Web applications must often keep track of data derived from untrusted user input to avoid SQL injection attacks and similar security risks.
Taint checking is a feature in some computer programming languages, such as Perl and Ruby, designed to increase security by preventing malicious users from executing commands on a host computer.
Taint checks highlight specific security risks primarily associated with web sites which are attacked using techniques such as SQL injection or buffer overflow attack approaches.
Ruby
provides a simple solution to this problem: any object
may be marked as tainted by calling its taint
method.
Once an object is tainted, any objects derived from it will also be tainted.
The taint of an object can be tested with the tainted?
method.
1] pry(main)> s = "untrusted" => "untrusted" [3] pry(main)> s.taint => "untrusted" [4] pry(main)> s.tainted? => true [5] pry(main)> s.upcase.tainted? => true [6] pry(main)> s[3,4].tainted? => true
Véase un ejemplo en Perl. y también ejemplos en Rails
The object tainting mechanism of Ruby is most powerful when used with the global variable $SAFE
.
When this variable is set to a value greater than zero, Ruby restricts various built-in methods so that they will not work with tainted data.
When $SAFE
is 1,
$SAFE
is 2,3 or 4 this restrictions become harder.
Casiano Rodriguez León 2015-01-07