Slide 1
Slide 1 text
Sinatra in SIX Lines
How to do crazy stuff with ruby
%w.rack )lt INT TERM..map{|l|trap(l){$r.stop}rescue require l};puts "== Almost Sinatra/No Version has taken the stage on 4567 for development with backup from Webrick"
$n=Module.new{extend Rack;a,D,S,q=Builder.new,Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m
%w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}}
Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n=="#{n}"?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}}
%w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:4567){|s|$r=s}}
%w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock;D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}
Slide 2
Slide 2 text
Konstantin
@konstan(nhaase
aka
rkh
Slide 3
Slide 3 text
No content
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
Sinatra
Rack,
Tilt,
Rubinius,
...
Slide 6
Slide 6 text
“second to K&R, the most
lagom technical book
I’ve read.”
Peter Cooper (Ruby Inside)
discount code: AUTHD
50% off ebook ($6.50)
40% OFF PRINT
Slide 7
Slide 7 text
Realtime Rails and
Ruby
is
in
the
other
room
Slide 8
Slide 8 text
Seriously, you will
learn nothing in here
at
least
nothing
useful
Slide 9
Slide 9 text
You have been warned
Slide 10
Slide 10 text
I’ve got 99 slides but a
meme aint one of them
Slide 11
Slide 11 text
Prepare for strange
code slides
Slide 12
Slide 12 text
In the beginning Matz
gave us Ruby
Slide 13
Slide 13 text
·ͭͱΏ͖ͻΖ
Slide 14
Slide 14 text
http://c2.com/cgi/wiki?WhyWeHateRuby
http://wiki.theory.org/
YourLanguageSucks#Ruby_sucks_because:
http://www.rubyist.net/~matz/slides/rc2003/index.html
Slide 15
Slide 15 text
Obfuscation
and
other
fun
things
you
can
do
with
to
code
Slide 16
Slide 16 text
Until programmers stop acting like
obfuscation is morally hazardous,
they’re not artists, just kids who
don’t want their food to touch.
why the lucky s(ff
Slide 17
Slide 17 text
!?!
Slide 18
Slide 18 text
!?! # => false
Slide 19
Slide 19 text
?:??::??
Slide 20
Slide 20 text
?:??::??
Slide 21
Slide 21 text
?:??::?? # => “:”
Slide 22
Slide 22 text
eval \
'51966'+[46,1935634292,32,49,54].pack('clC3')
Slide 23
Slide 23 text
eval \
'51966'+[46,1935634292,32,49,54].pack('clC3')
# => “cafe”
Slide 24
Slide 24 text
eval \
'51966'+['.',1935634292, ' ', '1', '6'].pack('ala3')
# => “cafe”
Slide 25
Slide 25 text
eval \
'51966'+['.', 'to_s', ' ', '1', '6'].pack('A4')
# => “cafe”
Slide 26
Slide 26 text
51966.to_s(16)
# => “cafe”
Slide 27
Slide 27 text
0xcaFE
# => “cafe”
Slide 28
Slide 28 text
enter the heredocs
Slide 29
Slide 29 text
No content
Slide 30
Slide 30 text
No content
Slide 31
Slide 31 text
Distraction
Slide 32
Slide 32 text
No content
Slide 33
Slide 33 text
No content
Slide 34
Slide 34 text
Yusuke Endoh
mamememo.blogspot.com
Slide 35
Slide 35 text
v=0000;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC "%.#% :::##" 97N-A&Kj_K_>
Slide 36
Slide 36 text
v=0473;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC "###%.#% ::" 97N-A&Kj_K_>
Slide 37
Slide 37 text
v=0416;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC ".#####%.#% " 97N-A&Kj_K_>
Slide 38
Slide 38 text
v=0341;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC "#% .#####%." 97N-A&Kj_K_>
Slide 39
Slide 39 text
v=0264;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC "####% .####" 97N-A&Kj_K_>
Slide 40
Slide 40 text
v=0207;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC "#######% .#" 97N-A&Kj_K_>
Slide 41
Slide 41 text
v=0132;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC ":::#######%" 97N-A&Kj_K_>
Slide 42
Slide 42 text
v=0055;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC "% :::#####" 97N-A&Kj_K_>
Slide 43
Slide 43 text
v=0000;eval$s=%q~d=%!^LcfYoP
4ZojjV)O>qIH1/n[|2yE[>:ieC "%.#% :::##" 97N-A&Kj_K_>
Slide 44
Slide 44 text
Flip Flops
Ruby
at
its
best
Slide 45
Slide 45 text
No content
Slide 46
Slide 46 text
No content
Slide 47
Slide 47 text
No content
Slide 48
Slide 48 text
No content
Slide 49
Slide 49 text
3
4
5
Slide 50
Slide 50 text
No content
Slide 51
Slide 51 text
3
Slide 52
Slide 52 text
No content
Slide 53
Slide 53 text
3
4
5
...
