chuckd
/ files_controller.rb
Created May 7, 2014
Using contracts.Ruby to avoid file access vulnerabilities
View files_controller.rb
| Contract String => PathUnder["/allowed/path"] | |
| def safe_path(path) | |
| "/allowed/path" + path | |
| end |