MagmaConf 2013: Crazy Ruby

Slide 1

Slide 1 text

Sinatra in SIX Lines How to do crazy stuff with ruby %w.rack )lt INT TERM..map{|l|trap(l){$r.stop}rescue require l};puts "== Almost Sinatra/No Version has taken the stage on 4567 for development with backup from Webrick" $n=Module.new{extend Rack;a,D,S,q=Builder.new,Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m %w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}} Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n=="#{n}"?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}} %w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:4567){|s|$r=s}} %w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock;D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}

Slide 2

Slide 2 text

Konstantin Haase @konstan(nhaase aka rkh

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

Sinatra Rack, Tilt, Rubinius, ...

Slide 11

Slide 11 text

“second to K&R, the most lagom technical book I’ve read.” Peter Cooper (Ruby Inside) discount code: AUTHD 50% off ebook ($6.50) 40% OFF PRINT

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

THanks! get a Hug And a Picture Will send out Travis Pro invites by the end of the week. Sean Allen, Rafael Magana, @salemine, Patrick Huesler, Julian Cheal, Dylan Fogarty-‐MacDonald, chris, Piotr Sarnacki, Lincoln Stoll, David Goodlad, Pavel Argentov, Sean, Esteban Cortes, Juan Carlos Rojas, Cornelia Rehbein, Fernando Perales, Victor Velazquez, Eduardo Figarola Mota, David Padilla, ChrisNan Romero, IGNACIO GALINDO, Tania Escudero, Daniel Grünthal, Vlad Gorodetsky, Ben Schwarz, Ismael Marin, CARLOS ARAOZ GRAGEDA, Sean Allen, Pat Allan, César Salazar, Travis CI

Slide 14

Slide 14 text

you will learn nothing here at least nothing useful

Slide 15

Slide 15 text

You have been warned

Slide 16

Slide 16 text

Prepare for strange code slides

Slide 17

Slide 17 text

In the beginning Matz gave us Ruby

Slide 18

Slide 18 text

·ͭ΋ͱΏ͖ͻΖ

Slide 19

Slide 19 text

http://c2.com/cgi/wiki?WhyWeHateRuby http://wiki.theory.org/ YourLanguageSucks#Ruby_sucks_because: http://www.rubyist.net/~matz/slides/rc2003/index.html

Slide 20

Slide 20 text

Obfuscation and other fun things you can do with to code

Slide 21

Slide 21 text

Until programmers stop acting like obfuscation is morally hazardous, they’re not artists, just kids who don’t want their food to touch. why the lucky s(ﬀ

Slide 22

Slide 22 text

!?!

Slide 23

Slide 23 text

!?! # => false

Slide 24

Slide 24 text

?:??::??

Slide 25

Slide 25 text

?:??::??

Slide 26

Slide 26 text

?:??::?? # => “:”

Slide 27

Slide 27 text

eval \ '51966'+[46,1935634292,32,49,54].pack('clC3')

Slide 28

Slide 28 text

eval \ '51966'+[46,1935634292,32,49,54].pack('clC3') # => “cafe”

Slide 29

Slide 29 text

eval \ '51966'+['.',1935634292, ' ', '1', '6'].pack('ala3') # => “cafe”

Slide 30

Slide 30 text

eval \ '51966'+['.', 'to_s', ' ', '1', '6'].pack('A4') # => “cafe”

Slide 31

Slide 31 text

51966.to_s(16) # => “cafe”

Slide 32

Slide 32 text

0xcaFE.to_s(16) # => “cafe”

Slide 33

Slide 33 text

enter the heredocs

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

Distraction

Slide 37

Slide 37 text

No content

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

Yusuke Endoh mamememo.blogspot.com

Slide 40

Slide 40 text

v=0000;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC "%.#% :::##" 97N-A&Kj_K_>

Slide 41

Slide 41 text

v=0473;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC "###%.#% ::" 97N-A&Kj_K_>

Slide 42

Slide 42 text

v=0416;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC ".#####%.#% " 97N-A&Kj_K_>

Slide 43

Slide 43 text

v=0341;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC "#% .#####%." 97N-A&Kj_K_>

Slide 44

Slide 44 text

v=0264;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC "####% .####" 97N-A&Kj_K_>

Slide 45

Slide 45 text

v=0207;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC "#######% .#" 97N-A&Kj_K_>

Slide 46

Slide 46 text

v=0132;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC ":::#######%" 97N-A&Kj_K_>

Slide 47

Slide 47 text

v=0055;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC "% :::#####" 97N-A&Kj_K_>

Slide 48

Slide 48 text

v=0000;eval$s=%q~d=%!^LcfYoP 4ZojjV)O>qIH1/n[|2yE[>:ieC "%.#% :::##" 97N-A&Kj_K_>

Slide 49

Slide 49 text

Flip Flops Ruby at its best

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

No content

Slide 52

Slide 52 text

3 4 5

Slide 53

Slide 53 text

No content

Slide 54

Slide 54 text

Slide 55

Slide 55 text

No content

Slide 56

Slide 56 text

3 4 5 ...

Slide 57

Slide 57 text

Ruby issue #5400 Can we please remove ﬂip ﬂops?

