From: mame@ruby-lang.org
To: ruby-core@ruby-lang.org
Subject: [ruby-core:90492] [Ruby trunk Bug#15409][Assigned] OpenStruct error when attribute is called 'method'
Date: Thu, 13 Dec 2018 06:17:36 +0000 (UTC) [thread overview]
Message-ID: <redmine.journal-75650.20181213061735.e6d75df5d3300147@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-15409.20181213032526@ruby-lang.org
Issue #15409 has been updated by mame (Yusuke Endoh).
Status changed from Open to Assigned
Assignee set to marcandre (Marc-Andre Lafortune)
Yes, the current behavior is intentional. OpenStruct prohibits redefinition of the superclass methods.
However, the current spec that prohibits overwrite is fragile against newly introduced methods to Object class. For example, Object#then is planned to be introduced in Ruby 2.6. It breaks `OpenStruct({ :then => 42 })` which worked well in Ruby 2.5.
I considered this issue with some committers, and found two possible solutions:
1. Just warn if a specified key name conflicts with any method of Object class. This does not solve the issue itself, but a user can notice the breakage.
2. Allow overwrite. This solves the issue. But if a user gives untrusted input as a key of OpenStruct, an attacker might be able to overwrite some basic methods (for example, Object#dup, Object#object_id, etc.), which might lead to a vulnerability of the application. (It would be very rare, I guess, though.)
@marcandre, a maintainer of OpenStruct, what do you think?
----------------------------------------
Bug #15409: OpenStruct error when attribute is called 'method'
https://bugs.ruby-lang.org/issues/15409#change-75650
* Author: elioncho (Elías Orozco)
* Status: Assigned
* Priority: Normal
* Assignee: marcandre (Marc-Andre Lafortune)
* Target version:
* ruby -v: ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-darwin16]
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
The following error is shown when you try to access an OpenStruct with a property called method:
`method': wrong number of arguments (given 0, expected 1) (ArgumentError)
To replicate:
~~~ ruby
require 'ostruct'
o = OpenStruct.new({ method: 'get' })
o.method
~~~
The expected behavior should be to return 'get'
--
https://bugs.ruby-lang.org/
next prev parent reply other threads:[~2018-12-13 6:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-15409.20181213032526@ruby-lang.org>
2018-12-13 3:25 ` [ruby-core:90481] [Ruby trunk Bug#15409] OpenStruct error when attribute is called 'method' elioncho
2018-12-13 5:46 ` [ruby-core:90491] " oleynikov
2018-12-13 6:17 ` mame [this message]
2018-12-13 6:59 ` [ruby-core:90494] " ruby-core
2018-12-13 7:23 ` [ruby-core:90497] " shevegen
2018-12-13 8:21 ` [ruby-core:90499] " mame
2019-05-09 15:15 ` [ruby-core:92617] " tansaku
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.journal-75650.20181213061735.e6d75df5d3300147@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).