We demonstrate how the popular Ransack library can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases.
One area where Rails does not have great support though is for hosting static Markdown pages along with the rest of the application. Luckily, it's easy to hook into Rails' rendering flow to build out the functionality ourselves.
As part of our team’s internal initiative, we’ve been aware that it just isn’t enough to set up an error tracking system. A process around it must exist. Just like with tasks, someone has to be responsible, the level of priority must be evaluated, and the error reports must be considered part of the workload.
Singed makes it easy to get a flamegraph anywhere in your code base. It wraps profiling your code with stackprofor rbspy, and then launching speedscope to view it.