module Sack::Database::Sanitizer

Santizer Module: Provides Table and Field name sanitization methods.

Constants

FIELD_NAME_REX

Generic Field Name Regex

Public Class Methods

drop_nonprintascii(s) click to toggle source

Drop Non-Print-ASCII: Removes all non-printable-ASCII characters from a String. @param [String] s Input string @return [String] The provided string, stripped of any non-printable-ASCII text

# File lib/sack/database/sanitizer.rb, line 73
def self.drop_nonprintascii s
        s.bytes.select { |b| (b >= 0x20) && (b <= 0x7e) }.inject('') { |a, e| a + e.chr }
end
field(schema, table, field) click to toggle source

Sanitize Table Field Name: Raises an exception if table or field are not valid according to schema. @param [Hash] schema Database schema @param [Symbol] table Table name @param [Symbol] field Field name @return [Symbol] Field name if sanitization passed

# File lib/sack/database/sanitizer.rb, line 36
def self.field schema, table, field
        table schema, table
        raise "Illegal field [#{field}] for table [#{table}]" unless (field.to_sym.to_s == field.to_s) && schema[table.to_sym].has_key?(field.to_sym)
        field
end
field_name(name) click to toggle source

Sanitize Generic Field Name: Raises an exception if name contains invalid characters (defined in FIELD_NAME_REX). @param [Symbol] name Field name @return [Symbol] Field name if sanitization passed

# File lib/sack/database/sanitizer.rb, line 46
def self.field_name name
        raise "Illegal field name [#{name}]" unless FIELD_NAME_REX =~ name
        name
end
ftype(t) click to toggle source

Sanitize Field Types Raises an exception if t is not an allowed Field Type (defined in FTYPES). @param [Symbol] t Field type symbol (from FTYPES) @return [Symbol] Field type if sanitization passed

# File lib/sack/database/sanitizer.rb, line 55
def self.ftype t
        raise "Illegal field type [#{t}]" unless FTYPES.keys.include? t
        t
end
table(schema, name) click to toggle source

Sanitize Table Name: Raises an exception if name is not a valid table in schema. @param [Hash] schema Database schema @param [Symbol] name Table name to sanitize @return [Symbol] Table name if sanitization passed

# File lib/sack/database/sanitizer.rb, line 25
def self.table schema, name
        raise "Illegal table name [#{name}]" unless (name.to_sym.to_s == name.to_s) && schema.has_key?(name.to_sym)
        name
end
value(v) click to toggle source

Sanitize Field Value: Escapes single-quotes inside field values. @param [Object] v Field value @return [Object] The supplied value, with single quotes escaped if it's a String.

# File lib/sack/database/sanitizer.rb, line 64
def self.value v
        return v unless v.is_a? String
        drop_nonprintascii(v).gsub("'") { "''" }
end