DOCSLIB.ORG

Sok: XML Parser Vulnerabilities

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Sok: XML Parser Vulnerabilities SoK: XML Parser Vulnerabilities Christopher Späth Christian Mainka Vladislav Mladenov Ruhr-University Bochum Ruhr-University Bochum Ruhr-University Bochum Jörg Schwenk Ruhr-University Bochum Abstract the parser behavior can be influenced. Originally de- The Extensible Markup Language (XML) has become signed to define the structure (grammar) of an XML doc- a widely used data structure for web services, Single- ument, it also enables various attacks, such as Denial-of- Sign On, and various desktop applications. The core Service (DoS), Server Side Request Forgery (SSRF), and of the entire XML processing is the XML parser. At- File System Access (FSA). tacks on XML parsers, such as the Billion Laughs and In 2002, Steuck discovered the powerful XML Ex- the XML External Entity (XXE) Attack are known since ternal Entity (XXE) attack on XML parsers that allows 2002. Nevertheless even experienced companies such as FSA[60]. Leading companies like Google [15], Face- Google, and Facebook were recently affected by such book [59, 53], Apple [8] and others [63,9, 16, 17] have vulnerabilities. been recently affected by this attack. In this paper we systematically analyze known attacks The Open Web Application Security Project (OWASP) on XML parsers and deal with challenges and solutions and other resources [47, 46][71] only partially list vul- of them. Moreover, as a result of our in-depth analysis nerabilities and slightly consider countermeasures. Mor- we found three novel attacks. gan [40] provides till date the most complete compilation We conducted a large-scale analysis of 30 different of available attack vectors. A systematic sampling of 13 XML parsers of six different programming languages. parsers was conducted recently [57], however, with only We created an evaluation framework that applies differ- one prevalent kind of FSA and DoS attack within scope. ent variants of 17 XML parser attacks and executed a Attacks relying on the FTP [41] and netdoc protocol [22], total of 1459 attack vectors to provide a valuable insight as well as several bypasses [74] and novel attacks such as into a parser’s configuration. We found vulnerabilities in schemaEntity or XML Inclusion (XInclude) based SSRF 66 % of the default configuration of all tested parses. In are not addressed in any of these sources. addition, we comprehensively inspected parser features Systematic Parser Analysis. We contribute a compre- to prevent the attacks, show their unexpected side effects, hensive security analysis framework of 30 XML parsers and propose secure configurations. in six popular programming languages: Ruby, .NET, PHP, Java, Python, Perl. We identify each parser’s de- 1 Introduction fault behavior by using 17 core tests. This corresponds to all known attack vectors. Based on them, we introduce The Extensible Markup Language (XML) is a wide a metric enabling the comparison of all parsers regarding spread data structure used in many application ar- the security, by computing a Base Vulnerability Score eas ranging from desktop office tools which use it to (BVS). save their documents (*.docx), to XML-based databases Complex Attack Prevention. Finding countermeasures (MarkLogic, eXist), and web protocol standards (SAML, can be tedious, since the parser’s documentation is out- SOAP). dated and a thorough inspection of the source code is On a technical level, the parser translates an input necessary. We extended our core tests with parser- byte-stream into an XML document that can be accessed specific tests, to investigate the implication of security by APIs in different programming languages. relevant parser features and their interaction with each Security of XML parsing. By adding a Document Type other on the overall security. This results in a total of Definition (DTD) directly on top of the XML document, 1459 tests. Contribution. 1 <!DOCTYPE data [ ? We systematically discuss the so-far largest number 2 <!ENTITY a SYSTEM "file:///C:/data/a.txt"> ]> of state-of-the art XML attacks. 3 <data>&a;</data> ? We develop three novel attack vectors. Listing 3: Example of an External General Entity ? We create an evaluation framework [10] consider- ing all known attacks and apply a comprehensive The file "a.txt" is a plain text file. The parser retrieves the evaluation to 30 parsers finding 66 % vulnerable in file and replaces the reference as before. their default configuration. 1 Arachibutyrophobia ? We propose countermeasures (if possible) against Listing 4: The content of a.txt all attacks and propose a secure configuration for each parser. Internal Parameter Entities can be used to instantly ? We apply our framework to Android and reveal a modify the value of a General Entity. yet undiscovered attack. 