Module: ActiveAdmin::Sanitizer

Extended by:
Sanitizer
Included in:
Sanitizer
Defined in:
lib/active_admin/csv_builder.rb

Overview

Prevents CSV Injection according to owasp.org/www-community/attacks/CSV_Injection

Constant Summary collapse

ATTACK_CHARACTERS =
['=', '+', '-', '@', "\t", "\r"].freeze

Instance Method Summary collapse

Instance Method Details

#require_sanitization?(value) ⇒ Boolean

Returns:

  • (Boolean)


140
141
142
# File 'lib/active_admin/csv_builder.rb', line 140

def require_sanitization?(value)
  value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
end

#sanitize(value) ⇒ Object



134
135
136
137
138
# File 'lib/active_admin/csv_builder.rb', line 134

def sanitize(value)
  return "'#{value}" if require_sanitization?(value)

  value
end