LeckyLao's Blog

Ruby Fanster

No ActionCable & Pusher

No ActionCable & Pusher

WebSocket in Ruby and on Rails

Lecky Lao(@leckylao)
RORO 11-08-2015

Regex in Ruby

# encoding: utf-8

Regex In Ruby – Capture Groups

Lecky Lao(@leckylao)

RORO 09-06-2015

Mongo BSON Injection: Ruby Regexps Strike Again

Jun 4, 2015 • Egor Homakov (@homakov)

Mongoid is an ODM(Object Document Mapper) Framework
for MongoDB written in Ruby

Mongoid uses more low-level adapter Moped which uses BSON-ruby

the vulnerability is in legal? method of BSON::ObjectId

  # /\nhi\n/ =~ /hi$/
  # /\nhi\n/ =~ /hi\Z/
  # /\nhi\n/ =~ /hi\z/

  # Vulnerable
  def legal?(string)
    # March 31 2013 to Apr 7 2013
    /\A\h{24}\Z/ === string.to_s
    # currently it thinks Mongo is down and pings it 39 more times with intervals.
    # In other words it keeps the worker busy for 5 seconds and makes x40 requests to Mongo DB
    # One way or another, it is Denial of Service.

    # Apr 7 2013 till now
    string.to_s =~ /^[0-9a-f]{24}$/i ? true : false
    # he attacker can send any data to the socket with something like
    # _id=Any binary data\naaaaaaaaaaaaaaaaaaaaaaaa\nAny binary data

  # Patch
  def ((defined?(Moped::BSON) ? Moped::BSON : BSON)::ObjectId).legal?(s)
    /\A\h{24}\z/ === s.to_s

—-Capturing Groups—-

    # What's the difference?

    /sat (in)/.match("The cat sat in the hat")

    "The cat sat in the hat" =~ /sat (in)/

The difference is

The operator =~ returns the index

of the first match (nil if no match)

and stores the MatchData

in the global variable $~

The method match returns

the MatchData itself (again, nil if no match)

Grouping with reference

    # What's the difference?


    "$3.67" =~ /\$(?\d+)\.(?\d+)/

    /\$(?\d+)\.(?\d+)/ =~ "$3.67"

The difference is

When named capture groups are used with a literal regexp

on the left-hand side of an expression and the =~ operator,

the captured text is also assigned to local variables

with corresponding names.


    # Is this correct?

"The cat sat in the hat".gsub(/(.*)cat(.*)/, "#{$1}black dog#{$2}")
"The cat sat in the hat".gsub(/(.*)cat(.*)/, "\1black dog\2")

"The cat sat in the hat".gsub(/(.*)cat(.*)/, '\1black dog\2')

"The cat sat in the hat".gsub(/(?<prefix>.*)cat(.*)/, '\k<prefix>black dog\2')

"The cat sat in the hat".gsub(/(?<prefix>.*)cat(?<suffix>.*)/, '\k<prefix>black dog\k<suffix>')

$1 and $2 only store after the execution, therefore
and use \\1 and \\2 instead

use '' instead of "" when using regex

A regexp can't use named backreferences
and numbered backreferences simultaneously.

That's all, thanks!

slide: – examples/regex_in_ruby.rb

slides made using tkn("

How to run whenever with rvm integration

Simply overwrite the job_type to include the rvm version you want

job_type :rake, "source /etc/profile.d/ &amp;&amp; rvm use ruby-2.0.0-p247 &amp;&amp; cd :path &amp;&amp; :environment_variable=:environment bundle exec rake :task --silent :output"

every, :at =&gt; '8:00 am' do
  rake "users:activities"

Rails Complex Order Query

Today gonna talk about Rails Complex Query for ordering. Here’s a simple query order by status

@events = @events.order("status DESC")

But what happen if you want to make the query to order the status in a specific sequence. Here’s the example:

@events = @events.order("
WHEN events.status = 'NEW' THEN 0
WHEN events.status = 'OPEN' THEN 1
WHEN events.status = 'UPDATED' THEN 2
WHEN events.status = 'WAITING' THEN 3
WHEN events.status = 'ABANDONED' THEN 4

Happy Hacking, Enjoy! :)

Simple Rails AJAX CRUD

Recently just got some time to do my own stuff. So I just extract a simple rails Ajax crud js file from the project I done before and published it. More details on Simple Rails AJAX CRUD. Which only has 52 lines. Hope u like it~

Was thinking to write a todo to rewrite it into using PJAX. But realised that push state wouldn’t be too useful for CRUD actions. As storing navigation history after deleting a record wouldn’t be fun.

