Issue #15409 has been updated by mame (Yusuke Endoh).

Status changed from Open to Assigned
Assignee set to marcandre (Marc-Andre Lafortune)

Yes, the current behavior is intentional.  OpenStruct prohibits redefinition of the superclass methods.

However, the current spec that prohibits overwrite is fragile against newly introduced methods to Object class.  For example, Object#then is planned to be introduced in Ruby 2.6.  It breaks `OpenStruct({ :then => 42 })` which worked well in Ruby 2.5.

I considered this issue with some committers, and found two possible solutions:

1. Just warn if a specified key name conflicts with any method of Object class.  This does not solve the issue itself, but a user can notice the breakage.
2. Allow overwrite.  This solves the issue.  But if a user gives untrusted input as a key of OpenStruct, an attacker might be able to overwrite some basic methods (for example, Object#dup, Object#object_id, etc.), which might lead to a vulnerability of the application.  (It would be very rare, I guess, though.)

@marcandre, a maintainer of OpenStruct, what do you think?

----------------------------------------
Bug #15409: OpenStruct error when attribute is called 'method'
https://bugs.ruby-lang.org/issues/15409#change-75650

* Author: elioncho (Elas Orozco)
* Status: Assigned
* Priority: Normal
* Assignee: marcandre (Marc-Andre Lafortune)
* Target version: 
* ruby -v: ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-darwin16]
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
The following error is shown when you try to access an OpenStruct with a property called method:

`method': wrong number of arguments (given 0, expected 1) (ArgumentError)

To replicate:

~~~ ruby
require 'ostruct'
o = OpenStruct.new({ method: 'get' })
o.method
~~~


The expected behavior should be to return 'get'




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>