Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
This Rails plugin provides a DSL for your controller to reject requests (via "400 Bad Request") that supply malicious or malformed parameters
Branch: master
Pull request Compare This branch is even with ssoroka:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
spec
tasks
MIT-LICENSE
README
Rakefile
init.rb

README

RequestSentry
=============

Provides a DSL for your controller to reject requests (via "400 Bad Request") that supply malicious or malformed parameters


Install
=======

install the plugin:

    script/plugin install git://github.com/ssoroka/request_sentry.git


Run the specs:

    rake spec:plugins PLUGIN=request_sentry


Example
=======

    class MyController < ApplicationController
      accept_only :number, :for => :age
      accept_only :boolean, :for => [:wants_newsletter, :email_alerts]
      accept_only String::VALID_POSTAL, :for => :postal_code
      accept_only /\d{3}\-\d{4}/, :for => :phone

      #....
    end

There are two different kind of accept_only validators:  Value, and class.
value validators check that the value is a string and that it conforms to certain formatting rules.
class validators check that a parameter is of the expected class.

    Value validators:
        accept_only :number, :for => :account_balance                     # allow any number, positive or negative, with or without decimal places
        accept_only :unsigned_number, :for => :deposit_amount             # don't allow negative numbers
        accept_only :integer, :for => :days_until_launch                  # don't allow numbers with decimal places
        accept_only :unsigned_integer, :for => :age                       # don't allow negative numbers or decimal places.
        accept_only :boolean, :for => [:wants_newsletter, :email_alerts]  # allow only boolean input values, '1', '0', 'true', 'false'
        accept_only :date, :for => [:from_date, :to_date]                 # allow only date values
        accept_only /\d{3}\-\d{3}\-\d{4}/, :for => :phone                 # use a regexp to define param validation conditions!

    Class validators:
        accept_only :string, :for => :first_name
        accept_only :hash, :for => :selected_categories
        accept_only :array, :for => :my_postal_codes

Credit
======

Steven Soroka - Author
Pat Maddox    - specs and refactoring
Goldstar      - The business need, and dev time to work on this. http://www.goldstar.com
Something went wrong with that request. Please try again.