Module: SqlSecurity
- Extended by:
- ActiveSupport::Concern
- Included in:
- Apicasso::BatchController, Apicasso::CrudController
- Defined in:
- app/controllers/concerns/sql_security.rb
Overview
This concern is used to check SQL injection
Constant Summary collapse
- DESCENDANTS_UNDERSCORED =
A list of all models within the application
ActiveRecord::Base.descendants.map do |descendant| descendant.to_s.underscore end.freeze
- GROUP_CALCULATE =
Available calculations on params requests
%w[ average calculate count ids maximum minimum pluck sum ].freeze
Instance Method Summary collapse
-
#sql_injection(klass, hash = nil) ⇒ Object
Check if request is a SQL injection.
Instance Method Details
#sql_injection(klass, hash = nil) ⇒ Object
Check if request is a SQL injection
34 35 36 37 38 39 40 41 42 |
# File 'app/controllers/concerns/sql_security.rb', line 34 def sql_injection(klass, hash = nil) apicasso_parameters(hash).each do |name, value| next unless Array.wrap(klass).any? do |klass| !safe_parameter?(klass, name, value) end return true end false end |