-assignment", "--main", "README.md"]
|
16
|
+
s.require_paths = ["lib"]
|
17
|
+
s.rubyforge_project = %q{whiny-mass-assignment}
|
18
|
+
s.rubygems_version = %q{1.3.7}
|
19
|
+
s.summary = %q{Complain loudly when protected attributes are set through mass assignment.}
|
20
|
+
|
21
|
+
if s.respond_to? :specification_version then
|
22
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
23
|
+
s.specification_version = 3
|
24
|
+
|
25
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
26
|
+
s.add_development_dependency(%q<rspec>, [">= 0"])
|
27
|
+
else
|
28
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
29
|
+
end
|
30
|
+
else
|
31
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
32
|
+
end
|
33
|
+
end
|
metadata
ADDED
@@ -0,0 +1,103 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: whiny-mass-assignment
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 1
|
8
|
+
- 0
|
9
|
+
version: 0.1.0
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- Paul Alexander
|
13
|
+
autorequire:
|
14
|
+
bindir: bin
|
15
|
+
cert_chain: []
|
16
|
+
|
17
|
+
date: 2011-02-22 00:00:00 -08:00
|
18
|
+
default_executable:
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: rspec
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
none: false
|
25
|
+
requirements:
|
26
|
+
- - ">="
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
segments:
|
29
|
+
- 0
|
30
|
+
version: "0"
|
31
|
+
type: :development
|
32
|
+
version_requirements: *id001
|
33
|
+
description: Complain loudly when protected attributes are set through mass assignment.
|
34
|
+
email: paul@appsinyourpants.com
|
35
|
+
executables: []
|
36
|
+
|
37
|
+
extensions: []
|
38
|
+
|
39
|
+
extra_rdoc_files:
|
40
|
+
- LICENSE
|
41
|
+
- README.md
|
42
|
+
- lib/whiny-mass-assignment.rb
|
43
|
+
- lib/whiny-mass-assignment/configuration.rb
|
44
|
+
- lib/whiny-mass-assignment/sanitizer.rb
|
45
|
+
- lib/whiny_mass_assignment.rb
|
46
|
+
- tasks/spec.rake
|
47
|
+
files:
|
48
|
+
- Gemfile
|
49
|
+
- Gemfile.lock
|
50
|
+
- LICENSE
|
51
|
+
- Manifest
|
52
|
+
- README.md
|
53
|
+
- Rakefile
|
54
|
+
- lib/whiny-mass-assignment.rb
|
55
|
+
- lib/whiny-mass-assignment/configuration.rb
|
56
|
+
- lib/whiny-mass-assignment/sanitizer.rb
|
57
|
+
- lib/whiny_mass_assignment.rb
|
58
|
+
- rails/init.rb
|
59
|
+
- spec/config_spec.rb
|
60
|
+
- spec/sanitizer_spec.rb
|
61
|
+
- spec/spec_helper.rb
|
62
|
+
- tasks/spec.rake
|
63
|
+
- whiny-mass-assignment.gemspec
|
64
|
+
has_rdoc: true
|
65
|
+
homepage: https://github.com/appsinyourpants/whiny-mass-assignment
|
66
|
+
licenses: []
|
67
|
+
|
68
|
+
post_install_message:
|
69
|
+
rdoc_options:
|
70
|
+
- --line-numbers
|
71
|
+
- --inline-source
|
72
|
+
- --title
|
73
|
+
- Whiny-mass-assignment
|
74
|
+
- --main
|
75
|
+
- README.md
|
76
|
+
require_paths:
|
77
|
+
- lib
|
78
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
79
|
+
none: false
|
80
|
+
requirements:
|
81
|
+
- - ">="
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
segments:
|
84
|
+
- 0
|
85
|
+
version: "0"
|
86
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
87
|
+
none: false
|
88
|
+
requirements:
|
89
|
+
- - ">="
|
90
|
+
- !ruby/object:Gem::Version
|
91
|
+
segments:
|
92
|
+
- 1
|
93
|
+
- 2
|
94
|
+
version: "1.2"
|
95
|
+
requirements: []
|
96
|
+
|
97
|
+
rubyforge_project: whiny-mass-assignment
|
98
|
+
rubygems_version: 1.3.7
|
99
|
+
signing_key:
|
100
|
+
specification_version: 3
|
101
|
+
summary: Complain loudly when protected attributes are set through mass assignment.
|
102
|
+
test_files: []
|
103
|
+
|