Bachue Zhou bachue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Something | |
| module Base | |
| def my_method | |
| puts "(A) original functionality" | |
| end | |
| end | |
| module PreExtension | |
| def my_method | |
| puts "(B) before the original" |
bachue
/ gist:4502552
Last active
December 10, 2015 22:29
A test to prove Symbol can't be GC in both Ruby 1.9 and Ruby 1.8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MAX_LENGTH = 10 | |
| def generate(base_str) | |
| [('a'..'z'), ('A'..'Z'), ('0'..'9')].map(&:to_a).flatten.each do |char| | |
| str = base_str + char | |
| str.to_sym # You can comment this statement and compare the result | |
| generate(str) if str.size <= MAX_LENGTH | |
| end | |
| end |
bachue
/ rails_dos.rb
Last active
December 10, 2015 23:08
— forked from postmodern/rails_dos.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails DoS (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Synopsis | |
| # |
bachue
/ rails_jsonq.rb
Created
January 10, 2013 23:52
— forked from postmodern/rails_jsonq.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Unsafe Query Generation (CVE-2013-0155) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI | |
| # | |
| # ## Synopsis | |
| # |
bachue
/ rails_sqli.rb
Created
January 10, 2013 23:52
— forked from postmodern/rails_sqli.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails SQL Injection (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
bachue
/ rails_rce.rb
Last active
December 10, 2015 23:08
— forked from postmodern/rails_rce.rb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class A | |
| eval 'def f; "hello world"; end' | |
| end | |
| A.new.f # => "hello world" | |
| A.f # NoMethodError: undefined method `f' for A:Class | |
| f # NameError: undefined local variable or method `f' for main:Object | |
| class A | |
| eval 'self', TOPLEVEL_BINDING # => main |
bachue
/ const_missing_test.rb
Created
March 3, 2013 12:22
Try to catch a uninitialized constant error and then load the missing file and necessary class
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def Object.const_missing(const_name, *args) | |
| puts "const_missing #{const_name.inspect}" | |
| require './test_class' | |
| Object.const_get const_name | |
| end | |
| obj = TestClass.new | |
| puts obj.f # => hello world |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Rails::Engine < Rails::Railtie | |
| Rails::Plugin < Rails::Engine | |
| Rails::Application < Rails::Engine | |
| I18n::Railtie < Rails::Railtie | |
| ActiveSupport::Railtie < Rails::Railtie | |
| ActionDispatch::Railtie < Rails::Railtie | |
| ActionView::Railtie < Rails::Railtie | |
| ActionController::Railtie < Rails::Railtie | |
| ActiveRecord::Railtie < Rails::Railtie | |
| ActionMailer::Railtie < Rails::Railtie |
bachue
/ gist:5115052
Created
March 8, 2013 08:44
A bug in actionpack/lib/action_controller/cookies.rb The write_cookies is supposed to return true if Rails.env.test? == true
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def write_cookie?(cookie) | |
| @secure || !cookie[:secure] || defined?(Rails.env) && Rails.env.development? | |
| end |