Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't leak Object constants in core_ext/module/qualified_const #17845

Merged
merged 1 commit into from Dec 16, 2015

Conversation

gsamokovarov
Copy link
Contributor

Bumped on this one recently.

Actually, I think we can remove this altogether for Rails 5. Since Ruby 2, Object.const_get actually works for qualified constant names and doesn't raises an exception for absolute paths anymore.

>> Object.const_get '::String'
=> String
>> RUBY_VERSION
=> "2.1.4"
>> Object.const_get '::ActiveSupport::OrderedOptions'
=> ActiveSupport::OrderedOptions

I grepped the code and its not used anywhere but its test.

♡  ag "qualified_const_get"
activesupport/lib/active_support/core_ext/module/qualified_const.rb
26:# Object.const_get('::String') raises NameError and so does qualified_const_get.
39:  def qualified_const_get(path)
52:    mod = mod_name.empty? ? self : qualified_const_get(mod_name)

activesupport/test/core_ext/module/qualified_const_test.rb
59:  test "qualified_const_get" do
60:    assert_equal false, Object.qualified_const_get("QualifiedConstTestMod::X")
61:    assert_equal false, QualifiedConstTestMod.qualified_const_get("X")
62:    assert_equal 1, QualifiedConstTestMod.qualified_const_get("M::X")
63:    assert_equal 1, QualifiedConstTestMod.qualified_const_get("N::X")
64:    assert_equal 2, QualifiedConstTestMod.qualified_const_get("M::C::X")
66:    assert_raise(NameError) { QualifiedConstTestMod.qualified_const_get("M::C::Y")}
95:    assert_raise_with_message(NameError, "wrong constant name ::X") { Object.qualified_const_get("::X")}
96:    assert_raise_with_message(NameError, "wrong constant name ::X") { Object.qualified_const_get("::X::Y")}

guides/source/3_2_release_notes.md
508:* Defined new methods `Module#qualified_const_defined?`, `Module#qualified_const_get` and `Module#qualified_const_set` that are analogous to the corresponding methods in the standard API, but accept qualified constant names.

guides/source/active_support_core_extensions.md
748:The new methods are `qualified_const_defined?`, `qualified_const_get`, and
754:Object.qualified_const_get("Math::PI")            # => 3.141592653589793
761:Math.qualified_const_get("E") # => 2.718281828459045
1704:  mod = mod_name.empty? ? self : qualified_const_get(mod_name)

@rafaelfranca
Copy link
Member

That class was public. So we would have to deprecate all the code.

@gsamokovarov
Copy link
Contributor Author

Tried doing that and the whole test suite light up with deprecation warnings.

Module#qualified_const_defined? is used throughout the autoloading code and new Module#const_defined? doesn't have the same semantics. Its only Module#const_get that behaves similarly to Module#qualified_const_get.

Maybe we can implement Module#qualified_const_get in terms of native Module#const_get for speed, but other than that, we won't be able to touch the other methods.

@rafaelfranca
Copy link
Member

cc @fxn

@fxn
Copy link
Member

fxn commented Jan 5, 2015

ACK!

I am in an immersion working on the contrib app these days, gonna get back here soon.

fxn added a commit that referenced this pull request Jan 29, 2015
Module#const_defined? accepts constant paths in modern Ruby, we no longer
need our qualified_* extensions.

References #17845.
@fxn
Copy link
Member

fxn commented Jan 29, 2015

I have removed internal usage. I think we should just deprecate these extensions for later removal.

@gsamokovarov
Copy link
Contributor Author

@fxn I can try to issue a deprecation warning only once, so we don't flood logs with them. Should I do it in this PR?

@fxn
Copy link
Member

fxn commented Jan 29, 2015

Hmmm.... in principle we could warn always, that's how we normally do it. @rafaelfranca WDYT?

@sgrif
Copy link
Contributor

sgrif commented Nov 23, 2015

@gsamokovarov Are you still interested in working on this? I agree that we should always warn, not warn once.

@sgrif sgrif added this to the 5.0.0 milestone Nov 23, 2015
@gsamokovarov gsamokovarov force-pushed the qualified-const branch 2 times, most recently from b524c7c to 39c50b0 Compare Nov 24, 2015
@gsamokovarov
Copy link
Contributor Author

@sgrif Sure! Deprecated the qualified_const_ methods, fixed deprecations in the tests and added a changelog entry.

rafaelfranca added a commit that referenced this pull request Dec 16, 2015
Don't leak Object constants in core_ext/module/qualified_const
@rafaelfranca rafaelfranca merged commit e134e63 into rails:master Dec 16, 2015
@rafaelfranca rafaelfranca modified the milestones: 5.0.0 [temp], 5.0.0 Dec 30, 2015
y-yagi added a commit to y-yagi/rails that referenced this pull request May 23, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants