Bug #1732
closedInconsistency in Transference of Inherited Traits ('Tainted' and 'Untrusted') with #join
Description
=begin
Array#join transfers self's taintedness and trustworthiness to its return value. If an Array is tainted, so is the concatenation of its elements:
['a'].taint.join.tainted?
=> true
['a'].untrust.join.untrusted?
=> true
However, other Enumerables with #join methods do not pass said traits to their offspring:
{'a' => 'b'}.taint.join.tainted?
=> false
{'a' => 'b'}.untrust.join.untrusted?
=> false
require 'set'
=> true
Set.new(['a','b']).taint.join.tainted?
=> false
Set.new(['a','b']).untrust.join.untrusted?
=> false
class E; include Enumerable; def initialize(*a); @e=a; end; def each; @e.each{|e| yield e}; end; end
=> nil
E.new('a','b').taint.join.tainted?
=> false
E.new('a','b').untrust.join.untrusted?
=> false
=end
Updated by nobu (Nobuyoshi Nakada) almost 15 years ago
=begin
Hi,
At Mon, 6 Jul 2009 00:31:57 +0900,
Run Paint Run Run wrote in [ruby-core:24152]:
Array#join transfers self's taintedness and trustworthiness
to its return value. If an Array is tainted, so is the
concatenation of its elements:
However, other Enumerables with #join methods do not pass
said traits to their offspring:
It's because Enumerable#to_a doesn't transfer its taintness and
trustworthiness. Should it do?
--
Nobu Nakada
=end
Updated by matz (Yukihiro Matsumoto) almost 15 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
=begin
Applied in changeset r23971.
=end
Updated by runpaint (Run Paint Run Run) almost 15 years ago
=begin
It's because Enumerable#to_a doesn't transfer its taintness and
trustworthiness. Should it do?
I assumed it would, because Array#to_a/#join does. But I don't pretend to be a language designer. ;-)
matz, I'm sorry to be annoying, but I don't understand this revision. All of my original examples return the same result as of r23976, yet your commit message indicated that this behaviour had changed. Could you clarify? :-)
=end
Updated by matz (Yukihiro Matsumoto) almost 15 years ago
=begin
Hi,
In message "Re: [ruby-core:24176] [Bug #1732] Inconsistency in Transference of Inherited Traits ('Tainted' and 'Untrusted') with #join"
on Tue, 7 Jul 2009 12:28:20 +0900, Run Paint Run Run redmine@ruby-lang.org writes:
|matz, I'm sorry to be annoying, but I don't understand this revision. All of my original examples return the same result as of r23976, yet your commit message indicated that this behaviour had changed. Could you clarify? :-)
Yes? Ah, it was overridden by r23967. I will re-submit the fix.
matz.
=end
Updated by zenspider (Ryan Davis) almost 15 years ago
=begin
On Jul 6, 2009, at 20:28 , Run Paint Run Run wrote:
matz, I'm sorry to be annoying, but I don't understand this revision.
I can't vouch for your "annoyingness" to matz, but I can say that
you're finding really good stuff. Keep up the good work.
=end
Updated by runpaint (Run Paint Run Run) almost 15 years ago
=begin
Thanks, Ryan. :-)
The remaining difference between Array#join and Enumerable#join w.r.t taint/trust involves empty data structures.
$ ruby -e 'p Array.new.untrust.join(":").untrusted?'
false
$ ruby -e 'p Hash.new.untrust.join(":").untrusted?'
true
$ ruby -e 'p Array.new.taint.join(":").tainted?'
false
$ ruby -e 'p Hash.new.taint.join(":").tainted?'
true
$ ruby -v
ruby 1.9.2dev (2009-07-08 trunk 23987) [i686-linux]
=end