Krug.SanitizerUtil (Krug v1.1.44) View Source

Utilitary secure module to provide methods that help with data sanitization for validation, and some methods that result sanitized values.

Link to this section Summary

Functions

Verify if an element of array_values is < value.

Return the valid email chars array.

Generates a random string with length size containing "A-z0-9" chars.

Generates a random string with length size containing only allowed chars to be used in file names.

Generates a random string with length size containing only numeric 0-9 chars.

Verify if an element of array_values is one of [nil,""," "].

Return the valid money format chars array.

Return the valid numeric chars array.

Return the valid numbers chars array.

Convert received value to a string, make some validations of forbidden content. Verify some HTML injection words contained in a restriction list above.

Convert received value to a string, make some validations of forbidden content and allowed chars. If forbidden content or not allowed chars are finded, return empty string for not numeric input values and "0" for numeric values.

Sanitizes a file name to escape not allowed chars and force the use of file name with length <= max_size.

Convert received value to a downcase string, make some validations of forbidden content for a SQL command. Verify some SQL injection words contained in a restriction list above.

Convert received value to a string, and replace some special chars to normalized chars.

Verify if an email contains only allowed chars to be present on email. Apply lowercase before verification.

Verify if an url contains only chars allowed to be in a url.

Link to this section Functions

Link to this function

array_has_one_less_than(array_values, value)

View Source

Verify if an element of array_values is < value.

If array_values is nil/empty return true.

If value is not a number return false.

Examples

iex > Krug.SanitizerUtil.array_has_one_less_than(nil,1)
true
iex > Krug.SanitizerUtil.array_has_one_less_than([""],1)
false
iex > Krug.SanitizerUtil.array_has_one_less_than([nil],1)
false
iex > Krug.SanitizerUtil.array_has_one_less_than([1],nil)
false
iex > Krug.SanitizerUtil.array_has_one_less_than([1],"")
false
iex > Krug.SanitizerUtil.array_has_one_less_than([1],"-1-1")
false
iex > Krug.SanitizerUtil.array_has_one_less_than([1],"10")
true
iex > Krug.SanitizerUtil.array_has_one_less_than([1,0],1)
true
iex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1],"-0.5")
true
iex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1],"-0,5.5")
false - * "-0,5.5" convert to -5.5
iex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1],"-0,0.5")
true
iex > Krug.SanitizerUtil.array_has_one_less_than([1,0,-1,[],nil,%{}],"-0,0.5")
true
iex > Krug.SanitizerUtil.array_has_one_less_than([1,0,2,[],nil,%{}],"-0,0.5")
false

Return the valid email chars array.

Example

iex > Krug.SanitizerUtil.email_chars()
["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
 "0","1","2","3","4","5","6","7","8","9",
 "-","+","@","_","."]

Generates a random string with length size containing "A-z0-9" chars.

["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
 "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
 "0","1","2","3","4","5","6","7","8","9",
 "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª"]

If size is not a number, set size to 10.

Examples

iex > Krug.SanitizerUtil.generate_random(nil)
"V@/)B*$fXG"
iex > Krug.SanitizerUtil.generate_random("")
"NXd6oBJJK$"
iex > Krug.SanitizerUtil.generate_random(" ")
"WñQcVCX1m("
iex > Krug.SanitizerUtil.generate_random("10")
"Y,nEWnty/t"
iex > Krug.SanitizerUtil.generate_random(20)
"28ñHH5I2:$jcPCñ6kNk8"
iex > Krug.SanitizerUtil.generate_random("30")
"7@sX$M%7gyy,58$_p@48_rRN%VjtVO"
Link to this function

generate_random_filename(size)

View Source

Generates a random string with length size containing only allowed chars to be used in file names.

If size is not a number, set size to 10.

Examples

iex > Krug.SanitizerUtil.generate_random_filename(nil)
"2mi1k281XY"
iex > Krug.SanitizerUtil.generate_random_filename("")
"1xdsohbWBs"
iex > Krug.SanitizerUtil.generate_random_filename(" ")
"3orpWPvnfg"
iex > Krug.SanitizerUtil.generate_random_filename(10)
"T29p17Gbqi"
iex > Krug.SanitizerUtil.generate_random_filename("20")
"Ry7JFypiFVl2z8jDhsg1"
iex > Krug.SanitizerUtil.generate_random_filename(30)
"OxC5DTSmih3BG5uj7KmK1XgWDvMBe3"
Link to this function

generate_random_only_num(size)

View Source

Generates a random string with length size containing only numeric 0-9 chars.

If size is not a number, set size to 10.

Examples

iex > Krug.SanitizerUtil.generate_random_only_num(nil)
"8842631571"
iex > Krug.SanitizerUtil.generate_random_only_num("")
"3983415257"
iex > Krug.SanitizerUtil.generate_random_only_num(" ")
"5367142216"
iex > Krug.SanitizerUtil.generate_random_only_num(10)
"1519486235"
iex > Krug.SanitizerUtil.generate_random_only_num("20")
"45396319754971833184"
iex > Krug.SanitizerUtil.generate_random_only_num(30)
"845951826982685147272442547731"

Verify if an element of array_values is one of [nil,""," "].

Examples

iex > Krug.SanitizerUtil.has_empty(nil)
false
iex > Krug.SanitizerUtil.has_empty([])
false
iex > Krug.SanitizerUtil.has_empty([nil,1,2])
true
iex > Krug.SanitizerUtil.has_empty([3,4,""])
true
iex > Krug.SanitizerUtil.has_empty([8,7,9," "])
true
iex > Krug.SanitizerUtil.has_empty([[],%{},9,34,"$A"])
false

Return the valid money format chars array.

Example

iex > Krug.SanitizerUtil.money_chars()
[",","0","1","2","3","4","5","6","7","8","9"]

Return the valid numeric chars array.

Example

iex > Krug.SanitizerUtil.nums()
["-",".","0","1","2","3","4","5","6","7","8","9"]

Return the valid numbers chars array.

Example

iex > Krug.SanitizerUtil.only_nums()
["0","1","2","3","4","5","6","7","8","9"]

Convert received value to a string, make some validations of forbidden content. Verify some HTML injection words contained in a restriction list above.

  • Restriction list:
    [
      "< script","<script","script>","script >",
      "</script","< /script","</ script", "< / script",
      "<body","< body",
      "< ?","<?","? >","?>",
      "../","%",
      "onerror=","onerror =",
      "onclick=","onclick =",
      "onload=","onload =",
      "alert(","alert (",
      "prompt(","prompt (",
      "eval(","eval (",
      "settimeout(","settimeout (",
      "setinterval(","setinterval (",
      "innerhtml=","innerhtml ="
    ]
    # % except when is followed by a whitespace, for example '10% '

If forbidden content are finded, return nil. Otherwise return received value making some unobfscating substution operations.

Examples

iex > Krug.SanitizerUtil.sanitize("echo <script echo")
nil
iex > Krug.SanitizerUtil.sanitize("echo < script echo")
nil
iex > Krug.SanitizerUtil.sanitize("echo script> echo")
nil
iex > Krug.SanitizerUtil.sanitize("echo script > echo")
nil
iex > Krug.SanitizerUtil.sanitize(echoscript>echo)
nil
iex > Krug.SanitizerUtil.sanitize("echoscriptecho")
"echoscriptecho"
iex > Krug.SanitizerUtil.sanitize("echo script echo")
"echo script echo"
Link to this function

sanitize_all(input, is_numeric, sanitize_input, max_size, valid_chars)

View Source

Convert received value to a string, make some validations of forbidden content and allowed chars. If forbidden content or not allowed chars are finded, return empty string for not numeric input values and "0" for numeric values.

If sanitize_input received as true, then call additionally methods to sanitize the value as comming from a html input field (type: text,number and all others except textarea).

valid_chars should be a string with the valid chars aceppted, separated by comma (ex.: "a,b,c,d,4") or a string that matches with a predefined values name. If valid_chars is nil/empty default value "A-z0-9" is used if is_numeric = false otherwise if is a number the "0-9" value used by default.

