Hacker News new | ask | show | jobs
by rsutphin 4029 days ago
I tested on our app (which uses BSON-ruby 1.9.2) and was surprised to find that the detection code indicated it was not vulnerable. Turned out it was because we also use bson_ext — bson_ext replaces the vulnerable method with a C implementation which doesn't use regexes.
2 comments
ploxiln 4029 days ago
Kinda funny to see a "safe" language saved by C. Just sayin'
link
cheald 4029 days ago
Oh, that's a good catch. I checked on JRuby, which doesn't use bson_ext.
link