kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Remove mention of $SAFE and taint from doc [ci skip]

Browse source
This commit is contained in:
Jeremy Evans 2019-10-04 08:44:33 -07:00
parent c257303ae7
commit 3a0de05bee
Notes: git 2019-11-18 08:01:11 +09:00
3 changed files with 0 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

12
doc/extension.ja.rdoc
View file

@ -215,17 +215,6 @@ rb_str_new_literal(const char *ptr) ::
Cのリテラル文字列からRubyの文字列を生成する Cのリテラル文字列からRubyの文字列を生成する
rb_tainted_str_new(const char *ptr, long len) ::
汚染マークが付加された新しいRubyの文字列を生成する外部
からのデータに基づく文字列には汚染マークが付加されるべき
である.
rb_tainted_str_new2(const char *ptr) ::
rb_tainted_str_new_cstr(const char *ptr) ::
Cの文字列から汚染マークが付加されたRubyの文字列を生成する
rb_str_append(VALUE str1, VALUE str2) :: rb_str_append(VALUE str1, VALUE str2) ::
Rubyの文字列str1にRubyの文字列str2を追加する Rubyの文字列str1にRubyの文字列str2を追加する
@ -1251,7 +1240,6 @@ Data_Get_Struct(data, type, sval) ::
RB_INTEGER_TYPE_P(value) RB_INTEGER_TYPE_P(value)
RB_FLOAT_TYPE_P(value) RB_FLOAT_TYPE_P(value)
void Check_Type(VALUE value, int type) void Check_Type(VALUE value, int type)
SafeStringValue(value)
=== 型変換 === 型変換

14
doc/extension.rdoc
View file

@ -190,16 +190,6 @@ rb_str_new_literal(const char *ptr) ::
Creates a new Ruby string from a C string literal. Creates a new Ruby string from a C string literal.
rb_tainted_str_new(const char *ptr, long len) ::
Creates a new tainted Ruby string. Strings from external data
sources should be tainted.
rb_tainted_str_new2(const char *ptr) ::
rb_tainted_str_new_cstr(const char *ptr) ::
Creates a new tainted Ruby string from a C string.
rb_sprintf(const char *format, ...) :: rb_sprintf(const char *format, ...) ::
rb_vsprintf(const char *format, va_list ap) :: rb_vsprintf(const char *format, va_list ap) ::
@ -1210,10 +1200,6 @@ void Check_Type(VALUE value, int type) ::
Ensures +value+ is of the given internal +type+ or raises a TypeError Ensures +value+ is of the given internal +type+ or raises a TypeError
SafeStringValue(value) ::
Checks that +value+ is a String and is not tainted
=== Data Type Conversion === Data Type Conversion
FIX2INT(value), INT2FIX(i) :: FIX2INT(value), INT2FIX(i) ::

13
doc/security.rdoc
View file

@ -15,19 +15,6 @@ mailto:security@ruby-lang.org ({the PGP public
key}[https://www.ruby-lang.org/security.asc]), which is a private mailing list. key}[https://www.ruby-lang.org/security.asc]), which is a private mailing list.
Reported problems will be published after fixes. Reported problems will be published after fixes.
== <code>$SAFE</code>
Ruby provides a mechanism to restrict what operations can be performed by Ruby
code in the form of the <code>$SAFE</code> variable.
However, <code>$SAFE</code> does not provide a secure environment for executing
untrusted code.
If you need to execute untrusted code, you should use an operating system level
sandboxing mechanism. On Linux, ptrace or LXC can be used to sandbox
potentially malicious code. Other similar mechanisms exist on every major
operating system.
== +Marshal.load+ == +Marshal.load+
Ruby's +Marshal+ module provides methods for serializing and deserializing Ruby Ruby's +Marshal+ module provides methods for serializing and deserializing Ruby