Krug.SanitizerUtil (Krug v2.0.27) View Source
Utilitary secure module to provide methods that help with data sanitization for validation, and some methods that result sanitized values.
Link to this section Summary
Functions
Verify if an element of array_values is < value.
Return the valid email chars array.
Generates a random string with length size containing "A-z0-9" chars.
Generates a random string with length size containing
only allowed chars to be used in file names.
Generates a random string with length size containing
only numeric 0-9 chars.
Verify if an element of array_values is one of [nil,""," "].
Return the valid money format chars array.
Return the valid numeric chars array.
Return the valid numbers chars array.
Convert received value to a string, make some validations of forbidden content. Verify some HTML injection words contained in a restriction list above.
Convert received value to a string, make some validations of forbidden content and allowed chars. If forbidden content or not allowed chars are finded, return empty string for not numeric input values and "0" for numeric values.
Sanitizes a file name to escape not allowed chars and force the use of file name with length <= max_size.
Convert received value to a downcase string, make some validations of forbidden content for a SQL command. Verify some SQL injection words contained in a restriction list above.
Convert received value to a string, and replace some special chars to normalized chars.
Verify if an email contains only allowed chars to be present on email. Apply lowercase before verification.
Verify if an url contains only chars allowed to be in a url.
Link to this section Functions
Verify if an element of array_values is < value.
If array_values is nil/empty return true.
If value is not a number return false.
Examples
iex > Krug.SanitizerUtil.array_has_one_less_than(nil,1)
trueiex > Krug.SanitizerUtil.array_has_one_less_than([""],1)
falseiex > Krug.SanitizerUtil.array_has_one_less_than([nil],1)
falseiex > Krug.SanitizerUtil.array_has_one_less_than([1],nil)
falseiex > Krug.SanitizerUtil.array_has_one_less_than([1],"")
falseiex > Krug.SanitizerUtil.array_has_one_less_than([1],"-1-1")
falseiex > Krug.SanitizerUtil.array_has_one_less_than([1],"10")
trueiex > Krug.SanitizerUtil.array_has_one_less_than([1,0],1)
trueiex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1],"-0.5")
trueiex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1],"-0,5.5")
false - * "-0,5.5" convert to -5.5iex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1],"-0,0.5")
trueiex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1,[],nil,%{}],"-0,0.5")
trueiex > Krug.SanitizerUtil.array_has_one_less_than([1,0,2,[],nil,%{}],"-0,0.5")
falseReturn the valid email chars array.
Example
iex > Krug.SanitizerUtil.email_chars()
["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
"0","1","2","3","4","5","6","7","8","9",
"-","+","@","_","."]Generates a random string with length size containing "A-z0-9" chars.
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
"a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
"0","1","2","3","4","5","6","7","8","9",
"(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª"]If size is not a number, set size to 10.
Examples
iex > Krug.SanitizerUtil.generate_random(nil)
"V@/)B*$fXG"iex > Krug.SanitizerUtil.generate_random("")
"NXd6oBJJK$"iex > Krug.SanitizerUtil.generate_random(" ")
"WñQcVCX1m("iex > Krug.SanitizerUtil.generate_random("10")
"Y,nEWnty/t"iex > Krug.SanitizerUtil.generate_random(20)
"28ñHH5I2:$jcPCñ6kNk8"iex > Krug.SanitizerUtil.generate_random("30")
"7@sX$M%7gyy,58$_p@48_rRN%VjtVO"Generates a random string with length size containing
only allowed chars to be used in file names.
If size is not a number, set size to 10.
Examples
iex > Krug.SanitizerUtil.generate_random_filename(nil)
"2mi1k281XY"iex > Krug.SanitizerUtil.generate_random_filename("")
"1xdsohbWBs"iex > Krug.SanitizerUtil.generate_random_filename(" ")
"3orpWPvnfg"iex > Krug.SanitizerUtil.generate_random_filename(10)
"T29p17Gbqi"iex > Krug.SanitizerUtil.generate_random_filename("20")
"Ry7JFypiFVl2z8jDhsg1"iex > Krug.SanitizerUtil.generate_random_filename(30)
"OxC5DTSmih3BG5uj7KmK1XgWDvMBe3"Generates a random string with length size containing
only numeric 0-9 chars.
