Class: AntiOffensiveString

Inherits:
Object
  • Object
show all
Defined in:
lib/anti_offensive_string.rb,
lib/anti_offensive_string/version.rb

Defined Under Namespace

Classes: InsecureRequest

Constant Summary collapse

TARGET_REGEXPS = 
[
  /\u0647\u0020\u0488\u0488\u0488|%D9%87[ +]%D2%88%D2%88%D2%88/
].freeze
DEFAULT_HANDLER = 
proc { [400, {'Content-Type' => 'text/plain'}, ['400 Bad Request']] }
VERSION = 
"0.0.2"

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ AntiOffensiveString

Returns a new instance of AntiOffensiveString.



35
36
37
 
# File 'lib/anti_offensive_string.rb', line 35

def initialize(app)
  @app = app
end

Class Method Details

.handlerObject 



30
31
32
 
# File 'lib/anti_offensive_string.rb', line 30

def handler
  @handler ||= DEFAULT_HANDLER
end

.handler=(proc_or_obj) ⇒ Object Also known as: error_response= 



20
21
22
23
24
25
26
 
# File 'lib/anti_offensive_string.rb', line 20

def handler=(proc_or_obj)
  @handler = if proc_or_obj.kind_of?(Proc)
               proc_or_obj
             else
               proc { proc_or_obj }
             end
end

.on_offensive_request(&block) ⇒ Object 



16
17
18
 
# File 'lib/anti_offensive_string.rb', line 16

def on_offensive_request(&block)
  @handler = block
end

Instance Method Details

#call(env) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/anti_offensive_string.rb', line 39

def call(env)
  input = env['rack.input'].read
  if TARGET_REGEXPS.any? { |r| r === input }
    raise InsecureRequest
  end

  env.each do |k, v|
    if v.kind_of?(String) && TARGET_REGEXPS.any? { |r| r === v }
      raise InsecureRequest
    end
  end

  begin
    env['rack.input'].rewind
  rescue Errno::ESPIPE
    env['rack.input'] = StringIO.new(input, "r")
  end

  @app.call(env)
rescue InsecureRequest
  return self.class.handler.call(env)
end