You are previewing The Ruby Programming Language.

The Ruby Programming Language

Cover of The Ruby Programming Language by Yukihiro Matsumoto... Published by O'Reilly Media, Inc.
  1. The Ruby Programming Language
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. A Note Regarding Supplemental Files
    3. Preface
      1. Acknowledgments
      2. Conventions Used in This Book
      3. Using Code Examples
      4. How to Contact Us
      5. Safari® Enabled
    4. 1. Introduction
      1. A Tour of Ruby
      2. Try Ruby
      3. About This Book
      4. A Sudoku Solver in Ruby
    5. 2. The Structure and Execution of Ruby Programs
      1. Lexical Structure
      2. Syntactic Structure
      3. File Structure
      4. Program Encoding
      5. Program Execution
    6. 3. Datatypes and Objects
      1. Numbers
      2. Text
      3. Arrays
      4. Hashes
      5. Ranges
      6. Symbols
      7. True, False, and Nil
      8. Objects
    7. 4. Expressions and Operators
      1. Literals and Keyword Literals
      2. Variable References
      3. Constant References
      4. Method Invocations
      5. Assignments
      6. Operators
    8. 5. Statements and Control Structures
      1. Conditionals
      2. Loops
      3. Iterators and Enumerable Objects
      4. Blocks
      5. Altering Control Flow
      6. Exceptions and Exception Handling
      7. BEGIN and END
      8. Threads, Fibers, and Continuations
    9. 6. Methods, Procs, Lambdas, and Closures
      1. Defining Simple Methods
      2. Method Names
      3. Methods and Parentheses
      4. Method Arguments
      5. Procs and Lambdas
      6. Closures
      7. Method Objects
      8. Functional Programming
    10. 7. Classes and Modules
      1. Defining a Simple Class
      2. Method Visibility: Public, Protected, Private
      3. Subclassing and Inheritance
      4. Object Creation and Initialization
      5. Modules
      6. Loading and Requiring Modules
      7. Singleton Methods and the Eigenclass
      8. Method Lookup
      9. Constant Lookup
    11. 8. Reflection and Metaprogramming
      1. Types, Classes, and Modules
      2. Evaluating Strings and Blocks
      3. Variables and Constants
      4. Methods
      5. Hooks
      6. Tracing
      7. ObjectSpace and GC
      8. Custom Control Structures
      9. Missing Methods and Missing Constants
      10. Dynamically Creating Methods
      11. Alias Chaining
      12. Domain-Specific Languages
    12. 9. The Ruby Platform
      1. Strings
      2. Regular Expressions
      3. Numbers and Math
      4. Dates and Times
      5. Collections
      6. Files and Directories
      7. Input/Output
      8. Networking
      9. Threads and Concurrency
    13. 10. The Ruby Environment
      1. Invoking the Ruby Interpreter
      2. The Top-Level Environment
      3. Practical Extraction and Reporting Shortcuts
      4. Calling the OS
      5. Security
    14. Index
    15. About the Authors
    16. Colophon
    17. SPECIAL OFFER: Upgrade this ebook with O’Reilly
O'Reilly logo

Security

Ruby’s security system provides a mechanism for writing programs that work with untrusted data and untrusted code. There are two parts to the security system. The first is a mechanism for distinguishing safe data from untrusted, or tainted, data. The second is a technique for restricted execution, which allows you to “lock down” the Ruby environment and prevents the Ruby interpreter from performing potentially dangerous operations on tainted data. This serves to prevent things like SQL injection attacks in which malicious input alters a program’s behavior. Restricted execution can be taken a step further so that untrusted (and possibly malicious) code can be executed without fear that it will delete files, steal data, or otherwise cause harm.

This discussion of Ruby’s security mechanisms is specific to the reference implementation. Other implementations may differ. JRuby, in particular, makes very little attempt (at the time of this writing) to emulate the restricted execution modes of the reference implementation. Furthermore, keep in mind that Ruby’s security model has not received the kind of careful and prolonged scrutiny that Java’s security architecture has. This section explains how Ruby’s security architecture is supposed to work, but bugs yet to be discovered may allow the restrictions to be circumvented.

Tainted Data

Every object in Ruby is either tainted or untainted. Literal values in program source code are untainted. Values that are derived from the external ...

The best content for your career. Discover unlimited learning on demand for around $1/day.