SlideShare a Scribd company logo

And Now You Have Two Problems

Luca Mearelli
Luca Mearelli

A wise hacker said: Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems. Regular expressions are a powerful tool in our hands and a first class citizen in ruby so it is tempting to overuse them. But knowing them and using them properly is a fundamental asset of every developer. We'll see hands-on examples of proper Reg Exps usage in ruby code, we'll look at bad and ugly cases, and learn how to approach writing and debugging them.

LifestyleTechnology
1 of 27
Download to read offline
And now you have two problems Ruby regular expressions for fun and profit Luca Mearelli @lmea Codemotion Rome - 2013
@lmea Regular expressions •cat catch indicate ... •2013-03-22, YYYY-MM-DD, ... •$ 12,500.80 patterns to describe the contents of a text
@lmea Regexps: good for... Pattern matching Search and replace
@lmea Regexp in ruby Regexp object: Regexp.new("cat") literal notation #1: %r{cat} literal notation #2: /cat/
@lmea Regexp syntax literals: /cat/ matches any ‘cat’ substring the dot: /./ matches any character character classes: /[aeiou]/ /[a-z]/ /[01]/ negated character classes: /[^abc]/
@lmea Regexp syntax case insensitive: /./i only interpolate #{} blocks once: /./o multiline mode - '.' will match newline: /./m extended mode - whitespace is ignored: /./x Modifiers
@lmea Regexp syntax /d/ digit /D/ non digit /s/ whitespace /S/ non whitespace /w/ word character /W/ non word character /h/ hexdigit /H/ non hexdigit Shorthand classes
@lmea Regexp syntax /^/ beginning of line /$/ end of line /b/ word boundary /B/ non word boundary /A/ beginning of string /z/ end of string /Z/ end of string. If string ends with a newline, it matches just before newline Anchors
@lmea Regexp syntax alternation: /cat|dog/ matches ‘cats and dogs’ 0-or-more: /ab*/ matches ‘a’ ‘ab’ ‘abb’... 1-or-more: /ab+/ matches ‘ab’ ‘abb’ ... given-number: /ab{2}/ matches ‘abb’ but not ‘ab’ or the whole ‘abbb’ string
@lmea Regexp syntax greedy matches: /.+cat/ matches ‘the cat is catching a mouse’ lazy matches: /.+?scat/ matches ‘the cat is catching a mouse’
@lmea Regexp syntax grouping: /(d{3}.){3}d{3}/ matches IP- like strings capturing: /a (cat|dog)/ the match is captured in $1 to be used later non capturing: /a (?:cat|dog)/ no content captured atomic grouping: /(?>a+)/ doesn’t backtrack
@lmea String substitution "My cat eats catfood".sub(/cat/, "dog") # => My dog eats catfood "My cat eats catfood".gsub(/cat/, "dog") # => My dog eats dogfood "My cat eats catfood".gsub(/bcat(w+)/, "dog1") # => My cat eats dogfood "My cat eats catfood".gsub(/bcat(w+)/){|m| $1.reverse} # => My cat eats doof
@lmea String parsing "Codemotion Rome: Mar 20 to Mar 23".scan(/w{3} d{1,2}/) # => ["Mar 20", "Mar 23"] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) # => [["Mar", "20"], ["Mar", "23"]] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) {|a,b| puts b+"/"+a} # 20/Mar # 23/Mar # => "Codemotion Rome: Mar 20 to Mar 23"
@lmea Regexp methods if "what a wonderful world" =~ /(world)/ puts "hello #{$1.upcase}" end # hello WORLD if /(world)/.match("The world") puts "hello #{$1.upcase}" end # hello WORLD match_data = /(world)/.match("The world") puts "hello #{match_data[1].upcase}" # hello WORLD
@lmea Rails app examples # in routing match 'path/:id', :constraints => { :id => /[A-Z]d{5}/ } # in validations validates :phone, :format => /Ad{2,4}s*d+z/ validates :phone, :format => { :with=> /Ad{2,4}s*d+z/ } validates :phone, :format => { :without=> /A02s*d+z/ }
@lmea Rails examples # in ActiveModel::Validations::NumericalityValidator def parse_raw_value_as_an_integer(raw_value) raw_value.to_i if raw_value.to_s =~ /A[+-]?d+Z/ end # in ActionDispatch::RemoteIp::IpSpoofAttackError # IP addresses that are "trusted proxies" that can be stripped from # the comma-delimited list in the X-Forwarded-For header. See also: # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces TRUSTED_PROXIES = %r{ ^127.0.0.1$ | # localhost ^(10 | # private IP 10.x.x.x 172.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255 192.168 # private IP 192.168.x.x ). }x WILDCARD_PATH = %r{*([^/)]+))?$}
@lmea Regexps are dangerous "If I was going to place a bet on something about Rails security, it'd be that there are more regex vulnerabilities in the tree. I am uncomfortable with how much Rails leans on regex for policy decisions." Thomas H. Ptacek (Founder @ Matasano, Feb 2013)
@lmea Tip #1 Beware of nested quantifiers /(x+x+)+y/ =~ 'xxxxxxxxxy' /(xx+)+y/ =~ 'xxxxxxxxxx' /(?>x+x+)+y/ =~ 'xxxxxxxxx'
@lmea Tip #2 Don’t make everything optional /[-+]?[0-9]*.?[0-9]*/ =~ '.' /[-+]?([0-9]*.?[0-9]+|[0-9]+)/ /[-+]?[0-9]*.?[0-9]+/
@lmea Tip #3 Evaluate tradeoffs /b[A-Z0-9._%+-]+@(?:[A-Z0-9-]+.)+[A-Z]{2,4}b/ /(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?: rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:( ?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-0 31]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)* ](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+ (?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?: (?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn) ?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn) ?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t] )*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])* )(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*) *:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+ |Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:r n)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t ]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031 ]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*]( ?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(? :(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(? :rn)?[ t])*))*>(?:(?:rn)?[ t])*)|(?:[^()<>@,;:".[] 000-031]+(?:(? :(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)? [ t]))*"(?:(?:rn)?