Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Polished Ruby Programming

You're reading from   Polished Ruby Programming Build better software with more intuitive, maintainable, scalable, and high-performance Ruby code

Arrow left icon
Product type Paperback
Published in Jul 2021
Publisher Packt
ISBN-13 9781801072724
Length 434 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Jeremy Evans Jeremy Evans
Author Profile Icon Jeremy Evans
Jeremy Evans
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Fundamental Ruby Programming Principles
2. Chapter 1: Getting the Most out of Core Classes FREE CHAPTER 3. Chapter 2: Designing Useful Custom Classes 4. Chapter 3: Proper Variable Usage 5. Chapter 4: Methods and Their Arguments 6. Chapter 5: Handling Errors 7. Chapter 6: Formatting Code for Easy Reading 8. Section 2: Ruby Library Programming Principles
9. Chapter 7: Designing Your Library 10. Chapter 8: Designing for Extensibility 11. Chapter 9: Metaprogramming and When to Use It 12. Chapter 10: Designing Useful Domain-Specific Languages 13. Chapter 11: Testing to Ensure Your Code Works 14. Chapter 12: Handling Change 15. Chapter 13: Using Common Design Patterns 16. Chapter 14: Optimizing Your Library 17. Section 3: Ruby Web Programming Principles
18. Chapter 15: The Database Is Key 19. Chapter 16: Web Application Design Principles 20. Chapter 17: Robust Web Application Security 21. Assessments 22. Other Books You May Enjoy

Never trust input

One of the most common vulnerabilities in Ruby web applications comes from trusting input given by the user. Let's say you have a Struct subclass named Fruit. This keeps track of individual pieces of fruit, such as the type of fruit, the color of the fruit, and the price of the fruit:

Fruit = Struct.new(:type, :color, :price)

You store all your Fruit instances in a hash named FRUITS, keyed by a number assigned to the fruit:

FRUITS = {}
FRUITS[1] = Fruit.new('apple', 'red', 0.70)
FRUITS[2] = Fruit.new('pear', 'green', 1.23)
FRUITS[3] = Fruit.new('banana', 'yellow', 1.40)

You have a web application where you want to allow the user to ask for either the type, the color, or the price of a specified piece of fruit. You decide to try the Roda web framework to implement this application and find it is very simple to get started with:

Roda.route do |r|
  r.get "fruit", Integer...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image