Project

General

Profile

Actions
Copy link

Feature #15998

closed

Allow String#-@ to deduplicate tainted string, but return an untainted one

Added by byroot (Jean Boussier) over 5 years ago. Updated almost 5 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:93724]

Description

Patch: https://github.com/ruby/ruby/pull/2287

There was a previous attempt by Eric Wong to allow deduplication of tainted strings, but it was reverted because of unknown CI issues: https://github.com/ruby/ruby/commit/0493b1ce3a4

The previous approach was trying to segregate tainted fstrings from untainted ones. This patch is different.

Instead it returns an untainted fstring.

The rationale is that String#-@ purpose is to deduplicate string we know will stay in memory for long if not until exit, hence I'd argue that by doing so we're implicitly trusting them. A typical usage for instance is:

CONFIG = YAML.load_file('path/to/config.yml').transform_keys { |k| -k }.freeze

Except the above currently doesn't work because YAML returns tainted instances when it reads from a file, so instead you have to do:

CONFIG = YAML.load_file('path/to/config.yml').transform_keys { |k| -(+k).untaint }.freeze

Which is fairly inefficient and unexpected. Several time I wondered why -@ wouldn't deduplicate strings until I noticed they were tainted.

Related issues 1 (0 open1 closed)

Related to Ruby master - Feature #16131: Remove $SAFE, taint and trustClosedActions
Actions
Copy link
 #1 [ruby-core:93725]

Updated by matz (Yukihiro Matsumoto) over 5 years ago

  • Status changed from Open to Feedback

taint states will be removed from the language in the near future, along with $SAFE.
I am not positive to change the behavior related to taint.

Matz.

Actions
Copy link
 #2 [ruby-core:93729]

Updated by byroot (Jean Boussier) over 5 years ago

taint states will be removed from the language in the near future, along with $SAFE.

That is great to hear!

I am not positive to change the behavior related to taint.

I'm not sure I understand. But if taint is going away in the next release then yes this change is worthless. If not I still see some value in making string deduplication simpler.

Actions
Copy link
 #3 [ruby-core:93738]

Updated by Eregon (Benoit Daloze) over 5 years ago

matz (Yukihiro Matsumoto) wrote:

taint states will be removed from the language in the near future, along with $SAFE.

Do you think it will be removed for Ruby 2.7, or 3.0 maybe?
I searched for a ticket but could not find one for removing tainting.

Actions
Copy link
 #4

Updated by naruse (Yui NARUSE) about 5 years ago

Actions
Copy link
 #5 [ruby-core:96688]

Updated by byroot (Jean Boussier) almost 5 years ago

Tainting was made a noop in 2.7.0, this issue can now be closed.

Actions
Copy link
 #6

Updated by jeremyevans0 (Jeremy Evans) almost 5 years ago

  • Status changed from Feedback to Closed
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0