=begin
(({public_send})) can easily be bypassed, by using it to call (({send})). (({public_send})) should explicitly not allow calling (({send})).
class Test
private
def secret
"top secret"
end
end
t = Test.new
t.public_send(:secret)
# => NoMethodError: private method `secret' called for #<Test:0x0000000159b950>
t.public_send(:send, :secret)
# => "top secret"
t.public_send(:send, :exec, "rm -rf ~")
I don't understand the rationale behind your request. You are still using send. public_send does not and cannot guarantee that a private method won't be called at some point; only that it won't send the message in case it's a not a public method.
(({public_send})) should only allow calling public methods. By extension, it should not allow calling (({send})), since that would negate the purpose of (({public_send})). In the context of (({public_send})), the (({send})) method has special meaning.
I see no reason to special case this. send is a public method, therefore public_send should be allowed to call it. Attempting to deny access to send for safety reasons is pointless considering that instance_eval is public can be used to work around the issue in the same way:
The whole purpose of public_send is to prohibit the invocation of non-public methods, probably to help detecting error earlier. In that sense, as Jeremy expressed, we see no reason to prohibit #send the public method. public_send (and method visibility in general) is not the way to ensure anything, e.g. security.
def safe_send(method, *arguments)
send(method, *arguments) if METHOD_SAFE[method]
end
end
But this is not completely safe either, because anybody can reopen this class later and change the (({METHOD_SAFE})) constant or even the (({safe_send})) method.
=end
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by