1 <!DOCTYPE data [ 2 <!ENTITY % m "majoris"> 3 <!ENTITY a "Arachibutyrophobia %m;"> ]> 4 <data>&a;</data> 2 XML Foundations Listing 5: Example of an Internal Parameter Entity. XML is a human-readable, structured document, which The value of Entity "a" instantly changes to is subject to a set of rules. Documents adhering to these "Arachibutyrophobia majoris". rules are called well-formed. Due to space limitations, External Parameter Entities can be used to include ad- we will only discuss two components of XML here - el- ditional entity declarations, which are stored remotely. ements and DTDs. We release an extended version [11] 1 <!DOCTYPE data [ and our evaluation framework [10] to support further re- 2 <!ENTITY % extDTD SYSTEM "file:///C:/data/majoris.dtd" > search in this field. 3 %extDTD; 4 <!ENTITY a "Arachibutyrophobia %m;"> ]> 2.1 XML Elements 5 <data>&a;</data> Listing 6: Example of an External Parameter Elements structure an XML document as in Listing 1. Entity. 1 <data class="products">4</data> The corresponding DTD "majoris.dtd" is shown in Listing 1: Example of an element and an attribute. Listing 12. 1 <!ENTITY % m "majoris"> This document declares an element data with a text Listing 7: Example of an external DTD. content 4 and an attribute class with a value products. The parser first fetches the External Parameter Entity 2.2 Document Type Definition "extDTD", makes the declaration of the entity m avail- able and finally, replaces this reference. A DTD defines a grammar to reject invalid user input and is the first component declared in an XML document. In 2.3 Other XML Technologies addition, DTDs allow the declaration of storage units, so called entities. XInclude. XInclude facilitates the inclusion of an exter- nal (XML) document into the source document. The fol- Entities. There are four different types of entities: In- lowing example shows how to include a file other.xml ternal General Entities offer a neat way to define a value as a child node of the element data. and reference it arbitrarily often within the document. 1 <data> 2 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 1 <!DOCTYPE data [ href="other.xml"/> 2 <!ENTITY a "Arachibutyrophobia"> 3 </data> 3 ]> 4 <data>&a;</data> Listing 8: XML document containing a XInclude Listing 2: Example of an Internal General Entity instruction. While processing the document, the parser replaces XSLT. Extensible Stylesheet Language Transformations the reference "&a;" with the term "Arachibutyrophobia". (XSLT) is commonly used to transform XML documents External General Entities facilitate the inclusion of ex- into other documents and formats, for example, into ternal files. JSON or PDF [27][42]. 2 XML Schema. An XML Schema defines gram- 4.2 DoS: Billion Laughs mar using an XML style syntax. The XML Internal General Entities can be abused to create an Ex- Schema standard allows for the inclusion of external ponential entity attack (Billion Laughs Attack)[28]. The Schema files by using the schemaLocation and the attack relies on a nested , but limited, level of entity re- noNamespaceSchemaLocation attributes. cursions. 1 <!DOCTYPE data [ 2 <!ENTITY a1 "dos"> 3 Attacker Capabilities 3 <!ENTITY a2 "&a1;&a1;&a1;&a1;&a1;"> 4 ... 5 <!ENTITY a13 "&a12;&a12;&a12;&a12;&a12;"> ]> For all attacks described in this paper, we assume that 6 <data>&a13;</data> the attacker is able to generate XML messages and that Listing 10: Example of the Billion Laughs Attack the XML parser can process these messages. We as- sume a DTD to contain only such grammatical restric- By defining different nesting levels of Internal General tions which do not hinder the attacker. For example, the Entities, a file of only 200 kilobytes is expanded to sev- attacker can create an XML config file and the targeted eral gigabytes (3.5GB) during the parsing process. application parses this file on startup. In case of web ap- Challenge: Thresholds. A number of parsers detect plications, the attacker can control or upload an XML file and counteract this attack by implementing a threshold to that is processed by the business logic. Hence in our eval- limit the total number of allowed entity references within uation, we directly invoke the targeted parser and thus a document. obviously control the parsed message. 4.3 DoS: Quadratic Blowup 4 Denial-of-Service Even if the parser implements such a threshold, there are other ways to execute a DoS attack by using an at- DoS attacks target system resources, such as network, tack variant known as the Quadratic Blowup Attack [64]. storage, memory or CPU processing [29]. An efficient Here, a single entity is created containing a large string way to do this is to let the application process a "prob- (e.g. 10 MB). This entity is referenced multiple times lem", thereby allocating a huge amount of resources. At within the document in order to achieve a similar result the same time the attacker can generate and send the at- as before. Since less entity references are required than tack vector using much fewer resources. As a result, an in Listing 10, the threshold limitation can be bypassed. offered service is unavailable for benign users or at least 4.4 DoS with External General Entities responds significantly slower than normal.
