lib/simple/service/action.rb in simple-service-0.1.2 vs lib/simple/service/action.rb in simple-service-0.1.3

@@ -3,10 +3,11 @@
   end
 end
 
 require_relative "./action/comment"
 require_relative "./action/parameter"
+require_relative "./action/indie_hash"
 
 module Simple::Service
   # rubocop:disable Metrics/AbcSize
   # rubocop:disable Metrics/PerceivedComplexity
   # rubocop:disable Metrics/CyclomaticComplexity
@@ -87,10 +88,16 @@
 
     # invokes an action with a given +name+ in a service with a Hash of arguments.
     #
     # You cannot call this method if the context is not set.
     def invoke2(args:, flags:)
+      # args and flags are being stringified. This is necessary to not allow any
+      # unchecked input to DOS this process by just providing always changing
+      # key values.
+      args = IndieHash.new(args)
+      flags = IndieHash.new(flags)
+
       verify_required_args!(args, flags)
 
       positionals = build_positional_arguments(args, flags)
       keywords = build_keyword_arguments(args.merge(flags))
 
@@ -108,26 +115,28 @@
 
     private
 
     # returns an error if the keywords hash does not define all required keyword arguments.
     def verify_required_args!(args, flags) # :nodoc:
-      @required_names ||= parameters.select(&:required?).map(&:name)
+      @required_names ||= parameters.select(&:required?).map(&:name).map(&:to_s)
 
       missing_parameters = @required_names - args.keys - flags.keys
       return if missing_parameters.empty?
 
       raise ::Simple::Service::MissingArguments.new(self, missing_parameters)
     end
 
     # Enumerating all parameters it puts all named parameters into a Hash
     # of keyword arguments.
     def build_keyword_arguments(args)
-      @keyword_names ||= parameters.select(&:keyword?).map(&:name)
+      @keyword_names ||= parameters.select(&:keyword?).map(&:name).map(&:to_s)
 
       keys = @keyword_names & args.keys
       values = args.fetch_values(*keys)
 
-      Hash[keys.zip(values)]
+      # Note that +keys+ now only contains names of keyword arguments that actually exist.
+      # This is therefore not a way to DOS this process.
+      Hash[keys.map(&:to_sym).zip(values)]
     end
 
     def variadic_parameter
       return @variadic_parameter if defined? @variadic_parameter