1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Tainted Objects

By

The tainted? method will return true if that object is tainted. This can be checked manually before using it in any potentially unsafe methods. The following example methods demonstrate an unsafe method, and the same method made safe by checking if the string is tainted.

 def unsafe_resize(image)
   `resize.exe --size 800x600 #{image}.jpg`
 end
 
 def safe_resize(image)
   unless image.tainted?
     `resize.exe --size 800x600 #{image}.jpg`
   end
 end
 

By using the tainted? method you can determine whether the string image has been derived from user input. The program will only be run if the string is untainted. Realistically, you'd want to either raise some kind of exception or pass a failure code instead of silently failing.

  1. About.com
  2. Technology
  3. Ruby
  4. Advanced Ruby
  5. Tainted Objects

©2014 About.com. All rights reserved.