Black Matter

Jobs Interview More Ruby,

Rails questions and answers
Feb 12, 2014

Following my series on job interviews which started here Job Interview Rails
Main Components This post will have new questions. Hopefully some people
will learn a few things, at least I did. Without further ado the questions and
answers; enjoy!.

Name at least 3 ways to call a method in

Ruby?
class Greeter
def greeting
'hello'
end
end
greeter = Greeter.new
# First way and most obvious
greeter.greeting
# Second way not so obvious but probably well known
greeter.send :greeting
# Third way the more obscure
greeter.method(:greeting).call

What is the difference between a

Class, Module and Instance?

Class: is the blueprint from which individual objects are created. Classes in
Ruby are firstclass objectseach is an instance of class Class.
Instance: is an object which was instantiated from a Class
Module: is a collection of methods and constants. You can't make an
instance of a module; the way you access the constants and methods inside
it depends on it's definition; module methods and variables can be
accessed like this Module.method or Module.CONSTANT but if you want to
access an instance method you should include the module to another class
to use it.

What is the difference between

include and extend?
include mixes a module as instance methods or constants and extend

mixes a module as class methods; also you can extend a singleton object
instance using this syntax. obj.extend Mod which will add the methods or
constants to that single instance of that particular class.

What is a symbol and what are the

risks of using them in web apps?
A symbol is mostly an immutable String they are mostly use to represent
names. They are risky to be use on web apps in particular in Rails apps due to
the following security issue:CVE20131854 Symbol DoS vulnerability in Active
Record
Update: This cannot lead an attacker to execute arbitrary code in the server
you are running your app. That was a misinterpretation on my part. Thanks to
Toby OvodEverett for pointing this out.

Can you name a recent security

incident in Rails and explain the issue?
This was not very easy for me; because I normally don't spend too much time
on this type of stuff this days; even when I know the important of the topic; so
the answer for this one is just to subscribe to the railssecurityann mailing list

What does this do

Hash[[1,2,3,4].zip([5,6,7,8])]?
Enumerable#zip Takes one element from enum and merges corresponding
elements from each args.
{1=>5, 2=>6, 3=>7, 4=>8}

What does the following do

(1..Float::INFINITY).map{ |i| i*i }.first(10)?

Nothing it will just hang your Ruby interpreter.

How to fix this

(1..Float::INFINITY).map{ |i| i*i }.first(10)?

This only works on Ruby 2.0

(1..Float::INFINITY).lazy.map{ |i| i*i }.first(10)

What is the difference between a Proc

and Lambda?
Block: Is a piece of code that can pass to a method as an argument. But can't
save it's own state.
Proc: Is a block which can save state.
Lambda: Same thing as a Proc; the differences are that the lambda have
diminutive returns; which means that even if you put a return statement
inside the lambda it will keep running until the method in which was
called finish it's execution also lambdas check for the arguments passed to

them; Proc doesn't.

Conclusion
I hope this help anyone interesting in learning tip bits of Ruby. Also I also
would love to see another methods to solve the problems exposed in this
questions. Happy coding!

Resources
Ruby Object
What is a Class?
Ruby Module
Ruby Class
Include and Extend
Enumerable#zip
Enumerable#lazy
Blocks, Procs, Lambdas

9Comments

BlackMatter

Recommend 2

Share

SortbyBest

Jointhediscussion
BrianDouglas 2yearsago

Thisisgreatthanksforposting.
1

Reply Share

RafaelGeorge

Mod >BrianDouglas

@BrianDouglasThanks:)

Reply Share

BrianDaz ayearago

Thanks

Reply Share

Login

2yearsago

GeorgeSun 2yearsago

Thanksforsharingthosequestions.

Reply Share

RafaelGeorge

Mod >GeorgeSun

2yearsago

@GeorgeSunNoproblem:)

Reply Share

TobyOvodEverett 2yearsago

I'mconfusedbytheresponseto"Whatisasymbolandwhataretherisksofusing
theminwebapps?".Myunderstandingoftheprimaryriskforusingsymbolsinweb
appsisthatitenablesDoS(DenialofService)attacks.Theattackersupplies
strings(inboundparametersalwaysstartasstrings),buttheapplicationconverts
theinboundstringstosymbolsatsomepointintheexecution.Becausesymbols
areimmutableandnotgarbagecollected,iftheattackercansupplyarbitraryinput
thatwillgetconvertedtosymbols,theattackercanexhaustthememoryofthe
processbysupplyingalargenumberofdifferentstrings.
Idon'tseehowthis"canleadanattackertoexecutearbitrarycodeintheserver
youarerunningyourapp."Thegoodnewsaboutsymbolattacksisthattheyare
DoSattacks,butthebadnewsisthattheycanbeverysubtle.Forinstance,the
mentionedhttps://groups.google.com/foru...isafairlysubtleattacktheattackeris
supplyingaURLquerystringthatbuildsahashforthevalueofanentryinthe
paramshash,andthathashcansometimeshaveitskeyscoercedtosymbols.As
asidenote,thesymbolissueisonereasonRailsusesastringindexedhashfor
theinternalsoftheparamshash,whilestillpermittingdual(bothstringandsymbol)
access.Whenyouaccesstheparamshashwithasymbol,Railsconvertsthe
symboltoastringbeforelookingforthevalueinthehashratherthantheotherway
becauseitwantstoensureagainstarbitrarystring>symbolconversion.

Reply Share

RafaelGeorge

Mod >TobyOvodEverett

2yearsago

@TobyOvodEverettI'mresearchingfurtheronthatparticularthingstill
mythesisisbasedonvulnerabilitiesrelatedtootherservicesthatI'veseem
buttheyprobablydoesn'tapplyinhere.ThanksforyourinputafterIfinish
withmyresearchIwillupdatetheblogpost.

Reply Share

BradLanders>RafaelGeorge 2yearsago

Youshouldcorrectthatitem,becausethisisotherwiseagreatlist.
TherearenoRCE(remotecodeexecution)vulnerabilitiesrelatedto
symbols.Symbolsarenotgarbagecollected,andtherefore
representaDoSvector.Theycannot,however,beusedtoleverage
anRCEontheirown.AlltherecentRailsRCEvulnerabilitieswere
relatedtoserializationissues.Forexample:
http://blog.codeclimate.com/bl...

http://blog.codeclimate.com/bl...

Reply Share

RafaelGeorge

Mod >BradLanders

2yearsago

@BradLandersSurething,updating:)
1

Reply Share

WHAT'STHIS?

ALSOONBLACKMATTER

IfyouaregoingtoisolatefromRails
whynotditchRails?
2comments2yearsago

IsGithubtrulythenewresume?
1comment2yearsago

BrianDazTrue

jlecourAlso,awebframeworkisnot

justanORM.Railsprovidesagreatlayer
betweenanapplicationandtheweb:
Rack,arouter,alotof

MyGPAatCodeClimateis3.59:A
refactoringstory

Anotherrefactoringstory

16comments2yearsago

AvatarRafaelGeorgeIseebutinthelatest

6comments2yearsago

Black Matter
Black Matter
george.rafael@gmail.com

cored
cor3d

Rambling about web development

in particular, programming in
general, philosophy on the side and
everything else in the middle.