Module: Jekyll::Minifier::ValidationHelpers

Defined in:

lib/jekyll-minifier.rb

Overview

ValidationHelpers module provides comprehensive input validation for Jekyll Minifier configurations and content processing

Constant Summary

MAX_SAFE_FILE_SIZE =

Maximum safe file size for processing (50MB)

50 * 1024 * 1024

MAX_SAFE_STRING_LENGTH =

Maximum safe configuration value sizes

10_000

MAX_SAFE_ARRAY_SIZE =

1_000

MAX_SAFE_HASH_SIZE =

100

Class Method Summary

• .validate_array(value, key = 'unknown', max_size = MAX_SAFE_ARRAY_SIZE) ⇒ Array^?

  Validates array configuration values with size and content checks.

• .validate_boolean(value, key = 'unknown') ⇒ Boolean^?

  Validates boolean configuration values.

• .validate_css_content(content, file_path = 'unknown') ⇒ Boolean

  Validates CSS content for basic syntax safety.

• .validate_file_content(content, file_type = 'unknown', file_path = 'unknown') ⇒ Boolean

  Validates file content size and encoding.

• .validate_file_path(path) ⇒ Boolean

  Validates file paths for security issues.

• .validate_hash(value, key = 'unknown', max_size = MAX_SAFE_HASH_SIZE) ⇒ Hash^?

  Validates hash configuration values with size and content checks.

• .validate_html_content(content, file_path = 'unknown') ⇒ Boolean

  Validates HTML content for basic syntax safety.

• .validate_integer(value, key = 'unknown', min = 0, max = 1_000_000) ⇒ Integer^?

  Validates integer configuration values with range checking.

• .validate_js_content(content, file_path = 'unknown') ⇒ Boolean

  Validates JavaScript content for basic syntax safety.

• .validate_json_content(content, file_path = 'unknown') ⇒ Boolean

  Validates JSON content for syntax safety.

• .validate_string(value, key = 'unknown', max_length = MAX_SAFE_STRING_LENGTH) ⇒ String^?

  Validates string configuration values with length and safety checks.

Class Method Details

.validate_array(value, key = 'unknown', max_size = MAX_SAFE_ARRAY_SIZE) ⇒ Array^?

Validates array configuration values with size and content checks

Parameters:

• value (Object) —

  The value to validate

• key (String) (defaults to: 'unknown') —

  Configuration key name

• max_size (Integer) (defaults to: MAX_SAFE_ARRAY_SIZE) —

  Maximum allowed array size

Returns:

• (Array, nil) —

  Validated array or empty array for invalid

# File 'lib/jekyll-minifier.rb', line 95

def validate_array(value, key = 'unknown', max_size = MAX_SAFE_ARRAY_SIZE)
  return [] if value.nil?
  
  # Convert single values to arrays
  array_value = value.respond_to?(:to_a) ? value.to_a : [value]
  
  if array_value.size > max_size
    Jekyll.logger.warn("Jekyll Minifier:", "Array value for '#{key}' too large (#{array_value.size} > #{max_size}). Truncating.")
    array_value = array_value.take(max_size)
  end
  
  # Filter out invalid elements
  valid_elements = array_value.filter_map do |element|
    next nil if element.nil?
    
    if element.respond_to?(:to_s)
      str_element = element.to_s
      next nil if str_element.empty? || str_element.length > MAX_SAFE_STRING_LENGTH
      str_element
    else
      nil
    end
  end
  
  valid_elements
end

.validate_boolean(value, key = 'unknown') ⇒ Boolean^?

Validates boolean configuration values

Parameters:

• value (Object) —

  The value to validate

• key (String) (defaults to: 'unknown') —

  Configuration key name for error messages

Returns:

• (Boolean, nil) —

  Validated boolean value or nil for invalid

# File 'lib/jekyll-minifier.rb', line 25

def validate_boolean(value, key = 'unknown')
  return nil if value.nil?
  
  case value
  when true, false
    value
  when 'true', '1', 1
    true
  when 'false', '0', 0
    false
  else
    Jekyll.logger.warn("Jekyll Minifier:", "Invalid boolean value for '#{key}': #{value.inspect}. Using default.")
    nil
  end
end

.validate_css_content(content, file_path = 'unknown') ⇒ Boolean

Validates CSS content for basic syntax safety

Parameters:

• content (String) —

  CSS content

• file_path (String) (defaults to: 'unknown') —

  File path for error messages

Returns:

• (Boolean) —

  True if content appears safe

# File 'lib/jekyll-minifier.rb', line 210

def validate_css_content(content, file_path = 'unknown')
  # Check for extremely unbalanced braces (potential malformed CSS)
  open_braces = content.count('{')
  close_braces = content.count('}')
  
  if (open_braces - close_braces).abs > 100
    Jekyll.logger.warn("Jekyll Minifier:", "CSS file appears malformed (unbalanced braces): #{file_path}")
    return false
  end
  
  true
end

.validate_file_content(content, file_type = 'unknown', file_path = 'unknown') ⇒ Boolean

Validates file content size and encoding

Parameters:

• content (String) —

  File content to validate

• file_type (String) (defaults to: 'unknown') —

  Type of file (css, js, html, json)

• file_path (String) (defaults to: 'unknown') —

  Path to file for error messages

Returns:

• (Boolean) —

  True if content is safe to process

# File 'lib/jekyll-minifier.rb', line 175

def validate_file_content(content, file_type = 'unknown', file_path = 'unknown')
  return false if content.nil?
  return false unless content.respond_to?(:bytesize)
  
  # Check file size
  if content.bytesize > MAX_SAFE_FILE_SIZE
    Jekyll.logger.warn("Jekyll Minifier:", "File too large for safe processing: #{file_path} (#{content.bytesize} bytes > #{MAX_SAFE_FILE_SIZE})")
    return false
  end
  
  # Check encoding validity
  unless content.valid_encoding?
    Jekyll.logger.warn("Jekyll Minifier:", "Invalid encoding in file: #{file_path}. Skipping minification.")
    return false
  end
  
  # Basic content validation per file type
  case file_type
  when 'css'
    validate_css_content(content, file_path)
  when 'js', 'javascript'
    validate_js_content(content, file_path)
  when 'json'
    validate_json_content(content, file_path)
  when 'html', 'xml'
    validate_html_content(content, file_path)
  else
    true # Unknown types pass through
  end
end

.validate_file_path(path) ⇒ Boolean

Validates file paths for security issues

Parameters:

• path (String) —

  File path to validate

Returns:

• (Boolean) —

  True if path is safe

# File 'lib/jekyll-minifier.rb', line 281

def validate_file_path(path)
  return false if path.nil? || path.empty?
  return false unless path.respond_to?(:to_s)
  
  path_str = path.to_s
  
  # Check for directory traversal attempts
  if path_str.include?('../') || path_str.include?('..\\') || path_str.include?('~/')
    Jekyll.logger.warn("Jekyll Minifier:", "Unsafe file path detected: #{path_str}")
    return false
  end
  
  # Check for null bytes
  if path_str.include?("\0")
    Jekyll.logger.warn("Jekyll Minifier:", "File path contains null byte: #{path_str}")
    return false
  end
  
  true
end

.validate_hash(value, key = 'unknown', max_size = MAX_SAFE_HASH_SIZE) ⇒ Hash^?

Validates hash configuration values with size and content checks

Parameters:

• value (Object) —

  The value to validate

• key (String) (defaults to: 'unknown') —

  Configuration key name

• max_size (Integer) (defaults to: MAX_SAFE_HASH_SIZE) —

  Maximum allowed hash size

Returns:

• (Hash, nil) —

  Validated hash or nil for invalid

# File 'lib/jekyll-minifier.rb', line 127

def validate_hash(value, key = 'unknown', max_size = MAX_SAFE_HASH_SIZE)
  return nil if value.nil?
  return nil unless value.respond_to?(:to_h)
  
  begin
    hash_value = value.to_h
    
    if hash_value.size > max_size
      Jekyll.logger.warn("Jekyll Minifier:", "Hash value for '#{key}' too large (#{hash_value.size} > #{max_size}). Using default.")
      return nil
    end
    
    # Validate hash keys and values
    validated_hash = {}
    hash_value.each do |k, v|
      # Convert keys to symbols for consistency
      key_sym = k.respond_to?(:to_sym) ? k.to_sym : nil
      next unless key_sym
      
      # Basic validation of values
      case v
      when String
        validated_value = validate_string(v, "#{key}[#{key_sym}]")
        validated_hash[key_sym] = validated_value if validated_value
      when Integer, Numeric
        validated_hash[key_sym] = v
      when true, false
        validated_hash[key_sym] = v
      when nil
        # Allow nil values
        validated_hash[key_sym] = nil
      else
        Jekyll.logger.warn("Jekyll Minifier:", "Unsupported value type for '#{key}[#{key_sym}]': #{v.class}. Skipping.")
      end
    end
    
    validated_hash
  rescue => e
    Jekyll.logger.warn("Jekyll Minifier:", "Failed to validate hash for '#{key}': #{e.message}. Using default.")
    nil
  end
end

.validate_html_content(content, file_path = 'unknown') ⇒ Boolean

Validates HTML content for basic syntax safety

Parameters:

• content (String) —

  HTML content

• file_path (String) (defaults to: 'unknown') —

  File path for error messages

Returns:

• (Boolean) —

  True if content appears safe

# File 'lib/jekyll-minifier.rb', line 263

def validate_html_content(content, file_path = 'unknown')
  # Basic HTML tag balance check
  open_tags = content.scan(/<[^\/>]+>/).length
  close_tags = content.scan(/<\/[^>]+>/).length
  self_closing = content.scan(/<[^>]+\/>/).length
  
  # Allow for reasonable imbalance (HTML5 void elements, etc.)
  if (open_tags - close_tags - self_closing).abs > 50
    Jekyll.logger.warn("Jekyll Minifier:", "HTML file appears malformed (unbalanced tags): #{file_path}")
    return false
  end
  
  true
end

.validate_integer(value, key = 'unknown', min = 0, max = 1_000_000) ⇒ Integer^?

Validates integer configuration values with range checking

Parameters:

• value (Object) —

  The value to validate

• key (String) (defaults to: 'unknown') —

  Configuration key name

• min (Integer) (defaults to: 0) —

  Minimum allowed value

• max (Integer) (defaults to: 1_000_000) —

  Maximum allowed value

Returns:

• (Integer, nil) —

  Validated integer or nil for invalid

# File 'lib/jekyll-minifier.rb', line 47

def validate_integer(value, key = 'unknown', min = 0, max = 1_000_000)
  return nil if value.nil?
  
  begin
    int_value = Integer(value)
    
    if int_value < min || int_value > max
      Jekyll.logger.warn("Jekyll Minifier:", "Integer value for '#{key}' out of range [#{min}-#{max}]: #{int_value}. Using default.")
      return nil
    end
    
    int_value
  rescue ArgumentError, TypeError
    Jekyll.logger.warn("Jekyll Minifier:", "Invalid integer value for '#{key}': #{value.inspect}. Using default.")
    nil
  end
end

.validate_js_content(content, file_path = 'unknown') ⇒ Boolean

Validates JavaScript content for basic syntax safety

Parameters:

• content (String) —

  JavaScript content

• file_path (String) (defaults to: 'unknown') —

  File path for error messages

Returns:

• (Boolean) —

  True if content appears safe

# File 'lib/jekyll-minifier.rb', line 227

def validate_js_content(content, file_path = 'unknown')
  # Check for extremely unbalanced braces and parentheses
  open_braces = content.count('{')
  close_braces = content.count('}')
  open_parens = content.count('(')
  close_parens = content.count(')')
  
  if (open_braces - close_braces).abs > 100 || (open_parens - close_parens).abs > 100
    Jekyll.logger.warn("Jekyll Minifier:", "JavaScript file appears malformed (unbalanced braces/parens): #{file_path}")
    return false
  end
  
  true
end

.validate_json_content(content, file_path = 'unknown') ⇒ Boolean

Validates JSON content for syntax safety

Parameters:

• content (String) —

  JSON content

• file_path (String) (defaults to: 'unknown') —

  File path for error messages

Returns:

• (Boolean) —

  True if content appears safe

# File 'lib/jekyll-minifier.rb', line 246

def validate_json_content(content, file_path = 'unknown')
  # Basic JSON structure validation without full parsing
  trimmed = content.strip
  
  unless (trimmed.start_with?('{') && trimmed.end_with?('}')) || 
         (trimmed.start_with?('[') && trimmed.end_with?(']'))
    Jekyll.logger.warn("Jekyll Minifier:", "JSON file doesn't appear to have valid structure: #{file_path}")
    return false
  end
  
  true
end

.validate_string(value, key = 'unknown', max_length = MAX_SAFE_STRING_LENGTH) ⇒ String^?

Validates string configuration values with length and safety checks

Parameters:

• value (Object) —

  The value to validate

• key (String) (defaults to: 'unknown') —

  Configuration key name

• max_length (Integer) (defaults to: MAX_SAFE_STRING_LENGTH) —

  Maximum allowed string length

Returns:

• (String, nil) —

  Validated string or nil for invalid

# File 'lib/jekyll-minifier.rb', line 70

def validate_string(value, key = 'unknown', max_length = MAX_SAFE_STRING_LENGTH)
  return nil if value.nil?
  return nil unless value.respond_to?(:to_s)
  
  str_value = value.to_s
  
  if str_value.length > max_length
    Jekyll.logger.warn("Jekyll Minifier:", "String value for '#{key}' too long (#{str_value.length} > #{max_length}). Using default.")
    return nil
  end
  
  # Basic safety check for control characters
  if str_value.match?(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/)
    Jekyll.logger.warn("Jekyll Minifier:", "String value for '#{key}' contains unsafe control characters. Using default.")
    return nil
  end
  
  str_value
end