In other words, I can read what’s before END if I simply seek.
IMHO that is a bad thing and may even be used for attacks.
Btw, I stumbled across this by doing this:
10:01:24 ~$ ruby19 /c/Temp/dd.rb
[“require ‘csv’”]
[]
[“CSV.foreach DATA do |rec|”]
[" p rec"]
[“end”]
[]
[“END”]
[“line 1”]
[“line 2”]
10:01:33 ~$ cat /c/Temp/dd.rb
require ‘csv’
CSV.foreach DATA do |rec|
p rec
end
END
line 1
line 2
10:01:37 ~$
Maybe it’s not such a good idea for CSV.foreach to seek to 0 before
starting to read. As a user of CSV I would always want it to start
off where the IO currently points to. James, what do you think?
In other words, I can read what’s before END if I simply seek.
IMHO that is a bad thing and may even be used for attacks.
I’ve written a script in the past that (ab)used that to use DATA as a
small datastore, rather than writing out to a separate data file. I had
to write out the entire file though, including the source code, so being
able to just seek back to 0 and read from there was helpful for writing
the script.