Load more

Recommended publications
  • Tsuru Documentation Release 1.6.2
    tsuru Documentation Release 1.6.2 tsuru Oct 04, 2018 Contents 1 Understanding 3 1.1 Overview.................................................3 1.2 Concepts.................................................4 1.3 Architecture...............................................5 2 Installing 7 2.1 tsuru Installer...............................................7 2.2 Installing tsuru components....................................... 12 3 Managing 21 3.1 Installing platforms............................................ 21 3.2 Creating a platform............................................ 22 3.3 Using Pools................................................ 23 3.4 Provisioners............................................... 25 3.5 Clusters.................................................. 26 3.6 Segregate Scheduler........................................... 27 3.7 Upgrading Docker............................................ 27 3.8 Managing Git repositories and SSH keys................................ 28 3.9 Managing users and permissions..................................... 28 3.10 Managing Application Logs....................................... 32 3.11 Debugging and Troubleshooting..................................... 33 3.12 Volumes................................................. 34 3.13 Event webhooks............................................. 35 4 Using 39 4.1 Installing tsuru client........................................... 39 4.2 Deploying................................................ 40 4.3 App-Deploy..............................................
    [Show full text]
  • Rmenu Raspberry PI 3B+ Rmenu 環境構築 Raspberry PI3B+ Rmenu
    RaspberryPi3-20190706 RaspberryPI3 Rmenu VPS Rmenu Raspberry PI 3B+ Rmenu 環境構築 Raspberry PI3B+ Rmenu development term 2019/07/06 1 目次 第1章 はじめに ................................................................................................................................... 4 第2章 構築作業、SD イメージ作成 ................................................................................................... 5 1. Raspbian Buster Lite を ダウンロード ......................................................................... 5 2. SD メモリカードフォーマッターを取得しインストール ................................................ 6 3. SD カードをフォーマットします ................................................................................... 8 4. img ファイルの書き込みプログラムのインストール...................................................... 9 5. img ファイルの書き込み ................................................................................................ 9 6. ssh ファイルの書き込み ............................................................................................... 10 7. SD カードを取り付け、電源を入れる .......................................................................... 11 第3章 最初のログイン ...................................................................................................................... 12 1. ルータが付与した IP アドレスへログイン ................................................................... 12 第4章 Linux raspberrypi 初期設定 ................................................................................................. 13 1. ログイン .....................................................................................................................
    [Show full text]
  • Building Blocks of a Scalable Web Crawler
    Building blocks of a scalable web crawler Marc Seeger Computer Science and Media Stuttgart Media University September 15, 2010 A Thesis Submitted in Fulfilment of the Requirements for a Degree of Master of Science in Computer Science and Media Primary thesis advisor: Prof. Walter Kriha Secondary thesis advisor: Dr. Dries Buytaert I I Abstract The purpose of this thesis was the investigation and implementation of a good architecture for collecting, analysing and managing website data on a scale of millions of domains. The final project is able to automatically collect data about websites and analyse the content management system they are using. To be able to do this efficiently, different possible storage back-ends were examined and a system was implemented that is able to gather and store data at a fast pace while still keeping it searchable. This thesis is a collection of the lessons learned while working on the project combined with the necessary knowledge that went into architectural decisions. It presents an overview of the different infrastructure possibilities and general approaches and as well as explaining the choices that have been made for the implemented system. II Acknowledgements I would like to thank Acquia and Dries Buytaert for allowing me to experience life in the USA while working on a great project. I would also like to thank Chris Brookins for showing me what agile project management is all about. Working at Acquia combined a great infrastructure and atmosphere with a pool of knowledgeable people. Both these things helped me immensely when trying to find and evaluate a matching architecture to this project.
