Skip to content

Instantly share code, notes, and snippets.

View chuckd's full-sized avatar

Charles Dale chuckd

  • Sydney, Australia
View GitHub Profile
@chuckd
chuckd / files_controller.rb
Created May 7, 2014 04:44
Using contracts.Ruby to avoid file access vulnerabilities
Contract String => PathUnder["/allowed/path"]
def safe_path(path)
"/allowed/path" + path
end