SAFE levels


#1

Is there somewhere I can find some description on the proper care and
feeding of
Ruby SafeLevels?

I was going to start looking into Rails, but the notion of SafeLevel = 0
being a
requirement is kind of a “really bad idea” (Assumption: this is still
valid for
mod_ruby) in my opinion.

But it can still be useful to work under CGI (again, assuming the
SafeLevel can
be >0) and not worry about doing something fundamentally dumb.

From a Perl background much of this makes wonderful sense until I get
to the
SafeLevel of a tainted object. How do you cleans such a beast?
untainting
strings is trivial, but larger objects… My Perl background fails me
at this
point.


#2

DÅ?a Nedeľa 12 Február 2006 14:54 Tom A. napísal:

From a Perl background much of this makes wonderful sense until I get to
the SafeLevel of a tainted object. How do you cleans such a beast?
untainting strings is trivial, but larger objects… My Perl background
fails me at this point.

irb(main):001:0> require ‘ostruct’
=> true
irb(main):002:0> foo = OpenStruct.new
=>
irb(main):003:0> foo.tainted?
=> false
irb(main):004:0> foo.bar = gets
quux
=> “quux\n”
irb(main):005:0> foo.bar.tainted?
=> true
irb(main):006:0> foo.tainted?
=> false

irb(main):001:0> foo = gets
bar
=> “bar\n”
irb(main):002:0> “foo = #{foo}”
=> “foo = bar\n”
irb(main):003:0> _.tainted?
=> true
irb(main):004:0> foo = gets
%s
=> “%s\n”
irb(main):005:0> foo % “bar”
=> “bar\n”
irb(main):006:0> _.tainted?
=> true
irb(main):007:0>

Whether an object is tainted or not depends on the class of the object.
By
default, any objects are untainted unless you decide to taint them. If
Rails
provides you with a tainted object, it’s your responsibility to sanitize
it’s
attributes, and then call #untaint on it.

There’s usually no magic involved in deciding whether an object is or
isn’t
tainted, short of the well known tainting strings from user input, and
any
strings resulting from interpolation of these with or into other
strings.

David V.


#3

What’s that “_” method/object? Google doesn’t search on punctuation
apparently :-/


#4

DÅ?a Pondelok 13 Február 2006 01:08 removed_email_address@domain.invalid napísal:

What’s that “_” method/object? Google doesn’t search on punctuation
apparently :-/

irb automatically populates the _ variable with the result of the last
line
executed. __ is two lines past, ___ three lines past. I didn’t feel like
using half a million metasyntactic identifiers cluttering up the
session.