ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

filter profane slugs 

fixes VICE-739
flag=none

See https://instructure.slack.com/archives/CGC0YJJDS/p1598370828002100
for context. tl;dr random strings can sometimes result
in vulgarity. This commit has us pick a new random
string if the previous was deemed vulgar

test plan:
  - :noideadog:

qa risk: low

Change-Id: Iddd4d0c944c44f85af9cf32352611acafd44f734
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246010
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Tested-by: Jeffrey Johnson <jeffrey.johnson@instructure.com>
Reviewed-by: Jeffrey Johnson <jeffrey.johnson@instructure.com>
QA-Review: Jeffrey Johnson <jeffrey.johnson@instructure.com>
Product-Review: Jeffrey Johnson <jeffrey.johnson@instructure.com>
This commit is contained in:
Davis Hyer 2020-08-25 12:21:49 -06:00
parent 3c8363b6ff
commit 062555c451
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gems/canvas_slug/canvas_slug.gemspec
View File

@ -17,4 +17,5 @@ Gem::Specification.new do |spec|
spec.add_development_dependency "bundler", "~> 1.5"
spec.add_development_dependency "rake"
spec.add_dependency "swearjar", "~> 1.4"
end

14
gems/canvas_slug/lib/canvas_slug.rb
View File

@ -17,13 +17,25 @@
#
require "securerandom"
require "swearjar"
class CanvasSlug
class << self
CHARS = ('0'..'9').to_a + ('a'..'z').to_a + ('A'..'Z').to_a
SJ = Swearjar.default
def generate_securish_uuid(length = 40)
Array.new(length) { CHARS[SecureRandom.random_number(CHARS.length)] }.join
# Ensure we don't get naughties by looping until we get something
# "clean". Loop count is arbitrary, we use length as shorter strings
# are less likely to result in problematic strings.
length.times do
uuid = Array.new(length) { CHARS[SecureRandom.random_number(CHARS.length)] }.join
return uuid unless SJ.profane?(uuid)
end
# TODO: raise exception to allow consumer to handle
# raise "CanvasSlug couldn't find valid uuid after #{length} attempts"
return uuid
end
def generate(purpose = nil, length = 4)