Hello. Why does Ruby have non-constant strings? It seems there is a way
to bypass object encapsulation paradigm and break object integrity. Here
is any example:
class SecureRunner
This class implements a sudo-like
runner
def initialize(command)
Creates an instance. Guaranties, that a command is safe.
if command.safe?
@comamnd = command
else
raise RuntimeError, "Security check failed!"
end
end
def run
Only safe commands should be run
system(@command)
end
end
This class seems to be safe
Here is a way to bypass security check:
command = “some_safe_command”
runner = SecureRunner.new(command)
a command is safe, so check will be passed
command.replace(“evil_command”) # BYPASS THE CHECK
runner.run # runs evil_command, that is not safe
The same can be done to fields of instances, which are exported as
read-only (attr_reader). I know there is a way to fix it (using .clone
or .dup), but what is the reason Ruby has non-constant strings, as most
languages (Java, Python) do? Is there a way to disable such behaviour
($SAFE will not help, because internal class methods will not be able to
change instance-variable strings too).