Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Changed validator method from validate to valid?

Added basic date validator
  • Loading branch information...
commit 69d142961d4214ef59861e6473ae18894175148a 1 parent 5d4e70f
@thesp0nge authored
View
3  AUTHORS
@@ -2,5 +2,4 @@ Owasp Esapi Ruby core
---------------------
* Paolo Perego <thesp0nge@owasp.org>
-* Sal Scotto <sal.scotto@gmail.com>
-* Daniele Bellucci <daniele.bellucci@gmail.com>
+* Sal Scotto <sal.scotto@gmail.com>
View
20 README
@@ -1,13 +1,23 @@
-= owasp-esapi-ruby
+= The Owasp ESAPI Ruby project
== Introduction
-The Owasp Esapi Ruby is a port for outstanding release quality Owasp Esapi
+The Owasp ESAPI Ruby is a port for outstanding release quality Owasp ESAPI
project to the Ruby programming language.
-The idea is to build a Ruby gem containing the Esapi concepts
-implemented in Ruby classes so people using Ruby in their Rails application
-can have security into them.
+Ruby is now a famous programming language due to its Rails framework developed by David Heinemeier Hansson (http://twitter.com/dhh) that simplify the creation of a web application using a convention over configuration approach to simplify programmers' life.
+
+Despite Rails diffusion, there are a lot of Web framework out there that allow people to write web apps in Ruby (merb, sinatra, vintage) [http://accidentaltechnologist.com/ruby/10-alternative-ruby-web-frameworks/]. Owasp Esapi Ruby wants to bring all Ruby deevelopers a gem full of Secure APIs they can use whatever the framework they choose.
+
+== Why supporting only Ruby 1.9.2 and beyond?
+
+=== Regular expression engine
+(to be written)
+
+=== Dates and Time
+From "Programming Ruby 1.9"
+
+"As of Ruby 1.9.2, the range of dates that can be represented is no longer limited by the under- lying operating system’s time representation (so there’s no year 2038 problem). As a result, the year passed to the methods gm, local, new, mktime, and utc must now include the century—a year of 90 now represents 90 and not 1990."
== Note on Patches/Pull Requests
View
3  lib/owasp-esapi-ruby.rb
@@ -1,3 +1,4 @@
require 'sanitizer/xss'
require 'validator/zipcode'
-require 'validator/email'
+require 'validator/email'
+require 'validator/date'
View
58 lib/validator/date.rb
@@ -0,0 +1,58 @@
+require 'validator/generic_validator'
+
+module Owasp
+ module Esapi
+ module Validator
+ class Date < GenericValidator
+
+ US_FORMAT_NUMERIC = "^\\d{2}[/-]\\d{2}[/-]\\d{4}$"
+
+ def initialize(options=nil)
+ @matcher = ""
+ super(@matcher)
+ end
+
+ def valid?(date)
+ unless ! super(date)
+ s = date.split('/')
+ # the s lenght is 3 due to regular expression checking.
+ # we are also sure that there are no alfa chars in the string but the separator
+ # let's see if this a meaningful date.
+
+ end
+ false
+ end
+
+
+ def is_valid_month?(m)
+ ( 1 <= m.to_i =< 12 ) ? true:false
+ end
+
+ def is_valid_day?(d,m,y)
+ case m.to_i
+ when 1, 3, 5, 7, 8, 10, 12
+ r = ( 1 <= d.to_i =< 31 )
+ when 4, 6, 9, 11
+ r = ( 1 <= d.to_i =< 30 )
+ when 2
+ if (y % 4 == 0) || ( y % 400 == 0)
+ up_bound = 29
+ else
+ up_bound = 28
+ end
+ r = ( 1 <= d.to_i =< up_bound )
+ else
+ r = false
+ end
+
+ r
+ end
+
+ def is_valid_year?(y)
+ (y>=0)
+ end
+
+ end
+ end
+ end
+end
View
6 lib/validator/generic_validator.rb
@@ -7,13 +7,15 @@ class GenericValidator
attr_accessor :matcher
# Creates a new generic validator.
- # @param [String] matcher, the regular expression to be matched from this validator
+ # @param [String] matcher the regular expression to be matched from this validator
def initialize(matcher)
@matcher = matcher
end
# Validate a string against the matcher
- def validate(string)
+ # @param [String] string the string that need to be validated
+ # @return [Boolean] true if the string matches the regular expression, false otherwise
+ def valid?(string)
r = Regexp.new(@matcher)
!(string =~ r).nil?
View
9 lib/validator/zipcode.rb
@@ -3,16 +3,21 @@
module Owasp
module Esapi
module Validator
+
+ # This is a validator class for zip codes.
class Zipcode < GenericValidator
ITALIAN_ZIPCODE = "^\\d{5}$"
US_ZIPCODE = "^\\d{5}(\\-\\d{4})?$"
- def initialize(custom_regex = nil)
+ # Creates a new Zipcode validator.
+ # @param custom_regex if you don't find your locale zip code regular expression, you can provide a
+ # very custom one
+ def initialize(options = nil)
# Matcher is tuned to match a valid US ZIP CODE, that means either 5 numbers, or 5 numbers,
# plus a dash, then 4 more numbers.
@matcher = US_ZIPCODE
- @matcher = custom_regex unless custom_regex.nil?
