Issue #7839 has been updated by phluid61 (Matthew Kerwin).


normalperson (Eric Wong) wrote:
> "tenderlovemaking (Aaron Patterson)" <aaron / tenderlovemaking.com> wrote:
>  > I'd like to be able to call a method like `Symbol.freeze_symbols`
>  > which would essentially freeze the symbol hash, such that if any new
>  > symbols are created, an exception would be thrown.
>  
>  How about the option to do a soft freeze which issues a warning instead
>  of exception? (but support both).  Start using soft freeze, and move to
>  a real freeze later when apps/gems are fixed.

Also, would you expect to be able to thaw it out again?  It might be enough in the short term to, e.g.
    begin
      Symbol.freeze_symbols
      YAML.load(...)
    ensure
      Symbol.thaw_symbols
    end

----------------------------------------
Feature #7839: Symbol.freeze_symbols
https://bugs.ruby-lang.org/issues/7839#change-36191

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: 


Hi,

On team Rails, we're having troubles with Symbol creation DoS attacks.  From our perspective, there should be a point in the application where symbols should stabilize, meaning we don't expect the number of symbols to increase while the process is running.

I'd like to be able to call a method like `Symbol.freeze_symbols` which would essentially freeze the symbol hash, such that if any new symbols are created, an exception would be thrown.

I can work on a patch for this, but I wanted to throw the idea out there.


-- 
http://bugs.ruby-lang.org/