Project

General

Profile

Feature #15998

Allow String#-@ to deduplicate tainted string, but return an untainted one

Added by byroot (Jean Boussier) 9 days ago. Updated 8 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:93724]

Description

Patch: https://github.com/ruby/ruby/pull/2287

There was a previous attempt by Eric Wong to allow deduplication of tainted strings, but it was reverted because of unknown CI issues: https://github.com/ruby/ruby/commit/0493b1ce3a4

The previous approach was trying to segregate tainted fstrings from untainted ones. This patch is different.

Instead it returns an untainted fstring.

The rationale is that String#-@ purpose is to deduplicate string we know will stay in memory for long if not until exit, hence I'd argue that by doing so we're implicitly trusting them. A typical usage for instance is:

CONFIG = YAML.load_file('path/to/config.yml').transform_keys { |k| -k }.freeze

Except the above currently doesn't work because YAML returns tainted instances when it reads from a file, so instead you have to do:

CONFIG = YAML.load_file('path/to/config.yml').transform_keys { |k| -(+k).untaint }.freeze

Which is fairly inefficient and unexpected. Several time I wondered why -@ wouldn't deduplicate strings until I noticed they were tainted.

History

Updated by matz (Yukihiro Matsumoto) 9 days ago

  • Status changed from Open to Feedback

taint states will be removed from the language in the near future, along with $SAFE.
I am not positive to change the behavior related to taint.

Matz.

Updated by byroot (Jean Boussier) 9 days ago

taint states will be removed from the language in the near future, along with $SAFE.

That is great to hear!

I am not positive to change the behavior related to taint.

I'm not sure I understand. But if taint is going away in the next release then yes this change is worthless. If not I still see some value in making string deduplication simpler.

Updated by Eregon (Benoit Daloze) 8 days ago

matz (Yukihiro Matsumoto) wrote:

taint states will be removed from the language in the near future, along with $SAFE.

Do you think it will be removed for Ruby 2.7, or 3.0 maybe?
I searched for a ticket but could not find one for removing tainting.

Also available in: Atom PDF