Ruby allows to re-open any class and re-implement or override methods.
Gems under supply chain attack can re-open standard library classes, re-implement frequently used methods and start recording or logging important data (say Net:HTTP library’s GET/POST calls).
How do we freeze standard library classes such that the process crashes or throws warning when some rogue gem tries to re-open/re-implement them?
Does ruby (or) rails community address this concern in any way today?
ActiveSupport is a popular library that does quite a lot of std/core library overriding.
Outside ActiveSupport and gems that are too popular where its hard to not detect a supply chain attack, other gems need to cross some sort of fencing before they are allowed to override ruby std library or std/core classes.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs