Project

General

Profile

Actions

Feature #6409

closed

public_send is easily bypassed

Added by postmodern (Hal Brodigan) over 12 years ago. Updated over 12 years ago.

Status:
Rejected
Assignee:
-
Target version:
[ruby-core:44929]

Description

=begin
(({public_send})) can easily be bypassed, by using it to call (({send})). (({public_send})) should explicitly not allow calling (({send})).

class Test
  private

  def secret
    "top secret"
  end
end

t = Test.new

t.public_send(:secret)
# => NoMethodError: private method `secret' called for #<Test:0x0000000159b950>

t.public_send(:send, :secret)
# => "top secret"

t.public_send(:send, :exec, "rm -rf ~")

=end

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0