ruby中的符号_Ruby中的凡人和不朽符号

weixin_26737625

于 2020-08-22 17:08:48 发布

阅读量263

点赞数

文章标签： python java

原文链接：https://medium.com/rubycademy/mortal-and-immortal-symbols-in-ruby-35ae4d29248a

版权

ruby中的符号

In this article, we’re going to explore the following topics:

在本文中，我们将探讨以下主题：

symbols are unique
符号是唯一的
symbols since Ruby 2.2
从Ruby 2.2开始的符号
exploiting a security breach using symbols
利用符号利用安全漏洞

符号是唯一的 (Symbols are unique)

A symbol is a unique instance of the Symbol class which is generally used for identifying a specific resource. A resource can be a method, a variable, a hash key, a state, etc..

符号是Symbol类的唯一实例，通常用于标识特定资源。资源可以是方法，变量，哈希键，状态等。

A symbol is unique because only one instance of the Symbol class can be created for a specific symbol in a running program

符号是唯一的，因为在运行的程序中只能为特定符号创建Symbol类的一个实例。

:pending.object_id # => 1277788
:pending.object_id # => 1277788

Here, we can see that the :pending symbol is only created once as the two calls to :pending.object_id return the same object identifier. Symbols are often compared to strings. But the main difference between them relies on the fact that a new String object is created for each created string — even if they’re identical

在这里，我们可以看到:pending符号仅创建一次，因为对:pending.object_id的两次调用返回相同的对象标识符。通常将符号与字符串进行比较。但是它们之间的主要区别在于这样的事实，即为每个创建的字符串都创建了一个新的String对象-即使它们是相同的

'pending'.object_id # => 70324176174080
'pending'.object_id # => 70324176168090

Now that we’re more familiar with symbols, let’s have a look to the changes provided by Ruby 2.2.

现在我们对符号更加熟悉了，让我们看一下Ruby 2.2提供的更改。

自Ruby 2.2起的符号 (Symbol since Ruby 2.2)

Ruby 2.2 introduced the notion of mortal/immortal symbols. Let’s have a look to the differences between these 2 concepts.

Ruby 2.2引入了凡人 / 不朽符号的概念。让我们看一下这两个概念之间的区别。

不朽的象征 (Immortal symbol)

Immortal symbols are symbols that’ll never be garbage collected. They’re created when your code is dynamically modified. For example:

不朽的符号是永远不会被垃圾收集的符号。它们是在动态修改您的代码时创建的。例如：

defining a new method using define_method
使用define_method定义一个新方法
setting an instance variable using set_instance_variable
使用set_instance_variable设置实例变量
creating a constant or variable using const_set
使用const_set创建常量或变量

凡人符号 (Mortal symbol)

Mortal symbol on the other hand are eligible for garbage collection. They’re created in any other cases. For example:

另一方面， 凡人符号也可以进行垃圾收集。它们是在其他任何情况下创建的。例如：

using to_sym
使用to_sym
using symbol literals
使用符号文字
etc..
等等..

Ok, now that we are more familiar with these 2 concepts, let’s see how immortal symbols can generate security issues.

好的，现在我们更加熟悉这两个概念，让我们看看不朽符号如何产生安全问题。

使用不朽符号的安全漏洞 (Security breach using immortal symbols)

It might not be a good idea to create immortal symbols from user inputs. Indeed, this would allow a malicious user to mount a DoS attack against your application by flooding it with unique strings, which will cause memory to grow indefinitely until the Ruby process is killed.

根据用户输入创建不朽符号可能不是一个好主意。确实，这将允许恶意用户通过用唯一的字符串填充它来对您的应用程序发起DoS攻击，这将导致内存无限期增长，直到Ruby进程被杀死为止。

Indeed, as immortal symbols are not garbage collected, creating a huge amount of them can force your Ruby process to slow down.. or to be killed.

的确，由于不朽符号不会被垃圾收集，因此创建大量符号会迫使您的Ruby进程减慢速度或被杀死。

结论 (Conclusion)

The notion of mortal symbol has been introduced in Ruby 2.2 to optimize the memory usage of Ruby programs. On the other hand, immortal symbols can generate security problems and you must use them in a completely safe environment. Avoid to use them when dealing with user interaction.

凡人符号的概念已在Ruby 2.2中引入，以优化Ruby程序的内存使用。另一方面，不朽符号会产生安全性问题，您必须在完全安全的环境中使用它们。在处理用户交互时，请避免使用它们。

Thank you for taking the time to read this article.

感谢您抽出宝贵的时间阅读本文。

Voilà!

瞧！