I have a Ruby on Rails app and I need to add some arbitrary 'functions' to the database. These functions need to receive predefined parameters, perform arbitrary logic and arithmetic, and return a number or a string.
My first idea was to add the code to the DB and use eval(code), but I soon realised the security issue with this. I could not find a way of a really sandboxed eval.
I also thought about using a JavaScript interpreter, for example, to have the code in JS and run it it's own context, but it still seems a bit too much and not secure enough.
Is there a way to execute simple arbitrary logic and arithmetic from a string over some variables and return a value?
Run arbitrary code it is a unsafe practice and very difficult to ensure that you control all variables and different scenarios.
You can try to patch all Ruby classes/ modules that can run any malicious code, like IO, Kernel, etc, but in the end you will have many classes patched, very difficult to maintain and will not have sure if it will work safely.
The best solution that I can figure out is to create your own programming language where you can ensure all functions and operations that the user will have access.
Nowadays there are many solutions, paper and examples that makes this task not so difficult, for example Ragel http://www.complang.org/ragel/ that compiles to Ruby.
You can start with few operations (if, arithmetic, logic, etc) and improve it incrementally. In the end, you will have a robust solution that can easily evolve to fit on users needs.
How sophisticated does this code need to be? Or conversely, how arbitrary does it need to be? Hopefully, you don't need to store code.
Instead, keep code in your code, and data in your data. Then simply reference names of procedures. For example:
class User
def contact
case self.prefers_contact_method
when :email
Email.send_to self.email
when :sms
SMS.send_to self.mobile_number
when :call
Phone.place_call self.home_number
end
end
end
Putting executable code in your database is not a good idea. Avoid it at all costs. And if you really need to do it, then maybe you should rethink your approach.
And if you really really need to do this, you need a sandbox. Some environment where you can control what arbitrary code has access to so that there is no dangerous code that is possible to be executed. See: Ruby sandboxing vs. integrating a scripting language
But even so, it's a scary thing to open yourself up to. Tread very carefully with this, and think thoroughly through the security implications.
Related
I'm doing a project which involves parsing the histories of common lisp repos. I need to parse them into list-of-lists or something like that. Ideally, I'd like to preserve as much of the original source file syntax as possible, in some way. For example, in the case of the text #+sbcl <something>, which I think means "If our current lisp is sbcl, read <something>, otherwise skip it", I'd like to get something like (#+ 'sbcl <something>).
I originally wrote a LALR parser in Python, which sort of worked, but it's not ideal for many reasons. I'm having a lot of difficulty getting correct output, and I have tons of special cases to add.
I figured that what I should really do is is use lisp itself, since it already has a lisp parser built in. If I could just read a file into sexps, I could dump it into something (cl-json would do) for further processing down the line.
Unfortunately, when I attempt to read https://github.com/fukamachi/woo/blob/master/src/woo.lisp, I get the error
There is no package with the name WOO.EV.TCP
which is of course coming from line 80 of that file, since that package is defined in src/ev/tcp.lisp, and we haven't read it.
Basically, is it possible to just read the file into sexps without caring whether the packages are defined or if they contain the relevant symbols? If so, how? I've tried looking at the hyperspec reader documentation, but I don't see anything that sounds relevant.
I'm out of practice with actually writing common lisp, but it seems potentially possible to hack around this by handling the undefined package condition by creating a blank package with that name, and handling the no-symbol-of-that-name-in-package condition by just interning a given symbol. I think. I don't know how to actually do this, I don't know if it would work, I don't know how many special cases would be involved. Offhand, the first condition is called no-such-package, but the second one (at least in sbcl) is called simple-error, so I don't even know how to determine whether this particular simple-error is the no-such-symbol-in-that-package error, let alone how to extract the relevant names from the condition, fix it, and restart. I'd really like to hear from a common lisp expert that this is the right thing to do here before I go down the road of trying to do it this way, because it will involve a lot of learning.
It also occurs to me that I could fix this by just sed-ing the file before reading it. E.g. turning woo.ev.tcp:start-listening-socket into, say, woo.ev.tcp===start-listening-socket. I don't particularly like this solution, and it's not clear that I wouldn't run into tons more ugly special cases, but it might work if there's no better answer.
I am almost sure there is no easy portable way to do this for a number of reasons.
(Just limiting things to the non-existent-package problem for now.)
First of all there is no portable access into the bit of the reader which decides that tokens are going to be symbols and then looks for package markers &c: that just happens according to the rules in 2.3. So you can't easily intervene in this.
Secondly there's not portably enough information in any kind of condition the reader might signal to be able to handle them.
There are several possible ways out of this bit of the problem.
If you felt sufficiently heroic you might be able to teach the reader that all of the token-starting characters are in fact things you control and then write a token-reader that somehow deals with the whole package thing by returning some object which isn't a symbol. But to do that you need to deal with numbers, and if you think that's simple, well, it's not.
If you felt less heroic you could write a more primitive token-reader which just doesn't even try to deal with anything except grabbing all the characters needed and returns some kind of object which wraps a string. This would avoid the whole number problem at the cost of losing a lot of intofmration.
If you don't care about portability, find an implementation, understand how its reader does it, and muck around with it. There are more open source or source-available implementations than I can easily count (perhaps I am not very good at counting) so this is a pretty good approach. It's certainly what I'd do.
But this is only the start of the problems. The CL reader is hairy and, in its standard configuration (the configuration which is used for things like compile-file unless people have arranged otherwise) can run completely arbitrary code at read time, including code which modifies the reader itself, some of which may do so in an implementation-dependent way. And people use this: there's a reason Lisp is called the 'programmable programming language' and it's that people program it.
I've decided to solve this using sed (actually Python's re.sub, but who's counting?) because it'll work for my actual use case, and was easy.
For future readers: The various people saying this is impossible in general are probably right. The other questions posted by #Svante look like good easy ways to solve part of the problem. Other parts of the problem might be solved more elegantly by replacing the reader macros for #., #+, #-, etc with ones which just make a list, which sounds less heroic than the suggestions from #tfb, but I don't have time for that shit.
What is the best way of checking for parameter presence inside of a controller action:
params.require(:data) # will raise an ActionController::ParameterMissing error if the parameter is not found in the request
params[:data].present? # check if something is in the parameter
Which should be the preferred way, and why?
The first way will throw an error, which will need to be handled. The second way can be used in a conditional. Both ways could be used to enable the controller action to return an error message that the parameter is missing.
It seems to me that you may have a slight misunderstanding in the purpose of params.require.
If your aim is to simply check for the existance of a certain parameter to organise the flow of code, then yes always use .present?
The core aim of .require and Strong Params is not to check for existance of a parameter or not, but to allow for the creation of a whitelist for your parameters, and raise an exception when any parameter not specifically whitelisted attempts to pass, or an essential parameter is missing. a very different purpose altogether. I suggest a look at StrongParameters api.
The general aim for StrongParams and .require / .permit is to protect your database, they are used to protect your data when mass-assigning to a model. As I am sure you are aware with an in production project, your (or your customers) data is everything, and NOT using a whitelist for parameters is an extremely irresponsible thing to be doing.
EDIT
It seems my point may have been taken the wrong way due to the bulk of it talking about StrongParams, so let me explain a little more.
What i was hoping you would understand through the explanation of the purpose of strong params, is that it is not a viable choice for use in a mere presence check. The other answers have also stated that they recommend the use of .present?, however the reasoning is not a solid foundation for why this is better.
Code readability is of course important, but code readability has nothing to do with handling errors, you can very easily write code that is readable and handles exceptions. therefore code readability shouldn't even come into the equation, because that is just based on how well you can write your exception handling logic.
And as for not wanting errors on a production app, that is a completely counter intuitive point, because the whole purpose of throwing and handling exceptions is exactly for that reason, to stop errors occurring on a production app, avoiding silent logic that may have small unexpected bugs and could cause problems down the line.
The core principle as to why .present? is the obvious choice is in the question itself:
How to check for parameter presence
All code is written for a purpose, to solve a given problem, or to provide functionality suitable for a given need. So what should be considered is what is the purpose of .present? and what is the purpose .require. The purpose of .present? is fairly simple, checking for presence and returning a Boolean result in either case (meaning you can put it together with other tests using ||, not possible with .require), it fulfills the needs of the question.
Now lets take a look at .require, which is a feature from ActionController::StrongParameters module. A quick look of the API states the purpose of the StrongParameters module:
It provides an interface for protecting attributes from end-user assignment.