[ t])*)*:(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<> @,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|" (?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(? :[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000- 031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|( ?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,; :".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([ ^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:" .[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[ ]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:". [] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[] r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r] |.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 0 00-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@, ;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(? :[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])* (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[ ^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[] ]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:(?:rn)?[ t])*)(?:,s*( ?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:( ?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[ ["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t ])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t ])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(? :.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+| Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?: [^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn) ?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[" ()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn) ?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<> @,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@, ;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)? (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?: rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[ "()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t]) *))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t]) +|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?: .(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:( ?:rn)?[ t])*))*)?;s*)/
@lmea Tip #4 Capture repeated groups and don’t repeat a captured group /!(abc|123)+!/ =~ '!abc123!' # $1 == '123' /!((abc|123)+)!/ =~ '!abc123!' # $1 == 'abc123'
@lmea Tip #5 use interpolation with care str = "cat" /#{str}/ =~ "My cat eats catfood" /#{Regexp.quote(str)}/ =~ "My cat eats catfood"
@lmea Tip #6 Don’t use ^ and $ to match the strings beginning and end validates :url, :format => /^https?/ "http://example.com" =~ /^https?/ "javascript:alert('hello!');%0Ahttp://example.com" "javascript:alert('hello!');nhttp://example.com" =~ /^https?/ "javascript:alert('hello!');nhttp://example.com" =~ /Ahttps?/
@lmea From 060bb7250b963609a0d8a5d0559e36b99d2402c6 Mon Sep 17 00:00:00 2001 From: joernchen of Phenoelit <joernchen@phenoelit.de> Date: Sat, 9 Feb 2013 15:46:44 -0800 Subject: [PATCH] Fix issue with attr_protected where malformed input could circumvent protection Fixes: CVE-2013-0276 --- activemodel/lib/active_model/attribute_methods.rb | 2 +- activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/activemodel/lib/active_model/attribute_methods.rb b/activemodel/lib/active_model/ attribute_methods.rb index f033a94..96f2c82 100644 --- a/activemodel/lib/active_model/attribute_methods.rb +++ b/activemodel/lib/active_model/attribute_methods.rb @@ -365,7 +365,7 @@ module ActiveModel end @prefix, @suffix = options[:prefix] || '', options[:suffix] || '' - @regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/ + @regex = /A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})z/ @method_missing_target = "#{@prefix}attribute#{@suffix}" @method_name = "#{prefix}%s#{suffix}" end diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/ active_model/mass_assignment_security/permission_set.rb index a1fcdf1..10faa29 100644 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb +++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb @@ -19,7 +19,7 @@ module ActiveModel protected def remove_multiparameter_id(key) - key.to_s.gsub(/(.+/, '') + key.to_s.gsub(/(.+/m, '') end end -- 1.8.1.1
@lmea From 99123ad12f71ce3e7fe70656810e53133665527c Mon Sep 17 00:00:00 2001 From: Aaron Patterson <aaron.patterson@gmail.com> Date: Fri, 15 Mar 2013 15:04:00 -0700 Subject: [PATCH] fix protocol checking in sanitization [CVE-2013-1857] Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb --- .../action_controller/vendor/html-scanner/html/sanitizer.rb | 4 ++-- actionpack/test/template/html-scanner/sanitizer_test.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/ action_controller/vendor/html-scanner/html/sanitizer.rb index 02eea58..994e115 100644 --- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb @@ -66,7 +66,7 @@ module HTML # A regular expression of the valid characters used to separate protocols like # the ':' in 'http://foo.com' - self.protocol_separator = /:|(&#0*58)|(&#x70)|(%|&#37;)3A/ + self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i # Specifies a Set of HTML attributes that can have URIs. self.uri_attributes = Set.new(%w(href src cite action longdesc xlink:href lowsrc)) @@ -171,7 +171,7 @@ module HTML def contains_bad_protocols?(attr_name, value) uri_attributes.include?(attr_name) && - (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include? (value.split(protocol_separator).first.downcase)) + (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include? (value.split(protocol_separator).first.downcase.strip)) end end end diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/ sanitizer_test.rb index 4e2ad4e..dee60c9 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -176,6 +176,7 @@ class SanitizerTest < ActionController::TestCase %(<IMG SRC="jav&#x0A;ascript:alert('XSS');">),
@lmea Tools Print a cheatsheet! Info: http://www.regular-expressions.info Debug: http://rubular.com http://rubyxp.com Visualize: http://www.regexper.com/
Thank you!

