SlideShare a Scribd company logo

And Now You Have Two Problems

Luca Mearelli
Luca Mearelli

A wise hacker said: Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems. Regular expressions are a powerful tool in our hands and a first class citizen in ruby so it is tempting to overuse them. But knowing them and using them properly is a fundamental asset of every developer. We'll see hands-on examples of proper Reg Exps usage in ruby code, we'll look at bad and ugly cases, and learn how to approach writing and debugging them.

LifestyleTechnology
1 of 27
Download to read offline
And now you have two problems Ruby regular expressions for fun and profit Luca Mearelli @lmea Codemotion Rome - 2013
@lmea Regular expressions •cat catch indicate ... •2013-03-22, YYYY-MM-DD, ... •$ 12,500.80 patterns to describe the contents of a text
@lmea Regexps: good for... Pattern matching Search and replace
@lmea Regexp in ruby Regexp object: Regexp.new("cat") literal notation #1: %r{cat} literal notation #2: /cat/
@lmea Regexp syntax literals: /cat/ matches any ‘cat’ substring the dot: /./ matches any character character classes: /[aeiou]/ /[a-z]/ /[01]/ negated character classes: /[^abc]/
@lmea Regexp syntax case insensitive: /./i only interpolate #{} blocks once: /./o multiline mode - '.' will match newline: /./m extended mode - whitespace is ignored: /./x Modifiers
@lmea Regexp syntax /d/ digit /D/ non digit /s/ whitespace /S/ non whitespace /w/ word character /W/ non word character /h/ hexdigit /H/ non hexdigit Shorthand classes
@lmea Regexp syntax /^/ beginning of line /$/ end of line /b/ word boundary /B/ non word boundary /A/ beginning of string /z/ end of string /Z/ end of string. If string ends with a newline, it matches just before newline Anchors
@lmea Regexp syntax alternation: /cat|dog/ matches ‘cats and dogs’ 0-or-more: /ab*/ matches ‘a’ ‘ab’ ‘abb’... 1-or-more: /ab+/ matches ‘ab’ ‘abb’ ... given-number: /ab{2}/ matches ‘abb’ but not ‘ab’ or the whole ‘abbb’ string
@lmea Regexp syntax greedy matches: /.+cat/ matches ‘the cat is catching a mouse’ lazy matches: /.+?scat/ matches ‘the cat is catching a mouse’
@lmea Regexp syntax grouping: /(d{3}.){3}d{3}/ matches IP- like strings capturing: /a (cat|dog)/ the match is captured in $1 to be used later non capturing: /a (?:cat|dog)/ no content captured atomic grouping: /(?>a+)/ doesn’t backtrack
@lmea String substitution "My cat eats catfood".sub(/cat/, "dog") # => My dog eats catfood "My cat eats catfood".gsub(/cat/, "dog") # => My dog eats dogfood "My cat eats catfood".gsub(/bcat(w+)/, "dog1") # => My cat eats dogfood "My cat eats catfood".gsub(/bcat(w+)/){|m| $1.reverse} # => My cat eats doof
@lmea String parsing "Codemotion Rome: Mar 20 to Mar 23".scan(/w{3} d{1,2}/) # => ["Mar 20", "Mar 23"] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) # => [["Mar", "20"], ["Mar", "23"]] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) {|a,b| puts b+"/"+a} # 20/Mar # 23/Mar # => "Codemotion Rome: Mar 20 to Mar 23"
@lmea Regexp methods if "what a wonderful world" =~ /(world)/ puts "hello #{$1.upcase}" end # hello WORLD if /(world)/.match("The world") puts "hello #{$1.upcase}" end # hello WORLD match_data = /(world)/.match("The world") puts "hello #{match_data[1].upcase}" # hello WORLD
@lmea Rails app examples # in routing match 'path/:id', :constraints => { :id => /[A-Z]d{5}/ } # in validations validates :phone, :format => /Ad{2,4}s*d+z/ validates :phone, :format => { :with=> /Ad{2,4}s*d+z/ } validates :phone, :format => { :without=> /A02s*d+z/ }
@lmea Rails examples # in ActiveModel::Validations::NumericalityValidator def parse_raw_value_as_an_integer(raw_value) raw_value.to_i if raw_value.to_s =~ /A[+-]?d+Z/ end # in ActionDispatch::RemoteIp::IpSpoofAttackError # IP addresses that are "trusted proxies" that can be stripped from # the comma-delimited list in the X-Forwarded-For header. See also: # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces TRUSTED_PROXIES = %r{ ^127.0.0.1$ | # localhost ^(10 | # private IP 10.x.x.x 172.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255 192.168 # private IP 192.168.x.x ). }x WILDCARD_PATH = %r{*([^/)]+))?$}
@lmea Regexps are dangerous "If I was going to place a bet on something about Rails security, it'd be that there are more regex vulnerabilities in the tree. I am uncomfortable with how much Rails leans on regex for policy decisions." Thomas H. Ptacek (Founder @ Matasano, Feb 2013)
@lmea Tip #1 Beware of nested quantifiers /(x+x+)+y/ =~ 'xxxxxxxxxy' /(xx+)+y/ =~ 'xxxxxxxxxx' /(?>x+x+)+y/ =~ 'xxxxxxxxx'
@lmea Tip #2 Don’t make everything optional /[-+]?[0-9]*.?[0-9]*/ =~ '.' /[-+]?([0-9]*.?[0-9]+|[0-9]+)/ /[-+]?[0-9]*.?[0-9]+/
@lmea Tip #3 Evaluate tradeoffs /b[A-Z0-9._%+-]+@(?:[A-Z0-9-]+.)+[A-Z]{2,4}b/ /(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?: rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:( ?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-0 31]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)* ](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+ (?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?: (?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn) ?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn) ?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t] )*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])* )(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*) *:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+ |Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:r n)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t ]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031 ]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*]( ?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(? :(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(? :rn)?[ t])*))*>(?:(?:rn)?[ t])*)|(?:[^()<>@,;:".[] 000-031]+(?:(? :(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)? [ t]))*"(?:(?:rn)?