How to call methods dynamically based on their name?

ruby dynamic metaprogramming
user502052 picture user502052 · Mar 18, 2011 · Viewed 74.3k times · Source

How can I call a method dynamically when its name is contained in a string variable? For example:

class MyClass
  def foo; end
  def bar; end
end

obj = MyClass.new
str = get_data_from_user  # e.g. `gets`, `params`, DB access, etc.
str  #=> "foo"
# somehow call `foo` on `obj` using the value in `str`.

How can I do this? Is doing so a security risk?

Answer

David picture David · Mar 18, 2011

What you want to do is called dynamic dispatch. It’s very easy in Ruby, just use public_send:

method_name = 'foobar'
obj.public_send(method_name) if obj.respond_to? method_name

If the method is private/protected, use send instead, but prefer public_send.

This is a potential security risk if the value of method_name comes from the user. To prevent vulnerabilities, you should validate which methods can be actually called. For example:

if obj.respond_to?(method_name) && %w[foo bar].include?(method_name)
  obj.send(method_name)
end

Related questions

Dynamic Class Definition WITH a Class Name

How do I dynamically define a class in Ruby WITH a name? I know how to create a class dynamically without a name using something like: dynamic_class = Class.new do def method1 end end But you can't specify a …

Read More
Set Attribute Dynamically of Ruby Object

How can I set an object attribute dynamically in Ruby e.g. def set_property(obj, prop_name, prop_value) #need to do something like > obj.prop_name = prop_value #we can use eval but I'll prefer a faster/…

Read More
How to dynamically define a class method which will refer to a local variable outside?

class C end var = "I am a local var outside" C.class_eval do def self.a_class_method puts var end end I know, this is not correct, because the def created a new scope. I also know that …

Read More