Recommended

A Little Backbone For Your App
A Little Backbone For Your AppA Little Backbone For Your App
A Little Backbone For Your AppLuca Mearelli
 
Controlling The Cloud With Python
Controlling The Cloud With PythonControlling The Cloud With Python
Controlling The Cloud With PythonLuca Mearelli
 
OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010ikailan
 
To Batch Or Not To Batch
To Batch Or Not To BatchTo Batch Or Not To Batch
To Batch Or Not To BatchLuca Mearelli
 
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony TechniquesKris Wallsmith
 
Symfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsSymfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsIgnacio Martín
 
New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)Javier Eguiluz
 
Django Celery - A distributed task queue
Django Celery - A distributed task queueDjango Celery - A distributed task queue
Django Celery - A distributed task queueAlex Eftimie
 

Recommended

A Little Backbone For Your App
A Little Backbone For Your AppA Little Backbone For Your App
A Little Backbone For Your AppLuca Mearelli
 
Controlling The Cloud With Python
Controlling The Cloud With PythonControlling The Cloud With Python
Controlling The Cloud With PythonLuca Mearelli
 
OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010OSCON Google App Engine Codelab - July 2010
OSCON Google App Engine Codelab - July 2010ikailan
 
To Batch Or Not To Batch
To Batch Or Not To BatchTo Batch Or Not To Batch
To Batch Or Not To BatchLuca Mearelli
 
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony TechniquesKris Wallsmith
 
Symfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsSymfony & Javascript. Combining the best of two worlds
Symfony & Javascript. Combining the best of two worldsIgnacio Martín
 
New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)New Symfony Tips & Tricks (SymfonyCon Paris 2015)
New Symfony Tips & Tricks (SymfonyCon Paris 2015)Javier Eguiluz
 
Django Celery - A distributed task queue
Django Celery - A distributed task queueDjango Celery - A distributed task queue
Django Celery - A distributed task queueAlex Eftimie
 
New in php 7
New in php 7New in php 7
New in php 7Vic Metcalfe
 
A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsMark Baker
 
Why Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebWhy Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebBryan Helmig
 
Filling the flask
Filling the flaskFilling the flask
Filling the flaskJason Myers
 
Europython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryEuropython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryMauro Rocco
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3makoto tsuyuki
 
Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Kris Wallsmith
 
Django Heresies
Django HeresiesDjango Heresies
Django HeresiesSimon Willison
 
RESTful API 제대로 만들기
RESTful API 제대로 만들기RESTful API 제대로 만들기
RESTful API 제대로 만들기Juwon Kim
 
The effective use of Django ORM
The effective use of Django ORMThe effective use of Django ORM
The effective use of Django ORMYaroslav Muravskyi
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreRyan Weaver
 
What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0Eyal Vardi
 
Lithium Best
Lithium Best Lithium Best
Lithium Best Richard McIntyre
 
Current state-of-php
Current state-of-phpCurrent state-of-php
Current state-of-phpRichard McIntyre
 
An Introduction to Celery
An Introduction to CeleryAn Introduction to Celery
An Introduction to CeleryIdan Gazit
 
Speed up your developments with Symfony2
Speed up your developments with Symfony2Speed up your developments with Symfony2
Speed up your developments with Symfony2Hugo Hamon
 
Symfony2 revealed
Symfony2 revealedSymfony2 revealed
Symfony2 revealedFabien Potencier
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207patter
 
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...King Foo
 
Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Kris Wallsmith
 
Capistrano2
Capistrano2Capistrano2
Capistrano2Luca Mearelli
 
Estudi de processos industrials
Estudi de processos industrialsEstudi de processos industrials
Estudi de processos industrialsEscola Vedruna-Àngels
 

More Related Content

What's hot

A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsMark Baker
 
Why Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebWhy Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebBryan Helmig
 
Filling the flask
Filling the flaskFilling the flask
Filling the flaskJason Myers
 
Europython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryEuropython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryMauro Rocco
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3makoto tsuyuki
 
Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Kris Wallsmith
 
RESTful API 제대로 만들기
RESTful API 제대로 만들기RESTful API 제대로 만들기
RESTful API 제대로 만들기Juwon Kim
 
The effective use of Django ORM
The effective use of Django ORMThe effective use of Django ORM
The effective use of Django ORMYaroslav Muravskyi
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreRyan Weaver
 
What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0Eyal Vardi
 
An Introduction to Celery
An Introduction to CeleryAn Introduction to Celery
An Introduction to CeleryIdan Gazit
 
