Add Ruby As a Vulnerable Language#15
Open
security-curious wants to merge 3 commits intonickboucher:mainfrom
Open
Add Ruby As a Vulnerable Language#15security-curious wants to merge 3 commits intonickboucher:mainfrom
security-curious wants to merge 3 commits intonickboucher:mainfrom
Conversation
Include all strategies tested in other languages. For comment out and early return the strategy needed to be modified in order to make it work but the idea still works. Unlike the other languages invisible functions do work in Ruby since any unicode character can be put in a method name.
Some of these might be applicable to other languages.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Per the feedback at #9 (comment) that you are open to have Ruby examples:
a7f0aee adds the same examples that are in the other languages. Homoglyph method names and invisible functions are sort of "yawn" with Ruby given it's support for monkey-patching. It would be easier to just define the method again with the same name. But included them for completeness. Tried to follow the style of the other languages.
49d8720 adds some additional variations that are probably not applicable to every language but may be applicable to some other languages.
I did reach out to the Ruby security team to see if they want to address. They responded with "at the moment, our opinion is that the interpreter is not the right place for a fix".