SAFE levels
Tom Allison
Ruby SafeLevels?
I was going to start looking into Rails, but the notion of SafeLevel = 0 being a
requirement is kind of a "really bad idea" (Assumption: this is still valid for
mod_ruby) in my opinion.
But it can still be useful to work under CGI (again, assuming the SafeLevel can
be >0) and not worry about doing something fundamentally dumb.
From a Perl background much of this makes wonderful sense until I get to the
SafeLevel of a tainted object. How do you cleans such a beast? untainting
strings is trivial, but larger objects... My Perl background fails me at this
point.
David Vallner
irb(main):001:0> require 'ostruct'
=> true
irb(main):002:0> foo = OpenStruct.new
=> <OpenStruct>
irb(main):003:0> foo.tainted?
=> false
irb(main):004:0> foo.bar = gets
quux
=> "quux\n"
irb(main):005:0> foo.bar.tainted?
=> true
irb(main):006:0> foo.tainted?
=> false
irb(main):001:0> foo = gets
bar
=> "bar\n"
irb(main):002:0> "foo = #{foo}"
=> "foo = bar\n"
irb(main):003:0> _.tainted?
=> true
irb(main):004:0> foo = gets
%s
=> "%s\n"
irb(main):005:0> foo % "bar"
=> "bar\n"
irb(main):006:0> _.tainted?
=> true
irb(main):007:0>
Whether an object is tainted or not depends on the class of the object. By
default, any objects are untainted unless you decide to taint them. If Rails
provides you with a tainted object, it's your responsibility to sanitize it's
attributes, and then call #untaint on it.
There's usually no magic involved in deciding whether an object is or isn't
tainted, short of the well known tainting strings from user input, and any
strings resulting from interpolation of these with or into other strings.
David Vallner
ssm...@gmail.com
apparently :-/
David Vallner
> What's that "_" method/object? Google doesn't search on punctuation
> apparently :-/
irb automatically populates the _ variable with the result of the last line
executed. __ is two lines past, ___ three lines past. I didn't feel like
using half a million metasyntactic identifiers cluttering up the session.