From 062555c451cc8f92d608f9ad8a576b2ddd048e9a Mon Sep 17 00:00:00 2001
From: Davis Hyer <dhyer@instructure.com>
Date: Tue, 25 Aug 2020 12:21:49 -0600
Subject: [PATCH] filter profane slugs

fixes VICE-739
flag=none

See https://instructure.slack.com/archives/CGC0YJJDS/p1598370828002100
for context. tl;dr random strings can sometimes result
in vulgarity. This commit has us pick a new random
string if the previous was deemed vulgar

test plan:
  - :noideadog:

qa risk: low

Change-Id: Iddd4d0c944c44f85af9cf32352611acafd44f734
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246010
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Tested-by: Jeffrey Johnson <jeffrey.johnson@instructure.com>
Reviewed-by: Jeffrey Johnson <jeffrey.johnson@instructure.com>
QA-Review: Jeffrey Johnson <jeffrey.johnson@instructure.com>
Product-Review: Jeffrey Johnson <jeffrey.johnson@instructure.com>
---
 gems/canvas_slug/canvas_slug.gemspec |  1 +
 gems/canvas_slug/lib/canvas_slug.rb  | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/gems/canvas_slug/canvas_slug.gemspec b/gems/canvas_slug/canvas_slug.gemspec
index 6e9ff15de60..c7b1700ce47 100644
--- a/gems/canvas_slug/canvas_slug.gemspec
+++ b/gems/canvas_slug/canvas_slug.gemspec
@@ -17,4 +17,5 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.5"
   spec.add_development_dependency "rake"
+  spec.add_dependency "swearjar", "~> 1.4"
 end
diff --git a/gems/canvas_slug/lib/canvas_slug.rb b/gems/canvas_slug/lib/canvas_slug.rb
index 4b4f8fb5d3f..559815b26c9 100644
--- a/gems/canvas_slug/lib/canvas_slug.rb
+++ b/gems/canvas_slug/lib/canvas_slug.rb
@@ -17,13 +17,25 @@
 #
 
 require "securerandom"
+require "swearjar"
 
 class CanvasSlug
   class << self
     CHARS = ('0'..'9').to_a + ('a'..'z').to_a + ('A'..'Z').to_a
+    SJ = Swearjar.default
 
     def generate_securish_uuid(length = 40)
-      Array.new(length) { CHARS[SecureRandom.random_number(CHARS.length)] }.join
+      # Ensure we don't get naughties by looping until we get something
+      # "clean". Loop count is arbitrary, we use length as shorter strings
+      # are less likely to result in problematic strings.
+      length.times do
+        uuid = Array.new(length) { CHARS[SecureRandom.random_number(CHARS.length)] }.join
+        return uuid unless SJ.profane?(uuid)
+      end
+
+      # TODO: raise exception to allow consumer to handle
+      # raise "CanvasSlug couldn't find valid uuid after #{length} attempts"
+      return uuid
     end
 
     def generate(purpose = nil, length = 4)