Safemode patch: better whitelists


I filed a PR which rearange whitelists in a reasonable way so it’s easier to maintain. In several commits I break entries into multiple lines, sort them and rearrange them a bit with no changes performed. Then I add Ruby core and ActiveSupport core methods to the default_methods array. And finally, new rake task generate is added which generates whitelists and the last commit finally makes changes to the whitelists which need to be carefully reviewed.

The idea is to use generation approach for maintaining those whitelists, everytime there is a new Ruby release we can easily generate those. The rake task contains list of “dangerous” methods which I think should never go into Safemode therefore we do not need to bother with them during review.

I suggest to do review commit-by-commit as I was trying hard to make this as clear as possible. The last commit is the most important one - contains the script and the important diff - changes to the whitelists. I the review will go on, I will be amending only the last commit until we agree.

Sending here so there are more eyes to do review, thanks. Comments on github.

1 Like