Issue #7795 has been updated by Student (Nathan Zook).


phluid61 (Matthew Kerwin) wrote:
> matz (Yukihiro Matsumoto) wrote:
> > I agree with the basic concept of the proposal.
> > I am not sure Symbol#defined? is a appropriate name for it yet.
> > 
> > The possible addition I like is either:
> > 
> > * add Symbol#define? or similar method
> > * add optional keyword argument to intern e.g.  "foo".intern(exist: true)
> > 
> > Matz.
> 
> My ruby core abilities are somewhat limited as yet, but in experimentation on a local fork I have implemented "foo".to_existing_sym (which raises an error) and "foo".interned (which returns nil); https://gist.github.com/phluid61/5086304
> 
> My next goal, now that I have some familiarity in this area, would be to instead extend the existing rb_str_intern to accept the 'exist' keyword argument.
> 
> I assume it's ok that to_sym also accepts the kwarg?

I agree with Matz that the names are problematic.  What about Symbol[] ? (#7854)
----------------------------------------
Feature #7795: Symbol.defined? and/or to_existing_symbol
https://bugs.ruby-lang.org/issues/7795#change-37336

Author: Student (Nathan Zook)
Status: Open
Priority: Normal
Assignee: matz (Yukihiro Matsumoto)
Category: core
Target version: next minor


I'm pulling this out from deep in the discussions of issue http://bugs.ruby-lang.org/issues/7791, Let Symbols be Garbage Collected.

The problem is that the extreme utility of symbols makes them enticed to use, which results in a DOS vulnerability.  My proposal is to add either of a pair of methods that would make it easy to defend against a DOS along these lines.

#1) Symbol.defined?

In existing code, it would might like this:
class Symbol
  def self.defined?(string)
   all_symbols.any?{|sym| sym.to_s == string}
  end
end 

#2) to_existing_sym.  This would be defined in the same places as to_sym, but would through an argument error if the symbol did not already exist.



-- 
http://bugs.ruby-lang.org/