Patching gems for security vulnerabilities with gem-patch

gem-patch is a RubyGems plugin that helps you to patch gems. You can use it to apply security fixes or cherry-pick commits you want to apply to your .gem files. I use it to test whether the upstream commits containing vulnerability fixes apply cleanly on older gem releases so I can prepare fixed builds of […]

Safe code evaluation in Ruby with $SAFE

As you probably know, you can use eval() to evaluate Ruby code from Ruby. But evaluating things that come from the outside of the program like user inputs can be dangerous. Why they can be dangerous you ask? eval() evaluates anything as we would program it ourselves. Basically anything can happen. That’s why it’s best […]