    [Show full text]
  • Open Source Code Acknowledgements & Package List
    Open Source Code Acknowledgements & Package List Copyright © 2010 ‐ 2020 Spectra Logic Corporation. All rights reserved. This appendix contains the licenses and notices for open source software used in the product. If you have any questions or want to receive a copy of the free/open source software to which you are entitled under the applicable free/open source license(s) (such as the Common Development and Distribution License (CCDL)), contact Spectra Logic Technical Support. APACHE Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at: http://www.apache.org/licenses/LICENSE‐2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “A S IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. FREEBSD Copyright © 1992‐2020 The FreeBSD Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS ISʹʹ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    [Show full text]
  • Open Source Licenses 1. Apache-2.0 2. BSD-2-Clause 3
    Open source licenses 1. Apache-2.0 2. BSD-2-Clause 3. BSD-3-Clause 4. BSL-1.0 5. CCPL 6. ISC 7. JSON 8. MIT 9. Zlib Please note, this list may be modified at any time. ------------------------------------------------------------------------------------------------------------------------------------------ Apache License, Version 2.0 adal-node version 0.1.28, Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. adbkit-apkreader version 3.1.2, Copyright © 2013 CyberAgent, Inc., Copyright © 2016 The OpenSTF Project addressable version 2.7.0, Copyright © Bob Aman AWSAPIGateway version 2.6.35, Copyright 2017 - 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. gson version 2.3.1, Copyright 2008 Google Inc. libphonenumber version 7.0.5, Copyright 2014 The Chromium Authors. All rights reserved. dagger version 2.5, Copyright 2012 The Dagger Authors retrofit1-okhttp3-client version 1.0.2, Copyright 2016 Jake Wharton commons-io version 2.5, Copyright 2002-2021 The Apache Software Foundation okhttp version 3.2.0, Copyright 2019 Square, Inc. okio version 1.6.0, Copyright 2013 Square, Inc. retrofit version 1.9.0, Copyright 2013 Square, Inc. detect-libc version 1.0.3, Copyright 2017 Lovell Fuller ecdsa-sig-formatter versions 1.0.9 and 1.0.11, Copyright 2015 D2L Corporation ejs version 2.5.7, EJS Embedded JavaScript templates copyright 2112 [email protected]. FirebaseAuth version 5.0.1, FirebaseCore version 5.0.4, [email protected], FirebaseInstanceID version 3.1.1, [email protected], Copyright 2018 Google LLC rxjava-async-util version 0.21.0, Copyright 2012 Netflix, Inc. rxjava-debug version 1.0.1, Copyright (c) 2016-present, RxJava Contributors.
    [Show full text]
  • Getting Started with Appium
    E-BOOK Getting Started With Appium RUBY EDITION 2018.1 LEARN MORE AT SAUCELABS.COM BY JONATHAN LIPPS TABLE OF CONTENTS 3 Preface 20 Chapter 4: Writing Your First Test 4 Chapter 1: Introduction 25 Chapter 5: Introduction to Page Objects 4 The Appium Vision 30 Chapter 6: Android Joins the Party 5 The Appium Drivers 35 Chapter 7: Running Local Tests With Rake 6 The Appium Clients 36 Chapter 8: Running Tests in the Sauce Labs Cloud 7 Chapter 2: Getting Set Up 40 Annotating Tests on Sauce 7 Assumed Knowledge 41 Chapter 9: Automating Test Runs with a CI Server 7 iOS-specific System Setup 41 Setting Up Jenkins 7 Android-Specific System Setup 42 Creating an Android Build 8 Appium Setup 44 Creating an iOS Build 10 Ruby Client Setup 44 Running on Sauce 10 Project Setup 45 Jenkins for Production 11 Known Working Versions 46 Chapter 10: Heading Out on Your Own 12 Chapter 3: Exploring Your App 46 Resources 12 Using the Appium Ruby Console 47 Support 17 Using the Appium Desktop Inspector PREFACE This little e-book will help you get started with Appium using the Ruby programming language. It is a complete revision from the ground up of an earlier guide written by Dave Haeffner, who along with Matthew Edwards deserves a lot of thanks for all the work put into the first edition. Appium is an open source project that is always changing, and guides like this one will never be accurate forever. When possible I will indicate which versions of various software are being used, which might help in ensuring reproducibility of the code samples used here.
