Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
advanced_search
AdvancedSearch
Builds database search queries with complex, nested logical expressions.
You provide an abstract syntax tree representing the search, and
AdvancedSearch builds the search clause of the query (eg. the where
clause, in SQL).
| Good for | Not Good For |
|---|---|
| searches | reports |
| complex logic expressions | simple "conjunction of all parameters" forms |
| natural language | 99% of business search forms |
Input can be natural language,
'age less than 40 and ssn equal to 123-45-6789'
or a typical HTML form,
{
age_lt: 40,
ssn_eq: '123-45-6789'
}
You organize and name your parameters however you want. You convert those
parameters into an AdvancedSearch::AST:
and
/ \
lt eq
/ \ / \
age 40 ssn '123-45-6789'
A convenient S-expression syntax is provided to help you build your tree:
s(:and,
s(:lt, s(:id, :age), s(:value, 40),
s(:eq, s(:id, :ssn), s(:value, '123-45-6789')
)
AdvancedSearch converts your tree into a parameterized search clause (eg. the
where clause, in SQL).
'where age < $1 and ssn = $2'
[40, '123-45-6789']
Finally, you do whatever you want with that search clause. Prepare a complete
query and execute it using ActiveRecord's find_by_sql method, perhaps?
Maybe execute it directly using a gem like pg or mysql2? What you do with
your query, in the privacy of your own home, is your own business.
Complete Example
There is a complete example using ActiveRecord's find_by_sql method in
the test suite. See:
spec/support/activerecord/models
spec/support/activerecord/searches/library_catalog.rb
spec/activerecord/searches/library_catalog_spec.rb
Adapters
| adapter | gem | status |
|---|---|---|
PG | pg | Proof of concept |
Mysql2 | mysql2 | Not yet implemented |
ActiveRecord | activerecord | If only ARel had docs |
Design Goals
- Simple, not easy. You'll have to write substantial code to get started, but future changes will be simple.
- Requires basic understanding of graph theory, must know what a tree is.
- Agnostic: Support for specific databases and ORMs is provided via adapters.
- No dependencies
- Unit tests of your search objects do not need to touch database, so they are very fast.
Roadmap
- full-text search
- "raw" node?
FAQs
Unknown package
We found that advanced_search demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 30 Oct 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025