Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
owasp-esapi-ruby
= The Owasp ESAPI Ruby project
== Introduction
The Owasp ESAPI Ruby is a port for outstanding release quality Owasp ESAPI project to the Ruby programming language.
Ruby is now a famous programming language due to its Rails framework developed by David Heinemeier Hansson (http://twitter.com/dhh) that simplify the creation of a web application using a convention over configuration approach to simplify programmers' life.
Despite Rails diffusion, there are a lot of Web framework out there that allow people to write web apps in Ruby (merb, sinatra, vintage) [http://accidentaltechnologist.com/ruby/10-alternative-ruby-web-frameworks/]. Owasp Esapi Ruby wants to bring all Ruby deevelopers a gem full of Secure APIs they can use whatever the framework they choose.
== Why supporting only Ruby 1.9.2 and beyond?
The OWASP Esapi Ruby gem will require at least version 1.9.2 of Ruby interpreter to make sure to have full advantages of the newer language APIs.
In particular version 1.9.2 introduces radical changes in the following areas:
=== Regular expression engine (to be written)
=== UTF-8 support Unicode support in 1.9.2 is much better and provides better support for character set encoding/decoding
- All strings have an additional chunk of info attached: Encoding
- String#size takes encoding into account – returns the encoded character count
- You can get the raw datasize
- Indexed access is by encoded data – characters, not bytes
- You can change encoding by force but it doesn’t convert the data
=== Dates and Time From "Programming Ruby 1.9"
"As of Ruby 1.9.2, the range of dates that can be represented is no longer limited by the under- lying operating system’s time representation (so there’s no year 2038 problem). As a result, the year passed to the methods gm, local, new, mktime, and utc must now include the century—a year of 90 now represents 90 and not 1990."
== Roadmap
Please see ChangeLog file.
== Note on Patches/Pull Requests
- Fork the project.
- Create documentation with rake yard task
- Make your feature addition or bug fix.
- Add tests for it. This is important so I don't break it in a future version unintentionally.
- Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
- Send me a pull request. Bonus points for topic branches.
== Copyright
Copyright (c) 2011 the OWASP Foundation. See LICENSE for details.
FAQs
Unknown package
We found that owasp-esapi-ruby demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 09 Mar 2011
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025