If size is not a number, set size to 10.
Examples
iex > Krug.SanitizerUtil.generate_random_only_num(nil)
"8842631571"iex > Krug.SanitizerUtil.generate_random_only_num("")
"3983415257"iex > Krug.SanitizerUtil.generate_random_only_num(" ")
"5367142216"iex > Krug.SanitizerUtil.generate_random_only_num(10)
"1519486235"iex > Krug.SanitizerUtil.generate_random_only_num("20")
"45396319754971833184"iex > Krug.SanitizerUtil.generate_random_only_num(30)
"845951826982685147272442547731"Verify if an element of array_values is one of [nil,""," "].
Examples
iex > Krug.SanitizerUtil.has_empty(nil)
falseiex > Krug.SanitizerUtil.has_empty([])
falseiex > Krug.SanitizerUtil.has_empty([nil,1,2])
trueiex > Krug.SanitizerUtil.has_empty([3,4,""])
trueiex > Krug.SanitizerUtil.has_empty([8,7,9," "])
trueiex > Krug.SanitizerUtil.has_empty([[],%{},9,34,"$A"])
falseReturn the valid money format chars array.
Example
iex > Krug.SanitizerUtil.money_chars()
[",","0","1","2","3","4","5","6","7","8","9"]Return the valid numeric chars array.
Example
iex > Krug.SanitizerUtil.nums()
["-",".","0","1","2","3","4","5","6","7","8","9"]Return the valid numbers chars array.
Example
iex > Krug.SanitizerUtil.only_nums()
["0","1","2","3","4","5","6","7","8","9"]Convert received value to a string, make some validations of forbidden content. Verify some HTML injection words contained in a restriction list above.
- Restriction list:
[ "< script","<script","script>","script >", "</script","< /script","</ script", "< / script", "<body","< body", "< ?","<?","? >","?>", "../","%", "onerror=","onerror =", "onclick=","onclick =", "onload=","onload =", "alert(","alert (", "prompt(","prompt (", "eval(","eval (", "settimeout(","settimeout (", "setinterval(","setinterval (", "innerhtml=","innerhtml =" ] # % except when is followed by a whitespace, for example '10% '
If forbidden content are finded, return nil. Otherwise return received value making some unobfscating substution operations.
Examples
iex > Krug.SanitizerUtil.sanitize("echo <script echo")
niliex > Krug.SanitizerUtil.sanitize("echo < script echo")
niliex > Krug.SanitizerUtil.sanitize("echo script> echo")
niliex > Krug.SanitizerUtil.sanitize("echo script > echo")
niliex > Krug.SanitizerUtil.sanitize(echoscript>echo)
niliex > Krug.SanitizerUtil.sanitize("echoscriptecho")
"echoscriptecho"iex > Krug.SanitizerUtil.sanitize("echo script echo")
"echo script echo"sanitize_all(input, is_numeric, sanitize_input, max_size, valid_chars)
View SourceConvert received value to a string, make some validations of forbidden content and allowed chars. If forbidden content or not allowed chars are finded, return empty string for not numeric input values and "0" for numeric values.
If sanitize_input received as true, then call additionally methods
to sanitize the value as comming from a html input field
(type: text,number and all others except textarea).
valid_chars should be a string with the valid chars aceppted, separated
by comma (ex.: "a,b,c,d,4") or a string that matches with a predefined values name.
If valid_chars is nil/empty default value "A-z0-9" is used if
is_numeric = false otherwise if is a number the "0-9" value used by default.
