White-listing method invocation by checking whether the method is listed by a
*_methods() method is a common mistake. For example, public_instance_methods()
includes all inherited methods; this includes eval, exit, instance_eval, send,
etc. However, these *_methods() accept an additional argument which omits
inherited methods.
class RPC
def hello
puts "hello world"
end
end
RPC.public_instance_methods(false)
# => [:hello]
Original issue reported on code.google.com by
postmode...@gmail.comon 21 Sep 2012 at 12:57