Invalid instance/class variable and constant names may be set

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: JRuby 1.0.2, JRuby 1.1b1, JRuby 1.x+
Component/s: Core Classes/Modules
Labels:
None

Number of attachments :
0

Description

The IdUtil.isXXX methods do not sufficiently validate names passed to const_set, instance_variable_set and class_variable_set. (Likewise for the get methods, but that's less problematic.) So, for example, the following are currently accepted:

mod.const_set 'A nice, long phrase!', 86
obj.instance_variable_set '@1 * @2 / @3 =', 4
clazz.send :class_variable_set, '@@@@@@@@', 99

I've got a fix in the works, part of other ivar/cvar/constant work.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Thomas E Enebo added a comment - 28/Aug/07 10:04 AM

Don't fix getVarType as part of this. It is used by the parser/lexer code and does not need extra sanity checks (lexer already does it). I can either move that function into that area or you can comment why it does not have extra checks on it.

Show

Thomas E Enebo added a comment - 28/Aug/07 10:04 AM Don't fix getVarType as part of this. It is used by the parser/lexer code and does not need extra sanity checks (lexer already does it). I can either move that function into that area or you can comment why it does not have extra checks on it.

Hide

Permalink

Bill Dortch added a comment - 28/Aug/07 2:36 PM

Re: ...getVarType ... does not need extra sanity checks ..

I figured as much, created separate isValidXXX methods...

Show

Bill Dortch added a comment - 28/Aug/07 2:36 PM Re: ...getVarType ... does not need extra sanity checks .. I figured as much, created separate isValidXXX methods...

Hide

Permalink

Bill Dortch added a comment - 28/Aug/07 7:56 PM

Fixed on trunk in 4217. Leaving open pending unit tests and replication to 1_0.

Show

Bill Dortch added a comment - 28/Aug/07 7:56 PM Fixed on trunk in 4217. Leaving open pending unit tests and replication to 1_0.

Hide

Permalink

Charles Oliver Nutter added a comment - 30/Sep/07 9:55 AM

Over a month old now; if this is going to be backported to 1.0, do it soon, or we're going to close it as a 1.1-only fix.

Show

Charles Oliver Nutter added a comment - 30/Sep/07 9:55 AM Over a month old now; if this is going to be backported to 1.0, do it soon, or we're going to close it as a 1.1-only fix.

Hide

Permalink

Bill Dortch added a comment - 04/Oct/07 2:22 AM

Fixed for 1_0 branch in 4478, 4479. Unit tests added to trunk in 4480.

Show

Bill Dortch added a comment - 04/Oct/07 2:22 AM Fixed for 1_0 branch in 4478, 4479. Unit tests added to trunk in 4480.

People

Assignee:

Bill Dortch

Reporter:

Bill Dortch

Vote (0)

Watch (0)

Dates

Created:

28/Aug/07 3:45 AM

Updated:

22/Dec/07 6:28 AM

Resolved:

04/Oct/07 2:22 AM