Project

General

Profile

Actions

Feature #14225

closed

untaint hash key strings

Added by normalperson (Eric Wong) about 6 years ago. Updated over 2 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:84412]

Description

Since we are working on deprecating and removing $SAFE for [Feature #5455],
I propose untainting all string keys used for hashes in Ruby 2.6.

It will make implementing [Feature #13725] (fstring dedupe of hash keys) easier.

Furthermore, Perl (which I assume is the influence for tainting in Ruby) does
not taint hash keys. In fact, perlsec(1) manpage states:
"Hash keys are never tainted"
cf. http://perldoc.perl.org/perlsec.html

Updated by Eregon (Benoit Daloze) about 6 years ago

I think we should remove tainting as a whole along with $SAFE.
Untainting automatically seems bad practice and counter-intuitive.

Updated by normalperson (Eric Wong) about 6 years ago

wrote:

Issue #14225 has been updated by Eregon (Benoit Daloze).

I think we should remove tainting as a whole along with $SAFE.

Agreed.

Untainting automatically seems bad practice and counter-intuitive.

It wouldn't untaint the actual non-frozen string; but the frozen
copy which is auto-created when a non-frozen string is used as a
hash key. In other words, it should become:

h = {}
f = 'foo'.taint
h[f] = :bar
h.keys[0].taint? # => false (true in <= 2.5)

# In any version of Ruby, it'll stay:
h.keys[0].object_id != f
# unless f is already frozen

Anyways, I think the change to remove taint should be gradual
(like $SAFE removal) so people ahve time to adapt; and this is
one step.

Actions #4

Updated by jeremyevans0 (Jeremy Evans) over 2 years ago

  • Status changed from Open to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0