Escape and sanitize input and output?

Tagged sanitize, escape, input, output  Languages 

Thinking about escaping and sanitizing input and output? Read this: https://security.stackexchange.com/questions/95325/input-sanitization-vs-output-sanitization

Rules:

  • Always sanitize output

You can fix bugs in the input sanitizer without touching the database by always sanitizing output.

  • Sanitize input, if it makes sense:

For example, if there’s a risk that input becomes invalid after sanitization it’s better to store data raw. Also, when there are multiple output formats sanitizing might break something.

faiss-cpu Dockerfile

Tagged faiss, dockerfile  Languages 

Dockerfile:

FROM continuumio/anaconda3

RUN conda install faiss-cpu -c pytorch

WORKDIR /app

RUN pip install --upgrade pip
ADD requirements.txt /app/
RUN pip install -r requirements.txt

requirements.txt:

...

gid, uid in Dockerfile

Tagged uid, dockerfile, gid  Languages bash
# Debian
RUN addgroup --gid 10000 app && adduser --gid 10000 --uid 10001 app && chown -R app /app/ && chgrp -R app /app/ && chmod -R 740 /app/

# Alpine
RUN addgroup --gid 10000 app && adduser -u 10001 app -D -G app && chown -R app /app/ && chgrp -R app /app/ && chmod -R 740 /app/

Add the user to the host system too.

ActiveRecord after_create/after_save and associations

Tagged after_create, association, rails, after_save  Languages ruby

The order of ActiveRecord callbacks matter when for example they need to access associations (e.g. has_many).

For example, the calculate_doors will be called before the associations are saved to the database if you use car.doors.build(name: :backdoor):

class Car < ApplicationRecord
  after_create :calculate_doors
  has_many :doors

This can lead to subtle errors.

Changing the order will fix the issue:

class Car < ApplicationRecord
  has_many :doors
  after_create :create_doors

Tested with Rails 6.1. Other versions might work differently.

See https://api.rubyonrails.org/classes/ActiveRecord/AutosaveAssociation.html for details:

Placing your callbacks after associations is usually a good practice.

Preventing division by zero in PostgreSQL

Tagged zero, postgres, nullif, division  Languages sql
localhost=# select 1 / 0;
ERROR:  22012: division by zero
LOCATION:  int4div, int.c:824

Hmmm:

localhost=# select 1 / NULL;
┌──────────┐
│ ?column? │
├──────────┤
│        ¤ │
└──────────┘
(1 row)

Time: 7.067 ms

Ergo:

localhost=# select 1 / NULLIF(0, 0);
┌──────────┐
│ ?column? │
├──────────┤
│        ¤ │
└──────────┘
(1 row)

Time: 0.303 ms