[ t])*)*:(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<> @,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|" (?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(? :[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000- 031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|( ?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,; :".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([ ^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:" .[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[ ]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:". [] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[] r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r] |.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 0 00-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@, ;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(? :[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])* (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[ ^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[] ]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:(?:rn)?[ t])*)(?:,s*( ?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:( ?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[ ["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t ])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t ])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(? :.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+| Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?: [^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn) ?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[" ()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn) ?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<> @,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@, ;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)? (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?: rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[ "()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t]) *))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t]) +|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?: .(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:( ?:rn)?[ t])*))*)?;s*)/
@lmea Tip #4 Capture repeated groups and don’t repeat a captured group /!(abc|123)+!/ =~ '!abc123!' # $1 == '123' /!((abc|123)+)!/ =~ '!abc123!' # $1 == 'abc123'
@lmea Tip #5 use interpolation with care str = "cat" /#{str}/ =~ "My cat eats catfood" /#{Regexp.quote(str)}/ =~ "My cat eats catfood"
@lmea Tip #6 Don’t use ^ and $ to match the strings beginning and end validates :url, :format => /^https?/ "http://example.com" =~ /^https?/ "javascript:alert('hello!');%0Ahttp://example.com" "javascript:alert('hello!');nhttp://example.com" =~ /^https?/ "javascript:alert('hello!');nhttp://example.com" =~ /Ahttps?/
@lmea From 060bb7250b963609a0d8a5d0559e36b99d2402c6 Mon Sep 17 00:00:00 2001 From: joernchen of Phenoelit <joernchen@phenoelit.de> Date: Sat, 9 Feb 2013 15:46:44 -0800 Subject: [PATCH] Fix issue with attr_protected where malformed input could circumvent protection Fixes: CVE-2013-0276 --- activemodel/lib/active_model/attribute_methods.rb | 2 +- activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/activemodel/lib/active_model/attribute_methods.rb b/activemodel/lib/active_model/ attribute_methods.rb index f033a94..96f2c82 100644 --- a/activemodel/lib/active_model/attribute_methods.rb +++ b/activemodel/lib/active_model/attribute_methods.rb @@ -365,7 +365,7 @@ module ActiveModel end @prefix, @suffix = options[:prefix] || '', options[:suffix] || '' - @regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/ + @regex = /A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})z/ @method_missing_target = "#{@prefix}attribute#{@suffix}" @method_name = "#{prefix}%s#{suffix}" end diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/ active_model/mass_assignment_security/permission_set.rb index a1fcdf1..10faa29 100644 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb +++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb @@ -19,7 +19,7 @@ module ActiveModel protected def remove_multiparameter_id(key) - key.to_s.gsub(/(.+/, '') + key.to_s.gsub(/(.+/m, '') end end -- 1.8.1.1
@lmea From 99123ad12f71ce3e7fe70656810e53133665527c Mon Sep 17 00:00:00 2001 From: Aaron Patterson <aaron.patterson@gmail.com> Date: Fri, 15 Mar 2013 15:04:00 -0700 Subject: [PATCH] fix protocol checking in sanitization [CVE-2013-1857] Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb --- .../action_controller/vendor/html-scanner/html/sanitizer.rb | 4 ++-- actionpack/test/template/html-scanner/sanitizer_test.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/ action_controller/vendor/html-scanner/html/sanitizer.rb index 02eea58..994e115 100644 --- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb @@ -66,7 +66,7 @@ module HTML # A regular expression of the valid characters used to separate protocols like # the ':' in 'http://foo.com' - self.protocol_separator = /:|(&#0*58)|(&#x70)|(%|&#37;)3A/ + self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i # Specifies a Set of HTML attributes that can have URIs. self.uri_attributes = Set.new(%w(href src cite action longdesc xlink:href lowsrc)) @@ -171,7 +171,7 @@ module HTML def contains_bad_protocols?(attr_name, value) uri_attributes.include?(attr_name) && - (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include? (value.split(protocol_separator).first.downcase)) + (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include? (value.split(protocol_separator).first.downcase.strip)) end end end diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/ sanitizer_test.rb index 4e2ad4e..dee60c9 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -176,6 +176,7 @@ class SanitizerTest < ActionController::TestCase %(<IMG SRC="jav&#x0A;ascript:alert('XSS');">),
@lmea Tools Print a cheatsheet! Info: http://www.regular-expressions.info Debug: http://rubular.com http://rubyxp.com Visualize: http://www.regexper.com/
Thank you!

