Use String.to_existing_atom to avoid leaking.

sheharyarn / better_params

Cleaner request parameters in Elixir web applications 🙌

MIT License

97 stars 2 forks source link

Use String.to_existing_atom to avoid leaking. #1

Closed vic closed 7 years ago

vic commented 7 years ago

A quick look at your code, seems like using your ExUtils to convert any request parameter into atoms is a bad idea (unless you used something like String.to_existing_atom), otherwise it would be really easy to create something that generates random parameter keys and quickly fills your atom table as they are never freed.

sheharyarn commented 7 years ago

Nice catch. I'll update the code to use String.to_existing_atom. Thanks!

sheharyarn commented 7 years ago

Version 0.2 published with the changes. I can't believe this slipped my mind, I had been using this on a production app for about two months before publishing it as a package. Also mentioned this in the Readme, to not scare off other devs. 😛

Thanks for pointing this out again. 😄