Module: TaintedLove
- Extended by:
- Utils
- Defined in:
- lib/tainted_love.rb,
lib/tainted_love/utils.rb,
lib/tainted_love/version.rb,
lib/tainted_love/warning.rb,
lib/tainted_love/stack_trace.rb,
lib/tainted_love/utils/proxy.rb,
lib/tainted_love/configuration.rb,
lib/tainted_love/replacer/base.rb,
lib/tainted_love/reporter/base.rb,
lib/tainted_love/validator/base.rb,
lib/tainted_love/validator/ignore.rb,
lib/tainted_love/validator/erb_eval.rb,
lib/tainted_love/validator/haml_eval.rb,
lib/tainted_love/validator/i18n_load.rb,
lib/tainted_love/replacer/replace_file.rb,
lib/tainted_love/replacer/replace_yaml.rb,
lib/tainted_love/reporter/file_reporter.rb,
lib/tainted_love/replacer/replace_digest.rb,
lib/tainted_love/replacer/replace_kernel.rb,
lib/tainted_love/replacer/replace_object.rb,
lib/tainted_love/replacer/replace_string.rb,
lib/tainted_love/validator/rake_testtask.rb,
lib/tainted_love/replacer/replace_graphql.rb,
lib/tainted_love/replacer/replace_marshal.rb,
lib/tainted_love/reporter/stdout_reporter.rb,
lib/tainted_love/validator/webpacker_yaml.rb,
lib/tainted_love/replacer/replace_sprokets.rb,
lib/tainted_love/replacer/replace_rack_file.rb,
lib/tainted_love/validator/sprokets_marshal.rb,
lib/tainted_love/validator/rack_builder_eval.rb,
lib/tainted_love/replacer/replace_action_view.rb,
lib/tainted_love/replacer/replace_tag_builder.rb,
lib/tainted_love/validator/active_record_find.rb,
lib/tainted_love/validator/railties_yaml_load.rb,
lib/tainted_love/replacer/replace_rack_builder.rb,
lib/tainted_love/replacer/replace_active_record.rb,
lib/tainted_love/replacer/replace_rails_user_input.rb,
lib/tainted_love/validator/action_view_object_send.rb,
lib/tainted_love/replacer/replace_action_controller.rb,
lib/tainted_love/replacer/replace_rack_query_parser.rb,
lib/tainted_love/validator/redis_store_serialization.rb,
lib/tainted_love/validator/action_dispatch_diagnostics.rb
Defined Under Namespace
Modules: Replacer, Reporter, Utils, Validator Classes: Configuration, StackTrace, Warning
Constant Summary collapse
- VERSION =
'0.4.1'
Class Attribute Summary collapse
-
.configuration ⇒ Object
readonly
Returns the value of attribute configuration.
Class Method Summary collapse
-
.enable! {|TaintedLove::Configuration| ... } ⇒ TaintedLove::Configuration
Enables TaintedLove.
-
.report(replacer, tainted_input, tags = [], message = nil) ⇒ Object
Report tainted input.
Methods included from Utils
Class Attribute Details
.configuration ⇒ Object (readonly)
Returns the value of attribute configuration.
12 13 14 |
# File 'lib/tainted_love.rb', line 12 def configuration @configuration end |
Class Method Details
.enable! {|TaintedLove::Configuration| ... } ⇒ TaintedLove::Configuration
Enables TaintedLove. Use a block to configure the TaintedLove::Configuration
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/tainted_love.rb', line 18 def enable! configuration = TaintedLove::Configuration.new configuration.logger.info('TaintedLove is enabled') configuration.replacers = TaintedLove::Replacer::Base.replacers configuration.validators = TaintedLove::Validator::Base.validators configuration.reporter = TaintedLove::Reporter::StdoutReporter.new # Allows customization of which replacers/validators should be used yield configuration if block_given? @configuration = configuration configuration.replacers.each do |replacer| replacer = replacer.new replacer.replace! if replacer.should_replace? end configuration end |
.report(replacer, tainted_input, tags = [], message = nil) ⇒ Object
Report tainted input
45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/tainted_love.rb', line 45 def report(replacer, tainted_input, = [], = nil) warning = TaintedLove::Warning.new warning.tainted_input = tainted_input warning.stack_trace = TaintedLove::StackTrace.new(Thread.current.backtrace(3)) warning.replacer = replacer warning. = warning. = should_remove = @configuration.validators.any? do |validator| validator.new.remove?(warning) == true end @configuration.reporter.add_warning(warning) unless should_remove end |