SAFE levels

[Tom Allison]

Is there somewhere I can find some description on the proper care and feeding of
Ruby SafeLevels?

I was going to start looking into Rails, but the notion of SafeLevel = 0 being a
requirement is kind of a "really bad idea" (Assumption: this is still valid for
mod_ruby) in my opinion.

But it can still be useful to work under CGI (again, assuming the SafeLevel can
be >0) and not worry about doing something fundamentally dumb.

From a Perl background much of this makes wonderful sense until I get to the
SafeLevel of a tainted object. How do you cleans such a beast? untainting
strings is trivial, but larger objects... My Perl background fails me at this
point.

 

[David Vallner]

D=C5=88a Nede=C4=BEa 12 Febru=C3=A1r 2006 14:54 Tom Allison nap=C3=ADsal:

Is there somewhere I can find some description on the proper care and
feeding of Ruby SafeLevels?

I was going to start looking into Rails, but the notion of SafeLevel =3D 0
being a requirement is kind of a "really bad idea" (Assumption: this is
still valid for mod_ruby) in my opinion.

But it can still be useful to work under CGI (again, assuming the SafeLev= el
can be >0) and not worry about doing something fundamentally dumb.

From a Perl background much of this makes wonderful sense until I get to
the SafeLevel of a tainted object. How do you cleans such a beast?=20
untainting strings is trivial, but larger objects... My Perl background
fails me at this point.

irb(main):001:0> require 'ostruct'
=3D> true
irb(main):002:0> foo =3D OpenStruct.new
=3D> <OpenStruct>
irb(main):003:0> foo.tainted?
=3D> false
irb(main):004:0> foo.bar =3D gets
quux
=3D> "quux\n"
irb(main):005:0> foo.bar.tainted?
=3D> true
irb(main):006:0> foo.tainted?
=3D> false

irb(main):001:0> foo =3D gets
bar
=3D> "bar\n"
irb(main):002:0> "foo =3D #{foo}"
=3D> "foo =3D bar\n"
irb(main):003:0> _.tainted?
=3D> true
irb(main):004:0> foo =3D gets
%s
=3D> "%s\n"
irb(main):005:0> foo % "bar"
=3D> "bar\n"
irb(main):006:0> _.tainted?
=3D> true
irb(main):007:0> =20

Whether an object is tainted or not depends on the class of the object. By=
=20
default, any objects are untainted unless you decide to taint them. If Rail=
s=20
provides you with a tainted object, it's your responsibility to sanitize it=
's=20
attributes, and then call #untaint on it.=20

There's usually no magic involved in deciding whether an object is or isn't=
=20
tainted, short of the well known tainting strings from user input, and any=
=20
strings resulting from interpolation of these with or into other strings.

David Vallner

 

[ssmoot]

What's that "_" method/object? Google doesn't search on punctuation
apparently :-/

 

[David Vallner]

D=C5=88a Pondelok 13 Febru=C3=A1r 2006 01:08 (e-mail address removed) nap=C3=ADsal:

What's that "_" method/object? Google doesn't search on punctuation
apparently :-/

irb automatically populates the _ variable with the result of the last line=
=20
executed. __ is two lines past, ___ three lines past. I didn't feel like=20
using half a million metasyntactic identifiers cluttering up the session.