    [Show full text]
  • Bigfix Inventory Open Source Licenses and Notices
    ---------------------------------- BigFix Inventory 10.0 July 2021 ---------------------------------- ------------------------------------------------------------------------- ------------------------------------------------------------------------- The HCL license agreement and any applicable information on the web download page for HCL products refers Licensee to this file for details concerning notices applicable to code included in the products listed above ("the Program"). Notwithstanding the terms and conditions of any other agreement Licensee may have with HCL or any of its related or affiliated entities (collectively "HCL"), the third party code identified below is subject to the terms and conditions of the HCL license agreement for the Program and not the license terms that may be contained in the notices below. The notices are provided for informational purposes. Please note: This Notices file may identify information that is not used by, or that was not shipped with, the Program as Licensee installed it. IMPORTANT: HCL does not represent or warrant that the information in this NOTICES file is accurate. Third party websites are independent of HCL and HCL does not represent or warrant that the information on any third party website referenced in this NOTICES file is accurate. HCL disclaims any and all liability for errors and omissions or for any damages accruing from the use of this NOTICES file or its contents, including without limitation URLs or references to any third party websites. -------------------------------------------------------------------------
    [Show full text]
  • Chef Client Policy
    Dear Participants, • Chef Mailing List Welcome to the course DevOps with Chef on FreeBSD. In • Git website this course, we’ll cover lot of theory and practical aspects. • Ruby Website We’ll focus on the core topics as mentioned in the agenda, Hardware/Software Requirement and we assume that you already know the prerequisites. If • 2 FreeBSD 11 systems/machines (Virtual or Physical), with not, then you might have to learn additional topics such Internet access and bash as the default shell with root as Git, Ruby and FreeBSD first. login over ssh or a normal user with sudo access. • A free account on Hosted Chef. The learning curve for Chef is a little steep at times. There, fore, just be patient and keep working on it, and you’ll eventually be done with the course. We’ll certainly help you throughout the course. But, be prepared to do a lot of self-study as well. Bear in mind that the best way to learn Chef is to just use it. Prerequisites • Knowledge of how to use version control system, pref, erably Git. • Basic Knowledge of FreeBSD OS Administration. • Basic knowledge of any scripting language, preferably Ruby. • Working knowledge of any text/code editor. Resources • FreeBSD • FreeBSD Documentation • Download FreeBSD • Chef Website • Chef Documentation • Chef IRC Channel TABLE OF CONTENTS Module 1: Introduction to Chef.................................................................................................................................................................3 Module 2: Resources.................................................................................................................................................................................7
    [Show full text]
  • The Ruby Way: Solutions and Techniques in Ruby Programming
    Praise for The Ruby Way, Third Edition “Sticking to its tried and tested formula of cutting right to the techniques the modern day Rubyist needs to know, the latest edition of The Ruby Way keeps its strong reputation going for the latest generation of the Ruby language.” Peter Cooper Editor of Ruby Weekly “The authors’ excellent work and meticulous attention to detail continues in this lat- est update; this book remains an outstanding reference for the beginning Ruby pro- grammer—as well as the seasoned developer who needs a quick refresh on Ruby. Highly recommended for anyone interested in Ruby programming.” Kelvin Meeks Enterprise Architect Praise for Previous Editions of The Ruby Way “Among other things, this book excels at explaining metaprogramming, one of the most interesting aspects of Ruby. Many of the early ideas for Rails were inspired by the first edition, especially what is now Chapter 11. It puts you on a rollercoaster ride between ‘How could I use this?’ and ‘This is so cool!’ Once you get on that roller- coaster, there’s no turning back.” David Heinemeier Hansson Creator of Ruby on Rails, Founder at Basecamp “The appearance of the second edition of this classic book is an exciting event for Rubyists—and for lovers of superb technical writing in general. Hal Fulton brings a lively erudition and an engaging, lucid style to bear on a thorough and meticulously exact exposition of Ruby. You palpably feel the presence of a teacher who knows a tremendous amount and really wants to help you know it too.” David Alan Black Author of The Well-Grounded Rubyist “This is an excellent resource for gaining insight into how and why Ruby works.
