module Sack::Database::Sanitizer
Santizer Module: Provides Table and Field name sanitization methods.
Constants
- FIELD_NAME_REX
Generic Field Name Regex
Public Class Methods
Drop Non-Print-ASCII: Removes all non-printable-ASCII characters from a String. @param [String] s Input string @return [String] The provided string, stripped of any non-printable-ASCII text
# File lib/sack/database/sanitizer.rb, line 73 def self.drop_nonprintascii s s.bytes.select { |b| (b >= 0x20) && (b <= 0x7e) }.inject('') { |a, e| a + e.chr } end
Sanitize Table Field Name: Raises an exception if table or field are not valid according to schema. @param [Hash] schema Database
schema @param [Symbol] table Table name @param [Symbol] field Field name @return [Symbol] Field name if sanitization passed
# File lib/sack/database/sanitizer.rb, line 36 def self.field schema, table, field table schema, table raise "Illegal field [#{field}] for table [#{table}]" unless (field.to_sym.to_s == field.to_s) && schema[table.to_sym].has_key?(field.to_sym) field end
Sanitize Generic Field Name: Raises an exception if name contains invalid characters (defined in FIELD_NAME_REX). @param [Symbol] name Field name @return [Symbol] Field name if sanitization passed
# File lib/sack/database/sanitizer.rb, line 46 def self.field_name name raise "Illegal field name [#{name}]" unless FIELD_NAME_REX =~ name name end
Sanitize Field Types Raises an exception if t is not an allowed Field Type (defined in FTYPES). @param [Symbol] t Field type symbol (from FTYPES) @return [Symbol] Field type if sanitization passed
# File lib/sack/database/sanitizer.rb, line 55 def self.ftype t raise "Illegal field type [#{t}]" unless FTYPES.keys.include? t t end
Sanitize Table Name: Raises an exception if name is not a valid table in schema. @param [Hash] schema Database
schema @param [Symbol] name Table name to sanitize @return [Symbol] Table name if sanitization passed
# File lib/sack/database/sanitizer.rb, line 25 def self.table schema, name raise "Illegal table name [#{name}]" unless (name.to_sym.to_s == name.to_s) && schema.has_key?(name.to_sym) name end
Sanitize Field Value: Escapes single-quotes inside field values. @param [Object] v Field value @return [Object] The supplied value, with single quotes escaped if it's a String.
# File lib/sack/database/sanitizer.rb, line 64 def self.value v return v unless v.is_a? String drop_nonprintascii(v).gsub("'") { "''" } end