Linux server1.dn-server.com 4.18.0-553.89.1.lve.el8.x86_64 #1 SMP Wed Dec 10 13:58:50 UTC 2025 x86_64
LiteSpeed
Server IP : 195.201.204.189 & Your IP : 216.73.217.103
Domains :
Cant Read [ /etc/named.conf ]
User : beriska1
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
opt /
alt /
ruby21 /
share /
ri /
2.1.0 /
system /
Delete
Unzip
Name
Size
Permission
Date
Action
ACL
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ARGF
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Abbrev
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Addrinfo
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ArgumentError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Array
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Base64
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
BasicObject
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
BasicSocket
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Benchmark
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
BigDecimal
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
BigMath
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Bignum
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Binding
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
CGI
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
CSV
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Class
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Comparable
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Complex
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
CompositePublisher
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ConditionVariable
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Continuation
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Coverage
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
DBM
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
DBMError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
DEBUGGER__
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
DL
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
DRb
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Data
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Date
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
DateTime
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Delegator
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Digest
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Dir
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ENV
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
EOFError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ERB
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
EXCEPTION_TYPE
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Encoding
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
EncodingError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
English
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Enumerable
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Enumerator
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Errno
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Etc
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Exception
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Exception2MessageMapper
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
FalseClass
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Fcntl
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Fiber
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
FiberError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Fiddle
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
File
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
FileTest
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
FileUtils
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Find
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Fixnum
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Float
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
FloatDomainError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Foo
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Forwardable
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
GC
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
GDBM
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
GDBMError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
GDBMFatalError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
GServer
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Gem
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
GetoptLong
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
HTTPMovedTemporarily
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
HTTPMultipleChoice
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
HTTPRequestURITooLarge
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Hash
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
HttpServer
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
IO
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
IOError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
IPAddr
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
IPSocket
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
IRB
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
IndexError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Integer
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Interrupt
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
JSON
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Jacobian
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Kconv
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Kernel
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
KeyError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
LUSolve
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
LoadError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
LocalJumpError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Logger
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
MakeMakefile
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Marshal
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
MatchData
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Math
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Matrix
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Method
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
MiniTest
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Minitest
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Module
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Monitor
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
MonitorMixin
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Mutex
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Mutex_m
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
NKF
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
NQXML
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
NameError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Net
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Newton
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
NilClass
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
NoMemoryError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
NoMethodError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
NotImplementedError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Numeric
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
OLEProperty
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Object
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ObjectSpace
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Observable
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Open3
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
OpenSSL
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
OpenStruct
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
OpenURI
