18 April 2014

The Ruby Reflector

Topic

Hash

  Source Favicon
By Lucas Mazza of Plataformatec Blog 10 days ago.
Email

…when it comes to security and stability of web apps. Before this, any object placed in the cookies Hash would be serialized (and deserialized) through Marshal.dump and Marshal.load , which could possibly lead to remote code execution if an attacker got hold on your application secret.

Now this serializer is configurable through the config.action_dispatch.cookies_serializer configuration option, and new apps will ship with a smarter default: a JSON serializer that won't recreate …

blog.plataformatec.com.br Read
  Source Favicon
By Kurtz of Viget.com Blogs 4 months ago.
Email

…TSort functionality. The easiest way to do this is simply to create a subclass of Hash like so: require 'tsort' class TsortableHash < Hash include TSort

alias tsort_each_node each_key def tsort_each_child(node, &block) fetch(node).each(&block) end end

Next we can use our new class to build a dependency hash. The dependency hash for our sample data insert task might look like the psuedocode below. dependency_hash = \ TsortableHash[ user_1 => [address_1], …

viget.com Read
  Source Favicon
Email
  Source Favicon
By interblah.net of interblah.net 8 months ago.
Email

…non-issue, but for non-Rails applications, loading ActiveSupport can introduce a number of other gems that bloat the running Ruby process. As far as I can tell, the only methods from ActiveSupport that are used are Hash#blank? (which is effectively the same as Hash#empty? ) and String#starts_with? (which is just an alias for the Ruby-default String#start_with? ). Pull request submitted.

interblah.net Read
  Source Favicon
Email

…string as the second argument sets the name of the metric. You can also customize the name using a Hash as the second argument. class User < ActiveRecord::Base extend Nunes::Instrumentable # gonna

# wrap save and instrument the timing of it instrument_method_time :save, name: 'crazy_town.save' end

In addition to name, you can also pass a payload that will get sent along with the generated event. class User < ActiveRecord::Base extend Nunes::Instrumentable # give nunes …

railstips.org Read
  Source Favicon
Email

Interacting with core classes (like Array and Hash) appears to be thread-safe with MRI because of the global lock. There are no such guarantees on the truly multi-threaded implementations like JRuby and Rubinius. I wrote about the effect of the global lock, and how to protect your data with mutexes .

rubyflow.com Read
  Source Favicon
By Bryan McLellan of Chef Blog 1 year ago.
Email

…consideration given for cookbook dependencies. Previously they were based on the order given by ruby's Hash implementation, which differs based on version and vendor patching. This change ensures that your runs will continue to be reproducible.

We've merged knife-essentials into core knife. These new sub-commands are particularly useful for working with getting cookbooks between the server and your workstation and maintaining them. They are documented on the docs site …

opscode.com Read
  Source Favicon
By interblah.net of interblah.net 1 year ago.
Email

For some reason this collection of classes is stored in a Hash, but it seems like the keys of the hash are the only aspect used, so I don't understand why it isn't an Array...

...a.k.a. TestCase subclass, a.k.a. your actual tests. I'm not sure why the MiniTest code is riddled with references to ‘suites', when the classes that it's actually running are called TestCases . Perhaps it's a compromise involving historic names of classes in test-unit …

interblah.net Read
  Source Favicon
By Peter Cooper of Ruby Inside over 1 year ago.
Email

Welcome to this week's roundup of Ruby news, articles, videos, and more, cobbled together from my e-mail newsletter, Ruby Weekly.

Highlights include: MRI 1.9.3-p327, Rails 3.2.9, Capybara 2.0, and the Fukuoka Ruby Award.

Featured

Ruby 1.9.3-p327 Released: Fixes a Hash-Flooding DoS Vulnerability

Carefully crafted strings can be used in a denial of service attack on apps that parse strings to create Hash objects by using the strings as keys. This new patch level release of 1.9.3 counters the issue.

rubyinside.com Read
  Source Favicon
On Ruby News over 1 year ago.
Email

Hash-flooding DoS attack reported for the Hash function ruby 1.9 series were using. This vulnerability is different from CVS-2011-4815 for ruby 1.8.7. All ruby 1.9 users are recommended to upgrade to ruby-1.9.3 patchlevel 327 to get this security fix.

Impact

Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web …

ruby-lang.org Read