Kusintha koyipaku kumaposa njira ya "#authenticate" mkalasi
Identity, pambuyo pake kuyimba kwa njira iliyonse kumabweretsa imelo ndi mawu achinsinsi omwe amatumizidwa panthawi yoyeserera kutumizidwa kwa omwe akuwukirawo. Mwanjira iyi, magawo olowera a ogwiritsa ntchito omwe amagwiritsa ntchito gulu la Identity ndikuyika mtundu wosatetezeka walaibulale yamakasitomala onse amalandidwa, omwe zimaonetsedwa monga kudalira pamapaketi ambiri odziwika a Ruby, kuphatikiza ast (64 miliyoni kutsitsa), oauth (32 miliyoni), fastlane (18 miliyoni), ndi kubeclient (3.7 miliyoni).
Kuphatikiza apo, chitseko chakumbuyo chawonjezedwa ku code, kulola kuti nambala ya Ruby yosagwirizana ichitike kudzera mu ntchito yoyeserera. Khodiyo imafalitsidwa kudzera pa Cookie yotsimikiziridwa ndi kiyi ya wowukirayo. Kudziwitsa omwe akuukira za kukhazikitsidwa kwa phukusi loyipa kwa wolandila wakunja, ulalo wa dongosolo la wozunzidwayo ndikusankha zambiri zokhudzana ndi chilengedwe, monga mapasiwedi osungidwa a DBMS ndi mautumiki amtambo, amatumizidwa. Kuyesera kutsitsa zolemba za cryptocurrency migodi zidajambulidwa pogwiritsa ntchito code yoyipa yomwe tatchulayi.
Pambuyo pophunzira malamulo oyipa anali kuwululidwakuti kusintha kofananako kulipo 10 paketi mu Ruby Gems, zomwe sizinalandidwe, koma zidakonzedwa mwapadera ndi owukira kutengera malaibulale ena otchuka omwe ali ndi mayina ofanana, momwe mzerewo unasinthidwa ndi underscore kapena mosemphanitsa (mwachitsanzo, kutengera cron-parser phukusi loyipa cron_parser lidapangidwa, ndikutengera doge_coin doge-coin malicious package). Phukusi lamavuto: