Bug #18337: Ruby allows zero-width characters in identifiers - Ruby - Ruby Issue Tracking System

Actions

Copy link

Like0

Bug #18337

open

Ruby allows zero-width characters in identifiers

Added by duerst (Martin Dürst) over 3 years ago. Updated over 3 years ago.

Status:

Assigned

Assignee:

duerst (Martin Dürst)

Target version:

ruby -v:

Backport:

2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN

[ruby-core:106056]

Description

Ruby allows zero-width characters in identifiers, which can be shown with the following small test:

irb(main):001:0> script = "ab = 20; a\u200Bb = 30; puts ab;"
=> "ab = 20; ab = 30; puts ab;"
irb(main):002:0> eval(script)
20
=> nil

The first line creates the script. It contains a zero-width space (ZWSP), but that's not visible in most contexts (see next line). Looking at the script, one expects 30 as an output, but the output is 20 because there are two variables involved, one with a ZWSP and one without. I propose we fix this by disallowing such characters in identifiers. I'll give more details in a followup.

Related issues 1 (0 open — 1 closed)

Updated by duerst (Martin Dürst) over 3 years ago

Related to Feature #18336: How to deal with Trojan Source vulnerability added

#3 [ruby-core:106250]

Updated by duerst (Martin Dürst) over 3 years ago

Status changed from Open to Assigned
Assignee set to duerst (Martin Dürst)

Actions

Copy link

Like0

Also available in: Atom PDF

Project

General

Custom queries

Profile

Ruby

Bug #18337

Ruby allows zero-width characters in identifiers

Updated by duerst (Martin Dürst) over 3 years ago

Updated by duerst (Martin Dürst) over 3 years ago

Updated by duerst (Martin Dürst) over 3 years ago