Named valid_chars predefined values and respective chars:

  • "A-z0-9"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]
  • "A-z0-9Name"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "-",","," "]
  • "A-z0-9|" All "A-z0-9" more "|"

  • "0-9"

    ["-",".","0","1","2","3","4","5","6","7","8","9"]
  • "A-z"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
    "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]
  • "a-z"

    ["a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
    "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]
  • "A-Z"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "(",")","*","-","+","%","@","_",".",",","$",":"," ","/","º","ª","?","!"]
  • "DATE_SLASH"

    [":","/"," ","0","1","2","3","4","5","6","7","8","9"]
  • "DATE_SQL"

    [":","-"," ","0","1","2","3","4","5","6","7","8","9"]
  • "email"

    ["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "-","+","@","_","."]
  • "password"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "*","+","%","@","_",".",",","$",":","-"]
  • "url"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "(",")","*","-","+","%","@","_",".",",","$",":"," ",";","/","\","?","=","&","[","]","{","}"]
  • "url|"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "(",")","*","-","+","%","@","_",".",",","$",":"," ",";","/","\","?","=","&","[","]","{","}",
    "|","ª","º","°","!"]
  • "hex"

    ["A","B","C","D","E","F","a","b","c","d","e","f","0","1","2","3","4","5","6","7","8","9"]
  • "filename"

    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "_","."]

Examples

iex > Krug.SanitizerUtil.sanitize_all("09 8778 987",false,true,250,"0-9")
""
iex > Krug.SanitizerUtil.sanitize_all("098778987",false,true,250,"0-9")
"098778987"
iex > Krug.SanitizerUtil.sanitize_all("09 8778 987",true,true,250,"0-9")
"0"
iex > Krug.SanitizerUtil.sanitize_all("098778987",true,true,250,"0-9")
"098778987"
iex > Krug.SanitizerUtil.sanitize_all("09 8778 987 ABCDEF ",false,true,250,"A-z")
""
iex > Krug.SanitizerUtil.sanitize_all("09 8778 987 ABCDEF ",false,true,250,"0-9")
""
iex > Krug.SanitizerUtil.sanitize_all("09 8778 987 ABCDEF ",false,true,250,"A-z0-9")
"09 8778 987 ABCDEF"
Link to this function

sanitize_filename(name, max_size)

View Source

Sanitizes a file name to escape not allowed chars and force the use of file name with length <= max_size.

If any not allowed char is found, or the file name length > max_size, the value received is ignored and a new random name is generated with the valid chars with size = max_size and return.

If max_size is nil or max_size <= 0, max_size for generate a ramdom string name receive 10. (Then the file name has no limit of chars, if contains only valid chars).

Allowed chars:

["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z",
 "a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
 "0","1","2","3","4","5","6","7","8","9",
 "_","."]

Examples

iex > Krug.SanitizerUtil.sanitize_filename(nil,10)
"rOufHwKL7a" - random
iex > Krug.SanitizerUtil.sanitize_filename("",10)
"WQskDae0ZP" - random
iex > Krug.SanitizerUtil.sanitize_filename(" ",10)
"htlp9cKxHC" - random
iex > Krug.SanitizerUtil.sanitize_filename(" ",10)
"rOufHwKL7a" - random
iex > Krug.SanitizerUtil.sanitize_filename(" afdd#%%{}8989nfdfdd@",10)
"ts44e22BuP" - random
iex > Krug.SanitizerUtil.sanitize_filename("afdd#%%{}8989nfdfdd@",100)
"Jnn7nZICOwuuOXou4q7EBqNVtPHcYgvjh7dORJczzIlPMI7Yr5N96miqHv8gV88KTc2QOaW1yG9FJRsqeRMCKtVTbjepPKQE3whd" - random
iex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",10)
"ts44e22BuP" - random
iex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",19)
"ts44e22BuP" - random
iex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",20)
"Aabcde_fg.6712.89_as"
iex > Krug.SanitizerUtil.sanitize_filename("Aabcde_fg.6712.89_as",50)
"Aabcde_fg.6712.89_as"
Link to this function

sanitize_sql(input)

View Source (since 0.4.15)

Convert received value to a downcase string, make some validations of forbidden content for a SQL command. Verify some SQL injection words contained in a restriction list above.

  • Restriction list:
    [
      "--","insert ","select ","delete ","drop ","truncate ","alter ",
      "update ","cascade ","order by ","group by ","union ",
      "having ","join ","limit ",
      "min(","min (",
      "max(","max (",
      "avg(","avg (",
      "sum(","sum (",
      "coalesce(","coalesce (",
      "distinct(","distinct (",
      "concat(","concat (",
      "group_concat(","group_concat (",
      "grant ","revoke ","commit ","rollback ",
      "../","%"
    ]

If forbidden word in content are finded, return nil. Otherwise return received value.

