Module: Sack::Database::Sanitizer

Defined in:

lib/sack/database/sanitizer.rb

Overview

Santizer Module: Provides Table and Field name sanitization methods.

Constant Summary

FIELD_NAME_REX =

Generic Field Name Regex

/^[0-9a-z_.-]+$/

Class Method Summary

• .drop_nonprintascii(s) ⇒ String

  Drop Non-Print-ASCII: Removes all non-printable-ASCII characters from a String.

• .field(schema, table, field) ⇒ Symbol

  Sanitize Table Field Name: Raises an exception if table or field are not valid according to schema.

• .field_name(name) ⇒ Symbol

  Sanitize Generic Field Name: Raises an exception if name contains invalid characters (defined in FIELD_NAME_REX).

• .ftype(t) ⇒ Symbol

  Sanitize Field Types Raises an exception if t is not an allowed Field Type (defined in FTYPES).

• .table(schema, name) ⇒ Symbol

  Sanitize Table Name: Raises an exception if name is not a valid table in schema.

• .value(v) ⇒ Object

  Sanitize Field Value: Escapes single-quotes inside field values.

Class Method Details

.drop_nonprintascii(s) ⇒ String

Drop Non-Print-ASCII: Removes all non-printable-ASCII characters from a String.

Parameters:

• s (String) —

  Input string

Returns:

• (String) —

  The provided string, stripped of any non-printable-ASCII text

# File 'lib/sack/database/sanitizer.rb', line 73

def self.drop_nonprintascii s
  s.bytes.select { |b| (b >= 0x20) && (b <= 0x7e) }.inject('') { |a, e| a + e.chr }
end

.field(schema, table, field) ⇒ Symbol

Sanitize Table Field Name: Raises an exception if table or field are not valid according to schema.

Parameters:

• schema (Hash) —

  Database schema

• table (Symbol) —

  Table name

• field (Symbol) —

  Field name

Returns:

• (Symbol) —

  Field name if sanitization passed

# File 'lib/sack/database/sanitizer.rb', line 36

def self.field schema, table, field
  table schema, table
  raise "Illegal field [#{field}] for table [#{table}]" unless (field.to_sym.to_s == field.to_s) && schema[table.to_sym].has_key?(field.to_sym)
  field
end

.field_name(name) ⇒ Symbol

Sanitize Generic Field Name: Raises an exception if name contains invalid characters (defined in FIELD_NAME_REX).

Parameters:

• name (Symbol) —

  Field name

Returns:

• (Symbol) —

  Field name if sanitization passed

# File 'lib/sack/database/sanitizer.rb', line 46

def self.field_name name
  raise "Illegal field name [#{name}]" unless FIELD_NAME_REX =~ name
  name
end

.ftype(t) ⇒ Symbol

Sanitize Field Types Raises an exception if t is not an allowed Field Type (defined in FTYPES).

Parameters:

• t (Symbol) —

  Field type symbol (from FTYPES)

Returns:

• (Symbol) —

  Field type if sanitization passed

# File 'lib/sack/database/sanitizer.rb', line 55

def self.ftype t
  raise "Illegal field type [#{t}]" unless FTYPES.keys.include? t
  t
end

.table(schema, name) ⇒ Symbol

Sanitize Table Name: Raises an exception if name is not a valid table in schema.

Parameters:

• schema (Hash) —

  Database schema

• name (Symbol) —

  Table name to sanitize

Returns:

• (Symbol) —

  Table name if sanitization passed

# File 'lib/sack/database/sanitizer.rb', line 25

def self.table schema, name
  raise "Illegal table name [#{name}]" unless (name.to_sym.to_s == name.to_s) && schema.has_key?(name.to_sym)
  name
end

.value(v) ⇒ Object

Sanitize Field Value: Escapes single-quotes inside field values.

Parameters:

• v (Object) —

  Field value

Returns:

• (Object) —

  The supplied value, with single quotes escaped if it’s a String.

# File 'lib/sack/database/sanitizer.rb', line 64

def self.value v
  return v unless v.is_a? String
  drop_nonprintascii(v).gsub("'") { "''" }
end