Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > DATA.seek allows to read file

Reply
Thread Tools

DATA.seek allows to read file

 
 
Robert Klemme
Guest
Posts: n/a
 
      01-11-2011
Hi,

I just noticed this:

09:57:58 ~$ allruby /c/Temp/d.rb
CYGWIN_NT-5.1 padrklemme2 1.7.7(0.230/5/3) 2010-08-31 09:58 i686 Cygwin
========================================
ruby 1.8.7 (2008-08-11 patchlevel 72) [i386-cygwin]
"line 1\nline 2\n"
"\np DATA.read\nDATA.seek 0\np DATA.read\n\n__END__\nline 1\nline 2\n"
========================================
ruby 1.9.2p136 (2010-12-25 revision 30365) [i386-cygwin]
"line 1\nline 2\n"
"\np DATA.read\nDATA.seek 0\np DATA.read\n\n__END__\nline 1\nline 2\n"
========================================
jruby 1.4.0 (ruby 1.8.7 patchlevel 174) (2009-11-02 69fbfa3) (Java
HotSpot(TM) Client VM 1.6.0_23) [x86-java]
"line 1\nline 2\n"
""
09:58:31 ~$ cat /c/Temp/d.rb

p DATA.read
DATA.seek 0
p DATA.read

__END__
line 1
line 2
09:58:37 ~$

In other words, I can read what's before __END__ if I simply seek.
IMHO that is a bad thing and may even be used for attacks.

Btw, I stumbled across this by doing this:

10:01:24 ~$ ruby19 /c/Temp/dd.rb
["require 'csv'"]
[]
["CSV.foreach DATA do |rec|"]
[" p rec"]
["end"]
[]
["__END__"]
["line 1"]
["line 2"]
10:01:33 ~$ cat /c/Temp/dd.rb
require 'csv'

CSV.foreach DATA do |rec|
p rec
end

__END__
line 1
line 2
10:01:37 ~$

Maybe it's not such a good idea for CSV.foreach to seek to 0 before
starting to read. As a user of CSV I would always want it to start
off where the IO currently points to. James, what do you think?

Kind regards

robert

--
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/

 
Reply With Quote
 
 
 
 
Caius Durling
Guest
Posts: n/a
 
      01-11-2011
On 11 Jan 2011, at 09:03, Robert Klemme wrote:

> In other words, I can read what's before __END__ if I simply seek.
> IMHO that is a bad thing and may even be used for attacks.



I've written a script in the past that (ab)used that to use DATA as a =
small datastore, rather than writing out to a separate data file. I had =
to write out the entire file though, including the source code, so being =
able to just seek back to 0 and read from there was helpful for writing =
the script.

C
---
Caius Durling
http://www.velocityreviews.com/forums/(E-Mail Removed)
+44 (0) 7960 268 100
http://caius.name/




 
Reply With Quote
 
 
 
 
James Edward Gray II
Guest
Posts: n/a
 
      01-11-2011
On Jan 11, 2011, at 4:55 AM, Caius Durling wrote:

> On 11 Jan 2011, at 09:03, Robert Klemme wrote:
>=20
>> In other words, I can read what's before __END__ if I simply seek.
>> IMHO that is a bad thing and may even be used for attacks.


I love the feature. It's one of those fun things to abuse.

> I've written a script in the past that (ab)used that to use DATA as a =

small datastore=85

I've done that too.

> rather than writing out to a separate data file. I had to write out =

the entire file though, including the source code=85

You don't have to rewrite the code, if you are careful:

#!/usr/bin/env ruby -wKU

pos =3D DATA.pos # memorize position after __END__

# do whatever
count =3D DATA.read.to_i
puts "Count: #{count}"
count +=3D 1

DATA.reopen(__FILE__, "a+") # turn on writing mode
DATA.truncate(pos) # remove the DATA section
DATA.puts count # update DATA

__END__
0

James Edward Gray II


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Writing bitmap to file allows display in window?!! luser- -droog C Programming 0 11-18-2010 04:16 AM
File.read(fname) vs. File.read(fname,File.size(fname)) Alex Dowad Ruby 4 05-01-2010 08:20 AM
file.read() doesn't read the whole file Sreejith K Python 24 03-24-2009 12:20 PM
Firefox extension that allows export of RSS feeds to text file? V Firefox 0 08-12-2005 05:59 PM
Application.Lock - allows read?? Eidolon ASP .Net 4 08-16-2003 01:40 AM



Advertisments