Skip to main content
Let’s get started!
View all Services
Development
Design
Product
Team and Processes
View all Services
View all Resources
Development
The business of great software
View all Resources

This week in #dev (Jan 24, 2025)

thoughtbot
Edited by Matheus Richard

Welcome to another edition of This Week in #dev, a series of posts where we bring some of our most interesting Slack conversations to the public.

Regular Expression Denial of Service (ReDoS)

Fer Perales learned about ReDoS (Regular Expression Denial of Service): a type of security vulnerability that exploits inefficient regular expressions to cause a denial of service. It happens when a regular expression is written in such a way that it requires an excessive amount of time to process certain inputs.

He also shares a website to test regular expressions for ReDoS. Matheus Richard adds that Ruby introduced Regex timeouts to avoid this kind of attack.

Reviving Active Resource: Integrating with modern Rails for API communication

Sean Doyle shares his experience using Active Resource for API communication in a project. Despite its age and lack of recent updates, Active Resource remains valuable, especially with new Rails features like the serialize Active Record method. This method, combined with String and JSON(B) database columns, allows for efficient serialization and deserialization of object instances. Below is a code example demonstrating how to store an Active Resource representation of an API response directly in a database:

ActiveRecord::Schema.define do
  create_table :posts, force: true do |t|
    t.json :api_post, null: false
    t.virtual :api_post_id, type: :string, stored: true, null: false, as: <<~SQL
      api_post->>'id'
    SQL

    t.index :api_post_id, unique: true
  end
end

module Api
  class ApplicationResource < ActiveResource::Base
    def self.dump(resource) = resource.try(:serializable_hash)
    def self.load(attributes) = attributes.nil? ? nil : new(attributes, attributes[primary_key])
  end

  class Api::Post < ApplicationResource
    self.site = "<https://api.dev>"

    schema do
      attribute :name, :string
      attribute :body, :string
    end
  end
end

class Post < ActiveRecord::Base
  serialize :api_post, coder: Api::Post

  delegate_missing_to :api_post
end

Flaky tests? Try Playwright!

Matheus Richard suggests replacing Selenium with Playwright to address flaky system specs. This has significantly improved the reliability of a client’s test suite. Here’s a tuturial on how to do it.

Thanks

This edition was brought to you by Fer Perales, Matheus Richard, and Sean Doyle. Thanks to all contributors! 🎉