Skip to content

Instantly share code, notes, and snippets.

Avatar

Charles Dale chuckd

  • Sydney, Australia
View GitHub Profile
@chuckd
chuckd / files_controller.rb
Created May 7, 2014
Using contracts.Ruby to avoid file access vulnerabilities
View files_controller.rb
Contract String => PathUnder["/allowed/path"]
def safe_path(path)
"/allowed/path" + path
end