Don't use it as unique validation way for input data. First apply other validation methods on this module, and after that use this method for extra security.

Warning: Can be throw false positives, as example if you have a innocent text as example: " ... there are you coices: -- do it now, or -- do it tomorrow ...", or " ... take an action, select what you want do about it ... ". Be careful whit this method usage to don't cause unnecessary headaches.

Examples

iex > Krug.SanitizerUtil.sanitize_sql("echo -- echo")
nil
iex > Krug.SanitizerUtil.sanitize_sql("echo - - echo")
echo - - echo
iex > Krug.SanitizerUtil.sanitize_sql("echo insert echo")
nil
iex > Krug.SanitizerUtil.sanitize_sql("echo inserted echo")
echo inserted echo

Convert received value to a string, and replace some special chars to normalized chars.

  • Special chars:

    ["ã","á","à","â","ä","å","æ",
    "é","è","ê","ë",
    "í","ì","î","ï",
    "õ","ó","ò","ô","ö","ø","œ","ð",
    "ú","ù","û","ü","µ",
    "ç","š","ž","ß","ñ","ý","ÿ",
    "Ã","Á","À","Â","Ä","Å","Æ",
    "É","È","Ê","Ë",
    "Í","Ì","Î","Ï",
    "Õ","Ó","Ò","Ô","Ö","Ø","Œ",
    "Ú","Ù","Û","Ü",
    "Ç","Š","Ž","Ÿ","¥","Ý","Ð","Ñ"]
  • Normalized chars:

    ["a","a","a","a","a","a","a",
    "e","e","e","e",
    "i","i","i","i",
    "o","o","o","o","o","o","o","o",
    "u","u","u","u","u",
    "c","s","z","s","n","y","y",
    "A","A","A","A","A","A","A",
    "E","E","E","E",
    "I","I","I","I",
    "O","O","O","O","O","O","O",
    "U","U","U","U",
    "C","S","Z","Y","Y","Y","D","N"]

Example

iex > Krug.SanitizerUtil.translate("éèêëÇŠŽŸ¥ÝÐÑ")
"eeeeCSZYYYDN"

Verify if an email contains only allowed chars to be present on email. Apply lowercase before verification.

  • Allowed chars:
    ["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "-","+","@","_","."]

Examples

iex > Krug.SanitizerUtil.validate_email(nil)
false
iex > Krug.SanitizerUtil.validate_email("")
false
iex > Krug.SanitizerUtil.validate_email([])
false
iex > Krug.SanitizerUtil.validate_email([""])
false
iex > Krug.SanitizerUtil.validate_email("echo@ping%com")
false
iex > Krug.SanitizerUtil.validate_email("echo@ping$com")
false
iex > Krug.SanitizerUtil.validate_email("echo@ping.com")
true
iex > Krug.SanitizerUtil.validate_email("echo@ping_com")
true

Verify if an url contains only chars allowed to be in a url.

  • Allowed chars:
    ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","Ñ","O","P","Q","R","S","T","U","V","W","X","Y","Z",
    "a","b","c","d","e","f","g","h","i","j","k","l","m","n","ñ","o","p","q","r","s","t","u","v","w","x","y","z",
    "0","1","2","3","4","5","6","7","8","9",
    "(",")","*","-","+","%","@","_",".",",","$",":"," ",";","/","\","?","=","&","[","]","{","}"]

Examples

iex > Krug.SanitizerUtil.validate_url(nil)
false
iex > Krug.SanitizerUtil.validate_url("")
false
iex > Krug.SanitizerUtil.validate_url(" ")
false
iex > Krug.SanitizerUtil.validate_url([])
false
iex > Krug.SanitizerUtil.validate_url([""])
false
iex > Krug.SanitizerUtil.validate_url("www.google.com")
false
iex > Krug.SanitizerUtil.validate_url("http://www.google.com")
true
iex > Krug.SanitizerUtil.validate_url("https://www.google.com")
true
iex > Krug.SanitizerUtil.validate_url("https://www.echo|")
false