Module: SourceMonitor::Security::ParameterSanitizer

Defined in:: lib/source_monitor/security/parameter_sanitizer.rb

Class Method Summary collapse

.safe_redirect_path(raw_value) ⇒ Object
.sanitize(value) ⇒ Object

Class Method Details

.safe_redirect_path(raw_value) ⇒ `Object`

# File 'lib/source_monitor/security/parameter_sanitizer.rb', line 10

def safe_redirect_path(raw_value)
  return if raw_value.blank?

  sanitized = sanitize(raw_value.to_s)
  sanitized.start_with?("/") ? sanitized : nil
end

.sanitize(value) ⇒ `Object`

# File 'lib/source_monitor/security/parameter_sanitizer.rb', line 17

def sanitize(value)
  case value
  when ActionController::Parameters
    sanitize(value.to_unsafe_h)
  when Hash
    value.each_with_object({}) do |(key, val), memo|
      memo[key] = sanitize(val)
    end
  when Array
    value.map { |element| sanitize(element) }
  when String
    sanitize_string(value)
  else
    value
  end
end

Module: SourceMonitor::Security::ParameterSanitizer

Class Method Summary collapse

Class Method Details

.safe_redirect_path(raw_value) ⇒ Object

.sanitize(value) ⇒ Object

.safe_redirect_path(raw_value) ⇒ `Object`

.sanitize(value) ⇒ `Object`