Speed up your developments with Symfony2
Speed up your developments with Symfony2Speed up your developments with Symfony2
Speed up your developments with Symfony2Hugo Hamon
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207patter
 
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...King Foo
 
Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Kris Wallsmith
 

What's hot (20)

New in php 7
New in php 7New in php 7
New in php 7
 
A Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP GeneratorsA Functional Guide to Cat Herding with PHP Generators
A Functional Guide to Cat Herding with PHP Generators
 
Why Task Queues - ComoRichWeb
Why Task Queues - ComoRichWebWhy Task Queues - ComoRichWeb
Why Task Queues - ComoRichWeb
 
Filling the flask
Filling the flaskFilling the flask
Filling the flask
 
Europython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & CeleryEuropython 2011 - Playing tasks with Django & Celery
Europython 2011 - Playing tasks with Django & Celery
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3
 
Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)Introducing Assetic (NYPHP)
Introducing Assetic (NYPHP)
 
Django Heresies
Django HeresiesDjango Heresies
Django Heresies
 
RESTful API 제대로 만들기
RESTful API 제대로 만들기RESTful API 제대로 만들기
RESTful API 제대로 만들기
 
The effective use of Django ORM
The effective use of Django ORMThe effective use of Django ORM
The effective use of Django ORM
 
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and moreSymfony Guard Authentication: Fun with API Token, Social Login, JWT and more
Symfony Guard Authentication: Fun with API Token, Social Login, JWT and more
 
What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0What’s new in ECMAScript 6.0
What’s new in ECMAScript 6.0
 
Lithium Best
Lithium Best Lithium Best
Lithium Best
 
Current state-of-php
Current state-of-phpCurrent state-of-php
Current state-of-php
 
An Introduction to Celery
An Introduction to CeleryAn Introduction to Celery
An Introduction to Celery
 
Speed up your developments with Symfony2
Speed up your developments with Symfony2Speed up your developments with Symfony2
Speed up your developments with Symfony2
 
Symfony2 revealed
Symfony2 revealedSymfony2 revealed
Symfony2 revealed
 
symfony on action - WebTech 207
symfony on action - WebTech 207symfony on action - WebTech 207
symfony on action - WebTech 207
 
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
Building Web Services with Zend Framework (PHP Benelux meeting 20100713 Vliss...
 
Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)Doctrine MongoDB ODM (PDXPHP)
Doctrine MongoDB ODM (PDXPHP)
 

Viewers also liked

Les Fibres I Els Teixits
Les Fibres I Els TeixitsLes Fibres I Els Teixits
Les Fibres I Els Teixitspautecno
 
El tèxtil 2n ESO
El tèxtil 2n ESOEl tèxtil 2n ESO
El tèxtil 2n ESOJordi Pipó
 
Produccion del zapato 10 3
Produccion del zapato 10 3Produccion del zapato 10 3
Produccion del zapato 10 3lina
 

Viewers also liked (9)

Capistrano2
Capistrano2Capistrano2
Capistrano2
 
Estudi de processos industrials
Estudi de processos industrialsEstudi de processos industrials
Estudi de processos industrials
 
Acabats
AcabatsAcabats
Acabats
 
Dossier textil 1011
Dossier textil 1011Dossier textil 1011
Dossier textil 1011
 
El TèXtil
El TèXtilEl TèXtil
El TèXtil
 
Filatura
FilaturaFilatura
Filatura
 
Les Fibres I Els Teixits
Les Fibres I Els TeixitsLes Fibres I Els Teixits
Les Fibres I Els Teixits
 
El tèxtil 2n ESO
El tèxtil 2n ESOEl tèxtil 2n ESO
El tèxtil 2n ESO
 
Produccion del zapato 10 3
Produccion del zapato 10 3Produccion del zapato 10 3
Produccion del zapato 10 3
 

Similar to And Now You Have Two Problems

And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...Codemotion
 
My First Rails Plugin - Usertext
My First Rails Plugin - UsertextMy First Rails Plugin - Usertext
My First Rails Plugin - Usertextfrankieroberto
 
C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0Yaser Zhian
 
Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?osfameron
 
Out with Regex, In with Tokens
Out with Regex, In with TokensOut with Regex, In with Tokens
Out with Regex, In with Tokensscoates
 
Using Regular Expressions and Staying Sane
Using Regular Expressions and Staying SaneUsing Regular Expressions and Staying Sane
Using Regular Expressions and Staying SaneCarl Brown
 
A Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on RailsA Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on RailsRafael García
 
Refactoring to Macros with Clojure
Refactoring to Macros with ClojureRefactoring to Macros with Clojure
Refactoring to Macros with ClojureDmitry Buzdin
 
Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017 Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017 pramode_ce
 
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur..."How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...Fwdays
 
SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)Robert Swisher
 
Rooted 2010 ppp
Rooted 2010 pppRooted 2010 ppp
Rooted 2010 pppnoc_313
 
What you forgot from your Computer Science Degree
What you forgot from your Computer Science DegreeWhat you forgot from your Computer Science Degree
What you forgot from your Computer Science DegreeStephen Darlington
 
Malli: inside data-driven schemas
Malli: inside data-driven schemasMalli: inside data-driven schemas
Malli: inside data-driven schemasMetosin Oy
 
Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Workhorse Computing
 
Javascript part1
Javascript part1Javascript part1
Javascript part1Raghu nath
 

Similar to And Now You Have Two Problems (20)

And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...And now you have two problems. Ruby regular expressions for fun and profit by...
And now you have two problems. Ruby regular expressions for fun and profit by...
 
My First Rails Plugin - Usertext
My First Rails Plugin - UsertextMy First Rails Plugin - Usertext
My First Rails Plugin - Usertext
 
C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0C++11 - A Change in Style - v2.0
C++11 - A Change in Style - v2.0
 
Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?Is Haskell an acceptable Perl?
Is Haskell an acceptable Perl?
 
Out with Regex, In with Tokens
Out with Regex, In with TokensOut with Regex, In with Tokens
Out with Regex, In with Tokens
 
Using Regular Expressions and Staying Sane
Using Regular Expressions and Staying SaneUsing Regular Expressions and Staying Sane
Using Regular Expressions and Staying Sane
 
A Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on RailsA Toda Maquina Con Ruby on Rails
A Toda Maquina Con Ruby on Rails
 
Refactoring to Macros with Clojure
Refactoring to Macros with ClojureRefactoring to Macros with Clojure
Refactoring to Macros with Clojure
 
ES6 is Nigh
ES6 is NighES6 is Nigh
ES6 is Nigh
 
Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017 Rust Workshop - NITC FOSSMEET 2017
Rust Workshop - NITC FOSSMEET 2017
 
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur..."How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
"How was it to switch from beautiful Perl to horrible JavaScript", Viktor Tur...
 
Rails and security
Rails and securityRails and security
Rails and security
 
SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)
 
Ruby 1.9
Ruby 1.9Ruby 1.9
Ruby 1.9
 
Matlab Basic Tutorial
Matlab Basic TutorialMatlab Basic Tutorial
Matlab Basic Tutorial
 
Rooted 2010 ppp
Rooted 2010 pppRooted 2010 ppp
Rooted 2010 ppp
 
What you forgot from your Computer Science Degree
What you forgot from your Computer Science DegreeWhat you forgot from your Computer Science Degree
What you forgot from your Computer Science Degree
 
Malli: inside data-driven schemas
Malli: inside data-driven schemasMalli: inside data-driven schemas
Malli: inside data-driven schemas
 
Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.Perl6 Regexen: Reduce the line noise in your code.
Perl6 Regexen: Reduce the line noise in your code.
 
Javascript part1
Javascript part1Javascript part1
Javascript part1
 

More from Luca Mearelli

The anatomy of an infographic
The anatomy of an infographicThe anatomy of an infographic
The anatomy of an infographicLuca Mearelli
 
L'altra meta del web
L'altra meta del webL'altra meta del web
L'altra meta del webLuca Mearelli
 
Introduzione a Ruby On Rails
Introduzione a Ruby On RailsIntroduzione a Ruby On Rails
Introduzione a Ruby On RailsLuca Mearelli
 
Integrating services with OAuth
Integrating services with OAuthIntegrating services with OAuth
Integrating services with OAuthLuca Mearelli
 

More from Luca Mearelli (7)

The anatomy of an infographic
The anatomy of an infographicThe anatomy of an infographic
The anatomy of an infographic
 
L'altra meta del web
L'altra meta del webL'altra meta del web
L'altra meta del web
 
WorseSoftware
WorseSoftwareWorseSoftware
WorseSoftware
 
Open Web
Open WebOpen Web
Open Web
 
Wikierp
WikierpWikierp
Wikierp
 
Introduzione a Ruby On Rails
Introduzione a Ruby On RailsIntroduzione a Ruby On Rails
Introduzione a Ruby On Rails
 
Integrating services with OAuth
Integrating services with OAuthIntegrating services with OAuth
Integrating services with OAuth
 

Recently uploaded

Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...
Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...
Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...Sheetaleventcompany
 
Ladies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdfLadies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdfShort Good Quotes
 
VIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts Service
VIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts ServiceVIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts Service
VIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts ServiceApsara Of India
 
Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...
Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...
Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...Nitya salvi
 
Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...
Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...
Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...rajveermohali2022
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...
Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...
Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...Damini Dixit
 
High Class Call Girls in Bangalore 📱9136956627📱
High Class Call Girls in Bangalore 📱9136956627📱High Class Call Girls in Bangalore 📱9136956627📱
High Class Call Girls in Bangalore 📱9136956627📱Pinki Misra
 
CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝
CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝
CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝jennyeacort
 
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...Pooja Nehwal
 
Call Girls in Bangalore Prachi 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Prachi 💋9136956627 Bangalore Call GirlsCall Girls in Bangalore Prachi 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Prachi 💋9136956627 Bangalore Call GirlsPinki Misra
 
Top 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon BiotechTop 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon BiotechStelon Biotech
 
VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...
VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...
VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...Nitya salvi
 
Nalasopara Call Girls Services 9892124323 Home and Hotel Delivery Free
Nalasopara Call Girls Services 9892124323 Home and Hotel Delivery FreeNalasopara Call Girls Services 9892124323 Home and Hotel Delivery Free
Nalasopara Call Girls Services 9892124323 Home and Hotel Delivery FreePooja Nehwal
 
Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...
Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...
Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...rajveermohali2022
 
💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...
💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...
💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...Apsara Of India
 
Call Girls in Bangalore Nisha 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Nisha 💋9136956627 Bangalore Call GirlsCall Girls in Bangalore Nisha 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Nisha 💋9136956627 Bangalore Call GirlsPinki Misra
 
Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...
Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...
Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...Sheetaleventcompany
 
Rudraprayag call girls 📞 8617697112 At Low Cost Cash Payment Booking
Rudraprayag call girls 📞 8617697112 At Low Cost Cash Payment BookingRudraprayag call girls 📞 8617697112 At Low Cost Cash Payment Booking
Rudraprayag call girls 📞 8617697112 At Low Cost Cash Payment BookingNitya salvi
 
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort ServiceAll Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort ServiceApsara Of India
 

Recently uploaded (20)

Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...
Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...
Chandigarh Escort Service 📞9878281761📞 Just📲 Call Navi Chandigarh Call Girls ...
 
Ladies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdfLadies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdf
 
VIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts Service
VIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts ServiceVIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts Service
VIP Call Girls In Karnal 08168329307 Nilokheri Call Girls Escorts Service
 
Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...
Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...
Calangute Beach ( Call Girls ) Goa ✔ 8617370543 ✅ By Goa Call Girls For Pick ...
 
Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...
Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...
Zirakpur Call Girls👧 Book Now📱8146719683 📞👉Mohali Call Girl Service No Advanc...
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...
Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...
Bishnupur 💋 Book Call Girls Night 7k to 12k ️8250077686 💋 High Profile Model...
 
High Class Call Girls in Bangalore 📱9136956627📱
High Class Call Girls in Bangalore 📱9136956627📱High Class Call Girls in Bangalore 📱9136956627📱
High Class Call Girls in Bangalore 📱9136956627📱
 
CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝
CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝
CALL GIRLS IN Munirka :- (1X 97111 47426 ENJOY 🔝
 
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
 
Call Girls in Bangalore Prachi 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Prachi 💋9136956627 Bangalore Call GirlsCall Girls in Bangalore Prachi 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Prachi 💋9136956627 Bangalore Call Girls
 
Top 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon BiotechTop 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon Biotech
 
VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...
VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...
VIP Model Call Girls Buldhana Call ON 8617697112 Starting From 5K to 25K High...
 
Nalasopara Call Girls Services 9892124323 Home and Hotel Delivery Free
Nalasopara Call Girls Services 9892124323 Home and Hotel Delivery FreeNalasopara Call Girls Services 9892124323 Home and Hotel Delivery Free
Nalasopara Call Girls Services 9892124323 Home and Hotel Delivery Free
 
Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...
Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...
Chandigarh Escorts Service ☎ 9915851334 ☎ Top Class Call Girls Service In Moh...
 
💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...
💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...
💗📲09602870969💕-Royal Escorts in Udaipur Call Girls Service Udaipole-Fateh Sag...
 
Call Girls in Bangalore Nisha 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Nisha 💋9136956627 Bangalore Call GirlsCall Girls in Bangalore Nisha 💋9136956627 Bangalore Call Girls
Call Girls in Bangalore Nisha 💋9136956627 Bangalore Call Girls
 
Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...
Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...
Call Girl In Zirakpur👧 Book Now📱7837612180 📞👉Zirakpur Call Girls Service No A...
 
Rudraprayag call girls 📞 8617697112 At Low Cost Cash Payment Booking
Rudraprayag call girls 📞 8617697112 At Low Cost Cash Payment BookingRudraprayag call girls 📞 8617697112 At Low Cost Cash Payment Booking
Rudraprayag call girls 📞 8617697112 At Low Cost Cash Payment Booking
 
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort ServiceAll Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
 

