Module: Immunio::QuotingHooks
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/immunio/plugins/active_record.rb
Overview
Since every value that will be escaped is very likely to be param passed to a SQL query, we hook to the method escaping the values.
Params are then sent to the QueryTracker which will take care of matching the params to the query.
Constant Summary collapse
- IGNORED_TYPES =
[TrueClass, FalseClass, NilClass, Fixnum, Bignum, Float].freeze
Instance Method Summary collapse
-
#quote_with_immunio(value, column = nil) ⇒ Object
Passing a column to ‘quote` has been deprecated in 5.0.
Instance Method Details
#quote_with_immunio(value, column = nil) ⇒ Object
Passing a column to ‘quote` has been deprecated in 5.0.
20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/immunio/plugins/active_record.rb', line 20 def quote_with_immunio(value) if Request.current Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do # Ignored empty strings and values that can't contain injections. unless value.blank? || IGNORED_TYPES.include?(value.class) QueryTracker.instance.add_param nil, value.to_s, object_id end end end quote_without_immunio(value) end |