Issue #7795 has been reported by Student (Nathan Zook). ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-07 06:10
on 2013-02-07 08:17
Issue #7795 has been updated by alexeymuranov (Alexey Muranov). In my opinion, it would be more useful to have a method that checks if a given string matches one of a symbols in a given set. It is hard for me to think of a situation where one needs to know is a string matches any of the created symbols whatsoever. Similarly, instead of #to_existing_symbol, it seems to me useful to have a method that efficiently finds a symbol in a set by its string representation. ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-35967 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-07 08:46
Issue #7795 has been updated by alexeymuranov (Alexey Muranov). I think also that finding a symbol in a set is related to (can be used in) Hash With Indifferent Access. HWIA are implemented in RoR and Sinatra in different ways. Would be nice if Ruby itself had Hash With Indifferent Access. ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-35968 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-07 09:58
On 7 February 2013 17:17, alexeymuranov (Alexey Muranov) wrote: > In my opinion, it would be more useful to have a method that checks if a > given string matches one of a symbols in a given set. It is hard for me > to think of a situation where one needs to know is a string matches any > of the created symbols whatsoever. Similarly, instead of > #to_existing_symbol, it seems to me useful to have a method that > efficiently finds a symbol in a set by its string representation. That would be a property of the set rather than of Symbol, and can easily be achieved by constructing a Hash whose values are the Symbols in question and keys are the .to_s of the values. e.g. class SymbolSet def initialize @hash = {} end def <<(sym) @hash[sym.to_s] = sym end def defined?(s) @hash.has_key? s.to_s end def existing_sym(s) @hash[s.to_s] or raise "symbol :'#{s}' not defined in this set" end end I believe the original feature request is more useful, because while it is trivial to construct the above class (or an improved version) it is much more difficult to manage membership, especially when you care about "the set of all symbols", which is a legitimate concern in the case of the DOS attack mentioned in the original request. Since the set of all symbols is already available to Symbol (as Symbol.all_symbols), that seems the logical place to implement the feature, if at all.
on 2013-02-08 00:29
Issue #7795 has been updated by Student (Nathan Zook). When methods can be dynamically generated, things get hairy. For instance, active record 1 & 2 defined > n! dynamic finders for each model where n is the number of columns in the model. These methods are never all generated at once, but they can be. Suppose one were to pass options to the to_json method that serializes the return data. In rails, any argumentless method on any object attached through any relationship chain can be valid. That's a lot to monitor. Once the hash is parsed, checks can be made to see if we want to allow the method to be called. But that is only after the symbols have been created. Thus the desire to check to see if the proposed symbol is new before creating it. ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-36022 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-22 01:09
Issue #7795 has been updated by ko1 (Koichi Sasada). Assignee set to matz (Yukihiro Matsumoto) ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-36737 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-22 04:20
Issue #7795 has been updated by matz (Yukihiro Matsumoto). I agree with the basic concept of the proposal. I am not sure Symbol#defined? is a appropriate name for it yet. The possible addition I like is either: * add Symbol#define? or similar method * add optional keyword argument to intern e.g. "foo".intern(exist: true) Matz. ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-36764 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-22 06:53
Issue #7795 has been updated by Student (Nathan Zook). These sound like my (new & preferred) proposal for Symbol[string] #7854. That is, return the symbol if it already exists, nil if not. ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-36775 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-22 08:13
Issue #7795 has been updated by vo.x (Vit Ondruch). Student (Nathan Zook) wrote: > #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist. Reading the documentation, it says "Returns the Symbol corresponding to str, creating the symbol if it did not previously exist." So what would this method did different? Or is the documentation wrong? ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-36779 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-02-22 10:56
On 22 February 2013 17:13, vo.x (Vit Ondruch) <v.ondruch@tiscali.cz> wrote: > Reading the documentation, it says "Returns the Symbol corresponding to > str, creating the symbol if it did not previously exist." So what would > this method did different? Or is the documentation wrong? > ---------------------------------------- > Existing method: to_sym: Returns the Symbol corresponding to str, creating the symbol if it did not previously exist. New (proposed) method: to_existing_sym: Returns the Symbol corresponding to str, raising an Exception if it did not previously exist.
on 2013-03-06 23:00
Issue #7795 has been updated by phluid61 (Matthew Kerwin). matz (Yukihiro Matsumoto) wrote: > I agree with the basic concept of the proposal. > I am not sure Symbol#defined? is a appropriate name for it yet. > > The possible addition I like is either: > > * add Symbol#define? or similar method > * add optional keyword argument to intern e.g. "foo".intern(exist: true) > > Matz. My ruby core abilities are somewhat limited as yet, but in experimentation on a local fork I have implemented "foo".to_existing_sym (which raises an error) and "foo".interned (which returns nil); https://gist.github.com/phluid61/5086304 My next goal, now that I have some familiarity in this area, would be to instead extend the existing rb_str_intern to accept the 'exist' keyword argument. I assume it's ok that to_sym also accepts the kwarg? ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-37335 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-03-07 00:33
Issue #7795 has been updated by Student (Nathan Zook). phluid61 (Matthew Kerwin) wrote: > > My ruby core abilities are somewhat limited as yet, but in experimentation on a local fork I have implemented "foo".to_existing_sym (which raises an error) and "foo".interned (which returns nil); https://gist.github.com/phluid61/5086304 > > My next goal, now that I have some familiarity in this area, would be to instead extend the existing rb_str_intern to accept the 'exist' keyword argument. > > I assume it's ok that to_sym also accepts the kwarg? I agree with Matz that the names are problematic. What about Symbol[] ? (#7854) ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-37336 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
on 2013-03-09 13:01
Issue #7795 has been updated by phluid61 (Matthew Kerwin). Student (Nathan Zook) wrote: > > > Matz. > > > > My ruby core abilities are somewhat limited as yet, but in experimentation on a local fork I have implemented "foo".to_existing_sym (which raises an error) and "foo".interned (which returns nil); https://gist.github.com/phluid61/5086304 > > > > My next goal, now that I have some familiarity in this area, would be to instead extend the existing rb_str_intern to accept the 'exist' keyword argument. > > > > I assume it's ok that to_sym also accepts the kwarg? > > I agree with Matz that the names are problematic. What about Symbol[] ? (#7854) Having experimented with multiple implementations ( e.g. https://gist.github.com/phluid61/5104973 ) I agree that Symbol[] does seem like a much more useful, all-encompassing method. ---------------------------------------- Feature #7795: Symbol.defined? and/or to_existing_symbol https://bugs.ruby-lang.org/issues/7795#change-37421 Author: Student (Nathan Zook) Status: Open Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected. The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability. My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines. #1) Symbol.defined? In existing code, it would might like this: class Symbol def self.defined?(string) all_symbols.any?{|sym| sym.to_s == string} end end #2) to_existing_sym. This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.