4 个仓库
Extraction of explicitly defined parameters from a request while stripping undeclared data.
Distinct from Parameter Filtering: Candidates focus on security update attributes or database query filtering, not the general API input filtering (whitelisting).
Explore 4 awesome GitHub repositories matching web development · Request Parameter Filtering. Refine with filters or upvote what's useful.
Grape is a RESTful web service framework for Ruby designed for building structured APIs. It provides a declarative syntax for routing and parameter validation, allowing developers to map HTTP verbs to logic through a domain specific language. The framework is distinguished by its built-in support for service versioning, which can be managed via URL paths, custom headers, or request parameters. It also features a modular architecture that allows large services to be constructed by nesting smaller API definitions. The project covers comprehensive API lifecycle capabilities, including schema-dr
Extracts only the explicitly defined parameters from a request while removing all undeclared data.
This project is a web development tutorial site and a Ruby on Rails learning resource designed as a beginner programming guide. It serves as a technical workshop curriculum and a structured framework for organizing and coaching community-led programming events. The site functions as a static site generator that converts Markdown content and templates into pre-rendered HTML pages. This architecture supports the delivery of step-by-step guides and instructional materials used to teach new learners how to build web applications. The content covers a broad range of capabilities, including Ruby o
Demonstrates how to use parameter whitelisting to protect applications from injection attacks.
本项目是一个 Laravel 应用程序的存储库模式库,旨在将业务逻辑与数据库查询和存储实现解耦。它提供了一个标准化的数据访问层,以将应用程序逻辑与底层存储层隔离开来。 该库包括一个查询过滤器系统,可将 HTTP 请求参数转换为动态数据库过滤器、搜索条件和排序逻辑。它具有一个 API 展示层,用于将内部数据结构与客户端响应分离,以及一个在记录被修改时自动刷新存储数据库结果的缓存管理器。 其他功能包括用于生成控制器、模型和存储库的命令行工具,以及在数据持久化之前强制执行业务规则的验证器类。
Translates HTTP request parameters into dynamic database filters and sorting logic automatically.
本项目是一个针对 Ruby on Rails 的静态分析工具和 Linter,旨在识别架构异味和最佳实践违规。它充当 Rails 应用的代码质量 Linter、架构审计员、安全扫描器和性能分析器。 该工具评估控制器、模型和视图模板之间的关注点分离,以减少技术债务。它识别次优的编码模式并强制执行风格一致性,同时专门扫描安全漏洞,如模型中未受保护的批量赋值。 分析范围涵盖检测低效的数据库查询和内存密集型数据检索模式。它还审计路由设计、验证记录持久化,并识别不当的错误处理和时区配置错误。 用户可以通过配置文件定义要启用或禁用的代码检查来管理分析。
Detects modifications to original request parameters to ensure data integrity during processing.