发表新帖
发表新帖

What is the best way to convert a Ruby string range to a Range object

后端 未结
关注
8 2129
一生所求
一生所求 2020-12-29 23:38

I have some Ruby code which takes dates on the command line in the format:

-d 20080101,20080201..20080229,20080301

I want to run for all da

8条回答
  • 醉梦人生
    醉梦人生 (楼主)
    2020-12-30 00:12

    If we do it like

    v= "20140101..20150101"
raise "Error: invalid format: #{v}" if /\d{8}\.\.\d{8}/ !~ v
r= eval(v)

    and the attacker has a way of bypassing the raise check (simply by means of manipulating the runtime to disable exceptions) then we can get a dangerous eval which will potentially destroy the universe.

    So for the sake of reducing attack vectors, we check the format, and then do the parsing manually, then check the results

    v= "20140101..20150101"
raise "Error: invalid format: #{v}" if /\d{8}\.\.\d{8}/ !~ v
r= Range.new(*v.split(/\.\./).map(&:to_i))
raise "Error: invalid range: #{v}" if r.first> r.last

    0 讨论(0)
 看不清?
提交回复
热议问题