misc

There are 37 posts filed in misc (this is page 3 of 8).

Security Update Rails (CVE-2022-32224)

Updating rails with the secrurity update CVE-2022-32224, "Possible RCE escalation bug with Serialized Columns in Active Record".
can cause troubles in rails projects. (I had several project that has issues with this fix).
https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

The main change is that the YAML loader is using safe_load to parse the string. Most classes aren't supported anymore.
Several essential classes have been removed.

To support my Spree Commerce rails projects, I've had to add the following initializer.

ActiveRecord::Base.yaml_column_permitted_classes += [BigDecimal, Symbol]

Other projects requried the HasWithIndifferentAccess

ActiveRecord::Base.yaml_column_permitted_classes += [ ActiveSupport::HashWithIndifferentAccess]

Please try to keep the number of supported classes.
I personally prefer to use JSON for new projects. Because it's simple and clean.

Derailed benchmark not running on production environment

We're running a large rails application, with a lot of request.
Since our upgrade to FreeBSD 13 the live environment is leaking memory in our ruby on rails app.
(FreeBSD 12 version of the jail didn't leak)

This application uses an NFS mount to store (a lot) of client specific files.

Running derailed_benchmark live didn't work. (Pressing ctrl+t, I noticed there were a lof of NFS locks)

In the file
derailed_benchmarks-2.1.1/lib/derailed_benchmarks/load_tasks.rb

it adds '.' to the loadpath. Which causes the production environment to complete iterate over all directories. Which 'hangs', because we have a very big active-strorage directory.

Workaround is to remove the '.' file

#    %W{ . lib test config }.each do |file|
    %W{ lib test config }.each do |file|
      $LOAD_PATH << File.expand_path(file)
    end

Ruby rbtrace ArgumentError: command is too long

(This code blow requires you to include rbtrace in your gems)

To make a stack dump of your running rubyprocess, you could use somthing like this:

my_pid=1234
bundle exec rbtrace -p $my_pid -e 'Thread.new{GC.start;require "objspace";io=File.open("/tmp/ruby-heap.dump", "w"); ObjectSpace.dump_all(output: io); io.close}'

Unfortunately on FreeBSD / Mac OS X this results in (ArgumentError: command is too long)

A workaround for this, is to simply put the code in ruby file, and just load it. For example:
/tmp/rbcode.rb. With the following content

Thread.new{GC.start;require "objspace";io=File.open("/tmp/ruby-heap.dump", "w"); ObjectSpace.dump_all(output: io); io.close}

Next you can use rbtrace lik this:

bundle exec rbtrace -p $my_pid -e 'load("/tmp/rbcode.rb")'

FreeBSD cleanup all iocage

Finally I converted my internal sever to Bastille as jail manager. (I was using iocage). (https://bastillebsd.org)
To completely remove all stuff from iocage, you can run the following command:

iocage clean -a

Then delete the package

pkg delete py38-iocage

Iocage thank you for managing my jails for many year!
(I'm still using you on several other servers)

Cron Job to clear Rails Cache

The rails file cache is something that keeps growing.
Here are some 'handy' snippets.

Delete all files older then 7 days. (replace -delete with -print to test it)

find ./tmp/cache/ -type f -mtime +7 -delete

Delete all empty folders. (mindepth prevents the deletion of the root folder)

find ./tmp/cache/ -type d -empty -delete -mindepth 1

The whenever.rb I use 

job_type :command_in_path, "cd :path && :task :output"

every :day, at: "0:40" do
  command_in_path "find ./tmp/cache/ -type f -mtime +7 -delete"
end

every :day, at: "1:10" do
  command_in_path "find ./tmp/cache/ -type d -empty -delete -mindepth 1"
end