method

deep_dup

v5.2.3 - Show latest stable - Class: Hash

deep_dup()

public

Returns a deep copy of hash.

hash = { a: { b: 'b' } }
dup  = hash.deep_dup
dup[:a][:c] = 'c'

hash[:a][:c] # => nil
dup[:a][:c]  # => "c"

# File activesupport/lib/active_support/core_ext/object/deep_dup.rb, line 43
  def deep_dup
    hash = dup
    each_pair do |key, value|
      if key.frozen? && ::String === key
        hash[key] = value.deep_dup
      else
        hash.delete(key)
        hash[key.deep_dup] = value.deep_dup
      end
    end
    hash
  end

2Notes

Be careful with cycles

astgtciv · Feb 2, 2015

This simplistic implementation (unlike Marshal.load(Marshal.dump(object)) doesn't handle cycles in objects.

a = {}
b = {a: a}
a[:b] = b
a.deep_dup # SystemStackError: stack level too deep

What about Marshal remote code execution risks?

joels · Jan 6, 2016

Good suggestion about using Marshal to avoid cycles, astgtciv, but what about the security risks of doing that?

See http://ruby-doc.org/core-2.2.2/Marshal.html where it states:

By design, ::load can deserialize almost any class loaded into the Ruby process. In many cases this can lead to remote code
execution if the Marshal data is loaded from an untrusted source.

As a result, ::load is not suitable as a general purpose serialization format and you should never unmarshal user supplied input or other
untrusted data.

If you need to deserialize untrusted data, use JSON or another serialization format that is only able to load simple, ‘primitive’ types such
as String, Array, Hash, etc. Never allow user input to specify arbitrary types to deserialize into.

deep_dup

2Notes

Be careful with cycles

What about Marshal remote code execution risks?

Related methods