module TaintedLove

Constants

VERSION

Attributes

configuration[R]

Public Class Methods

enable!() { |configuration| ... } click to toggle source

Enables TaintedLove. Use a block to configure the TaintedLove::Configuration

@yield [TaintedLove::Configuration] @return [TaintedLove::Configuration]

# File lib/tainted_love.rb, line 18
def enable!
  configuration = TaintedLove::Configuration.new

  configuration.logger.info('TaintedLove is enabled')
  configuration.replacers = TaintedLove::Replacer::Base.replacers
  configuration.validators = TaintedLove::Validator::Base.validators
  configuration.reporter = TaintedLove::Reporter::StdoutReporter.new

  # Allows customization of which replacers/validators should be used
  yield configuration if block_given?

  @configuration = configuration

  configuration.replacers.each do |replacer|
    replacer = replacer.new
    replacer.replace! if replacer.should_replace?
  end

  configuration
end
report(replacer, tainted_input, tags = [], message = nil) click to toggle source

Report tainted input

@param replacer [Symbol] Replacer reporting the issue @param tainted_input [Object] Tainted object @param tags [Array<Symbol>] Tags to classify the warning @param message [String] Message about the warning

# File lib/tainted_love.rb, line 45
def report(replacer, tainted_input, tags = [], message = nil)
  warning = TaintedLove::Warning.new
  warning.tainted_input = tainted_input
  warning.stack_trace = TaintedLove::StackTrace.new(Thread.current.backtrace(3))
  warning.replacer = replacer
  warning.tags = tags
  warning.message = message

  should_remove = @configuration.validators.any? do |validator|
    validator.new.remove?(warning) == true
  end

  @configuration.reporter.add_warning(warning) unless should_remove
end