https://redmine.ruby-lang.org/https://redmine.ruby-lang.org/favicon.ico?17113305112020-05-27T20:43:14ZRuby Issue Tracking SystemRuby master - Bug #16841: Some syntax errors are thrown from compile.chttps://redmine.ruby-lang.org/issues/16841?journal_id=858422020-05-27T20:43:14Zjeremyevans0 (Jeremy Evans)merch-redmine@jeremyevans.net
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Feedback</i></li></ul><p>This doesn't seem to be a bug, it is by design. Trying to move all syntax errors into the parser is probably too difficult to justify the effort even if it is possible.</p>
<p>If you want to more fully check for valid syntax without having to execute code, you can probably use the same approach used in rdoc:</p>
<pre><code class="ruby syntaxhl" data-language="ruby"> <span class="n">check</span> <span class="o">=</span> <span class="nb">lambda</span> <span class="k">do</span> <span class="o">|</span><span class="n">code</span><span class="o">|</span>
<span class="k">begin</span>
<span class="nb">eval</span> <span class="s2">"BEGIN {return true}</span><span class="se">\n</span><span class="si">#{</span><span class="n">code</span><span class="si">}</span><span class="s2">"</span>
<span class="k">rescue</span> <span class="no">SyntaxError</span>
<span class="kp">false</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="n">check</span><span class="o">.</span><span class="p">(</span><span class="s2">"class X; end"</span><span class="p">)</span> <span class="c1"># => true</span>
<span class="n">check</span><span class="o">.</span><span class="p">(</span><span class="s2">"class X; break; end"</span><span class="p">)</span> <span class="c1"># => false</span>
</code></pre>
<p>Do you think that will work for your purposes?</p> Ruby master - Bug #16841: Some syntax errors are thrown from compile.chttps://redmine.ruby-lang.org/issues/16841?journal_id=860692020-06-10T17:28:14Zjeremyevans0 (Jeremy Evans)merch-redmine@jeremyevans.net
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul> Ruby master - Bug #16841: Some syntax errors are thrown from compile.chttps://redmine.ruby-lang.org/issues/16841?journal_id=860722020-06-10T19:03:43Zibylich (Ilya Bylich)ibylich@gmail.com
<ul></ul><p>Thanks for looking into this issue.</p>
<blockquote>
<p>Do you think that will work for your purposes?</p>
</blockquote>
<p>Not really. I'm working on the 3d party parser and I was thinking about whether I need to backport these errors. If I'd need it in some other project (that is not about parsing) I'd definitely do it as you suggested (maybe I'd use <code>eval("throw :tag; #{code.dump}")</code> or something similar, the idea would be the same). I guess I'll simply ignore errors that come after parsing, thank you!</p> Ruby master - Bug #16841: Some syntax errors are thrown from compile.chttps://redmine.ruby-lang.org/issues/16841?journal_id=860732020-06-10T19:13:11Zjeremyevans0 (Jeremy Evans)merch-redmine@jeremyevans.net
<ul></ul><p>ibylich (Ilya Bylich) wrote in <a href="#note-3">#note-3</a>:</p>
<blockquote>
<p>Thanks for looking into this issue.</p>
<blockquote>
<p>Do you think that will work for your purposes?</p>
</blockquote>
<p>Not really. I'm working on the 3d party parser and I was thinking about whether I need to backport these errors. If I'd need it in some other project (that is not about parsing) I'd definitely do it as you suggested (maybe I'd use <code>eval("throw :tag; #{code.dump}")</code> or something similar, the idea would be the same). I guess I'll simply ignore errors that come after parsing, thank you!</p>
</blockquote>
<p>Just FYI, there are problems with <code>eval("throw :tag; #{code.dump}")</code>:</p>
<ol>
<li>code.dump is the same as code.inspect, so it evals a string literal, and will never catch a syntax error.</li>
<li>Assuming you switch to <code>#{code}</code>, it is unsafe if code is not in your control, as <code>code</code> can contain <code>BEGIN</code> blocks evaluated before the <code>throw :tag</code> (resulting in an RCE vulnerability).</li>
</ol>