Module: ActiveAdmin::Sanitizer

Extended by:: Sanitizer

Included in:: Sanitizer

Defined in:: lib/active_admin/csv_builder.rb

Overview

Prevents CSV Injection according to owasp.org/www-community/attacks/CSV_Injection

Constant Summary collapse

ATTACK_CHARACTERS =

['=', '+', '-', '@', "\t", "\r"].freeze

Instance Method Summary collapse

#require_sanitization?(value) ⇒ Boolean
#sanitize(value) ⇒ Object

Instance Method Details

#require_sanitization?(value) ⇒ `Boolean`

Returns:

(Boolean)



140
141
142

# File 'lib/active_admin/csv_builder.rb', line 140

def require_sanitization?(value)
  value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
end

#sanitize(value) ⇒ `Object`

# File 'lib/active_admin/csv_builder.rb', line 134

def sanitize(value)
  return "'#{value}" if require_sanitization?(value)

  value
end

Module: ActiveAdmin::Sanitizer

Overview

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#require_sanitization?(value) ⇒ Boolean

#sanitize(value) ⇒ Object

#require_sanitization?(value) ⇒ `Boolean`

#sanitize(value) ⇒ `Object`