Named valid_chars predefined values and respective chars:
"A-z0-9"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]"A-z0-9Name"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "-",","," "]"A-z0-9|" All "A-z0-9" more "|"
"0-9"
["-",".","0","1","2","3","4","5","6","7","8","9"]"A-z"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z", "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]"a-z"
["a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z", "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]"A-Z"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z", "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]"DATE_SLASH"
[":","/"," ","0","1","2","3","4","5","6","7","8","9"]"DATE_SQL"
[":","-"," ","0","1","2","3","4","5","6","7","8","9"]"email"
["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "-","+","@","_","."]"password"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "*","+","%","@","_",".",",","$",":","-"]"url"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "(",")","*","-","+","%","@","_",".",",","$",":"," ",";","/","\","?","=","&","[","]","{","}"]"url|"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "(",")","*","-","+","%","@","_",".",",","$",":"," ",";","/","\","?","=","&","[","]","{","}", "|","ª","º","°","!"]"hex"
["A","B","C","D","E","F","a","b","c","d","e","f","0","1","2","3","4","5","6","7","8","9"]"filename"
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "_","."]
Examples
iex > Krug.SanitizerUtil.sanitize_all("09 8778 987",false,true,250,"0-9")
""iex > Krug.SanitizerUtil.sanitize_all("098778987",false,true,250,"0-9")
"098778987"iex > Krug.SanitizerUtil.sanitize_all("09 8778 987",true,true,250,"0-9")
"0"iex > Krug.SanitizerUtil.sanitize_all("098778987",true,true,250,"0-9")
"098778987"iex > Krug.SanitizerUtil.sanitize_all("09 8778 987 ABCDEF ",false,true,250,"A-z")
""iex > Krug.SanitizerUtil.sanitize_all("09 8778 987 ABCDEF ",false,true,250,"0-9")
""iex > Krug.SanitizerUtil.sanitize_all("09 8778 987 ABCDEF ",false,true,250,"A-z0-9")
"09 8778 987 ABCDEF"Sanitizes a file name to escape not allowed chars and force the use of file name with length <= max_size.
If any not allowed char is found, or the file name length > max_size, the value received is ignored and a new random name is generated with the valid chars with size = max_size and return.
If max_size is nil or max_size <= 0, max_size for generate a ramdom string name receive 10. (Then the file name has no limit of chars, if contains only valid chars).
Allowed chars:
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",
"a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
"0","1","2","3","4","5","6","7","8","9",
"_","."]Examples
iex > Krug.SanitizerUtil.sanitize_filename(nil,10)
"rOufHwKL7a" - randomiex > Krug.SanitizerUtil.sanitize_filename("",10)
"WQskDae0ZP" - randomiex > Krug.SanitizerUtil.sanitize_filename(" ",10)
"htlp9cKxHC" - randomiex > Krug.SanitizerUtil.sanitize_filename(" ",10)
"rOufHwKL7a" - randomiex > Krug.SanitizerUtil.sanitize_filename(" afdd#%%{}8989nfdfdd@",10)
"ts44e22BuP" - randomiex > Krug.SanitizerUtil.sanitize_filename("afdd#%%{}8989nfdfdd@",100)
"Jnn7nZICOwuuOXou4q7EBqNVtPHcYgvjh7dORJczzIlPMI7Yr5N96miqHv8gV88KTc2QOaW1yG9FJRsqeRMCKtVTbjepPKQE3whd" - randomiex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",10)
"ts44e22BuP" - randomiex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",19)
"ts44e22BuP" - randomiex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",20)
"Aabcde_fg.6712.89_as"iex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",50)
"Aabcde_fg.6712.89_as"Convert received value to a downcase string, make some validations of forbidden content for a SQL command. Verify some SQL injection words contained in a restriction list above.
