Ruby的Object#taint和Object#trust方法是什么? - What are the Ruby's Object#taint and Object#trust methods? -开发者知识库

Ruby的Object#taint和Object#trust方法是什么? - What are the Ruby's Object#taint and Object#trust methods? -开发者知识库,第1张

I was reading about Ruby string methods in the docs and came accross the methods


  • taint
  • 污點
  • trust
  • 相信
  • untaint
  • 解除污染
  • untrust
  • 不可信

I don't know what they do, which situation do we use them? Has anyone used any of them? Examples would be nice.


3 个解决方案



taint and trust are part of Ruby's security model. In Ruby, each object has a few flags that it carries around with it, two of which are the Trusted flag and the Tainted flag. How these flags are acted on depends on something called the safe level. The safe level is stored in $SAFE.

污點和信任是Ruby安全模型的一部分。在Ruby中,每個對象都有一些隨身攜帶的標志,其中兩個是Trusted標志和Tainted標志。如何處理這些標志取決於所謂的安全級別。安全級別存儲在$ SAFE中。

Each thread and fiber in a program can have it's own safe level. Safe levels range from 0 through 4, with 0 enforcing no security and 4 enforcing so much it should only be used when you're evaling code. You can't assign a lower value to $SAFE than it already has. Also, on UNIX systems where a Ruby script runs as setuid, Ruby automatically sets the safe level to 1.

程序中的每個線程和光纖都可以擁有自己的安全級別。安全級別范圍從0到4,其中0強制執行無安全性和4強制執行,只應在您評估代碼時使用。您不能為$ SAFE指定比現有值更低的值。此外,在Ruby腳本以setuid運行的UNIX系統上,Ruby會自動將安全級別設置為1。


When a object has it's tainted flag set, that means, roughly, that the object came from an unreliable source and therefore can't be used in sensitive operations. When the safe level is 0, the taint flag is ignored (but still set, you can pay attention to it if you want). There are a few methods related to tainting:


  • taint -- Make an object tainted. You can taint an object on all levels with the exception of safe level 4.
  • 污點 - 使物體污染。您可以在所有級別上污染對象,但安全級別4除外。
  • tainted? -- Check if an object is tainted.
  • 污點? - 檢查物體是否受到污染。
  • untaint -- Remove tainting from an object. This can only be used in safe levels 0, 1, and 2.
  • untaint - 去除物體上的污點。這只能用於安全級別0,1和2。

Here's an example from the pragprog pickaxe (source) that shows tainting:

以下是pragprog pickaxe(source)中顯示污點的示例:

# internal data
# =============
x1 = "a string"
x1.tainted?     → false
x2 = x1[2, 4]
x2.tainted?     → false
x1 =~ /([a-z])/ → 0
.tainted?     → false
# external data
# =============
y1 = ENV["HOME"]
y1.tainted?      → true
y2 = y1[2, 4]
y2.tainted?      → true
y1 =~ /([a-z])/  → 1
.tainted?      → true

To summarize, you can't use dangerous methods on tainted data. So if you do this in safe level 3, you'd get an error:




Trust is a lot simpler. Trust has to do with whether the object came from a trusted or untrusted source -- basically, whether it came from anything less than safe level 4, or safe level 4. I'm not sure exactly what effect Ruby's trust has, but take a look here: .

信任要簡單得多。信任與對象是來自可靠還是不受信任的來源有關 - 基本上,它是來自低於安全等級4的任何東西,還是安全等級4.我不確定Ruby的信任到底有什么影響,但是看這里:。

Here are some more resources: -- Some great stuff on safe levels, but I think it's from 1.8 -- there is an updated version for 1.9, just only in the printed version of the book.

這里有一些更多的資源: - 安全級別的一些很棒的東西,但我認為它來自1.8 - 有一個1.9的更新版本,只是在印刷版本這本書。 -- On whether safe is safe enough. - 關於安全是否足夠安全。