Module: SqlSecurity

Extended by:: ActiveSupport::Concern

Included in:: Apicasso::BatchController, Apicasso::CrudController

Defined in:: app/controllers/concerns/sql_security.rb

Overview

This concern is used to check SQL injection

Constant Summary collapse

DESCENDANTS_UNDERSCORED = A list of all models within the application

ActiveRecord::Base.descendants.map do |descendant|
  descendant.to_s.underscore
end.freeze

GROUP_CALCULATE = Available calculations on params requests

%w[
  average
  calculate
  count
  ids
  maximum
  minimum
  pluck
  sum
].freeze

Instance Method Summary collapse

#sql_injection(klass, hash = nil) ⇒ Object

Check if request is a SQL injection.

Instance Method Details

#sql_injection(klass, hash = nil) ⇒ `Object`

Check if request is a SQL injection

# File 'app/controllers/concerns/sql_security.rb', line 34

def sql_injection(klass, hash = nil)
  apicasso_parameters(hash).each do |name, value|
    next unless Array.wrap(klass).any? do |klass|
      !safe_parameter?(klass, name, value)
    end
    return true
  end
  false
end