Re: Looking for external program invocations

< ^ > P N |<>|^_>< --- | ~ ...Help
Mark Hobley wrote:
> I have some open source software packages that were written in Ruby by a 
> third
> party that make use of external programs. For the purposes of security
> auditing, and for making appropriate fixes, I need to locate all 
> instances
> within the code, where an external program is being called.
> 
> What keywords or functions would I need to locate?
> 
> I am thinking of using grep to simply search for the function names. 
> Would
> that be sufficient, or is it possible that function names are split 
> across
> several lines, making it possible for some instances to be missed during 
> the
> audit?

If you're asking this question, then I'm sorry to say that you shouldn't 
be doing this audit in the first place.  To do an effective security 
audit of a program written in Ruby, you must understand the language at 
a reasonably advanced level.  Hire an experienced Rubyist for this job.

Or, since these are open source programs, perhaps you should contact 
their developers to discuss security concerns.

> 
> Mark.

Best,
--
Marnen Laibow-Koser
http://www.marnen.org
marnen / marnen.org
-- 
Posted via http://www.ruby-forum.com/.