…when it comes to security and stability of web apps. Before this, any object placed in the cookies Hash would be serialized (and deserialized) through Marshal.dump and Marshal.load , which could possibly lead to remote code execution if an attacker got hold on your application secret.
Now this serializer is configurable through the config.action_dispatch.cookies_serializer configuration option, and new apps will ship with a smarter default: a JSON serializer that won't recreate …
…TSort functionality. The easiest way to do this is simply to create a subclass of Hash like so: require 'tsort' class TsortableHash < Hash include TSort
alias tsort_each_node each_key def tsort_each_child(node, &block) fetch(node).each(&block) end end
Next we can use our new class to build a dependency hash. The dependency hash for our sample data insert task might look like the psuedocode below. dependency_hash = \ TsortableHash[ user_1 => [address_1], …
In this example, we chose to build the URL ourselves, using ActiveSupport 's Hash#to_query and pulling our client environment variables .and secret in from
If you found this useful, you might also enjoy:
How to Efficiently Handle Large Amounts of on iOS Maps
…non-issue, but for non-Rails applications, loading ActiveSupport can introduce a number of other gems that bloat the running Ruby process. As far as I can tell, the only methods from ActiveSupport that are used are Hash#blank? (which is effectively the same as Hash#empty? ) and String#starts_with? (which is just an alias for the Ruby-default String#start_with? ). Pull request submitted.
…string as the second argument sets the name of the metric. You can also customize the name using a Hash as the second argument. class User < ActiveRecord::Base extend Nunes::Instrumentable # gonna
# wrap save and instrument the timing of it instrument_method_time :save, name: 'crazy_town.save' end
In addition to name, you can also pass a payload that will get sent along with the generated event. class User < ActiveRecord::Base extend Nunes::Instrumentable # give nunes …
Interacting with core classes (like I wrote about the effect of the global lock, and how to protect your data with mutexes .and Hash) appears to be thread-safe with MRI because of the global lock. There are no such guarantees on the truly multi-threaded implementations like and .
…consideration given for cookbook dependencies. Previously they were based on the order given by ruby's Hash implementation, which differs based on version and vendor patching. This change ensures that your runs will continue to be reproducible.
We've merged knife-essentials into core knife. These new sub-commands are particularly useful for working with getting cookbooks between the server and your workstation and maintaining them. They are documented on the docs site …
For some reason this collection of classes is stored in a Hash, but it seems like the keys of the hash are the only aspect used, so I don't understand why it isn't an Array... ↩
...a.k.a.subclass, a.k.a. your actual tests. I'm not sure why the code is riddled with references to ‘suites', when the classes that it's actually running are called TestCases . Perhaps it's a compromise involving historic names of classes in test-unit …
Welcome to this week's roundup of Ruby Weekly.news, articles, videos, and more, cobbled together from my e-mail newsletter,
Highlights include: MRI 1.9.3-p327,3.2.9, 2.0, and the .
Carefully crafted strings can be used in a denial of service attack on apps that parse strings to create Hash objects by using the strings as keys. This new patch level release of 1.9.3 counters the issue.
Hash-flooding DoS attack reported for the Hash function ruby 1.9 series were using. This vulnerability is different from CVS-2011-4815 for ruby 1.8.7. All ruby 1.9 users are recommended to upgrade to ruby-1.9.3 patchlevel 327 to get this security fix.
Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web …