+ @matcher = options["custom_regex"] unless (!options.nil? && options.has_key?("custom_regex"))
super(@matcher)
end
View
86 spec/owasp_esapi_ruby_date_validator_spec.rb
@@ -0,0 +1,86 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+module Owasp
+ module Esapi
+ module Validator
+ describe Date do
+ let(:validator) {Owasp::Esapi::Validator::Date.new}
+
+ it "should evaluate a good month digit" do
+ validator.is_valid_month?(12).should == true
+ end
+
+ it "should evaluate a good month digit" do
+ validator.is_valid_month?(0).should == false
+ end
+
+ it "should evaluate a good month digit" do
+ validator.is_valid_month?(14).should == false
+ end
+
+ it "should evaluate a good day digit" do
+ validator.is_valid_day?(12,12, 2010).should == true
+ end
+
+ it "should evaluate a good month digit" do
+ validator.is_valid_day?(12, 6, 2011).should == true
+ end
+
+ it "should evaluate a good month digit" do
+ validator.is_valid_day?(29, 2, 2011).should == false
+ end
+
+ it "should evaluate a good month digit" do
+ validator.is_valid_day?(31, 4, 2011).should == false
+ end
+
+ it "should evaluate a good month digit" do
+ validator.is_valid_day?(35, 3, 2011).should == false
+ end
+
+ it "should evaluate a good year digit" do
+ validator.is_valid_year?(2011).should == true
+ end
+
+ it "should evaluate a good year digit" do
+ validator.is_valid_year?(-322).should == false
+ end
+
+ it "should validate a good date (US Format)" do
+ validator.matcher=Owasp::Esapi::Validator::Date::US_FORMAT_NUMERIC
+ validator.valid?("12/31/2010").should == true
+ end
+
+ it "should discard a bad date (US Format)" do
+ validator.matcher=Owasp::Esapi::Validator::Date::US_FORMAT_NUMERIC
+ validator.valid?("12/33/2010").should == false
+ end
+
+ it "should validate a good date (US Format)" do
+ validator.matcher="MMM DD, YYYY"
+ validator.valid?("Jan 15, 2011").should == true
+ end
+
+ it "should discard a bad date (US Format)" do
+ validator.matcher="MMM DD, YYYY"
+ validator.valid?("Jan 15 2011").should == false
+ end
+
+ it "should discard a bad date (US Format)" do
+ validator.matcher="MMM DD, YYYY"
+ validator.valid?("Jan, 15 2011").should == false
+ end
+
+ it "should discard a bad date (US Format)" do
+ validator.matcher="MMM DD, YYYY"
+ validator.valid?("Jan a, 2011").should == false
+ end
+
+ it "should discard a bad date (US Format)" do
+ validator.matcher="MMM DD, YYYY"
+ validator.valid?("Jan 32, 2011").should == false
+ end
+ end
+ end
+ end
+end
View
14 spec/owasp_esapi_ruby_email_validator_spec.rb
@@ -7,31 +7,31 @@ module Validator
let(:validator) {Owasp::Esapi::Validator::Email.new}
it "should discard invalid email addresses" do
- validator.validate("this is not an email address").should == false
+ validator.valid?("this is not an email address").should == false
end
it "should discard invalid email addresses" do
- validator.validate("12313.it").should == false
+ validator.valid?("12313.it").should == false
end
it "should discard invalid email addresses" do
- validator.validate("thesp0nge_at_owasp_dot_org").should == false
+ validator.valid?("thesp0nge_at_owasp_dot_org").should == false
end
it "should discard invalid email addresses" do
- validator.validate("thesp0 nge@owasp.org").should == false
+ validator.valid?("thesp0 nge@owasp.org").should == false
end
it "should discard invalid email addresses" do
- validator.validate("thesp0nge@owasp..org").should == false
+ validator.valid?("thesp0nge@owasp..org").should == false
end
it "should discard invalid email addresses" do
- validator.validate("thesp0nge@ow asp.org").should == false
+ validator.valid?("thesp0nge@ow asp.org").should == false
end
it "should validate goot email addresses" do
- validator.validate("thesp0nge@owasp.org").should == true
+ validator.valid?("thesp0nge@owasp.org").should == true
end
end
end
View
14 spec/owasp_esapi_ruby_zipcode_validator_spec.rb
@@ -7,33 +7,33 @@ module Validator
let(:validator) {Owasp::Esapi::Validator::Zipcode.new}
it "should validate a good US ZIP CODE" do
- validator.validate("12345").should == true
+ validator.valid?("12345").should == true
end
it "should validate a good US ZIP CODE" do
- validator.validate("12345-6789").should == true
+ validator.valid?("12345-6789").should == true
end
it "should discard a bad US ZIP CODE" do
- validator.validate("foostring").should == false
+ validator.valid?("foostring").should == false
end
it "should discard a bad US ZIP CODE" do
- validator.validate("123-323").should == false
+ validator.valid?("123-323").should == false
end
it "should validate a good Italian ZIP CODE equivalent" do
validator.matcher=Owasp::Esapi::Validator::Zipcode::ITALIAN_ZIPCODE
- validator.validate("20100").should == true
+ validator.valid?("20100").should == true
end
it "should discard an invalid Italian ZIP CODE equivalent" do
validator.matcher=Owasp::Esapi::Validator::Zipcode::ITALIAN_ZIPCODE
- validator.validate("121").should == false
+ validator.valid?("121").should == false
end
it "should discard an invalid Italian ZIP CODE equivalent" do
validator.matcher=Owasp::Esapi::Validator::Zipcode::ITALIAN_ZIPCODE
- validator.validate("ipse dixit").should == false
+ validator.valid?("ipse dixit").should == false
end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.