Class: Police::Rack::Middleware

Inherits:

Object

• Object
• Police::Rack::Middleware

Defined in:

lib/police/rack/middleware.rb

Overview

Rack middleware that labels the HTTP input with UnsafeString.

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app, options = {}) ⇒ Middleware constructor

  A new instance of Middleware.

• #label_env(env) ⇒ Object

Constructor Details

#initialize(app, options = {}) ⇒ Middleware

Returns a new instance of Middleware.

# File 'lib/police/rack/middleware.rb', line 7

def initialize(app, options = {})
  @app = app
  @unsafe_string = Police::Labels::UnsafeString.new
  @unsafe_stream = Police::Labels::UnsafeStream.new @unsafe_string
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/police/rack/middleware.rb', line 13

def call(env)
  label_env env
  @app.call env
  # TODO(pwnall): filter output
end

#label_env(env) ⇒ Object

# File 'lib/police/rack/middleware.rb', line 19

def label_env(env)
  env['rack.input'] = Police::DataFlow.label env['rack.input'], @unsafe_stream
  env['QUERY_STRING'] = Police::DataFlow.label env['QUERY_STRING'],
      @unsafe_string
end