Is this the purpose that you are seeking, now of course the question you asked is quite a broad one, and its difficult to read the intent from it, but from the bare question "I want to check parameter presence", we can conclude that .require or any StrongParameters features is not purposed for this.
Whew! that was long, sorry for the mini Essay there, but I want to bring focus to the fact that, while the other answers bring some topics are valid and should be considered, (not just in this question but in all code). I hope to bring to your attention that there is WAY more to consider than simple code readability or not wanting to handle errors, which can both be solved very easily in a variety of solutions. Even small simple decisions like this should be considered with a perspective that has much more core principles of programming in mind as well.
Long story short: I can hammer a nail in with the handle of a screwdriver, but that is not its purpose, and if I keep doing it i'm eventually gona have a bad time.
I believe you answered your own question. If you prefer to handle exceptions, use require. If you like to use conditions instead, use present?.
For me the second way is preferred cause it reduces the chance that my app will crash on production (if I failed to handle exceptions properly).
It depends on whether you want to raise an error in regards to if a parameter is present or not.
I would personally say to go for .present in the sense that you could always use it in a conditional, and allows for better code readability, vs. alternative of the messy, and complicated nature of handling errors.
Even under the hypothetical assumption that the parameter was not present, you could still render another page should you choose. IMO, in the specific case where you have a simply looking for the presence of an error, really don't see a reason why you'd want the application to throw an error vs. false. Even the worse-case hypothetical situation of a parameter not being present when using .present? can be appropriately handled by a simple if and else statement:
if (some value).present?
render("some_page")
else
render("error_page")
end
What is best way to refactor in Ruby on Rails. I have a project where i would like to refactor several of my objects - extra properties and renaming of existing properties. How do i do this this the easiest way?? I created the different objects with scaffolding "rails generate scaffold foo name:string...."
I do start from scratch or is there some cool ruby command, like "rails refactor foo name:string"..
As far as I am aware, there is no automated way to do this. The key things as far as I'm concerned is to make sure that your test coverage is good in the relevant area (and preferably across your whole app) before you start.
Once that's done, I've tended to apply fairly brute force tactics to do that actual refactor:
Run all tests.
Searching for relevant file names and strings within files, making a value judgement as to whether you're changing the right thing (don't just do search/replace).
Refactor your tests along side the code itself.
Run all tests again.
Repeat until it works.
The reason that refactoring isn't very automated in Ruby (in my view at least) is because the language is so dynamic, so it's very hard for any automated tools to make sure they've covered all the bases.
Refactoring is based on human perception. Sure, omission of some redundant things could be figured out by a computer, but otherwise when you refactor you're essentially improving your own hand-written code. Unless a computer has the intelligence and the ability to discern code like a human, then no, it's not possible.
Perhaps you're referring to something else?
You should learn some Rails best practices and use them to refactor your code
Firstly a good knowledge of your application and then start in a procedure and serialize it.
Use helpers to optimize.Methods should be small enough and minimize the possiblity of repetition of codes.
Use application files which helps a lot
You can also write methods in private to reduce the lines in methods.
Alwayz be sure where refactoring is done and its dependencies..
Thanx
.
If you're writing something by yourself, whether to practice, solve a personal problem, or just for entertainment, is it ok, once in a while, to have a public field? Maybe?
Let me give you an analogy.
I come from a part of the world where English is not the primary language. But it’s necessary for all things in life.
During one of those usual days during my pre-teen years I said something very funny in English. Then my Dad said, “Son, think in English. Then you’ll get fluent”
I think it applies perfectly to this situation.
Think,try and question best practices in your playground. You will soon realize what’s best for what.Why are properties needed in the first place. Why should this be public? Why should I not call a virtual member from the constructor? Let me try using "new" modifier for a method call. What happens when I write 10 nested levels of if-then-else and try reading it again after 10 days. Why the heck should I use a factory pattern for a simple project. Et cetera.
And then you’ll realize without shooting at your foot, why design patterns are patterns...
I think it's reasonable if you're consciously throwing the code away afterwards. In particular, if you're experimenting with something completely different, taking shortcuts makes sense. Just don't let it lead to habits which cross over into "real" code.
Violating general principles is always "ok"! It is not an error to violate a principle but it is a trade off. The cost of not writing clean code will be higher the longer your software will survive. My take on this is: If in doubt make it clean!
