Mod_ruby + WSDL = security error

When trying to create a handler to access a SOAP server in an embedded
ruby file (.rhtml) I am unable to get anything done unless I decrease
the safe level for ruby to 0. The code is the following:

<%
require ‘soap/wsdlDriver’
require ‘soap/rpc/rpc’
require ‘cgi’
require ‘logger’

log = Logger.new(STDERR)

log.info $SAFE

file = ‘QBXMLRemote.wsdl’

soapFactory = SOAP::WSDLDriverFactory.new(file)
soap = soapFactory.create_rpc_driver

connectString = soap.openConnectionAndBeginSession ‘u’, ‘p’ , ‘’,
‘someName’, ‘’, ‘multiUser’
puts connectString
%>

When it runs at $SAFE = 1 I get the following stack trace:

[Wed Jun 21 09:06:45 2006] [error] mod_ruby: error in ruby
[Wed Jun 21 09:06:45 2006] [error] mod_ruby:
/usr/lib/ruby/1.8/http-access2.rb:1283:in initialize': Insecure operation - initialize (SecurityError) [Wed Jun 21 09:06:45 2006] [error] mod_ruby: from /usr/lib/ruby/1.8/http-access2.rb:1283:increate_socket’
[Wed Jun 21 09:06:45 2006] [error] mod_ruby: from
/usr/lib/ruby/1.8/http-access2.rb:1252:in connect' [Wed Jun 21 09:06:45 2006] [error] mod_ruby: from /usr/lib/ruby/1.8/timeout.rb:56:intimeout’
[Wed Jun 21 09:06:45 2006] [error] mod_ruby: from
/usr/lib/ruby/1.8/timeout.rb:76:in timeout' [Wed Jun 21 09:06:45 2006] [error] mod_ruby: from /usr/lib/ruby/1.8/http-access2.rb:1251:inconnect’
[Wed Jun 21 09:06:45 2006] [error] mod_ruby: from
/usr/lib/ruby/1.8/http-access2.rb:1111:in query' [Wed Jun 21 09:06:45 2006] [error] mod_ruby: from /usr/lib/ruby/1.8/http-access2.rb:833:inquery’
[Wed Jun 21 09:06:45 2006] [error] mod_ruby: from
/usr/lib/ruby/1.8/http-access2.rb:383:in do_get_block' [Wed Jun 21 09:06:45 2006] [error] mod_ruby: ... 9 levels... [Wed Jun 21 09:06:45 2006] [error] mod_ruby: from /var/www/qBooks/qBooks.rhtml:17 [Wed Jun 21 09:06:45 2006] [error] mod_ruby: from (eval):0 [Wed Jun 21 09:06:45 2006] [error] mod_ruby: from /usr/lib/ruby/1.8/apache/eruby-run.rb:116:inrun’
[Wed Jun 21 09:06:45 2006] [error] mod_ruby: from
/usr/lib/ruby/1.8/apache/eruby-run.rb:72:in `handler’

Any clues as to why running at $SAFE = 1 isn’t working for me? I’m
geussing that perhaps when I load the external .WSDL file it is marked
as tainted?

Thanks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Philip S. wrote:

When trying to create a handler to access a SOAP server in an embedded
ruby file (.rhtml) I am unable to get anything done unless I decrease
the safe level for ruby to 0. The code is the following:

Any clues as to why running at $SAFE = 1 isn’t working for me? I’m
geussing that perhaps when I load the external .WSDL file it is marked
as tainted?

Yes. Host/port definition scraped from WSDL are tainted.

Generating client stub from WSDL on the fly is expensive even if you use
it in mod_ruby. Please consider to generate static client stub file
with wsdl2ruby.rb and use it. Then host/port definitions are in stub
file so no SecurityError will be thrown.

Regards,
// NaHi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)

iQEVAwUBRLmphB9L2jg5EEGlAQKW5ggAmlMeZy60EEobydIqbcFsywAemPU03DvH
C8+HfxcA4IyRPjFDozYkC2kti9Um9Iqb2rqwx33SiKSkwm3u06rTaPaLmP0IkYTT
3SQrkjZ8KUecFFI+3dipWX6+lQDr36Ate4xbVTci13IKc1YIYLD5I+uno6+yz+Z2
OW0YAhIqsnPWSHzh1YtrefwE8QK8ygciup9Fr/3r+wY8ufjVyoBV3gNiOBNdekrr
ORM//TGVSVK8YZxUiGN7NIrMKzngoADk94LCIVoL8vy20R9M7saV3Bg9LwfEz6uJ
oB4rm+VBxdSl+ddfep76Z2LGeHOGLLIByHhQCWLPoqQLyIbFo/vvtA==
=3OXp
-----END PGP SIGNATURE-----

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs