Objetos Manchados: Tainting

Web applications must often keep track of data derived from untrusted user input to avoid SQL injection attacks and similar security risks.

Taint checking is a feature in some computer programming languages, such as Perl and Ruby, designed to increase security by preventing malicious users from executing commands on a host computer.

Taint checks highlight specific security risks primarily associated with web sites which are attacked using techniques such as SQL injection or buffer overflow attack approaches.

Ruby provides a simple solution to this problem: any object may be marked as tainted by calling its taint method.

Once an object is tainted, any objects derived from it will also be tainted.

The taint of an object can be tested with the tainted? method.

1] pry(main)> s = "untrusted"
=> "untrusted"
[3] pry(main)> s.taint
=> "untrusted"
[4] pry(main)> s.tainted?
=> true
[5] pry(main)> s.upcase.tainted?
=> true
[6] pry(main)> s[3,4].tainted?
=> true

Véase un ejemplo en Perl. y también ejemplos en Rails

The object tainting mechanism of Ruby is most powerful when used with the global variable $SAFE.

When this variable is set to a value greater than zero, Ruby restricts various built-in methods so that they will not work with tainted data.

When $SAFE is 1,

When$SAFE is 2,3 or 4 this restrictions become harder.

Casiano Rodriguez León 2015-06-18