
Security News
Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
The examples come with a sample broker which can be used by other examples and which also works as an example itself. For now we'll just start up the broker example and tell it to listen on port 8888:
$ ruby broker.rb amqp://:8888
Listening on amqp://:8888
This example broker will receive messages, create queues as needed, and deliver messages to endpoints.
Our first example creates an endpoint that sends messages to a queue to which it is subscribed. So it both sends and receives a message.
To start it, simply run:
$ ruby helloworld.rb //:8888
Hello world!
As you can see, the classic message was output by the example. Now let's take a look at what's going on under the covers.
The following events occur while helloworld.rb runs:
Now that we've covered the basics with the archetypical hello world app, let's look at some more interesting examples.
The following two client examples send and receive messages to an external broker or server:
For example: start broker.rb
; run simple_send.rb
to send messages to a
broker queue; then simple_recv.rb
to receive the messages from the broker.
The following two examples are servers that can be connected to directly, without a broker:
For example if you start direct_recv.rb
, you can connect to it directly with
simple_send.rb
vice-versa with direct_send.rb
and simple_recv.rb
In this set of examples we see the following event occurring, in addition to what we've seen before:
The broker.rb example application is a nice demonstration of doing something more interesting in Ruby with Proton, and shows how to use multiple threads.
The broker listens for incoming connections and sender/receiver links. It uses the source and target address of senders and receivers to identify a queue. Messages from receivers go on the queue, and are sent via senders.
The components of the broker example include:
The broker application demonstrates a new set of events:
It also demonstrates aspects of multi-threaded proton:
Thread safe MessageQueue Uses a Mutex to make actions atomic when called concurrently.
Using WorkQueue Proton objects like Sender are not thread safe. They are normally only used in MessagingHandler#on_ callbacks. To request work from a different thread you can add a code block to a WorkQueue, as shown in MessageQueue#push.
Listener::Handler The broker creates a new BrokerHandler instance for each accepted connection. The container ensures that calls on each handler instance are serialized even if there are multiple threads in the container.
Calling Container#run in multiple threads The Container uses threads that call #run as a thread pool to dispatch calls to MessagingHandler instances. Even if there are multiple threads, calls to handler instance are serialized.
FAQs
Unknown package
We found that qpid_proton demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.