Slide 54
Slide 54 text
Ruby issue #5400
Can
we
please
remove
flip
flops?
Slide 55
Slide 55 text
“Nobody knows them. Nobody
uses them. Let's just get rid of
flip-flops, shall we?”
Magnus Holm
Slide 56
Slide 56 text
“Hello, I'm one of the
few users of flip-flop.”
Yusuke Endoh
Slide 57
Slide 57 text
No content
Slide 58
Slide 58 text
“Sorry for off-topic.
I have no objection to
deletion.”
Yusuke Endoh
Slide 59
Slide 59 text
No content
Slide 60
Slide 60 text
lib/compiler/ast/control_flow.rb
Slide 61
Slide 61 text
github.com / rkh /
almost-sinatra
more
popular
than
a
pair
of
socks
Slide 62
Slide 62 text
As little code
as possible
just
six
lines
Slide 63
Slide 63 text
Obfuscation was
never the goal
just
a
by-‐product
Slide 64
Slide 64 text
%w.rack )lt INT TERM..map{|l|trap(l){$r.stop}rescue require l};puts "== Almost Sinatra/No Version has taken the stage on 4567 for development with backup from Webrick"
$n=Module.new{extend Rack;a,D,S,q=Builder.new,Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m
%w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}}
Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n=="#{n}"?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}}
%w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:4567){|s|$r=s}}
%w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock;D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}
the code
Slide 65
Slide 65 text
What works?
Slide 66
Slide 66 text
No content
Slide 67
Slide 67 text
No content
Slide 68
Slide 68 text
No content
Slide 69
Slide 69 text
No content
Slide 70
Slide 70 text
http://blog.udzura.jp/2011/12/02/ruby-advent-
calendar-2011-almost-sinatra/
http://wtf.tw/etc/almost-sinatra.txt
http://rubysource.com/code-safari-almost-sinatra-
almost-readable/
https://gist.github.com/udzura/1403717
Slide 71
Slide 71 text
Simplify and
compress
Slide 72
Slide 72 text
No content
Slide 73
Slide 73 text
No content
Slide 74
Slide 74 text
No content
Slide 75
Slide 75 text
No content
Slide 76
Slide 76 text
No content
Slide 77
Slide 77 text
No content
Slide 78
Slide 78 text
No content
Slide 79
Slide 79 text
No content
Slide 80
Slide 80 text
%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l}
$n=Sinatra=Module.new{extend Rack;a,D,S,$p,q,Applica)on=Builder.new,Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a
%w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}}
Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}}
%w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}}
%w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock
D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}
puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"
the code
Slide 81
Slide 81 text
Fake it ‘till you
make it
Slide 82
Slide 82 text
%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l}
$n=Sinatra=Module.new{
extend Rack;
a,D,S,$p,q,Applica)on
=Builder.new,
Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a
%w[
get post put delete].map{|m|D.(m){|u,&b|
a.map(u){run-‐>(e){
[200,{"Content-‐Type"=>"text/html"},
[a.instance_eval(&b)]]}}}}
Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}}
%w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}}
%w[params session].map{|m|D.(m){q.send m}};
a.use Session::Cookie;a.use Lock
D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}
puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"
Slide 83
Slide 83 text
%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l}
$n=Sinatra=Module.new{extend Rack;a,
D,S,$p,q,Applica)on
=Builder.new,
Object.method(:define_method)
,/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a
%w
[get post put delete].map{|m|
D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}}
Tilt.mappings.map{|k,v|
D.(k){|n,*o|
$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}}
%w[
set enable disable configure helpers use register].
