Open
Conversation
This was quickest and minimal needed to work to get a profile which
can load a Ruby runtime. It is not really correct and is meant as a
starting point.
There are some obvious problems with profile as it is defined. Basic
fundamental things like primal Exception types need to be loaded. Allowing
people to omit them is a footgun.
There is obvious issues with ommitting jruby/kernel. Some of that is
required but at the same time it likely hits profile excluded types.
Regex is a major source of DOS so it must be excludable but at the same
time I suspect we call it many places internally.
Methods which use types which are excludable (like Regexp) probably should
be aware of excluded types and not bind. This would be a MAJOR amount of
work but it would fit into idea of a dependency graph. Likewise we could
make a much smarter type declaration where something like:
```java
return defineClass(context, "Integer", Numeric, NOT_ALLOCATABLE_ALLOCATOR).
reifiedClass(RubyInteger.class).
kindOf(new RubyModule.JavaClassKindOf(RubyInteger.class)).
classIndex(ClassIndex.INTEGER).
defineMethods(context, RubyInteger.class).
tap(c-> c.singletonClass(context).undefMethods(context, "new"));
```
(we are only pretending with this example as Integer is too primal to Ruby
to be allowed to be excluded) we would want to add something to this which
would know that it cannot defineClass unless "Numeric" has been defined.
```java
return requires("Numeric", "Fixnum", "Bignum").
defineClass(context, "Integer", Numeric, NOT_ALLOCATABLE_ALLOCATOR).
reifiedClass(RubyInteger.class).
kindOf(new RubyModule.JavaClassKindOf(RubyInteger.class)).
classIndex(ClassIndex.INTEGER).
defineMethods(context, RubyInteger.class).
tap(c-> c.singletonClass(context).undefMethods(context, "new"));
```
This would end up simplifying the smattering of if's in Ruby to just declare
these dependencies in the setup method for the type.
NinekoTheCat
reviewed
Jul 5, 2025
| assertEquals(result, "uri:" + url); | ||
| } | ||
|
|
||
| class CustomProfile implements Profile { |
There was a problem hiding this comment.
Maybe call it RestrictedProfile to match the name the test has?
Member
Author
There was a problem hiding this comment.
@NinekoTheCat sure. I can change this name in the test. Ultimately this class may get very small as we continue.
headius
added a commit
to headius/jruby
that referenced
this pull request
Jul 9, 2025
This moves IO-related Kernel methods to a separate interface which can be enabled or disabled independently of the rest of Kernel. This relates to recent discussions about making JRuby safely embeddable with only specific classes and features loaded. See other work in jruby#8893
headius
added a commit
to headius/jruby
that referenced
this pull request
Jul 9, 2025
This moves IO-related Kernel methods to a separate interface which can be enabled or disabled independently of the rest of Kernel. This relates to recent discussions about making JRuby safely embeddable with only specific classes and features loaded. See other work in jruby#8893
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This was quickest and minimal needed to work to get a profile which can load a Ruby runtime. It is not really correct and is meant as a starting point.
There are some obvious problems with profile as it is defined. Basic fundamental things like primal Exception types need to be loaded. Allowing people to omit them is a footgun.
There is obvious issues with ommitting jruby/kernel. Some of that is required but at the same time it likely hits profile excluded types.
Regex is a major source of DOS so it must be excludable but at the same time I suspect we call it many places internally.
Methods which use types which are excludable (like Regexp) probably should be aware of excluded types and not bind. This would be a MAJOR amount of work but it would fit into idea of a dependency graph. Likewise we could make a much smarter type declaration where something like:
(we are only pretending with this example as Integer is too primal to Ruby to be allowed to be excluded) we would want to add something to this which would know that it cannot defineClass unless "Numeric" has been defined.
This would end up simplifying the smattering of if's in Ruby to just declare these dependencies in the setup method for the type.