Jobs Interview ­ More Ruby,Rails questions and answersFeb 12, 2014

Following my series on job interviews which started here Job Interview ­ RailsMain Components This post will have new questions. Hopefully some peoplewill learn a few things, at least I did. Without further ado the questions andanswers; enjoy!.

Name at least 3 ways to call a method inRuby?

class Greeter def greeting 'hello' end end

greeter = Greeter.new

# First way and most obvious greeter.greeting

# Second way not so obvious but probably well known greeter.send :greeting

# Third way the more obscure greeter.method(:greeting).call

What is the difference between aClass, Module and Instance?

Black Matter

Class: is the blueprint from which individual objects are created. Classes inRuby are first­class objects­­­each is an instance of class Class.Instance: is an object which was instantiated from a ClassModule: is a collection of methods and constants. You can't make aninstance of a module; the way you access the constants and methods insideit depends on it's definition; module methods and variables can beaccessed like this Module.method or Module.CONSTANT but if you want toaccess an instance method you should include the module to another classto use it.

What is the difference betweeninclude and extend?include mixes a module as instance methods or constants and extend

mixes a module as class methods; also you can extend a singleton objectinstance using this syntax. obj.extend Mod which will add the methods orconstants to that single instance of that particular class.

What is a symbol and what are therisks of using them in web apps?A symbol is mostly an immutable String they are mostly use to representnames. They are risky to be use on web apps in particular in Rails apps due tothe following security issue:CVE­2013­1854 Symbol DoS vulnerability in ActiveRecord

Update: This cannot lead an attacker to execute arbitrary code in the serveryou are running your app. That was a misinterpretation on my part. Thanks toToby Ovod­Everett for pointing this out.

Can you name a recent securityincident in Rails and explain the issue?This was not very easy for me; because I normally don't spend too much timeon this type of stuff this days; even when I know the important of the topic; sothe answer for this one is just to subscribe to the rails­security­ann mailing list

What does this doHash[[1,2,3,4].zip([5,6,7,8])]?Enumerable#zip Takes one element from enum and merges correspondingelements from each args.

1=>5, 2=>6, 3=>7, 4=>8

What does the following do

(1..Float::INFINITY).map |i| i*i .first(10)?

Nothing it will just hang your Ruby interpreter.

How to fix this

(1..Float::INFINITY).map |i| i*i .first(10)?

This only works on Ruby 2.0

(1..Float::INFINITY).lazy.map |i| i*i .first(10)

What is the difference between a Procand Lambda?

Block: Is a piece of code that can pass to a method as an argument. But can'tsave it's own state.

Proc: Is a block which can save state.

Lambda: Same thing as a Proc; the differences are that the lambda havediminutive returns; which means that even if you put a return statementinside the lambda it will keep running until the method in which wascalled finish it's execution also lambdas check for the arguments passed to

them; Proc doesn't.

ConclusionI hope this help anyone interesting in learning tip bits of Ruby. Also I alsowould love to see another methods to solve the problems exposed in thisquestions. Happy coding!

ResourcesRuby Object

What is a Class?

Ruby Module

Ruby Class

Include and Extend

Enumerable#zip

Enumerable#lazy

Blocks, Procs, Lambdas

9 Comments Black Matter Login1

Share⤤ Sort by Best

Join the discussion…

• Reply •

Brian Douglas • 2 years agoThis is great thanks for posting.

1

• Reply •

Rafael George • 2 years agoMod > Brian Douglas

@Brian Douglas Thanks :­)

• Reply •

Brian Díaz • a year agoThanks

Recommend 2

Share ›

Share ›

Share ›

• Reply •

George Sun • 2 years agoThanks for sharing those questions.

• Reply •

Rafael George • 2 years agoMod > George Sun

@George Sun No problem :­)

• Reply •

Toby Ovod­Everett • 2 years agoI'm confused by the response to "What is a symbol and what are the risks of usingthem in web apps?". My understanding of the primary risk for using symbols in webapps is that it enables DoS (Denial of Service) attacks. The attacker suppliesstrings (inbound parameters always start as strings), but the application convertsthe inbound strings to symbols at some point in the execution. Because symbolsare immutable and not garbage collected, if the attacker can supply arbitrary inputthat will get converted to symbols, the attacker can exhaust the memory of theprocess by supplying a large number of different strings.

I don't see how this "can lead an attacker to execute arbitrary code in the serveryou are running your app." The good news about symbol attacks is that they areDoS attacks, but the bad news is that they can be very subtle. For instance, thementioned https://groups.google.com/foru... is a fairly subtle attack ­ the attacker issupplying a URL query string that builds a hash for the value of an entry in theparams hash, and that hash can sometimes have its keys coerced to symbols. Asa side note, the symbol issue is one reason Rails uses a string­indexed hash forthe internals of the params hash, while still permitting dual (both string and symbol)access. When you access the params hash with a symbol, Rails converts thesymbol to a string before looking for the value in the hash rather than the other waybecause it wants to ensure against arbitrary string ­> symbol conversion.

• Reply •

Rafael George • 2 years agoMod > Toby Ovod­Everett

@Toby Ovod­Everett I'm researching further on that particular thing; stillmy thesis is based on vulnerabilities related to other services that I've seembut they probably doesn't apply in here. Thanks for your input; after I finishwith my research I will update the blog post.

Brad Landers • 2 years ago> Rafael George

You should correct that item, because this is otherwise a great list.There are no RCE (remote code execution) vulnerabilities related tosymbols. Symbols are not garbage collected, and thereforerepresent a DoS vector. They cannot, however, be used to leveragean RCE on their own. All the recent Rails RCE vulnerabilities wererelated to serialization issues. For example:http://blog.codeclimate.com/bl...

Share ›

Share ›

Share ›

Share ›

Black Mattergeorge.rafael@gmail.com

cored cor3d

Rambling about web developmentin particular, programming ingeneral, philosophy on the side andeverything else in the middle.

If you are going to isolate from Railswhy not ditch Rails?2 comments • 2 years ago

jlecour — Also, a web framework is notjust an ORM. Rails provides a great layerbetween an application and the web :Rack, a router, a lot of …

Is Github truly the new resume?1 comment • 2 years ago

Brian Díaz — True

My GPA at Code Climate is 3.59: Arefactoring story16 comments • 2 years ago

Another refactoring story6 comments • 2 years ago

AvatarRafael George — I see; but in the latest

ALSO ON BLACK MATTER

• Reply •

http://blog.codeclimate.com/bl...

• Reply •

Rafael George • 2 years agoMod > Brad Landers

@Brad Landers Sure thing, updating :­) 1

WHAT'S THIS?

Share ›

Share ›

Black Matter