Allow instance_variable_get for gems than need low level acces#138
Allow instance_variable_get for gems than need low level acces#138chaadow wants to merge 3 commits into
Conversation
example, `Rails` uses `instance_variable_get` to get access to the underlying Pg gem adapter object, to do some low level manipulation: cf. https://github.com/rails/rails/blob/aa1bee96f565b2f894e4b9eef434990ecfaaa833/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb#L340
There was a problem hiding this comment.
Pull request overview
This PR relaxes Console1984’s post-freeze instance-data protections by allowing reflective reads (instance_variable_get) again, intended to unblock framework/gem integrations (e.g., Rails accessing underlying adapter objects for low-level operations) while still preventing reflective writes.
Changes:
- Remove
instance_variable_getfromConsole1984::Freezeable::ClassMethods::SENSITIVE_INSTANCE_METHODS. - Keep
instance_variable_setblocked after freezing to prevent mutation of internal state.
Tip
If you aren't ready for review, convert to a draft PR.
Click "Convert to draft" or run gh pr ready --undo.
Click "Ready for review" or run gh pr ready to reengage.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| module ClassMethods | ||
| SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_get instance_variable_set ] | ||
| SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_set ] | ||
|
|
There was a problem hiding this comment.
The surrounding documentation is now inaccurate: Freezeable no longer blocks instance_variable_get, but the header comment still says it prevents “accessing … instance variables via reflection”, and the flag comment mentions both instance_variable_get and instance_variable_set. Please update the comments (and/or rename prevent_instance_data_manipulation* if its meaning is now “prevent mutation”).
| module ClassMethods | ||
| SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_get instance_variable_set ] | ||
| SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_set ] | ||
|
|
There was a problem hiding this comment.
This change will flip existing tampering expectations: test/tampering_cases/flagged/config/override_with_instance_variable_get.rb currently asserts instance_variable_get is forbidden, but after this change it will be allowed (returning nil if the ivar doesn’t exist). Please update the tampering cases/tests to reflect the new policy (e.g., move that case to allowed/ and/or add an allowed example covering instance_variable_get).
| module ClassMethods | ||
| SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_get instance_variable_set ] | ||
| SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_set ] | ||
|
|
There was a problem hiding this comment.
Removing instance_variable_get from the protected list affects all classes/modules that include Console1984::Freezeable (e.g., Console1984::Config, Console1984::CommandExecutor, etc.), not just the ActiveRecord adapter extensions. If the intent is only to unblock frameworks like Rails on AR adapters while keeping Console1984 internals opaque, consider scoping the relaxation (e.g., make the sensitive method list configurable per including module/class, or disable instance-data protection only for Console1984::Ext::ActiveRecord::ProtectedAuditableTables).
example,
Railsusesinstance_variable_getto get access to the underlying Pg gem adapter object, to do some low level manipulation: cf. https://github.com/rails/rails/blob/aa1bee96f565b2f894e4b9eef434990ecfaaa833/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb#L340in batch calls such as
destroy_allorupdate_all, the entire transaction sometimes gets rolled back, or sometimes we get this weird behavior where out of 5000 rows, 2 get deleted, but not the remaining 4998