Renumber the 8 commandments
parent
7b0acd238e
commit
e2dd13e7f8
15
HACKING
15
HACKING
|
@ -36,7 +36,7 @@ lock up the entire module when called from other interfaces. If you
|
||||||
need user input, you can either register an option or expose an
|
need user input, you can either register an option or expose an
|
||||||
interactive session type specific for the type of exploit.
|
interactive session type specific for the type of exploit.
|
||||||
|
|
||||||
4. Always use Rex sockets, not ruby sockets. This includes
|
3. Always use Rex sockets, not ruby sockets. This includes
|
||||||
third-party libraries such as Net::Http. There are several very good
|
third-party libraries such as Net::Http. There are several very good
|
||||||
reasons for this rule. First, the framework doesn't get notified on
|
reasons for this rule. First, the framework doesn't get notified on
|
||||||
the creation of ruby sockets and won't know how to clean them up in
|
the creation of ruby sockets and won't know how to clean them up in
|
||||||
|
@ -48,22 +48,23 @@ already implemented with Rex and if the protocol you need is missing,
|
||||||
porting another library to use them is straight-forward. See our
|
porting another library to use them is straight-forward. See our
|
||||||
Net::SSH modifications in lib/net/ssh/ for an example.
|
Net::SSH modifications in lib/net/ssh/ for an example.
|
||||||
|
|
||||||
5. When opening an IO stream, always force binary with "b" mode (or
|
4. When opening an IO stream, always force binary with "b" mode (or
|
||||||
using IO#binmode). This not only helps keep Windows and non-Windows
|
using IO#binmode). This not only helps keep Windows and non-Windows
|
||||||
runtime environments consistent with each other, but also guarantees
|
runtime environments consistent with each other, but also guarantees
|
||||||
that files will be treated as ASCII-8BIT instead of UTF-8.
|
that files will be treated as ASCII-8BIT instead of UTF-8.
|
||||||
|
|
||||||
6. Don't use String#[] for a single character. This returns a Fixnum in
|
5. Don't use String#[] for a single character. This returns a Fixnum in
|
||||||
ruby 1.8 and a String in 1.9, so it's safer to use the following idiom:
|
ruby 1.8 and a String in 1.9, so it's safer to use the following idiom:
|
||||||
str[idx,1]
|
str[idx,1]
|
||||||
which always returns a String. If you need the ASCII byte, unpack it like
|
which always returns a String. If you need the ASCII byte, unpack it like
|
||||||
so:
|
so:
|
||||||
str[idx,1].unpack("C")[0]
|
tr[idx,1].unpack("C")[0]
|
||||||
|
|
||||||
7. Whenever possible, avoid using '+' or '+=' to concatenate strings.
|
6. Whenever possible, avoid using '+' or '+=' to concatenate strings.
|
||||||
The '<<' operator is significantly faster. The difference will become
|
The '<<' operator is significantly faster. The difference will become
|
||||||
even more apparent when doing string manipulation in a loop. The
|
even more apparent when doing string manipulation in a loop. The
|
||||||
following table approximates the underlying implementation:
|
following table approximates the underlying implementation:
|
||||||
|
|
||||||
Ruby Pseudo-C
|
Ruby Pseudo-C
|
||||||
----------- ----------------
|
----------- ----------------
|
||||||
a = b + c a = malloc(b.len+c.len+1);
|
a = b + c a = malloc(b.len+c.len+1);
|
||||||
|
@ -77,11 +78,11 @@ following table approximates the underlying implementation:
|
||||||
Note that the original value of 'b' is lost in the second case. Care
|
Note that the original value of 'b' is lost in the second case. Care
|
||||||
must be taken to duplicate strings that you do not want to modify.
|
must be taken to duplicate strings that you do not want to modify.
|
||||||
|
|
||||||
8. For other Ruby 1.8.x/1.9.x compat issues, please see Sam Ruby's
|
7. For other Ruby 1.8.x/1.9.x compat issues, please see Sam Ruby's
|
||||||
excellent slide show at <http://slideshow.rubyforge.org/ruby19.html>
|
excellent slide show at <http://slideshow.rubyforge.org/ruby19.html>
|
||||||
for an overview of common and not-so-common Ruby version related gotchas.
|
for an overview of common and not-so-common Ruby version related gotchas.
|
||||||
|
|
||||||
9. Never, ever use $global variables. This applies to modules, mixins,
|
8. Never, ever use $global variables. This applies to modules, mixins,
|
||||||
and libraries. If you need a "global" within a specific class, you can
|
and libraries. If you need a "global" within a specific class, you can
|
||||||
use @@class_variables, but most modules should use @instance variables
|
use @@class_variables, but most modules should use @instance variables
|
||||||
to store information between methods.
|
to store information between methods.
|
||||||
|
|
Loading…
Reference in New Issue