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
OptionParser
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
PP
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
PStore
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
PTY
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ParallelEach
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Pathname
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
PrettyPrint
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
PrideIO
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
PrideLOL
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Prime
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Proc
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Process
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Profiler__
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Psych
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Queue
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RDoc
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RDocTask
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
REXML
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RSS
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Racc
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Rake
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Random
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Range
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RangeError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Rational
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Readline
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Regexp
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RegexpError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Resolv
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Rinda
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Ripper
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RubyLex
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RubyToken
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RubyVM
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
RuntimeError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SDBM
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SDBMError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SOCKSSocket
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Scanf
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ScriptError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SecureRandom
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SecurityError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Set
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Shell
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Shellwords
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Signal
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SignalException
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SimpleDelegator
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SingleForwardable
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Singleton
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SizedQueue
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Socket
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SocketError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SortedSet
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SshDirPublisher
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SshFilePublisher
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SshFreshDirPublisher
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
StandardError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
StopIteration
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
String
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
StringIO
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
StringScanner
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Struct
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Symbol
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Sync
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Sync_m
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Synchronizer
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Synchronizer_m
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SyntaxError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Syslog
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SystemCallError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SystemExit
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
SystemStackError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
TCPServer
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
TCPSocket
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
TSort
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
TempIO
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Tempfile
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Test
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ThWait
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Thread
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ThreadError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ThreadGroup
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ThreadsWait
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Time
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Timeout
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
TracePoint
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Tracer
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
TrueClass
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
TypeError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
UDPSocket
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
UNIXServer
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
UNIXSocket
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
URI
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
UnboundMethod
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Vector
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WEBrick
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLERuntimeError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE_EVENT
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE_METHOD
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE_PARAM
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE_TYPE
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE_TYPELIB
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE_VARIABLE
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WIN32OLE_VARIANT
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
WeakRef
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
XML
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
XMLEncoding_ja
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
XMLRPC
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
XMP
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
YAML
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
ZeroDivisionError
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
Zlib
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
fatal
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
lib
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
syntax
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
unknown
[ DIR ]
drwxr-xr-x
2026-05-01 04:24
cache.ri
381.75
KB
-rw-r--r--
2023-07-26 17:52
created.rid
55.63
KB
-rw-r--r--
2023-07-26 17:52
page-ChangeLog-1_8_0.ri
1.01
MB
-rw-r--r--
2023-07-26 17:52
page-ChangeLog-1_9_3.ri
3.89
MB
-rw-r--r--
2023-07-26 17:52
page-ChangeLog-2_0_0.ri
1.05
MB
-rw-r--r--
2023-07-26 17:52
page-ChangeLog-YARV.ri
224.05
KB
-rw-r--r--
2023-07-26 17:52
page-ChangeLog.ri
944.02
KB
-rw-r--r--
2023-07-26 17:52
page-NEWS-1_8_7.ri
22.05
KB
-rw-r--r--
2023-07-26 17:52
page-NEWS-1_9_1.ri
17.56
KB
-rw-r--r--
2023-07-26 17:52
page-NEWS-1_9_2.ri
20.67
KB
-rw-r--r--
2023-07-26 17:52
page-NEWS-1_9_3.ri
14.91
KB
-rw-r--r--
2023-07-26 17:52
page-NEWS-2_0_0.ri
26.06
KB
-rw-r--r--
2023-07-26 17:52
page-NEWS.ri
18.54
KB
-rw-r--r--
2023-07-26 17:52
page-README.ri
7.09
KB
-rw-r--r--
2023-07-26 17:52
page-README_EXT.ri
61.34
KB
-rw-r--r--
2023-07-26 17:52
page-contributing_rdoc.ri
22.28
KB
-rw-r--r--
2023-07-26 17:52
page-contributors_rdoc.ri
24.97
KB
-rw-r--r--
2023-07-26 17:52
page-dtrace_probes_rdoc.ri
8.66
KB
-rw-r--r--
2023-07-26 17:52
page-globals_rdoc.ri
5.22
KB
-rw-r--r--
2023-07-26 17:52
page-maintainers_rdoc.ri
12.03
KB
-rw-r--r--
2023-07-26 17:52
page-marshal_rdoc.ri
14.16
KB
-rw-r--r--
2023-07-26 17:52
page-regexp_rdoc.ri
33.57
KB
-rw-r--r--
2023-07-26 17:52
page-security_rdoc.ri
7.11
KB
-rw-r--r--
2023-07-26 17:52
page-standard_library_rdoc.ri
10.46
KB
-rw-r--r--
2023-07-26 17:52
page-syntax_rdoc.ri
1.63
KB
-rw-r--r--
2023-07-26 17:52
Save
Rename
U:RDoc::TopLevel[ i I"security.rdoc:EFcRDoc::Parser::Simpleo:RDoc::Markup::Document:@parts[WS:RDoc::Markup::Heading: leveli: textI"Ruby Security;To:RDoc::Markup::BlankLine o:RDoc::Markup::Paragraph;[I"TThe Ruby programming language is large and complex and there are many security ;TI"Lpitfalls often encountered by newcomers and experienced Rubyists alike.;T@ o; ;[I"RThis document aims to discuss many of these pitfalls and provide more secure ;TI"#alternatives where applicable.;T@ o; ;[I"UPlease check the full list of publicly known CVEs and how to correctly report a ;TI"Gsecurity vulnerability, at: http://www.ruby-lang.org/en/security/ ;TI"DJapanese version is here: http://www.ruby-lang.org/ja/security/;T@ o; ;[ I"ASecurity vulnerabilities should be reported via an email to ;TI"4mailto:security@ruby-lang.org ({the PGP public ;TI"Tkey}[http://www.ruby-lang.org/security.asc]), which is a private mailing list. ;TI"5Reported problems will be published after fixes.;T@ S; ; i;I"<code>$SAFE</code>;T@ o; ;[I"TRuby provides a mechanism to restrict what operations can be performed by Ruby ;TI"9code in the form of the <code>$SAFE</code> variable.;T@ o; ;[I"UHowever, <code>$SAFE</code> does not provide a secure environment for executing ;TI"untrusted code.;T@ o; ;[ I"UIf you need to execute untrusted code, you should use an operating system level ;TI"Jsandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox ;TI"Opotentially malicious code. Other similar mechanisms exist on every major ;TI"operating system.;T@ S; ; i;I"+Marshal.load+;T@ o; ;[I"URuby's +Marshal+ module provides methods for serializing and deserializing Ruby ;TI"3object trees to and from a binary data format.;T@ o; ;[ I"NNever use +Marshal.load+ to deserialize untrusted or user supplied data. ;TI"NBecause +Marshal+ can deserialize to almost any Ruby object and has full ;TI"Rcontrol over instance variables, it is possible to craft a malicious payload ;TI"6that executes code shortly after deserialization.;T@ o; ;[ I"RIf you need to deserialize untrusted data, you should use JSON as it is only ;TI"Ucapable of returning 'primitive' types such as strings, arrays, hashes, numbers ;TI"Oand nil. If you need to deserialize other classes, you should handle this ;TI";manually. Never deserialize to a user specified class.;T@ S; ; i;I" YAML;T@ o; ;[I"RYAML is a popular human readable data serialization format used by many Ruby ;TI"Nprograms for configuration and database persistence of Ruby object trees.;T@ o; ;[I"RSimilar to +Marshal+, it is able to deserialize into arbitrary Ruby classes. ;TI"KFor example, the following YAML data will create an +ERB+ object when ;TI"deserialized:;T@ o:RDoc::Markup::Verbatim;[I"!ruby/object:ERB ;TI"src: puts `uname` ;T:@format0o; ;[I"RBecause of this, many of the security considerations applying to Marshal are ;TI"Lalso applicable to YAML. Do not use YAML to deserialize untrusted data.;T@ S; ; i;I"Symbols;T@ o; ;[ I"USymbols are often seen as syntax sugar for simple strings, but they play a much ;TI"Pmore crucial role. The MRI Ruby implementation uses Symbols internally for ;TI"Rmethod, variable and constant names. The reason for this is that symbols are ;TI"Ssimply integers with names attached to them, so they are faster to look up in ;TI"hashtables.;T@ o; ;[I"TOnce a symbol is created, the memory used by it is never freed. If you convert ;TI"Uuser input to symbols with +to_sym+ or +intern+, it is possible for an attacker ;TI"Qto mount a denial of service attack against your application by flooding it ;TI"Owith unique strings. Because each string is kept in memory until the Ruby ;TI"Sprocess exits, this will cause memory consumption to grow and grow until Ruby ;TI"$runs out of memory and crashes.;T@ o; ;[ I"CBe careful with passing user input to methods such as +send+, ;TI"U+instance_variable_get+ or +_set+, +const_get+ or +_set+, etc. as these methods ;TI"Pwill convert string parameters to symbols internally and pose the same DoS ;TI">potential as direct conversion through +to_sym+/+intern+.;T@ o; ;[I"QThe workaround to this is simple - don't convert user input to symbols. You ;TI"?should attempt to leave user input in string form instead.;T@ S; ; i;I"Regular expressions;T@ o; ;[ I"RRuby's regular expression syntax has some minor differences when compared to ;TI"Tother languages. In Ruby, the <code>^</code> and <code>$</code> anchors do not ;TI"Urefer to the beginning and end of the string, rather the beginning and end of a ;TI"*line*.;T@ o; ;[ I"?This means that if you're using a regular expression like ;TI"S<code>/^[a-z]+$/</code> to restrict a string to only letters, an attacker can ;TI"Ubypass this check by passing a string containing a letter, then a newline, then ;TI""any string of their choosing.;T@ o; ;[I"RIf you want to match the beginning and end of the entire string in Ruby, use ;TI"the anchors +\A+ and +\z+.;T@ S; ; i;I"+eval+;T@ o; ;[I"=Never pass untrusted or user controlled input to +eval+.;T@ o; ;[ I"NUnless you are implementing a REPL like +irb+ or +pry+, +eval+ is almost ;TI"Ucertainly not what you want. Do not attempt to filter user input before passing ;TI"Sit to +eval+ - this approach is fraught with danger and will most likely open ;TI"Jyour application up to a serious remote code execution vulnerability.;T@ S; ; i;I"+send+;T@ o; ;[I"U'Global functions' in Ruby (+puts+, +exit+, etc.) are actually private instance ;TI"Qmethods on +Object+. This means it is possible to invoke these methods with ;TI"A+send+, even if the call to +send+ has an explicit receiver.;T@ o; ;[I"RFor example, the following code snippet writes "Hello world" to the terminal:;T@ o;;[I""1.send(:puts, "Hello world") ;T;0o; ;[I"SYou should never call +send+ with user supplied input as the first parameter. ;TI">Doing so can introduce a denial of service vulnerability:;T@ o;;[I"6foo.send(params[:bar]) # params[:bar] is "exit!" ;T;0o; ;[I"OIf an attacker can control the first two arguments to +send+, remote code ;TI"execution is possible:;T@ o;;[I"J# params is { :a => "eval", :b => "...ruby code to be executed..." } ;TI"&foo.send(params[:a], params[:b]) ;T;0o; ;[I"SWhen dispatching a method call based on user input, carefully verify that the ;TI"Qmethod name. If possible, check it against a whitelist of safe method names.;T@ o; ;[I"ONote that the use of +public_send+ is also dangerous, as +send+ itself is ;TI"public:;T@ o;;[I"E1.public_send("send", "eval", "...ruby code to be executed...") ;T;0S; ; i;I"DRb;T@ o; ;[I"UAs DRb allows remote clients to invoke arbitrary methods, it is not suitable to ;TI"!expose to untrusted clients.;T@ o; ;[I"TWhen using DRb, try to avoid exposing it over the network if possible. If this ;TI"Uisn't possible and you need to expose DRb to the world, you *must* configure an ;TI"<appropriate security policy with <code>DRb::ACL</code>.;T: @file@:0@omit_headings_from_table_of_contents_below0