public
Last active

A SecureContext strawman

  • Download Gist
securecontext_strawman.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
# This is Ruby right? We abuse dynamic scope for everything
SecureContext.new do
# NO
eval "`rm -rf /`"
 
# NO
system "rm -rf /"
 
# NO
alias_method :loleval, :eval
loleval "`rm -rf /`"
 
# NO
passw3rdz = File.read("/etc/passwd")
 
# NO
l33t_pip3z = IO.pipe
 
# NO
Object.new.instance_eval("`rm -rf /")
 
# NO
class HaxorShiz; end
end

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.