Recommended

A Little Backbone For Your App
A Little Backbone For Your AppA Little Backbone For Your App
A Little Backbone For Your AppLuca Mearelli
 
Controlling The Cloud With Python
Controlling The Cloud With PythonControlling The Cloud With Python
Controlling The Cloud With PythonLuca Mearelli
 
OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010ikailan
 
To Batch Or Not To Batch
To Batch Or Not To BatchTo Batch Or Not To Batch
To Batch Or Not To BatchLuca Mearelli
 
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony TechniquesKris Wallsmith
 
Symfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsSymfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsIgnacio Martín
 
New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)Javier Eguiluz
 
Django Celery - A distributed task queue
Django Celery - A distributed task queueDjango Celery - A distributed task queue
Django Celery - A distributed task queueAlex Eftimie
 

Recommended

A Little Backbone For Your App
A Little Backbone For Your AppA Little Backbone For Your App
A Little Backbone For Your AppLuca Mearelli
 
Controlling The Cloud With Python
Controlling The Cloud With PythonControlling The Cloud With Python
Controlling The Cloud With PythonLuca Mearelli
 
OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010ikailan
 
To Batch Or Not To Batch
To Batch Or Not To BatchTo Batch Or Not To Batch
To Batch Or Not To BatchLuca Mearelli
 
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony TechniquesKris Wallsmith
 
Symfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsSymfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsIgnacio Martín
 
New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)Javier Eguiluz
 
Django Celery - A distributed task queue
Django Celery - A distributed task queueDjango Celery - A distributed task queue
Django Celery - A distributed task queueAlex Eftimie
 
New in php 7
New in php 7New in php 7
New in php 7Vic Metcalfe
 
A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsMark Baker
 
Why Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebWhy Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebBryan Helmig
 
Filling the flask
Filling the flaskFilling the flask
Filling the flaskJason Myers
 
Europython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryEuropython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryMauro Rocco
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3makoto tsuyuki
 
Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Kris Wallsmith
 
Django Heresies
Django HeresiesDjango Heresies
Django HeresiesSimon Willison
 
RESTful API 제대로 만들기
RESTful API 제대로 만들기RESTful API 제대로 만들기
RESTful API 제대로 만들기Juwon Kim
 
The effective use of Django ORM
The effective use of Django ORMThe effective use of Django ORM
The effective use of Django ORMYaroslav Muravskyi
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreRyan Weaver
 
What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0Eyal Vardi
 
Lithium Best
Lithium Best Lithium Best
Lithium Best Richard McIntyre
 
Current state-of-php
Current state-of-phpCurrent state-of-php
Current state-of-phpRichard McIntyre
 
An Introduction to Celery
An Introduction to CeleryAn Introduction to Celery
An Introduction to CeleryIdan Gazit
 
Speed up your developments with Symfony2
Speed up your developments with Symfony2Speed up your developments with Symfony2
Speed up your developments with Symfony2Hugo Hamon
 
Symfony2 revealed
Symfony2 revealedSymfony2 revealed
Symfony2 revealedFabien Potencier
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207patter
 
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...King Foo
 
Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Kris Wallsmith
 
Capistrano2
Capistrano2Capistrano2
Capistrano2Luca Mearelli
 
Estudi de processos industrials
Estudi de processos industrialsEstudi de processos industrials
Estudi de processos industrialsEscola Vedruna-Àngels
 

More Related Content

What's hot

A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsMark Baker
 
Why Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebWhy Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebBryan Helmig
 
Filling the flask
Filling the flaskFilling the flask
Filling the flaskJason Myers
 
Europython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryEuropython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryMauro Rocco
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3makoto tsuyuki
 
Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Kris Wallsmith
 
RESTful API 제대로 만들기
RESTful API 제대로 만들기RESTful API 제대로 만들기
RESTful API 제대로 만들기Juwon Kim
 
The effective use of Django ORM
The effective use of Django ORMThe effective use of Django ORM
The effective use of Django ORMYaroslav Muravskyi
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreRyan Weaver
 
What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0Eyal Vardi
 
An Introduction to Celery
An Introduction to CeleryAn Introduction to Celery
An Introduction to CeleryIdan Gazit
 
Speed up your developments with Symfony2
Speed up your developments with Symfony2Speed up your developments with Symfony2
Speed up your developments with Symfony2Hugo Hamon
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207patter
 
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...King Foo
 
Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Kris Wallsmith
 

What's hot (20)

New in php 7
New in php 7New in php 7
New in php 7
 
A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP Generators
 
Why Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebWhy Task Queues - ComoRichWeb
Why Task Queues - ComoRichWeb
 
Filling the flask
Filling the flaskFilling the flask
Filling the flask
 
Europython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryEuropython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & Celery
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3
 
Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)
 
Django Heresies
Django HeresiesDjango Heresies
Django Heresies
 
RESTful API 제대로 만들기
RESTful API 제대로 만들기RESTful API 제대로 만들기
RESTful API 제대로 만들기
 
The effective use of Django ORM
The effective use of Django ORMThe effective use of Django ORM
The effective use of Django ORM
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
 
What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0
 
Lithium Best
Lithium Best Lithium Best
Lithium Best
 
Current state-of-php
Current state-of-phpCurrent state-of-php
Current state-of-php
 
An Introduction to Celery
An Introduction to CeleryAn Introduction to Celery
An Introduction to Celery
 
Speed up your developments with Symfony2
Speed up your developments with Symfony2Speed up your developments with Symfony2
Speed up your developments with Symfony2
 
Symfony2 revealed
Symfony2 revealedSymfony2 revealed
Symfony2 revealed
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207
 
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
 
Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)
 

Viewers also liked

Les Fibres I Els Teixits
Les Fibres I Els TeixitsLes Fibres I Els Teixits
Les Fibres I Els Teixitspautecno
 
El tèxtil 2n ESO
El tèxtil 2n ESOEl tèxtil 2n ESO
El tèxtil 2n ESOJordi Pipó
 
Produccion del zapato 10 3
Produccion del zapato 10 3Produccion del zapato 10 3
Produccion del zapato 10 3lina
 

Viewers also liked (9)

Capistrano2
Capistrano2Capistrano2
Capistrano2
 
Estudi de processos industrials
Estudi de processos industrialsEstudi de processos industrials
Estudi de processos industrials
 
Acabats
AcabatsAcabats
Acabats
 
Dossier textil 1011
Dossier textil 1011Dossier textil 1011
Dossier textil 1011
 
El TèXtil
El TèXtilEl TèXtil
El TèXtil
 
Filatura
FilaturaFilatura
Filatura
 
Les Fibres I Els Teixits
Les Fibres I Els TeixitsLes Fibres I Els Teixits
Les Fibres I Els Teixits
 
El tèxtil 2n ESO
El tèxtil 2n ESOEl tèxtil 2n ESO
El tèxtil 2n ESO
 
Produccion del zapato 10 3
Produccion del zapato 10 3Produccion del zapato 10 3
Produccion del zapato 10 3
 

Similar to And Now You Have Two Problems

And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...Codemotion
 
My First Rails Plugin - Usertext
My First Rails Plugin - UsertextMy First Rails Plugin - Usertext
My First Rails Plugin - Usertextfrankieroberto
 
C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0Yaser Zhian
 
Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?osfameron
 
Out with Regex, In with Tokens
Out with Regex, In with TokensOut with Regex, In with Tokens
Out with Regex, In with Tokensscoates
 
Using Regular Expressions and Staying Sane
Using Regular Expressions and Staying SaneUsing Regular Expressions and Staying Sane
Using Regular Expressions and Staying SaneCarl Brown
 
A Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on RailsA Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on RailsRafael García
 
Refactoring to Macros with Clojure
Refactoring to Macros with ClojureRefactoring to Macros with Clojure
Refactoring to Macros with ClojureDmitry Buzdin
 
Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017 Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017 pramode_ce
 
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur..."How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...Fwdays
 
SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)Robert Swisher
 
Rooted 2010 ppp
Rooted 2010 pppRooted 2010 ppp
Rooted 2010 pppnoc_313
 
What you forgot from your Computer Science Degree
What you forgot from your Computer Science DegreeWhat you forgot from your Computer Science Degree
What you forgot from your Computer Science DegreeStephen Darlington
 
Malli: inside data-driven schemas
Malli: inside data-driven schemasMalli: inside data-driven schemas
Malli: inside data-driven schemasMetosin Oy
 
Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Workhorse Computing
 
Javascript part1
Javascript part1Javascript part1
Javascript part1Raghu nath
 

Similar to And Now You Have Two Problems (20)

And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...
 