Redmine and Integrity CI on Heroku

Following are some experience that I wanna share on how to have free hosting of Redmine for project management and Integrity for CI on Heroku.

Warn: don’t do it unless u are bored like me.


Problems of running Redmine on Heroku:

  • Integrate Redmine with S3 for files

Solution: Redmine_S3 plugin

  • Integrate Github Repo


    1. At the root of the Redmine repository, cd repositories/xxxx.git
    2. git fetch
    3. git reset –soft FETCH_HEAD
    4. cd ../..
    5. git add -A
    6. git ci -m ‘update repository’
    7. git push heroku master
    8. heroku run:console Repository.fetch_changesets

Integrity CI

Problems of running Integrity on Heroku:

  • Bundler not found.

Because Heroku’s Bundler is installed in the system path. But after bundle install, the GEM_HOME is set to /.bundle which doesn’t contain Bundler. And need the hack of putting the bundler into .bundle/ manually.

  • Gem not found

As Rake tasks are running at the tmp folder(e.g. tmp/1) And looking for Gems at the GEM_HOME /.bundle. Therefore, I have to install Test environment gems on Integrity.

Heroku Buildpack

How to create your own website?

In the current age, there are many ways to create your own website for free. And most of them are web-based and basically using like a blog, since that is the most easy way for people do not have any programming background. So what you need to do is to create your site or blog in one of the website. Then register your domain. At the end is simply link this two together. In this post, I am going to show the steps how to achieve these by some popular blog hosting websites such as WordPress, Google blogger, Google site, squarespace and Typepad. But the last two is not free, they only purvey a trial version for about 14 days.

  1. The first one I want to talk about is the one I am using – WordPress. It provides free blog hosting service. What you need to do is to sign up an account. Then you will have a for your blog. If you want to have your own domain, WordPress provides $5 USD for registration your domain name and 10 dollar for mapping it together then done! They also provides custom CSS and other features, but that would cost you extra dollars.
  2. Google site and Google blogger is similar to WordPress. They are totally free, albeit they would not provide as much features as WordPress do and has more ads.
  3. TypePad and Spacesquare provides more custom UI(User Interface) design, you can drag and drop items to custom your blog/site’s layout. Meanwhile, they purvey a trial version and would likely charge more.

To sum up, these are some of the most popular choices to make your own site. They are suitable for different requirements. Choices are yours, make your choice.

Rhodes framework – Agile mobile web development

Recently I have joined a IPhone Application development meet-up, which holds every two weeks on Sunday at UTS. If you have interest on it please no hesitate to contact me.

After I joined the meet-up, I start trying to build an IPhone app. As we know, IPhone apps are builded by using object c, which I am not that familiar with. Then I start searching internet, and found this awesome open source mobile framework – “Rhodes” – to build native mobile apps, which compatible for any smartphone. Rhodes 1.4 features built-in tools for test-driven development, and it allows developers to write executable specifications that test applications, said Blum.

On June 8th, 2010, Adam Blum (Rhomobile) present the topic “BUILDING NATIVE MOBILE APPS WITH RHODES”. He said “Rhodes is the only Ruby-based smartphone app framework for rapidly building native applications for all leading smartphones (iPhone, BlackBerry, Windows Mobile, Android, Symbian). During this session, attendees will learn how developers can leverage their web development skills to build cross-platform native applications that take full advantage of the device’s capabilities (contacts, camera, GPS) and eliminate the need to develop specific applications for each mobile OS.”
Ruby is a modern and productive language that enables Web developers to leverage their skills to write applications in a modern Model-View-Controller architecture, Blum said. “They don’t need to use a 30-year-old language like Objective C,” he added. Moreover, The framework constructs true native applications (not just web apps) and can maintain locally-stored data as well as use GPS, PIM functions, the camera and other specific features of the target hardware it runs on. (Worthington 2010)
rhdes architecture
rhdes architecture

Reference: Worthington D, 2010, “Rhodes framework brings agile to mobile development”, viewed on june 10th 2010, “;


Welcome to my blog

I am a rails developer based in Sydney, Australia. This is a place for me to share some crazy idea and awesome cutting-edge technology posts. Hope you like it and feel free to leave your “foot print”.

Blog at | The Baskerville Theme.

Up ↑


Get every new post delivered to your Inbox.

Join 164 other followers