gem-patch is a RubyGems plugin that helps you to patch gems. You can use it to apply security fixes or cherry-pick commits you want to apply to your .gem files. I use it to test whether the upstream commits containing vulnerability fixes apply cleanly on older gem releases so I can prepare fixed builds of those gems in Fedora. Here is how one can do that. Continue reading
As you probably know, you can use
eval() to evaluate Ruby code from Ruby. But evaluating things that come from the outside of the program like user inputs can be dangerous. Why they can be dangerous you ask?
eval() evaluates anything as we would program it ourselves. Basically anything can happen. That’s why it’s best to avoid
eval() for such inputs altogether. But we can evaluate Ruby in a safer manner too; with
$SAFE. Continue reading