Of course it's OK. It's your code, you can do whatever you want with it. Personally, I try to stick to good practice also in my private code, just to make it a natural habit so I don't have to think about it.
The short answer is yes, if you believe that you're gaining a lot by making things public instead of private with accessors you are welcome to do so. Consistency, I think, is the biggest thing to keep in mind. For instance, don't make some variables straight public, and some not. Do the same across the board if you break with best practices. It comes back to a trade-off. Almost no-one follows many of the IEEE specs for how Software Engineering should be executed and documented because the overhead is far too great, and it can get unmanageable. The same is true for personal, light-weight programming. It's okay to do something quick and dirty, just do not get used to it.
Public members are acceptable in the Data Transfer Object design patter:
Typically, the members in the Transfer Object are defined as public, thus eliminating the need for get and set methods.
One of the key advantages of OOP is for scaling and maintainability. By encapsulating code, one can hide the implementation. This means other programmers don't have to know the implementation, and can't change your object's internal state. If you language doesn't support properties, you end up with a lot of code which obfuscates and bloats your project. If the code doesn't need to be worked on by multiple programmers, you aren't producing a reusable component, and YOU are the maintenance programmer, then code in whatever manner allows you to get things done.
Does a maid need to make his/her own bed in the morning in order to practice properly making a bed?
Side note: it also depends on the language:
In Scala, according to the Uniform Access Principle, clients read and write field values as if they are publicly accessible, even though in some case they are actually calling methods. The maintainer of the class has the freedom to change the implementation without forcing users to make code changes.
Scala keeps field and method names in the same namespace.
Many languages, like Java, keep field and method names in separate namespaces.
However, these languages can’t support the uniform access principle as a result, unless they build in ad hoc support in their grammars or compilers.
So the real question is:
What service are you exposing (here by having a public field)?.
If the service (get/set a given type value) makes sense for your API, then the "shortcut" is legitimate.
As long as you encapsulate that field eventually, is it ok because you made the shortcut for the "right" reason (API and service exposure), versus the "wrong" reason (quick ad-hoc access).
A good unit test (thinking like the user of your API) can help you check if that field should be accessed directly or if it is only useful for internal development of other classes within your program.
Here's my take on it:
I'd advise avoiding public fields. They have a nasty habit of biting you later on because you can't control them. (The word you're looking for here is volatility.) Further, if you decide to change their internal implementation, you have to touch a lot more code.
Then again, that's what refactoring tools are for. If you have a decent refactoring tool, that's not nearly so difficult.
There is no silver bullet. I can't repeat this enough. If you have work to do, and you need to get it done in a hurry, writing one line of code instead of eight (as is the case in Visual Basic) is certainly faster.
Rules were meant to be broken. If a rule doesn't necessarily apply in your case, don't use it. Design patterns, coding guidelines, laws and best practices should not be treated as a straightjacket that requires you to needlessly complicate your code to the point where it is enormously complex and difficult to understand and maintain. Don't let someone force you into a practice just because it's popular or "standard" when it doesn't fit your requirements.
Again, this is a subjective opinion, and your mileage may vary.
This question is intended to be a discussion of people's personal opinions in handling user input.
This portion of the project that I am working on handles user input in a manner similar to an IRC chat. For instance, there are set commands and whatnot, for chatting, executing actions, etc.
Now, I have several options to choose from for parsing this input. I could go with regular expressions, I could parse it directly (ie a large switch statement with all supported commands, simply checking the first x number of characters in the user input), or could even go crazy and add in a parser similar to Flex/Bison implementations. One other option I was considering was defining all commands in an XML file to separate them from the code implementation.
So, what are the thoughts of the community?
I'd go with a nice mixed bag of all.
Obviously you'll have to sanitize the input. Make sure there's no nasty stuff there, depending on where the input is going to prevent SQL injection, XSS, CSRF etc...
But when your input is clean, you could go with a regexp that catches the ones intended as command and gets all necessary submatches (command parameters etc.) and then have some sort of dispatcher-switch statement or similar.
There really is no cover-all best practice here, apart from always always and quadruple-always making sure user input is sanitized. Apart from that, go with what seems to fit best for your case.
Obviously there are those that say if you've got a problem and you're thinking of using reg exps to solve said problem, you've got two problems, but used cautiously, they're the best thing ever. Just remember that regexp-monsters can read to really poor readability really quick.