Jobs Interview - More Ruby, Rails Questions and Answers
Click here to load reader
-
Upload
yogesh-chandra -
Category
Documents
-
view
6 -
download
1
description
Transcript of Jobs Interview - More Ruby, Rails Questions and Answers
Jobs Interview More Ruby,Rails questions and answersFeb 12, 2014
Following my series on job interviews which started here Job Interview RailsMain Components This post will have new questions. Hopefully some peoplewill learn a few things, at least I did. Without further ado the questions andanswers; enjoy!.
Name at least 3 ways to call a method inRuby?
class Greeter def greeting 'hello' end end
greeter = Greeter.new
# First way and most obvious greeter.greeting
# Second way not so obvious but probably well known greeter.send :greeting
# Third way the more obscure greeter.method(:greeting).call
What is the difference between aClass, Module and Instance?
Black Matter
Class: is the blueprint from which individual objects are created. Classes inRuby are firstclass objectseach is an instance of class Class.Instance: is an object which was instantiated from a ClassModule: is a collection of methods and constants. You can't make aninstance of a module; the way you access the constants and methods insideit depends on it's definition; module methods and variables can beaccessed like this Module.method or Module.CONSTANT but if you want toaccess an instance method you should include the module to another classto use it.
What is the difference betweeninclude and extend?include mixes a module as instance methods or constants and extend
mixes a module as class methods; also you can extend a singleton objectinstance using this syntax. obj.extend Mod which will add the methods orconstants to that single instance of that particular class.
What is a symbol and what are therisks of using them in web apps?A symbol is mostly an immutable String they are mostly use to representnames. They are risky to be use on web apps in particular in Rails apps due tothe following security issue:CVE20131854 Symbol DoS vulnerability in ActiveRecord
Update: This cannot lead an attacker to execute arbitrary code in the serveryou are running your app. That was a misinterpretation on my part. Thanks toToby OvodEverett for pointing this out.
Can you name a recent securityincident in Rails and explain the issue?This was not very easy for me; because I normally don't spend too much timeon this type of stuff this days; even when I know the important of the topic; sothe answer for this one is just to subscribe to the railssecurityann mailing list
What does this doHash[[1,2,3,4].zip([5,6,7,8])]?Enumerable#zip Takes one element from enum and merges correspondingelements from each args.
1=>5, 2=>6, 3=>7, 4=>8
What does the following do
(1..Float::INFINITY).map |i| i*i .first(10)?
Nothing it will just hang your Ruby interpreter.
How to fix this
(1..Float::INFINITY).map |i| i*i .first(10)?
This only works on Ruby 2.0
(1..Float::INFINITY).lazy.map |i| i*i .first(10)
What is the difference between a Procand Lambda?
Block: Is a piece of code that can pass to a method as an argument. But can'tsave it's own state.
Proc: Is a block which can save state.
Lambda: Same thing as a Proc; the differences are that the lambda havediminutive returns; which means that even if you put a return statementinside the lambda it will keep running until the method in which wascalled finish it's execution also lambdas check for the arguments passed to
them; Proc doesn't.
ConclusionI hope this help anyone interesting in learning tip bits of Ruby. Also I alsowould love to see another methods to solve the problems exposed in thisquestions. Happy coding!
ResourcesRuby Object
What is a Class?
Ruby Module
Ruby Class
Include and Extend
Enumerable#zip
Enumerable#lazy
Blocks, Procs, Lambdas
9 Comments Black Matter Login1
Share⤤ Sort by Best
Join the discussion…
• Reply •
Brian Douglas • 2 years agoThis is great thanks for posting.
1
• Reply •
Rafael George • 2 years agoMod > Brian Douglas
@Brian Douglas Thanks :)
• Reply •
Brian Díaz • a year agoThanks
Recommend 2
Share ›
Share ›
Share ›
• Reply •
George Sun • 2 years agoThanks for sharing those questions.
• Reply •
Rafael George • 2 years agoMod > George Sun
@George Sun No problem :)
• Reply •
Toby OvodEverett • 2 years agoI'm confused by the response to "What is a symbol and what are the risks of usingthem in web apps?". My understanding of the primary risk for using symbols in webapps is that it enables DoS (Denial of Service) attacks. The attacker suppliesstrings (inbound parameters always start as strings), but the application convertsthe inbound strings to symbols at some point in the execution. Because symbolsare immutable and not garbage collected, if the attacker can supply arbitrary inputthat will get converted to symbols, the attacker can exhaust the memory of theprocess by supplying a large number of different strings.
I don't see how this "can lead an attacker to execute arbitrary code in the serveryou are running your app." The good news about symbol attacks is that they areDoS attacks, but the bad news is that they can be very subtle. For instance, thementioned https://groups.google.com/foru... is a fairly subtle attack the attacker issupplying a URL query string that builds a hash for the value of an entry in theparams hash, and that hash can sometimes have its keys coerced to symbols. Asa side note, the symbol issue is one reason Rails uses a stringindexed hash forthe internals of the params hash, while still permitting dual (both string and symbol)access. When you access the params hash with a symbol, Rails converts thesymbol to a string before looking for the value in the hash rather than the other waybecause it wants to ensure against arbitrary string > symbol conversion.
• Reply •
Rafael George • 2 years agoMod > Toby OvodEverett
@Toby OvodEverett I'm researching further on that particular thing; stillmy thesis is based on vulnerabilities related to other services that I've seembut they probably doesn't apply in here. Thanks for your input; after I finishwith my research I will update the blog post.
Brad Landers • 2 years ago> Rafael George
You should correct that item, because this is otherwise a great list.There are no RCE (remote code execution) vulnerabilities related tosymbols. Symbols are not garbage collected, and thereforerepresent a DoS vector. They cannot, however, be used to leveragean RCE on their own. All the recent Rails RCE vulnerabilities wererelated to serialization issues. For example:http://blog.codeclimate.com/bl...
Share ›
Share ›
Share ›
Share ›
Black [email protected]
cored cor3d
Rambling about web developmentin particular, programming ingeneral, philosophy on the side andeverything else in the middle.
If you are going to isolate from Railswhy not ditch Rails?2 comments • 2 years ago
jlecour — Also, a web framework is notjust an ORM. Rails provides a great layerbetween an application and the web :Rack, a router, a lot of …
Is Github truly the new resume?1 comment • 2 years ago
Brian Díaz — True
My GPA at Code Climate is 3.59: Arefactoring story16 comments • 2 years ago
Another refactoring story6 comments • 2 years ago
AvatarRafael George — I see; but in the latest
ALSO ON BLACK MATTER
• Reply •
http://blog.codeclimate.com/bl...
• Reply •
Rafael George • 2 years agoMod > Brad Landers
@Brad Landers Sure thing, updating :) 1
WHAT'S THIS?
Share ›
Share ›
Black Matter