And Now You Have Two Problems

  • 1. And now you have two problems Ruby regular expressions for fun and profit Luca Mearelli @lmea Codemotion Rome - 2013
  • 2. @lmea Regular expressions •cat catch indicate ... •2013-03-22, YYYY-MM-DD, ... •$ 12,500.80 patterns to describe the contents of a text
  • 3. @lmea Regexps: good for... Pattern matching Search and replace
  • 4. @lmea Regexp in ruby Regexp object: Regexp.new("cat") literal notation #1: %r{cat} literal notation #2: /cat/
  • 5. @lmea Regexp syntax literals: /cat/ matches any ‘cat’ substring the dot: /./ matches any character character classes: /[aeiou]/ /[a-z]/ /[01]/ negated character classes: /[^abc]/
  • 6. @lmea Regexp syntax case insensitive: /./i only interpolate #{} blocks once: /./o multiline mode - '.' will match newline: /./m extended mode - whitespace is ignored: /./x Modifiers
  • 7. @lmea Regexp syntax /d/ digit /D/ non digit /s/ whitespace /S/ non whitespace /w/ word character /W/ non word character /h/ hexdigit /H/ non hexdigit Shorthand classes
  • 8. @lmea Regexp syntax /^/ beginning of line /$/ end of line /b/ word boundary /B/ non word boundary /A/ beginning of string /z/ end of string /Z/ end of string. If string ends with a newline, it matches just before newline Anchors
  • 9. @lmea Regexp syntax alternation: /cat|dog/ matches ‘cats and dogs’ 0-or-more: /ab*/ matches ‘a’ ‘ab’ ‘abb’... 1-or-more: /ab+/ matches ‘ab’ ‘abb’ ... given-number: /ab{2}/ matches ‘abb’ but not ‘ab’ or the whole ‘abbb’ string
  • 10. @lmea Regexp syntax greedy matches: /.+cat/ matches ‘the cat is catching a mouse’ lazy matches: /.+?scat/ matches ‘the cat is catching a mouse’
  • 11. @lmea Regexp syntax grouping: /(d{3}.){3}d{3}/ matches IP- like strings capturing: /a (cat|dog)/ the match is captured in $1 to be used later non capturing: /a (?:cat|dog)/ no content captured atomic grouping: /(?>a+)/ doesn’t backtrack
  • 12. @lmea String substitution "My cat eats catfood".sub(/cat/, "dog") # => My dog eats catfood "My cat eats catfood".gsub(/cat/, "dog") # => My dog eats dogfood "My cat eats catfood".gsub(/bcat(w+)/, "dog1") # => My cat eats dogfood "My cat eats catfood".gsub(/bcat(w+)/){|m| $1.reverse} # => My cat eats doof
  • 13. @lmea String parsing "Codemotion Rome: Mar 20 to Mar 23".scan(/w{3} d{1,2}/) # => ["Mar 20", "Mar 23"] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) # => [["Mar", "20"], ["Mar", "23"]] "Codemotion Rome: Mar 20 to Mar 23".scan(/(w{3}) (d{1,2})/) {|a,b| puts b+"/"+a} # 20/Mar # 23/Mar # => "Codemotion Rome: Mar 20 to Mar 23"
  • 14. @lmea Regexp methods if "what a wonderful world" =~ /(world)/ puts "hello #{$1.upcase}" end # hello WORLD if /(world)/.match("The world") puts "hello #{$1.upcase}" end # hello WORLD match_data = /(world)/.match("The world") puts "hello #{match_data[1].upcase}" # hello WORLD
  • 15. @lmea Rails app examples # in routing match 'path/:id', :constraints => { :id => /[A-Z]d{5}/ } # in validations validates :phone, :format => /Ad{2,4}s*d+z/ validates :phone, :format => { :with=> /Ad{2,4}s*d+z/ } validates :phone, :format => { :without=> /A02s*d+z/ }
  • 16. @lmea Rails examples # in ActiveModel::Validations::NumericalityValidator def parse_raw_value_as_an_integer(raw_value) raw_value.to_i if raw_value.to_s =~ /A[+-]?d+Z/ end # in ActionDispatch::RemoteIp::IpSpoofAttackError # IP addresses that are "trusted proxies" that can be stripped from # the comma-delimited list in the X-Forwarded-For header. See also: # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces TRUSTED_PROXIES = %r{ ^127.0.0.1$ | # localhost ^(10 | # private IP 10.x.x.x 172.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255 192.168 # private IP 192.168.x.x ). }x WILDCARD_PATH = %r{*([^/)]+))?$}
  • 17. @lmea Regexps are dangerous "If I was going to place a bet on something about Rails security, it'd be that there are more regex vulnerabilities in the tree. I am uncomfortable with how much Rails leans on regex for policy decisions." Thomas H. Ptacek (Founder @ Matasano, Feb 2013)
  • 18. @lmea Tip #1 Beware of nested quantifiers /(x+x+)+y/ =~ 'xxxxxxxxxy' /(xx+)+y/ =~ 'xxxxxxxxxx' /(?>x+x+)+y/ =~ 'xxxxxxxxx'
  • 19. @lmea Tip #2 Don’t make everything optional /[-+]?[0-9]*.?[0-9]*/ =~ '.' /[-+]?([0-9]*.?[0-9]+|[0-9]+)/ /[-+]?[0-9]*.?[0-9]+/
  • 20. @lmea Tip #3 Evaluate tradeoffs /b[A-Z0-9._%+-]+@(?:[A-Z0-9-]+.)+[A-Z]{2,4}b/ /(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?: rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:( ?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-0 31]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)* ](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+ (?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?: (?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn) ?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn) ?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t] )*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])* )(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t] )+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*) *:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+ |Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:r n)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?: rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t ]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031 ]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*]( ?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(? :(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(? :rn)?[ t])*))*>(?:(?:rn)?[ t])*)|(?:[^()<>@,;:".[] 000-031]+(?:(? :(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)? [ t]))*"(?:(?:rn)?[ t])*)*:(?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<> @,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|" (?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(? :[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?:[^()<>@,;:".[] 000- 031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|( ?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn)?[ t])*(?:@(?:[^()<>@,; :".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([ ^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:" .