My First Rails Plugin - Usertext
My First Rails Plugin - UsertextMy First Rails Plugin - Usertext
My First Rails Plugin - Usertext
 
C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0
 
Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?
 
Out with Regex, In with Tokens
Out with Regex, In with TokensOut with Regex, In with Tokens
Out with Regex, In with Tokens
 
Using Regular Expressions and Staying Sane
Using Regular Expressions and Staying SaneUsing Regular Expressions and Staying Sane
Using Regular Expressions and Staying Sane
 
A Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on RailsA Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on Rails
 
Refactoring to Macros with Clojure
Refactoring to Macros with ClojureRefactoring to Macros with Clojure
Refactoring to Macros with Clojure
 
ES6 is Nigh
ES6 is NighES6 is Nigh
ES6 is Nigh
 
Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017 Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017
 
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur..."How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
 
Rails and security
Rails and securityRails and security
Rails and security
 
SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)
 
Ruby 1.9
Ruby 1.9Ruby 1.9
Ruby 1.9
 
Matlab Basic Tutorial
Matlab Basic TutorialMatlab Basic Tutorial
Matlab Basic Tutorial
 
Rooted 2010 ppp
Rooted 2010 pppRooted 2010 ppp
Rooted 2010 ppp
 
What you forgot from your Computer Science Degree
What you forgot from your Computer Science DegreeWhat you forgot from your Computer Science Degree
What you forgot from your Computer Science Degree
 
Malli: inside data-driven schemas
Malli: inside data-driven schemasMalli: inside data-driven schemas
Malli: inside data-driven schemas
 
Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.
 
Javascript part1
Javascript part1Javascript part1
Javascript part1
 

More from Luca Mearelli

The anatomy of an infographic
The anatomy of an infographicThe anatomy of an infographic
The anatomy of an infographicLuca Mearelli
 
L'altra meta del web
L'altra meta del webL'altra meta del web
L'altra meta del webLuca Mearelli
 
Introduzione a Ruby On Rails
Introduzione a Ruby On RailsIntroduzione a Ruby On Rails
Introduzione a Ruby On RailsLuca Mearelli
 
Integrating services with OAuth
Integrating services with OAuthIntegrating services with OAuth
Integrating services with OAuthLuca Mearelli
 

More from Luca Mearelli (7)

The anatomy of an infographic
The anatomy of an infographicThe anatomy of an infographic
The anatomy of an infographic
 
L'altra meta del web
L'altra meta del webL'altra meta del web
L'altra meta del web
 
WorseSoftware
WorseSoftwareWorseSoftware
WorseSoftware
 
Open Web
Open WebOpen Web
Open Web
 
Wikierp
WikierpWikierp
Wikierp
 
Introduzione a Ruby On Rails
Introduzione a Ruby On RailsIntroduzione a Ruby On Rails
Introduzione a Ruby On Rails
 
Integrating services with OAuth
Integrating services with OAuthIntegrating services with OAuth
Integrating services with OAuth
 

Recently uploaded

Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000
Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000
Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000Sapana Sha
 
Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Malviya Nagar 9654467111 Escorts Service
Call Girls In Malviya Nagar 9654467111 Escorts ServiceCall Girls In Malviya Nagar 9654467111 Escorts Service
Call Girls In Malviya Nagar 9654467111 Escorts ServiceSapana Sha
 
83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...
83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...
83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...dollysharma2066
 
ETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptxETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptxRafaelBatulan
 
‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'cakepearls Official
 
BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756
BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756
BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756dollysharma2066
 
22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USA
22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USA22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USA
22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USAQueen of Hearts Jewelry
 
Youthlab Indonesia Gen-Z Lifestyle Chart
Youthlab Indonesia Gen-Z Lifestyle ChartYouthlab Indonesia Gen-Z Lifestyle Chart
Youthlab Indonesia Gen-Z Lifestyle ChartYouthLab
 
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncr
8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncr8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncr
8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncrdollysharma2066
 
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhidelhimodel235
 
'the Spring 2024- popular Fashion trends
'the Spring 2024- popular Fashion trends'the Spring 2024- popular Fashion trends
'the Spring 2024- popular Fashion trendsTangledThoughtsCO
 
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Virat Kohli Centuries In Career Age Awards and Facts.pdf
Virat Kohli Centuries In Career Age Awards and Facts.pdfVirat Kohli Centuries In Career Age Awards and Facts.pdf
Virat Kohli Centuries In Career Age Awards and Facts.pdfkigaya33
 
