Module: TaintedLove

Extended by:
Utils
Defined in:
lib/tainted_love.rb,
lib/tainted_love/utils.rb,
lib/tainted_love/version.rb,
lib/tainted_love/warning.rb,
lib/tainted_love/stack_trace.rb,
lib/tainted_love/configuration.rb,
lib/tainted_love/replacer/base.rb,
lib/tainted_love/reporter/base.rb,
lib/tainted_love/validator/base.rb,
lib/tainted_love/validator/erb_eval.rb,
lib/tainted_love/replacer/replace_file.rb,
lib/tainted_love/replacer/replace_yaml.rb,
lib/tainted_love/reporter/file_reporter.rb,
lib/tainted_love/replacer/replace_digest.rb,
lib/tainted_love/replacer/replace_kernel.rb,
lib/tainted_love/replacer/replace_object.rb,
lib/tainted_love/replacer/replace_marshal.rb,
lib/tainted_love/reporter/stdout_reporter.rb,
lib/tainted_love/replacer/replace_sprokets.rb,
lib/tainted_love/validator/sprokets_marshal.rb,
lib/tainted_love/replacer/replace_action_view.rb,
lib/tainted_love/replacer/replace_active_record.rb,
lib/tainted_love/replacer/replace_rails_user_input.rb,
lib/tainted_love/validator/action_view_object_send.rb,
lib/tainted_love/replacer/replace_action_controller.rb,
lib/tainted_love/validator/redis_store_serialization.rb

Defined Under Namespace

Modules: Replacer, Reporter, Utils, Validator Classes: Configuration, StackTrace, Warning

Constant Summary collapse

VERSION = 
'0.1.3'

Class Attribute Summary collapse

Class Method Summary collapse

Methods included from Utils

add_tracking, hash, proxy_method

Class Attribute Details

.configurationObject (readonly)

Returns the value of attribute configuration.



9
10
11
 
# File 'lib/tainted_love.rb', line 9

def configuration
  @configuration
end

Class Method Details

.enable! {|TaintedLove::Configuration| ... } ⇒ Object

Enables TaintedLove. Use a block to configure the TaintedLove::Configuration

Yields:



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/tainted_love.rb', line 15

def enable!
  configuration = TaintedLove::Configuration.new

  configuration.logger.info('TaintedLove is enabled')
  configuration.replacers = TaintedLove::Replacer::Base.replacers
  configuration.validators = TaintedLove::Validator::Base.validators
  configuration.reporter = TaintedLove::Reporter::StdoutReporter.new

  # Allows customization of which replacers/validators should be used
  yield configuration if block_given?

  @configuration = configuration

  configuration.replacers.each do |replacer|
    replacer = replacer.new
    replacer.replace! if replacer.should_replace?
  end

  configuration
end

.report(replacer, tainted_input, tags = [], message = nil) ⇒ Object

Report tainted input

Parameters:

  • replacer (Symbol)

    Replacer reporting the issue

  • tainted_input (Object)

    Tainted object

  • tags (Array<Symbol>) (defaults to: [])

    Tags to classify the warning

  • message (String) (defaults to: nil)

    Message about the warning



42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/tainted_love.rb', line 42

def report(replacer, tainted_input, tags = [], message = nil)
  warning = TaintedLove::Warning.new
  warning.tainted_input = tainted_input
  warning.stack_trace = TaintedLove::StackTrace.new(Thread.current.backtrace(3))
  warning.replacer = replacer
  warning.tags = tags
  warning.message = message

  should_remove = @configuration.validators.any? do |validator|
    validator.new.remove?(warning)
  end

  @configuration.reporter.add_warning(warning) unless should_remove
end