[Fixes #253] Avoid 'defined?' buggy behavior in ruby 2.5.0 #271
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'defined?' is buggy in ruby 2.5.0, which under certain circumstances users using rack-attack can hit. See issue rack#253. I reported (https://bugs.ruby-lang.org/issues/14407) and fixed (ruby/ruby#1800) the issue in ruby already, but i guess i would take some time before there's a new ruby release including that fix. So for now we would need to circumvent this bug by using 'const_defined?' instead of 'defined?' for this particular case. More details: Anyone using: * ruby 2.5.0 * redis * rack-attack without redis-store and using at least one throttle * having a toplevel class named Store will hit this ruby 2.5.0 bug https://bugs.ruby-lang.org/issues/14407 That's because of the following buggy behavior of 'defined?' under ruby 2.5: ``` $ ruby -v ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux] $ irb > class Redis > end => nil > class Store > end => nil > defined?(::Redis::Store) => "constant" > ::Redis::Store NameError (uninitialized constant Redis::Store Did you mean? Store) ```
|
For anyone interested in testing it, here is a minimal ruby app that reproduces the issue: https://github.com/grzuy/ruby_app_for_rack_attack_253. In that app's |
Closed
|
@frewsxcv Do you have any feedback about this one? :-) |
grzuy
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #253
Found that
defined?is buggy in ruby 2.5.0, which under certain circumstances users using rack-attack can hit (see minimal app to reproduce issue 253).I already reported (https://bugs.ruby-lang.org/issues/14407) and fixed (ruby/ruby#1800) the underlaying issue in ruby, but i am guessing it's going to take some time before there's a new ruby release including the fix.
So for now, we would need to circumvent this ruby 2.5.0 bug by using
Object#const_defined?instead ofdefined?, at least for this particular case.More details:
Anyone using:
will hit this ruby 2.5.0 bug https://bugs.ruby-lang.org/issues/14407
That's because of the following buggy behavior of
defined?under ruby 2.5.0: