Project

General

Profile

Actions

Feature #15998

closed

Allow String#-@ to deduplicate tainted string, but return an untainted one

Added by byroot (Jean Boussier) over 5 years ago. Updated almost 5 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:93724]

Description

Patch: https://github.com/ruby/ruby/pull/2287

There was a previous attempt by Eric Wong to allow deduplication of tainted strings, but it was reverted because of unknown CI issues: https://github.com/ruby/ruby/commit/0493b1ce3a4

The previous approach was trying to segregate tainted fstrings from untainted ones. This patch is different.

Instead it returns an untainted fstring.

The rationale is that String#-@ purpose is to deduplicate string we know will stay in memory for long if not until exit, hence I'd argue that by doing so we're implicitly trusting them. A typical usage for instance is:

CONFIG = YAML.load_file('path/to/config.yml').transform_keys { |k| -k }.freeze

Except the above currently doesn't work because YAML returns tainted instances when it reads from a file, so instead you have to do:

CONFIG = YAML.load_file('path/to/config.yml').transform_keys { |k| -(+k).untaint }.freeze

Which is fairly inefficient and unexpected. Several time I wondered why -@ wouldn't deduplicate strings until I noticed they were tainted.


Related issues 1 (0 open1 closed)

Related to Ruby master - Feature #16131: Remove $SAFE, taint and trustClosedActions
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0