Slide 58

Slide 58 text

“Nobody knows them. Nobody uses them. Let's just get rid of flip-flops, shall we?” Magnus Holm

Slide 59

Slide 59 text

“Hello, I'm one of the few users of flip-flop.” Yusuke Endoh

Slide 60

Slide 60 text

No content

Slide 61

Slide 61 text

“Sorry for off-topic. I have no objection to deletion.” Yusuke Endoh

Slide 62

Slide 62 text

No content

Slide 63

Slide 63 text

No content

Slide 64

Slide 64 text

lib/compiler/ast/control_ﬂow.rb

Slide 65

Slide 65 text

github.com / rkh / almost-sinatra more popular than a pair of socks

Slide 66

Slide 66 text

As little code as possible just six lines

Slide 67

Slide 67 text

Obfuscation was never the goal just a by-‐product

Slide 68

Slide 68 text

%w.rack )lt INT TERM..map{|l|trap(l){$r.stop}rescue require l};puts "== Almost Sinatra/No Version has taken the stage on 4567 for development with backup from Webrick" $n=Module.new{extend Rack;a,D,S,q=Builder.new,Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m %w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}} Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n=="#{n}"?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}} %w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:4567){|s|$r=s}} %w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock;D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}} the code

Slide 69

Slide 69 text

What works?

Slide 70

Slide 70 text

No content

Slide 71

Slide 71 text

No content

Slide 72

Slide 72 text

No content

Slide 73

Slide 73 text

No content

Slide 74

Slide 74 text

http://blog.udzura.jp/2011/12/02/ruby-advent- calendar-2011-almost-sinatra/ http://wtf.tw/etc/almost-sinatra.txt http://rubysource.com/code-safari-almost-sinatra- almost-readable/ https://gist.github.com/udzura/1403717

Slide 75

Slide 75 text

Simplify and compress

Slide 76

Slide 76 text

No content

Slide 77

Slide 77 text

No content

Slide 78

Slide 78 text

No content

Slide 79

Slide 79 text

No content

Slide 80

Slide 80 text

No content

Slide 81

Slide 81 text

No content

Slide 82

Slide 82 text

No content

Slide 83

Slide 83 text

No content

Slide 84

Slide 84 text

%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l} $n=Sinatra=Module.new{extend Rack;a,D,S,$p,q,Applica)on=Builder.new,Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a %w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}} Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}} %w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}} %w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}} puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick" the code

Slide 85

Slide 85 text

Fake it ‘till you make it

Slide 86

Slide 86 text

%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l} $n=Sinatra=Module.new{ extend Rack; a,D,S,$p,q,Applica)on =Builder.new, Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a %w[ get post put delete].map{|m|D.(m){|u,&b| a.map(u){run-‐>(e){ [200,{"Content-‐Type"=>"text/html"}, [a.instance_eval(&b)]]}}}} Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}} %w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}} %w[params session].map{|m|D.(m){q.send m}}; a.use Session::Cookie;a.use Lock D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}} puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"

Slide 87

Slide 87 text

%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l} $n=Sinatra=Module.new{extend Rack;a, D,S,$p,q,Applica)on =Builder.new, Object.method(:define_method) ,/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a %w [get post put delete].map{|m| D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}} Tilt.mappings.map{|k,v| D.(k){|n,*o| $t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}} %w[ set enable disable configure helpers use register]. map{|m| D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}} %w[ params session].map{|m| D.(m){q.send m}};a.use Session::Cookie;a.use Lock D.(:before){|&b|a.use Rack::Config,&b}; before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}} puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"

Slide 88

Slide 88 text

%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l} $n=Sinatra=Module.new{extend Rack;a,D, S,$p,q,Applica)on =Builder.new,Object.method(:define_method), /@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a %w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}} Tilt.mappings.map{|k,v|D.(k){|n,*o| $t||=(h={};File.read(caller[0][/^[^:]+/]) .scan(S){|a,b|h[a]=b};h); v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}. render(a,o[0].try(:[],:locals)||{})}} %w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}} %w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}} puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"

Slide 89

Slide 89 text

%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l} $n=Sinatra=Module.new {extend Rack; a,D,S, $p,q,Applica)on =Builder.new, Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m, 4567,a %w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}} Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0]. new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}} %w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}}; END{Handler.get("webrick"). run(a,Port:$p){|s|$r=s}} %w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}} puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"

Slide 90

Slide 90 text

It’s all about fun!

Slide 91

Slide 91 text

“From now on, I’ll start quoting myself.” Konstan(n Haase

Slide 92

Slide 92 text

“If your app does not run with Almost Sinatra, please open a Sinatra issue.” Konstan(n Haase

Slide 93

Slide 93 text

“Versions are to Software what Subversion is to Git.” Konstan(n Haase

Slide 94

Slide 94 text

“don't include tests. tests just bloat the code base. just commit, the users will complain if you break anything.” Konstan(n Haase

Slide 95

Slide 95 text

What else?

Slide 96

Slide 96 text

Almost Rack Proof that Rack is simpler than Sinatra. Lines must be the same length, no more than 120 characters per line. No more than three lines of code.

Slide 97

Slide 97 text

No content

Slide 98

Slide 98 text

No content

Slide 99

Slide 99 text

Almost Rack Protection Protects you against most opportunisNc a]acks. Goes well with almost-‐sinatra, almost-‐rack or Ruby on Rails.

Slide 100

Slide 100 text

SQL injection NoSQL injection Cross Site Scripting Broken Authentication / Session Management Insecure Direct Object References Login spoofing Cross Site Request Forgery Security Misconfiguration Insecure Cryptographic Storage Failure to Restrict URL Access Race condition (except in your Rack handler) Insufficient Transport Layer Protection Unvalidated Redirects and Forwards Windows Metafile vulnerability Password cracking Malicious File Execution Reflection attack Mass-Assignment Bugs CRIME Arbitrary code execution Buffer overflow Metasploit Data breach Frame injection Y2K bug Timing Attacks Remote file inclusion Some DoS attacks Off-by-one error Shoulder surfing Most other CVEs