Actions
Bug #10209
closedattr_reader vulnerability
Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
ruby 2.0.0p247 (2013-06-27) [i586-linux]
Backport:
Description
It is possible to change a read_only class attribute:
require 'pp'
class Attributes
attr_reader :string, :array, :hash
def initialize
@string = 'value'
@array = [1, 2, 3, 4]
@hash = { name: 'Carlos', age: 25 }
end
end
instance = Attributes.new
pp 'Original atributes:'
pp '-------------------------'
pp instance.string
pp instance.array
pp instance.hash
pp '-------------------------'
# bang!!
# this should not afect the original atribute.
instance.string.gsub!(/.*/, '')
instance.array.clear
instance.hash.clear
pp 'After Hacking attributes:'
pp '-------------------------'
pp instance.string
pp instance.array
pp instance.hash
pp '-------------------------'
Files
Actions
Like0
Like0Like0Like0Like0Like0