Issue #7795 has been updated by phluid61 (Matthew Kerwin).


matz (Yukihiro Matsumoto) wrote:
> I agree with the basic concept of the proposal.
> I am not sure Symbol#defined? is a appropriate name for it yet.
> 
> The possible addition I like is either:
> 
> * add Symbol#define? or similar method
> * add optional keyword argument to intern e.g.  "foo".intern(exist: true)
> 
> Matz.

My ruby core abilities are somewhat limited as yet, but in experimentation on a local fork I have implemented "foo".to_existing_sym (which raises an error) and "foo".interned (which returns nil); https://gist.github.com/phluid61/5086304

My next goal, now that I have some familiarity in this area, would be to instead extend the existing rb_str_intern to accept the 'exist' keyword argument.

I assume it's ok that to_sym also accepts the kwarg?
----------------------------------------
Feature #7795: Symbol.defined? and/or to_existing_symbol
https://bugs.ruby-lang.org/issues/7795#change-37335

Author: Student (Nathan Zook)
Status: Open
Priority: Normal
Assignee: matz (Yukihiro Matsumoto)
Category: core
Target version: next minor


I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected.

The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability.  My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines.

#1) Symbol.defined?

In existing code, it would might like this:
class Symbol
  def self.defined?(string)
   all_symbols.any?{|sym| sym.to_s == string}
  end
end 

#2) to_existing_sym.  This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.



-- 
http://bugs.ruby-lang.org/