- Restriction list:
[ "--","insert ","select ","delete ","drop ","truncate ","alter ", "update ","cascade ","order by ","group by ","union ", "having ","join ","limit ", "min(","min (", "max(","max (", "avg(","avg (", "sum(","sum (", "coalesce(","coalesce (", "distinct(","distinct (", "concat(","concat (", "group_concat(","group_concat (", "grant ","revoke ","commit ","rollback ", "../","%" ]
If forbidden word in content are finded, return nil. Otherwise return received value.
Don't use it as unique validation way for input data. First apply other validation methods on this module, and after that use this method for extra security.
Warning: Can be throw false positives, as example if you have a innocent text as example: " ... there are you coices: -- do it now, or -- do it tomorrow ...", or " ... take an action, select what you want do about it ... ". Be careful whit this method usage to don't cause unnecessary headaches.
Examples
iex > Krug.SanitizerUtil.sanitize_sql("echo -- echo")
niliex > Krug.SanitizerUtil.sanitize_sql("echo - - echo")
echo - - echoiex > Krug.SanitizerUtil.sanitize_sql("echo insert echo")
niliex > Krug.SanitizerUtil.sanitize_sql("echo inserted echo")
echo inserted echoConvert received value to a string, and replace some special chars to normalized chars.
Special chars:
["ã","á","à","â","ä","å","æ", "é","è","ê","ë", "í","ì","î","ï", "õ","ó","ò","ô","ö","ø","œ","ð", "ú","ù","û","ü","µ", "ç","š","ž","ß","ñ","ý","ÿ", "Ã","Á","À","Â","Ä","Å","Æ", "É","È","Ê","Ë", "Í","Ì","Î","Ï", "Õ","Ó","Ò","Ô","Ö","Ø","Œ", "Ú","Ù","Û","Ü", "Ç","Š","Ž","Ÿ","¥","Ý","Ð","Ñ"]Normalized chars:
["a","a","a","a","a","a","a", "e","e","e","e", "i","i","i","i", "o","o","o","o","o","o","o","o", "u","u","u","u","u", "c","s","z","s","n","y","y", "A","A","A","A","A","A","A", "E","E","E","E", "I","I","I","I", "O","O","O","O","O","O","O", "U","U","U","U", "C","S","Z","Y","Y","Y","D","N"]
Example
iex > Krug.SanitizerUtil.translate("éèêëÇŠŽŸ¥ÝÐÑ")
"eeeeCSZYYYDN"Verify if an email contains only allowed chars to be present on email. Apply lowercase before verification.
- Allowed chars:
["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "-","+","@","_","."]
Examples
iex > Krug.SanitizerUtil.validate_email(nil)
falseiex > Krug.SanitizerUtil.validate_email("")
falseiex > Krug.SanitizerUtil.validate_email([])
falseiex > Krug.SanitizerUtil.validate_email([""])
falseiex > Krug.SanitizerUtil.validate_email("echo@ping%com")
falseiex > Krug.SanitizerUtil.validate_email("echo@ping$com")
falseiex > Krug.SanitizerUtil.validate_email("echo@ping.com")
trueiex > Krug.SanitizerUtil.validate_email("echo@ping_com")
trueVerify if an url contains only chars allowed to be in a url.
- Allowed chars:
["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z", "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z", "0","1","2","3","4","5","6","7","8","9", "(",")","*","-","+","%","@","_",".",",","$",":"," ",";","/","\","?","=","&","[","]","{","}"]
Examples
iex > Krug.SanitizerUtil.validate_url(nil)
falseiex > Krug.SanitizerUtil.validate_url("")
falseiex > Krug.SanitizerUtil.validate_url(" ")
falseiex > Krug.SanitizerUtil.validate_url([])
falseiex > Krug.SanitizerUtil.validate_url([""])
falseiex > Krug.SanitizerUtil.validate_url("www.google.com")
falseiex > Krug.SanitizerUtil.validate_url("http://www.google.com")
trueiex > Krug.SanitizerUtil.validate_url("https://www.google.com")
trueiex > Krug.SanitizerUtil.validate_url("https://www.echo|")
false