Manisha Rani Net Worth 2024 Biography.pdf
Manisha Rani Net Worth 2024 Biography.pdfManisha Rani Net Worth 2024 Biography.pdf
Manisha Rani Net Worth 2024 Biography.pdfkigaya33
 
KALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdfKALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdfSallamSulaiman
 
10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar Healthyway
10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar Healthyway10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar Healthyway
10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar HealthywayAmit Kakkar Healthyway
 

Recently uploaded (20)

Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000
Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000
Call Girls in Tughlakabad Delhi 9654467111 Shot 2000 Night 7000
 
Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Chittaranjan Park Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Malviya Nagar 9654467111 Escorts Service
Call Girls In Malviya Nagar 9654467111 Escorts ServiceCall Girls In Malviya Nagar 9654467111 Escorts Service
Call Girls In Malviya Nagar 9654467111 Escorts Service
 
83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...
83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...
83778-876O7, Cash On Delivery Call Girls In South- EX-(Delhi) Escorts Service...
 
Stunning ➥8448380779▻ Call Girls In Jasola Vihar Delhi NCR
Stunning ➥8448380779▻ Call Girls In Jasola Vihar Delhi NCRStunning ➥8448380779▻ Call Girls In Jasola Vihar Delhi NCR
Stunning ➥8448380779▻ Call Girls In Jasola Vihar Delhi NCR
 
ETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptxETHICAL-THEORIES_MORAL-DELIBERATION.pptx
ETHICAL-THEORIES_MORAL-DELIBERATION.pptx
 
‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'‘I think I might die if I made it’ 'There were no singles'
‘I think I might die if I made it’ 'There were no singles'
 
BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756
BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756
BOOK NIGHT-Call Girls In Noida City Centre Delhi ☎️ 8377877756
 
Call Girls 9953525677 Call Girls In Delhi Call Girls 9953525677 Call Girls In...
Call Girls 9953525677 Call Girls In Delhi Call Girls 9953525677 Call Girls In...Call Girls 9953525677 Call Girls In Delhi Call Girls 9953525677 Call Girls In...
Call Girls 9953525677 Call Girls In Delhi Call Girls 9953525677 Call Girls In...
 
22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USA
22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USA22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USA
22K Indian Gold Jewelry Online - Buy 22 Karat Gold Jewelry in USA
 
Youthlab Indonesia Gen-Z Lifestyle Chart
Youthlab Indonesia Gen-Z Lifestyle ChartYouthlab Indonesia Gen-Z Lifestyle Chart
Youthlab Indonesia Gen-Z Lifestyle Chart
 
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Adarsh Nagar Delhi reach out to us at 🔝8264348440🔝
 
8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncr
8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncr8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncr
8377877756 Full Enjoy @24/7 Call Girls In Mayur Vihar Delhi Ncr
 
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
9990771857 Call Girls in Noida Sector 05 Noida (Call Girls) Delhi
 
'the Spring 2024- popular Fashion trends
'the Spring 2024- popular Fashion trends'the Spring 2024- popular Fashion trends
'the Spring 2024- popular Fashion trends
 
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in New Friends Colony Delhi 💯Call Us 🔝8264348440🔝
 
Virat Kohli Centuries In Career Age Awards and Facts.pdf
Virat Kohli Centuries In Career Age Awards and Facts.pdfVirat Kohli Centuries In Career Age Awards and Facts.pdf
Virat Kohli Centuries In Career Age Awards and Facts.pdf
 
Manisha Rani Net Worth 2024 Biography.pdf
Manisha Rani Net Worth 2024 Biography.pdfManisha Rani Net Worth 2024 Biography.pdf
Manisha Rani Net Worth 2024 Biography.pdf
 
KALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdfKALENDAR KUDA 2024 Hi resolution cuti umum.pdf
KALENDAR KUDA 2024 Hi resolution cuti umum.pdf
 
10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar Healthyway
10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar Healthyway10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar Healthyway
10 Tips To Be More Disciplined In Life To Be Successful | Amit Kakkar Healthyway
 

And Now You Have Two Problems

  • 1. And now you have two problems Ruby regular expressions for fun and profit Luca Mearelli @lmea Codemotion Rome - 2013
  • 2. @lmea Regular expressions •cat catch indicate ... •2013-03-22, YYYY-MM-DD, ... •$ 12,500.80 patterns to describe the contents of a text
  • 3. @lmea Regexps: good for... Pattern matching Search and replace
  • 4. @lmea Regexp in ruby Regexp object: Regexp.new("cat") literal notation #1: %r{cat} literal notation #2: /cat/
  • 5. @lmea Regexp syntax literals: /cat/ matches any ‘cat’ substring the dot: /./ matches any character character classes: /[aeiou]/ /[a-z]/ /[01]/ negated character classes: /[^abc]/
  • 6. @lmea Regexp syntax case insensitive: /./i only interpolate #{} blocks once: /./o multiline mode - '.' will match newline: /./m extended mode - whitespace is ignored: /./x Modifiers
  • 7. @lmea Regexp syntax /d/ digit /D/ non digit /s/ whitespace /S/ non whitespace /w/ word character /W/ non word character /h/ hexdigit /H/ non hexdigit Shorthand classes
  • 8. @lmea Regexp syntax /^/ beginning of line /$/ end of line /b/ word boundary /B/ non word boundary /A/ beginning of string /z/ end of string /Z/ end of string. If string ends with a newline, it matches just before newline Anchors
  • 9. @lmea Regexp syntax alternation: /cat|dog/ matches ‘cats and dogs’ 0-or-more: /ab*/ matches ‘a’ ‘ab’ ‘abb’... 1-or-more: /ab+/ matches ‘ab’ ‘abb’ ... given-number: /ab{2}/ matches ‘abb’ but not ‘ab’ or the whole ‘abbb’ string
  • 10. @lmea Regexp syntax greedy matches: /.+cat/ matches ‘the cat is catching a mouse’ lazy matches: /.+?scat/ matches ‘the cat is catching a mouse’
  • 11. @lmea Regexp syntax grouping: /(d{3}.){3}d{3}/ matches IP- like strings capturing: /a (cat|dog)/ the match is captured in $1 to be used later non capturing: /a (?:cat|dog)/ no content captured atomic grouping: /(?>a+)/ doesn’t backtrack
  • 12. @lmea String substitution "My cat eats catfood".sub(/cat/, "dog") # => My dog eats catfood "My cat eats catfood".gsub(/cat/, "dog") # => My dog eats dogfood "My cat eats catfood".gsub(/bcat(w+)/, "dog1") # => My cat eats dogfood "My cat eats catfood".gsub(/bcat(w+)/){|m| $1.reverse} # => My cat eats doof
  • 13. @lmea String parsing "Codemotion Rome: Mar 20 to Mar 23".scan(/w{3} d{1,2}/) # => ["Mar 20", "Mar 23"] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) # => [["Mar", "20"], ["Mar", "23"]] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) {|a,b| puts b+"/"+a} # 20/Mar # 23/Mar # => "Codemotion Rome: Mar 20 to Mar 23"
  • 14. @lmea Regexp methods if "what a wonderful world" =~ /(world)/ puts "hello #{$1.upcase}" end # hello WORLD if /(world)/.match("The world") puts "hello #{$1.upcase}" end # hello WORLD match_data = /(world)/.match("The world") puts "hello #{match_data[1].upcase}" # hello WORLD
  • 15. @lmea Rails app examples # in routing match 'path/:id', :constraints => { :id => /[A-Z]d{5}/ } # in validations validates :phone, :format => /Ad{2,4}s*d+z/ validates :phone, :format => { :with=> /Ad{2,4}s*d+z/ } validates :phone, :format => { :without=> /A02s*d+z/ }
  • 16. @lmea Rails examples # in ActiveModel::Validations::NumericalityValidator def parse_raw_value_as_an_integer(raw_value) raw_value.to_i if raw_value.to_s =~ /A[+-]?d+Z/ end # in ActionDispatch::RemoteIp::IpSpoofAttackError # IP addresses that are "trusted proxies" that can be stripped from # the comma-delimited list in the X-Forwarded-For header. See also: # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces TRUSTED_PROXIES = %r{ ^127.0.0.1$ | # localhost ^(10 | # private IP 10.x.x.x 172.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255 192.168 # private IP 192.168.x.x ). }x WILDCARD_PATH = %r{*([^/)]+))?$}
  • 17. @lmea Regexps are dangerous "If I was going to place a bet on something about Rails security, it'd be that there are more regex vulnerabilities in the tree. I am uncomfortable with how much Rails leans on regex for policy decisions." Thomas H. Ptacek (Founder @ Matasano, Feb 2013)
  • 18. @lmea Tip #1 Beware of nested quantifiers /(x+x+)+y/ =~ 'xxxxxxxxxy' /(xx+)+y/ =~ 'xxxxxxxxxx' /(?>x+x+)+y/ =~ 'xxxxxxxxx'
  • 19. @lmea Tip #2 Don’t make everything optional /[-+]?[0-9]*.?[0-9]*/ =~ '.' /[-+]?([0-9]*.?[0-9]+|[0-9]+)/ /[-+]?[0-9]*.?[0-9]+/
  • 20. @lmea Tip #3 Evaluate tradeoffs /b[A-Z0-9._%+-]+@(?:[A-Z0-9-]+.)+[A-Z]{2,4}b/ /(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?: rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:( ?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-0 31]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)* ](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+ (?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?: (?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn) ?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn) ?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t] )*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])* )(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*) *:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+ |Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:r n)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t ]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031 ]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*]( ?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(? :(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(? :rn)?[ t])*))*>(?:(?:rn)?[ t])*)|(?:[^()<>@,;:".[] 000-031]+(?:(? :(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)? [ t]))*"(?:(?:rn)?[ t])*)*:(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<> @,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|" (?