class Railroader::CheckValidationRegex

Reports any calls to validates_format_of which do not use \A and \z as anchors in the given regular expression.

For example:

#Allows anything after new line validates_format_of :user_name, :with => /^w+$/

Constants

EXTENDED_SECURE_REGEXP_PATTERN

Match secure of regexp with extended option

FORMAT
SECURE_REGEXP_PATTERN

Match secure regexp without extended option

WITH

Public Instance Methods

check_regex(value, validator) click to toggle source
Issue warning if the regular expression does not use

\A and \z

# File lib/railroader/checks/check_validation_regex.rb, line 84
def check_regex value, validator
  return unless regexp? value

  regex = value.value
  unless secure_regex?(regex)
    warn :model => @current_model,
    :warning_type => "Format Validation",
    :warning_code => :validation_regex,
    :message => "Insufficient validation for '#{get_name validator}' using #{regex.inspect}. Use \\A and \\z as anchors",
    :line => value.line,
    :confidence => :high
  end
end
get_name(validator) click to toggle source

Get the name of the attribute being validated.

# File lib/railroader/checks/check_validation_regex.rb, line 99
def get_name validator
  name = validator[1]

  if sexp? name
    name.value
  else
    name
  end
end
process_validates(validator) click to toggle source

Check validates …, :format => …

# File lib/railroader/checks/check_validation_regex.rb, line 47
def process_validates validator
  hash_arg = validator.last
  return unless hash? hash_arg

  value = hash_access(hash_arg, FORMAT)

  if hash? value
    value = hash_access(value, WITH)
  end

  if value
    check_regex value, validator
  end
end
process_validates_format_of(validator) click to toggle source

Check validates_format_of

# File lib/railroader/checks/check_validation_regex.rb, line 40
def process_validates_format_of validator
  if value = hash_access(validator.last, WITH)
    check_regex value, validator
  end
end
run_check() click to toggle source
# File lib/railroader/checks/check_validation_regex.rb, line 18
def run_check
  active_record_models.each do |name, model|
    @current_model = name
    format_validations = model.options[:validates_format_of]

    if format_validations
      format_validations.each do |v|
        process_validates_format_of v
      end
    end

    validates = model.options[:validates]

    if validates
      validates.each do |v|
        process_validates v
      end
    end
  end
end

Private Instance Methods

secure_regex?(regex) click to toggle source
# File lib/railroader/checks/check_validation_regex.rb, line 111
def secure_regex?(regex)
  extended_regex = Regexp::EXTENDED == regex.options & Regexp::EXTENDED
  regex_pattern = extended_regex ? EXTENDED_SECURE_REGEXP_PATTERN : SECURE_REGEXP_PATTERN
  regex_pattern =~ regex.source
end