    [Show full text]
  • Abusing XSLT for Practical Attacks White Paper
    WHITE PAPER Abusing XSLT for Practical Attacks White Paper Fernando Arnaboldi IOActive Senior Security Consultant Abstract Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same initialization vector. Error disclosure has always provided valuable information, but thanks to XSLT, it is possible to partially read system files that could disclose service or system passwords. Finally, XSLT can be used to compromise end-user confidentiality by abusing the same-origin policy concept present in web browsers. This document includes proof-of-concept attacks demonstrating XSLT potential to affect production systems, along with recommendations for safe development. © 2015 IOActive, Inc. All Rights Reserved Contents Abstract ......................................................................................................................... 1 Introduction ................................................................................................................... 3 Processors ............................................................................................................................. 3 Gathering
    [Show full text]
  • Imperative Vs. Object- Oriented Paradigms
    11/11/14 CSCI-2325 Object-Oriented Paradigm: Ruby Mohammad T. Irfan Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all powerful u Data is helpless, at the mercy of procedures u Object-oriented (OO) u Data-centric: data governs the decomposition u Classes – templates/patterns, abstracts away data u Objects – actual things/instantiations of classes u Advantages of OO paradigm u Collaboration u Debugging u Reuse Roadmap u Learn the basics of Ruby today u Investigate Ruby’s object-oriented design principles u Ruby on Rails for web programming 2 11/11/14 Ruby Installation u Several ways to install, as described here: https://www.ruby-lang.org/en/downloads/ u Mac/Linux: Use RVM (https://rvm.io/rvm/install) u Command line$ \curl -sSL https://get.rvm.io | bash -s stable –ruby u Then, follow the instruction given in terminal u To test, commands are: u ruby –v u rvm –v u If you get errors, run the following commands (assuming 2.1.4 is the latest version—look up rvm website for it) u brew update && brew upgrade u rvm reinstall 2.1.4 --disable-binary u Windows: Install Ruby 2.0.0 from RubyInstaller.org http://rubyinstaller.org/downloads/ u Recommended IDE u Aptana Studio 3 http://www.aptana.com/ Ruby resources u Learning u English translation of the creator’s user guide (by Mark Slagell) u http://www.rubyist.net/~slagell/ruby/index.html u Go to reference u Documentation: http://ruby-doc.org/core-2.0.0/ u http://www.tutorialspoint.com/ruby/ u Interactive tutorial using only your web-browser u http://tryruby.org 3 11/11/14 Origin u Designed by Yukihiro Matsumoto (Matz) in early 1990s u Inspired by Perl and Python u Less scripting than Perl u More object-oriented than Python u Happy experience! Quotes u Bruce Stewart (2001): Did you have a guiding philosophy when designing Ruby? u Matz: Yes, it's called the "principle of least surprise." I believe people want to express themselves when they program.
    [Show full text]
  • Pagealyzer Installation and Configuration Manual
    Pagealyzer Installation and Configuration Manual Andrés Sanoja, LIP6 / Université Pierre et Marie Curie Responsables WP : Matthieu CORD/UPMC Stéphane GANÇARSKI/UPMC This work was partially supported by the SCAPE Project. The SCAPE project is co-funded by the European Union under FP7 ICT-2009.4.1 (Grant Agreement number 270137). Enviroment Verification and Configuration The tools pageanalyzer.rb, change_detection.rb and capture.rb are written in Ruby 1.9.1. In the other hand for the change detection process others tools are used that are written in Java, therefore this should be taken into account in the enviroment verification process. The development enviroment was Linux Ubuntu 11.40, the package description is done following its repositories, but in theory should be compatible with debien repos. Ruby Installation We need to be carefull with this step because the software won't work on the 1.8.x versions of Ruby. sudo apt-get install ruby1.9.1-full After that we should check that both, ruby and rubygems, are been properly installed. $ ruby -v 1.9.2p290 (2011-07-09 revision 32533) [i686-linux] It is enough to match the version number. Any doubts there are several tutorials to do this [1]. Now we check the rubygems package manager: $ gem -v 1.3.7 Installing Dependencies After the language and the package manager are properly configured and installed, we may proceed to install the dependencies: sudo gem install --version '= 0.8.6' hpricot sudo apt-get install libxslt-dev libxml2-dev sudo gem install --version '= 1.5.5' nokogiri sudo gem install --version '= 2.0.3' sanitize sudo gem install --version '= 2.25.0' selenium-webdriver sudo apt-get install openjdk-6-jdk sudo apt-get install imagemagick Note1: Installing the selenium-webdriver can cause some warnings in text encoding that should be fine, in almost all the cases.
    [Show full text]