map{|m|
D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}}
%w[
params session].map{|m|
D.(m){q.send m}};a.use Session::Cookie;a.use Lock
D.(:before){|&b|a.use Rack::Config,&b};
before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}
puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"
Slide 84
Slide 84 text
%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l}
$n=Sinatra=Module.new{extend Rack;a,D,
S,$p,q,Applica)on
=Builder.new,Object.method(:define_method),
/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,4567,a
%w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}}
Tilt.mappings.map{|k,v|D.(k){|n,*o|
$t||=(h={};File.read(caller[0][/^[^:]+/])
.scan(S){|a,b|h[a]=b};h);
v[0].new(*o){n.to_s==n ?n:$t[n.to_s]}.
render(a,o[0].try(:[],:locals)||{})}}
%w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};END{Handler.get("webrick").run(a,Port:$p){|s|$r=s}}
%w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock
D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}
puts "== almost #$n/No Version has taken the stage on #$p for development with backup from Webrick"
Slide 85
Slide 85 text
%w.rack )lt backports INT TERM..map{|l|trap(l){$r.stop}rescue require l}
$n=Sinatra=Module.new
{extend Rack;
a,D,S,
$p,q,Applica)on
=Builder.new,
Object.method(:define_method),/@@ *([^\n]+)\n(((?!@@)[^\n]*\n)*)/m,
4567,a
%w[get post put delete].map{|m|D.(m){|u,&b|a.map(u){run-‐>(e){[200,{"Content-‐Type"=>"text/html"},[a.instance_eval(&b)]]}}}}
Tilt.mappings.map{|k,v|D.(k){|n,*o|$t||=(h={};File.read(caller[0][/^[^:]+/]).scan(S){|a,b|h[a]=b};h);v[0].
new(*o){n.to_s==n ?n:$t[n.to_s]}.render(a,o[0].try(:[],:locals)||{})}}
%w[set enable disable configure helpers use register].map{|m|D.(m){|*_,&b|b.try :[]}};
END{Handler.get("webrick").
run(a,Port:$p){|s|$r=s}}
%w[params session].map{|m|D.(m){q.send m}};a.use Session::Cookie;a.use Lock
D.(:before){|&b|a.use Rack::Config,&b};before{|e|q=Request.new e;q.params.dup.map{|k,v|params[k.to_sym]=v}}}
puts "== almost #$n/No Version has taken the stage on
#$p for development with backup from Webrick"
Slide 86
Slide 86 text
It’s all about fun!
Slide 87
Slide 87 text
“From now on, I’ll start
quoting myself.”
Konstan(n Haase
Slide 88
Slide 88 text
“If your app does not run with
Almost Sinatra, please open
a Sinatra issue.”
Konstan(n Haase
Slide 89
Slide 89 text
“Versions are to Software
what Subversion is to Git.”
Konstan(n Haase
Slide 90
Slide 90 text
“don't include tests. tests just bloat
the code base. just commit, the users
will complain if you break anything.”
Konstan(n Haase
Slide 91
Slide 91 text
What else?
Slide 92
Slide 92 text
Almost Rack
Proof
that
Rack
is
simpler
than
Sinatra.
Lines
must
be
the
same
length,
no
more
than
120
characters
per
line.
No
more
than
three
lines
of
code.
Slide 93
Slide 93 text
No content
Slide 94
Slide 94 text
No content
Slide 95
Slide 95 text
Almost Rack
Protection
Protects
you
against
most
opportunisIc
aJacks.
Goes
well
with
almost-‐sinatra,
almost-‐rack
or
Ruby
on
Rails.
Slide 96
Slide 96 text
SQL injection
NoSQL injection
Cross Site Scripting
Broken Authentication / Session Management
Insecure Direct Object References
Login spoofing
Cross Site Request Forgery
Security Misconfiguration
Insecure Cryptographic Storage
Failure to Restrict URL Access
Race condition (except in your Rack handler)
Insufficient Transport Layer Protection
Unvalidated Redirects and Forwards
Windows Metafile vulnerability
Password cracking
Malicious File Execution
Reflection attack
Mass-Assignment Bugs
CRIME
Arbitrary code execution
Buffer overflow
Metasploit
Data breach
Frame injection
Y2K bug
Timing Attacks
Remote file inclusion
Some DoS attacks
Off-by-one error
Shoulder surfing
Most other CVEs
Slide 97
Slide 97 text
Security is no joke
clean,
readable
code
Slide 98
Slide 98 text
No content
Slide 99
Slide 99 text
Simply reject
every Request
problem
solved
Slide 100
Slide 100 text
Conclusion
Slide 101
Slide 101 text
Seriously?
Slide 102
Slide 102 text
Thank You
@konstan(nhaase