Module: Otto::Security::ValidationHelpers

Defined in:
lib/otto/security/validator.rb

Instance Method Summary collapse

Instance Method Details

#sanitize_filename(filename) ⇒ Object 



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
 
# File 'lib/otto/security/validator.rb', line 279

def sanitize_filename(filename)
  return nil if filename.nil? || filename.empty?

  # Remove path components and dangerous characters
  clean_name = File.basename(filename.to_s)
  clean_name = clean_name.gsub(/[^\w\-_\.]/, '_')
  clean_name = clean_name.gsub(/_{2,}/, '_')
  clean_name = clean_name.gsub(/^_+|_+$/, '')

  # Ensure it's not empty and has reasonable length
  clean_name = 'file' if clean_name.empty?
  clean_name = clean_name[0..100] if clean_name.length > 100

  clean_name
end

#validate_input(input, max_length: 1000, allow_html: false) ⇒ Object 



250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
 
# File 'lib/otto/security/validator.rb', line 250

def validate_input(input, max_length: 1000, allow_html: false)
  return input if input.nil? || input.empty?

  input_str = input.to_s

  # Check length
  if input_str.length > max_length
    raise Otto::Security::ValidationError, "Input too long (#{input_str.length} > #{max_length})"
  end

  # Check for dangerous patterns unless HTML is allowed
  unless allow_html
    ValidationMiddleware::DANGEROUS_PATTERNS.each do |pattern|
      if input_str.match?(pattern)
        raise Otto::Security::ValidationError, "Dangerous content detected"
      end
    end
  end

  # Always check for SQL injection
  ValidationMiddleware::SQL_INJECTION_PATTERNS.each do |pattern|
    if input_str.match?(pattern)
      raise Otto::Security::ValidationError, "Potential SQL injection detected"
    end
  end

  input_str
end