Module: Parse::Agent::PipelineValidator
- Extended by:
- PipelineValidator
- Included in:
- PipelineValidator
- Defined in:
- lib/parse/agent/pipeline_validator.rb
Overview
Validates MongoDB aggregation pipelines to prevent security vulnerabilities.
Thin compatibility wrapper around PipelineSecurity. The actual stage allowlist, operator denylist, depth cap, and recursive walk live there; this module preserves the ‘Parse::Agent::PipelineValidator.validate!` entry point and the `PipelineSecurityError` exception class for callers that pin to them.
Defined Under Namespace
Classes: PipelineSecurityError
Constant Summary collapse
- BLOCKED_STAGES =
Mirrors of the canonical constants in PipelineSecurity, preserved as constants here so external callers reading ‘Parse::Agent::PipelineValidator::BLOCKED_STAGES` continue to work.
Parse::PipelineSecurity::DENIED_OPERATORS
- ALLOWED_STAGES =
Parse::PipelineSecurity::ALLOWED_STAGES
- MAX_PIPELINE_DEPTH =
Parse::PipelineSecurity::MAX_DEPTH
- MAX_STAGES =
Parse::PipelineSecurity::MAX_PIPELINE_STAGES
Instance Method Summary collapse
-
#valid?(pipeline) ⇒ Boolean
Check if a pipeline is valid without raising.
-
#validate!(pipeline) ⇒ true
Validate an aggregation pipeline for security issues.
Instance Method Details
#valid?(pipeline) ⇒ Boolean
Check if a pipeline is valid without raising.
74 75 76 77 78 79 |
# File 'lib/parse/agent/pipeline_validator.rb', line 74 def valid?(pipeline) validate!(pipeline) true rescue PipelineSecurityError false end |
#validate!(pipeline) ⇒ true
Validate an aggregation pipeline for security issues. Delegates to PipelineSecurity.validate_pipeline! and translates its error into PipelineSecurityError for backwards compatibility.
59 60 61 62 63 64 65 66 67 68 |
# File 'lib/parse/agent/pipeline_validator.rb', line 59 def validate!(pipeline) Parse::PipelineSecurity.validate_pipeline!(pipeline) rescue Parse::PipelineSecurity::Error => e raise PipelineSecurityError.new( e., stage: e.stage, reason: e.reason, operator: e.operator, ) end |