When do Ruby objects need to be made tainted and when should we untaint them? How does the concept of tainted object make a Ruby script run in safe mode? Can anyone elaborate on this to make the concept clear with some code snippets?
What are tainted objects, and when should we untaint them?
6.3k Views Asked by Arup Rakshit At
1
There are 1 best solutions below
Related Questions in RUBY
- Best way to make an HABTM association via console
- undefined method `namespace' for main:Object (NoMethodError) - active record / rakefile
- Ruby destroy is not working? Or objects still present?
- Trying to set the value of an input with mechanize
- How to split the logic in a ruby game
- How can I monitor an endpoint's status with Ruby?
- Why can a private class method be explicitly invoked in Ruby?
- Rails - Ajax do not work properly on production server
- syntax error, unexpected kEND
- Carrierwave file upload with different file types
- b.javascript_dialog().exists? is not working for me in WATIR 4.0.2
- Combine two arrays of hashes
- Building a simple calculator form in Rails 4
- How do I update create route from rails 3 to 4
- Comparison of Fixnum with nil failed - palindrome program Ruby
Related Questions in RUBY-1.9
- Constant Lookup with instance_eval in Ruby 1.9
- Is the env $LANG setting equivalent to a "magic" utf-8 comment?
- Access STDIN of child process without capturing STDOUT or STDERR
- Deep copy JSON object in Ruby
- How to delete specific mail on server by ruby/mikel mail?
- Merge same named arrays in ruby hashes
- How do I convert a Block to a Proc in a Ruby 1.9 C extension?
- Does threads remove themselves from memory after finished running?
- Sinatra fails to answer to a very basic GET request
- What's the difference between Object and BasicObject in Ruby?
- Data casting error when reading from a file in Ruby
- Model namespace issue in rails
- How can I add an alias to Ruby 1.9's Enocding.aliases?
- Vim, Tabular and Ruby 1.9 Hashes
- ruby self.class.class_eval or singleton_class.class_eval
Related Questions in TAINT
- Perl tainting via regular expression
- What is a distributive function under IDFS and why is pointer analysis non-distributive?
- Insecure $ENV{PATH} while running with -T switch at /var/www/html/cgi-bin/check.cgi
- Installing perl/cpan from source on Centos 6 64-bit
- Static taint analysis for Java programs
- Perl's taint mode in PHP
- Insecure dependency in chdir while running with -T switch when running in docker container
- Grafana & Loki agents not deployed in Tainted nodes
- Insecure dependency with Inline::Python
- HTML Canvas Tainted when all images are originating form my site?
- Escaping string to be quoted in Perl
- How to untaint system call in CGI.pm
- How to reserve certain worker nodes for a namespace
- How to remove "taint" for Findbugs "Find Security Bugs"
- How do I set the taint mode in a perl script with a '#!/usr/bin/env perl'- shebang?
Related Questions in TAINT-CHECKING
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
What is Tainted?
User input is tainted, by definition. For example:
You can also manually taint an object.
Why Untaint an Object?
Generally, you would untaint an object only after you validate and/or sanitize it. Untainting an object marks it as "safe" for certain operations that you wouldn't want to run on untrusted strings or other objects, or when your safe level requires an untainted object to perform the desired operation.
Untainting an Object
The easiest way to untaint an object is to call the Object#untaint method on it. For example, if your string variable holds a tainted object, then:
More About Tainted Objects
You can find out more about tainted objects from the Locking Ruby in the Safe chapter of Programming Ruby.