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(? :[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000- 031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|( ?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,; :".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([ ^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:" .[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[ ]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:". [] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[] r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r] |.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 0 00-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@, ;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(? :[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])* (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[ ^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[] ]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:(?:rn)?[ t])*)(?:,s*( ?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:( ?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[ ["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t ])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t ])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(? :.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+| Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?: [^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn) ?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[" ()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn) ?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<> @,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@, ;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)? (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?: rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[ "()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t]) *))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t]) +|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?: .(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:( ?:rn)?[ t])*))*)?;s*)/
  • 21. @lmea Tip #4 Capture repeated groups and don’t repeat a captured group /!(abc|123)+!/ =~ '!abc123!' # $1 == '123' /!((abc|123)+)!/ =~ '!abc123!' # $1 == 'abc123'
  • 22. @lmea Tip #5 use interpolation with care str = "cat" /#{str}/ =~ "My cat eats catfood" /#{Regexp.quote(str)}/ =~ "My cat eats catfood"
  • 23. @lmea Tip #6 Don’t use ^ and $ to match the strings beginning and end validates :url, :format => /^https?/ "http://example.com" =~ /^https?/ "javascript:alert('hello!');%0Ahttp://example.com" "javascript:alert('hello!');nhttp://example.com" =~ /^https?/ "javascript:alert('hello!');nhttp://example.com" =~ /Ahttps?/
  • 24. @lmea From 060bb7250b963609a0d8a5d0559e36b99d2402c6 Mon Sep 17 00:00:00 2001 From: joernchen of Phenoelit <joernchen@phenoelit.de> Date: Sat, 9 Feb 2013 15:46:44 -0800 Subject: [PATCH] Fix issue with attr_protected where malformed input could circumvent protection Fixes: CVE-2013-0276 --- activemodel/lib/active_model/attribute_methods.rb | 2 +- activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/activemodel/lib/active_model/attribute_methods.rb b/activemodel/lib/active_model/ attribute_methods.rb index f033a94..96f2c82 100644 --- a/activemodel/lib/active_model/attribute_methods.rb +++ b/activemodel/lib/active_model/attribute_methods.rb @@ -365,7 +365,7 @@ module ActiveModel end @prefix, @suffix = options[:prefix] || '', options[:suffix] || '' - @regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/ + @regex = /A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})z/ @method_missing_target = "#{@prefix}attribute#{@suffix}" @method_name = "#{prefix}%s#{suffix}" end diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/ active_model/mass_assignment_security/permission_set.rb index a1fcdf1..10faa29 100644 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb +++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb @@ -19,7 +19,7 @@ module ActiveModel protected def remove_multiparameter_id(key) - key.to_s.gsub(/(.+/, '') + key.to_s.gsub(/(.+/m, '') end end -- 1.8.1.1
  • 25. @lmea From 99123ad12f71ce3e7fe70656810e53133665527c Mon Sep 17 00:00:00 2001 From: Aaron Patterson <aaron.patterson@gmail.com> Date: Fri, 15 Mar 2013 15:04:00 -0700 Subject: [PATCH] fix protocol checking in sanitization [CVE-2013-1857] Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb --- .../action_controller/vendor/html-scanner/html/sanitizer.rb | 4 ++-- actionpack/test/template/html-scanner/sanitizer_test.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/ action_controller/vendor/html-scanner/html/sanitizer.rb index 02eea58..994e115 100644 --- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb @@ -66,7 +66,7 @@ module HTML # A regular expression of the valid characters used to separate protocols like # the ':' in 'http://foo.com' - self.protocol_separator = /:|(&#0*58)|(&#x70)|(%|&#37;)3A/ + self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i # Specifies a Set of HTML attributes that can have URIs. self.uri_attributes = Set.new(%w(href src cite action longdesc xlink:href lowsrc)) @@ -171,7 +171,7 @@ module HTML def contains_bad_protocols?(attr_name, value) uri_attributes.include?(attr_name) && - (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include? (value.split(protocol_separator).first.downcase)) + (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include? (value.split(protocol_separator).first.downcase.strip)) end end end diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/ sanitizer_test.rb index 4e2ad4e..dee60c9 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -176,6 +176,7 @@ class SanitizerTest < ActionController::TestCase %(<IMG SRC="jav&#x0A;ascript:alert('XSS');">),