[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[ ]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:". [] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[] r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r] |.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)?(?:[^()<>@,;:".[] 0 00-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]| .|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@, ;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(? :[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])* (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[ ^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[] ]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:(?:rn)?[ t])*)(?:,s*( ?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:( ?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[ ["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t ])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t ])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(? :.(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+| Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*|(?: [^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[ ]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)*<(?:(?:rn) ?[ t])*(?:@(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[" ()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn) ?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<> @,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*(?:,@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@, ;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t] )*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;: ".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*)*:(?:(?:rn)?[ t])*)? (?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:". []]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?: rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[[ "()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t]) *))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t]) +|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?: .(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z |(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*))*>(?:( ?:rn)?[ t])*))*)?;s*)/
  • 21. @lmea Tip #4 Capture repeated groups and don’t repeat a captured group /!(abc|123)+!/ =~ '!abc123!' # $1 == '123' /!((abc|123)+)!/ =~ '!abc123!' # $1 == 'abc123'
  • 22. @lmea Tip #5 use interpolation with care str = "cat" /#{str}/ =~ "My cat eats catfood" /#{Regexp.quote(str)}/ =~ "My cat eats catfood"
  • 23. @lmea Tip #6 Don’t use ^ and $ to match the strings beginning and end validates :url, :format => /^https?/ "http://example.com" =~ /^https?/ "javascript:alert('hello!');%0Ahttp://example.com" "javascript:alert('hello!');nhttp://example.com" =~ /^https?/ "javascript:alert('hello!');nhttp://example.com" =~ /Ahttps?/
  • 24. @lmea From 060bb7250b963609a0d8a5d0559e36b99d2402c6 Mon Sep 17 00:00:00 2001 From: joernchen of Phenoelit <joernchen@phenoelit.de> Date: Sat, 9 Feb 2013 15:46:44 -0800 Subject: [PATCH] Fix issue with attr_protected where malformed input could circumvent protection Fixes: CVE-2013-0276 --- activemodel/lib/active_model/attribute_methods.rb | 2 +- activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/activemodel/lib/active_model/attribute_methods.rb b/activemodel/lib/active_model/ attribute_methods.rb index f033a94..96f2c82 100644 --- a/activemodel/lib/active_model/attribute_methods.rb +++ b/activemodel/lib/active_model/attribute_methods.rb @@ -365,7 +365,7 @@ module ActiveModel end @prefix, @suffix = options[:prefix] || '', options[:suffix] || '' - @regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/ + @regex = /A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})z/ @method_missing_target = "#{@prefix}attribute#{@suffix}" @method_name = "#{prefix}%s#{suffix}" end diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/ active_model/mass_assignment_security/permission_set.rb index a1fcdf1..10faa29 100644 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb +++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb @@ -19,7 +19,7 @@ module ActiveModel protected def remove_multiparameter_id(key) - key.to_s.gsub(/(.+/, '') + key.to_s.gsub(/(.+/m, '') end end -- 1.8.1.1
  • 25. @lmea From 99123ad12f71ce3e7fe70656810e53133665527c Mon Sep 17 00:00:00 2001 From: Aaron Patterson <aaron.patterson@gmail.com> Date: Fri, 15 Mar 2013 15:04:00 -0700 Subject: [PATCH] fix protocol checking in sanitization [CVE-2013-1857] Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb --- .../action_controller/vendor/html-scanner/html/sanitizer.rb | 4 ++-- actionpack/test/template/html-scanner/sanitizer_test.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb b/actionpack/lib/ action_controller/vendor/html-scanner/html/sanitizer.rb index 02eea58..994e115 100644 --- a/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +++ b/actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb @@ -66,7 +66,7 @@ module HTML # A regular expression of the valid characters used to separate protocols like # the ':' in 'http://foo.com' - self.protocol_separator = /:|(&#0*58)|(&#x70)|(%|&#37;)3A/ + self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i # Specifies a Set of HTML attributes that can have URIs. self.uri_attributes = Set.new(%w(href src cite action longdesc xlink:href lowsrc)) @@ -171,7 +171,7 @@ module HTML def contains_bad_protocols?(attr_name, value) uri_attributes.include?(attr_name) && - (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include? (value.split(protocol_separator).first.downcase)) + (value =~ /(^[^/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include? (value.split(protocol_separator).first.downcase.strip)) end end end diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/ sanitizer_test.rb index 4e2ad4e..dee60c9 100644 --- a/actionpack/test/template/html-scanner/sanitizer_test.rb +++ b/actionpack/test/template/html-scanner/sanitizer_test.rb @@ -176,6 +176,7 @@ class SanitizerTest < ActionController::TestCase %(<IMG SRC="jav&#x0A;ascript:alert('XSS');">),