Commit 28fc953b authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Patch `grape-entity` to prevent having NameError loop

RubyVM starts raising unlimited amount of `NameError` errors in case of
a `NameError` in our Grape::Entity instances because of a bug exists in
the `grape-entity` gem.

This causes high CPU usage and puts us at the risk of having DoS.
The VM would eventually raise a `SystemStackError` but this takes quite
long time because the repeating frames are huge.

You can track the progress of upstream fix here:
https://github.com/ruby-grape/grape-entity/pull/355

Changelog: fixed
parent b169a4c1
# frozen_string_literal: true
# This can be removed after the problem gets fixed on upstream.
# You can follow https://github.com/ruby-grape/grape-entity/pull/355 to see the progress.
#
# For more information about the issue;
# https://github.com/ruby/did_you_mean/issues/158#issuecomment-906056018
require 'grape-entity'
module Grape
class Entity
# Upstream version: https://github.com/ruby-grape/grape-entity/blob/675d3c0e20dfc1d6cf6f5ba5b46741bd404c8be7/lib/grape_entity/entity.rb#L520
def exec_with_object(options, &block)
if block.parameters.count == 1
instance_exec(object, &block)
else
instance_exec(object, options, &block)
end
rescue StandardError => e
# it handles: https://github.com/ruby/ruby/blob/v3_0_0_preview1/NEWS.md#language-changes point 3, Proc
raise Grape::Entity::Deprecated.new e.message, 'in ruby 3.0' if e.is_a?(ArgumentError)
raise e
end
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Grape::Entity patch' do
let(:entity_class) { Class.new(Grape::Entity) }
describe 'NameError in block exposure with argument' do
subject(:represent) { entity_class.represent({}, serializable: true) }
before do
entity_class.expose :raise_no_method_error do |_|
foo
end
end
it 'propagates the error to the caller' do
expect { represent }.to raise_error(NameError)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment