class AntiOffensiveString

Constants

DEFAULT_HANDLER
TARGET_REGEXPS
VERSION

Public Class Methods

error_response=(proc_or_obj)

Alias for: handler=

handler() click to toggle source

# File lib/anti_offensive_string.rb, line 30
def handler
  @handler ||= DEFAULT_HANDLER
end

handler=(proc_or_obj) click to toggle source

# File lib/anti_offensive_string.rb, line 20
def handler=(proc_or_obj)
  @handler = if proc_or_obj.kind_of?(Proc)
               proc_or_obj
             else
               proc { proc_or_obj }
             end
end

Also aliased as: error_response=

new(app) click to toggle source

# File lib/anti_offensive_string.rb, line 35
def initialize(app)
  @app = app
end

on_offensive_request(&block) click to toggle source

# File lib/anti_offensive_string.rb, line 16
def on_offensive_request(&block)
  @handler = block
end

Public Instance Methods

call(env) click to toggle source

# File lib/anti_offensive_string.rb, line 39
def call(env)
  input = env['rack.input'].read
  if TARGET_REGEXPS.any? { |r| r === input }
    raise InsecureRequest
  end

  env.each do |k, v|
    if v.kind_of?(String) && TARGET_REGEXPS.any? { |r| r === v }
      raise InsecureRequest
    end
  end

  begin
    env['rack.input'].rewind
  rescue Errno::ESPIPE
    env['rack.input'] = StringIO.new(input, "r")
  end

  @app.call(env)
rescue InsecureRequest
  return self.class.handler.call(env)
end