Book Image

Polished Ruby Programming

By : Jeremy Evans
5 (1)
Book Image

Polished Ruby Programming

5 (1)
By: Jeremy Evans

Overview of this book

Anyone striving to become an expert Ruby programmer needs to be able to write maintainable applications. Polished Ruby Programming will help you get better at designing scalable and robust Ruby programs, so that no matter how big the codebase grows, maintaining it will be a breeze. This book takes you on a journey through implementation approaches for many common programming situations, the trade-offs inherent in each approach, and why you may choose to use different approaches in different situations. You'll start by refreshing Ruby fundamentals, such as correctly using core classes, class and method design, variable usage, error handling, and code formatting. Then you'll move on to higher-level programming principles, such as library design, use of metaprogramming and domain-specific languages, and refactoring. Finally, you'll learn principles specific to web application development, such as how to choose a database and web framework, and how to use advanced security features. By the end of this Ruby programming book, you’ll be a well rounded web developer with a deep understanding of Ruby. While most code examples and principles discussed in the book apply to all Ruby versions, some examples and principles are specific to Ruby 3.0, the latest release at the time of publication.
Table of Contents (23 chapters)
1
Section 1: Fundamental Ruby Programming Principles
8
Section 2: Ruby Library Programming Principles
17
Section 3: Ruby Web Programming Principles

Never trust input

One of the most common vulnerabilities in Ruby web applications comes from trusting input given by the user. Let's say you have a Struct subclass named Fruit. This keeps track of individual pieces of fruit, such as the type of fruit, the color of the fruit, and the price of the fruit:

Fruit = Struct.new(:type, :color, :price)

You store all your Fruit instances in a hash named FRUITS, keyed by a number assigned to the fruit:

FRUITS = {}
FRUITS[1] = Fruit.new('apple', 'red', 0.70)
FRUITS[2] = Fruit.new('pear', 'green', 1.23)
FRUITS[3] = Fruit.new('banana', 'yellow', 1.40)

You have a web application where you want to allow the user to ask for either the type, the color, or the price of a specified piece of fruit. You decide to try the Roda web framework to implement this application and find it is very simple to get started with:

Roda.route do |r|
  r.get "fruit", Integer...