зеркало из https://github.com/github/ruby.git
Remove mention of $SAFE and taint from doc [ci skip]
This commit is contained in:
Jeremy Evans
Родитель
c257303ae7
Коммит
3a0de05bee
|
|
@ -215,17 +215,6 @@ rb_str_new_literal(const char *ptr) ::
|
|||
|
||||
Cのリテラル文字列からRubyの文字列を生成する.
|
||||
|
||||
rb_tainted_str_new(const char *ptr, long len) ::
|
||||
|
||||
汚染マークが付加された新しいRubyの文字列を生成する.外部
|
||||
からのデータに基づく文字列には汚染マークが付加されるべき
|
||||
である.
|
||||
|
||||
rb_tainted_str_new2(const char *ptr) ::
|
||||
rb_tainted_str_new_cstr(const char *ptr) ::
|
||||
|
||||
Cの文字列から汚染マークが付加されたRubyの文字列を生成する.
|
||||
|
||||
rb_str_append(VALUE str1, VALUE str2) ::
|
||||
|
||||
Rubyの文字列str1にRubyの文字列str2を追加する.
|
||||
|
|
@ -1251,7 +1240,6 @@ Data_Get_Struct(data, type, sval) ::
|
|||
RB_INTEGER_TYPE_P(value)
|
||||
RB_FLOAT_TYPE_P(value)
|
||||
void Check_Type(VALUE value, int type)
|
||||
SafeStringValue(value)
|
||||
|
||||
=== 型変換
|
||||
|
||||
|
|
|
|||
|
|
@ -190,16 +190,6 @@ rb_str_new_literal(const char *ptr) ::
|
|||
|
||||
Creates a new Ruby string from a C string literal.
|
||||
|
||||
rb_tainted_str_new(const char *ptr, long len) ::
|
||||
|
||||
Creates a new tainted Ruby string. Strings from external data
|
||||
sources should be tainted.
|
||||
|
||||
rb_tainted_str_new2(const char *ptr) ::
|
||||
rb_tainted_str_new_cstr(const char *ptr) ::
|
||||
|
||||
Creates a new tainted Ruby string from a C string.
|
||||
|
||||
rb_sprintf(const char *format, ...) ::
|
||||
rb_vsprintf(const char *format, va_list ap) ::
|
||||
|
||||
|
|
@ -1210,10 +1200,6 @@ void Check_Type(VALUE value, int type) ::
|
|||
|
||||
Ensures +value+ is of the given internal +type+ or raises a TypeError
|
||||
|
||||
SafeStringValue(value) ::
|
||||
|
||||
Checks that +value+ is a String and is not tainted
|
||||
|
||||
=== Data Type Conversion
|
||||
|
||||
FIX2INT(value), INT2FIX(i) ::
|
||||
|
|
|
|||
|
|
@ -15,19 +15,6 @@ mailto:security@ruby-lang.org ({the PGP public
|
|||
key}[https://www.ruby-lang.org/security.asc]), which is a private mailing list.
|
||||
Reported problems will be published after fixes.
|
||||
|
||||
== <code>$SAFE</code>
|
||||
|
||||
Ruby provides a mechanism to restrict what operations can be performed by Ruby
|
||||
code in the form of the <code>$SAFE</code> variable.
|
||||
|
||||
However, <code>$SAFE</code> does not provide a secure environment for executing
|
||||
untrusted code.
|
||||
|
||||
If you need to execute untrusted code, you should use an operating system level
|
||||
sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox
|
||||
potentially malicious code. Other similar mechanisms exist on every major
|
||||
operating system.
|
||||
|
||||
== +Marshal.load+
|
||||
|
||||
Ruby's +Marshal+ module provides methods for serializing and deserializing Ruby
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче