Break OO privacy: Difference between revisions

Similar to C++, ABAP allows the declaration of friends which can be both classes and interfaces. All subclasses of friend classes are automatically friends of the source class. For example if classA (source) has classB as a friend and classC is a subclass of classB then classC is a friend of classA. Similarly all implementing classes of friend interfaces are friends of the source class. Also all interfaces which contain the befriended interface as a component are friends of the source class.

 

 

class my_class definition friends friendly_class .

 

endclass.

 

=={{header|Ada}}==

One of the great criticisms of Pascal was "there is no escape". The reason was that sometimes you have to convert the incompatible. We start with a package, which defines the data type which holds the secret.

 

 

type Confidential_Stuff is tagged private;

Password: Password_Type := "default!"; -- the "secret"

end record;

 

When we later define an object C of type Confidential_Stuff, we can't read read the password stored in C -- except by breaking / bypassing OO privacy rules.

One way to read the password is by using the generic function Unchecked_Conversion:

 

 

procedure OO_Break_Privacy is

begin

Ada.Text_IO.Put_Line("The secret password is """ & Hack(C).Password & """");

 

The output shows that C holds, surprise, surprise, the default password:

Another way to bypass privacy is using a child package. Ada child packages have access to their parents' private data structures (somewhat similar to "friends" in C++"):

 

function Get_Password(Secret: Confidential_Stuff) return String;

 

function Get_Password(Secret: Confidential_Stuff) return String is

(Secret.Password);

 

Now here is the program that uses the child package, to read the secret:

 

procedure Bypass_OO_Privacy is

OO_Privacy.Friend.Get_Password(C) &

"""");

 

Once again, we have been too lazy to overwrite the default password:

 

=={{header|C sharp|C#}}==

using System.Reflection;

 

Console.WriteLine(answer);

}

{{out}}

 

=={{header|C++}}==

C++ has the 'friend' keyword to indicate that one class should have access to the private data of another. Here's a simple use case. (Please note that this code is not thread-safe.)

 

 

class CWidget; // Forward-declare that we have a class named CWidget.

delete pWidget3;

delete pWidget2;

{{out}}

Widget spawning. There are now 2 Widgets instanciated.

Widget dieing. There are now 1 Widgets instanciated.

Widget spawning. There are now 2 Widgets instanciated.

Widget dieing. There are now 1 Widgets instanciated.

 

Without the "friend" mechanism, it's still possible to meaningfully modify any member in another class, as long as you know that member's address in memory, and its type. Here's the same program as above, but using a pointer to m_uicount, rather a reference to the factory:

 

 

class CWidget; // Forward-declare that we have a class named CWidget.

delete pWidget3;

delete pWidget2;

 

=={{header|Clojure}}==

You can use the var-quote macro to get values from private variables. Here's an example of a variable 'priv' marked private in namespace 'a':

(ns a)

(def ^:private priv :secret)

user=> @#'a/priv ; succeeds

:secret

 

Clojure can also access Java private variables with the same strategy that Java uses. As a convenience, use the [http://clojuredocs.org/clojure_contrib/clojure.contrib.reflect/get-field get-field] function from clojure.contrib.reflect. Here's an example of grabbing the private field "serialVersionUID" from java.lang.Double:

user=> (get-field Double "serialVersionUID" (Double/valueOf 1.0))

-9172774392245257468

 

=={{header|Common Lisp}}==

A symbol can be present in more than one package, such that it can be internal in some of them, and external in others.

 

;; only these symbols are public

(:export :widget :get-wobbliness)

;; even read and evaluated. The symbol is internal and so cannot be used.

(format t "wobbliness: ~a~%" (slot-value *w* 'funky:wobbliness))

 

{{Out}} using CLISP:

 

breakingprivacy.d:

 

struct Foo

string str;

float f;

 

app.d:

import breakingprivacy;

 

__traits(getMember, foo, "str") = "Not so private anymore!";

writeln("Modified foo: ", foo);

 

{{out}}

foo.x = 42

 

=={{header|E}}==

=={{header|F_Sharp|F#}}==

{{trans|C#}}

open System.Reflection

 

let answer = fieldInfo.GetValue(myInstance)

printfn "%s = %A" (answer.GetType().ToString()) answer

{{out}}

<pre>System.Int32 = 42</pre>

This example uses the private word ''sequence/tester'' from the vocabulary ''sets.private''. It tries to count the elements in an intersection of two sets.

 

( scratchpad ) { 1 2 3 } { 1 2 4 } sequence/tester count .

 

There is better way to do the same, without any private words.

 

( scratchpad ) { 1 2 3 } { 1 2 4 } intersect length .

 

=={{header|Forth}}==

Needs the FMS-SI (single inheritance) library code located here:

http://soton.mpeforth.com/flag/fms/index.html

 

99 value x \ create a global variable named x

50 .. f1.x ! \ use the dot parser to access the private x without a message

f1 print \ 50

 

=={{header|FreeBASIC}}==

 

However, as usual, macros come to the rescue and one can easily access non-public members by the simple expedient (or, if you prefer, 'dirty hack') of redefining the Private and Protected keywords to mean Public:

 

#Undef Private

Print

Print "Press any key to quit"

 

{{out}}

A relevant Go Blog article is

[http://blog.golang.org/laws-of-reflection The Laws of Reflection].

 

import (

_, err := r.ReadByte()

fmt.Println("bufio.ReadByte returned error:", err)

{{out}}

<pre>

 

Note: Unicon can be translated via a command line switch into icon which allows for classes to be shared with Icon code (assuming no other incompatibilities exist).

 

procedure main()

printf("foo var1=%i, var2=%i, var3=%i\n",var1,var2,var3)

end

 

{{libheader|Icon Programming Library}}

=={{header|Java}}==

Private fields (and in general all members) of a Java class can be accessed via reflection, but must pass a security check in order to do so. There are two such security checks, one for discovering the field at all, and another for granting access to it in order to be able to read and write it. (This in turn means that trusted applications can do this — it is in fact a mechanism used by important frameworks like Spring — but untrusted applets cannot.)

class Example {

}

}

{{out}}

<pre>

 

(Note: somewhere between Java 8 and Java 11 this stopped working because the <code>value</code> field of <code>String</code> is <code>final</code>. The reflective access is still possible, but changing a final field isn't.)

public class BreakString{

public static void main(String... args) throws Exception{

}

}

{{out}}

<pre>

=={{header|Kotlin}}==

For tasks such as this, reflection is your friend:

import kotlin.reflect.jvm.isAccessible

 

println("${prop.name} -> ${prop.get(tbb)}")

}

 

{{out}}

 

In the following example, a prototype is used for simplicity.

 

% be sure that context switching calls are allowed

bar(3).

 

After compiling and loading the above object, we can use the following query to access the private method:

X = 1 ;

X = 2 ;

X = 3

 

=={{header|Lua}}==

These can be accessed indirectly through the [https://www.lua.org/manual/5.1/manual.html#5.9 debug library].

 

-- These two variables are "private" to this function and can normally

-- only be accessed from within this scope, including by any function

break

end

 

{{out}}

=={{header|M2000 Interpreter}}==

We want to read two private variables, and change values without using a public method (a module or a function), and without attach a temporary method (we can do that in M2000). There is a variant in READ statemend to set references from group members (for variables and arrays, and objects) to names with a reference for each. So using these names (here in the exaample K, M) we can read and write private variables.

Module CheckIt {

Group Alfa {

}

CheckIt

 

=={{header|Nim}}==

File oo.nim:

a: string

b: string

 

proc createFoo*(a, b, c): Foo =

By not adding a <code>*</code> to <code>Foo</code>'s members we don't export them. When we import this module we can't use them directly:

 

The easiest way to get a debug view of any data:

Output:

<pre>[a = 0x7f6bb87a7050"this a",

c = 12]</pre>

More fine-grained:

 

for key, val in fields(toAny(x)):

echo " is an integer with value: ", val.getBiggestInt

else:

Output:

<pre>Key a

One solution is to use Key-Value Coding. It treats properties and instance variables as "keys" that you can get and set using key-value coding methods.

 

 

@interface Example : NSObject {

}

return 0;

{{out}}

<pre>

Another solution is to use a category to add methods to the class (you can have categories in your code modify any class, even classes compiled by someone else, including system classes). Since the new method is in the class, it can use the class's private instance variables with no problem.

 

 

@interface Example : NSObject {

}

return 0;

{{out}}

<pre>

Finally, you can access the instance variable directly using runtime functions.

 

#import <objc/runtime.h>

 

}

return 0;

{{out}}

<pre>

The reader is advised to stop reading here.

 

object

val mutable x = x

Printf.printf "Broken coord: (%d, %d)\n" x y;

evil_reset p

 

{{out}}

=={{header|Perl}}==

Perl's object model does not enforce privacy. An object is just a blessed reference, and a blessed reference can be dereferenced just like an ordinary reference.

sub new {

my $class = shift;

package main;

my $foo = Foo->new();

{{out}}

<pre>I am ostensibly private

We can easily break that privacy mechanism via low-level routines with the required simulated/fake context,<br>

and at the same time be reasonably confident that no-one is ever going to manage to achieve that by accident.

<span style="color: #008080;">without</span> <span style="color: #008080;">js</span> <span style="color: #000080;font-style:italic;">-- (no class under p2js)</span>

<span style="color: #008080;">class</span> <span style="color: #000000;">test</span>

<span style="color: #000000;">structs</span><span style="color: #0000FF;">:</span><span style="color: #000000;">store_field</span><span style="color: #0000FF;">(</span><span style="color: #000000;">t</span><span style="color: #0000FF;">,</span><span style="color: #008000;">"msg"</span><span style="color: #0000FF;">,</span><span style="color: #008000;">"this breaks privacy"</span><span style="color: #0000FF;">,</span><span style="color: #000000;">ctx</span><span style="color: #0000FF;">)</span>

<span style="color: #000000;">t</span><span style="color: #0000FF;">.</span><span style="color: #000000;">show</span><span style="color: #0000FF;">()</span>

<small>(Obviously you could inline the ctx values rather than create a separate constant.)</small>

{{out}}

 

{{works with|PHP|5.1}}

class SimpleClass {

private $answer = "hello\"world\nforever :)";

 

$new_class = eval($class_content);

 

Another way commonly used to access private and protected variables in PHP is to cast the object to an array. It's probably unintentional though looking on how casted array contains null bytes (probably "private" mark). This works unless a magic method for the cast operation is implemented:

{{works with|PHP|4.x}}

{{works with|PHP|5.x}}

class SimpleClass {

private $answer = 42;

$class = new SimpleClass;

$classvars = (array)$class;

 

{{works with|PHP|5.3}}

Since php 5.3, one can easily read and write any protected and private member in a object via reflection.

class fragile {

private $foo = 'bar';

$rp->setValue($fragile, 'haxxorz!');

var_dump($rp->getValue($fragile));

{{out}}

<pre>

PicoLisp uses [http://software-lab.de/doc/ref.html#transient "transient symbols"] for variables, functions, methods etc. inaccessible from other parts of the program. Lexically, a transient symbol is enclosed by double quotes.

The only way to access a transient symbol outside its namespace is to search for its name in other (public) structures. This is done by the '[http://software-lab.de/doc/refL.html#loc loc]' function.

# "_name"

 

(====) # Close transient scope

 

Test:

-> "Hello, I am Eric"

 

 

: (get Foo (loc "_name" +Example))

 

=={{header|Python}}==

Python isn't heavily into private class names. Although private class names can be defined by using a double underscore at the start of the name, such names are accessible as they are mangled into the original name preceded by the name of its class as shown in this example:

__private = 123

non_private = __private * 2

>>> mine._MyClassName__private

123

 

=={{header|Raku}}==

{{works with|Rakudo|2015.12}}

We may call into the MOP (Meta-Object Protocol) via the <tt>.^</tt> operator, and the MOP knows all about the object, including any supposedly private bits. We ask for its attributes, find the correct one, and get its value.

has $!shyguy = 42;

}

my Foo $foo .= new;

 

{{out}}

<pre>42</pre>

=={{header|Ruby}}==

Ruby lets you redefine great parts of the object model at runtime and provides several methods to do so conveniently. For a list of all available methods look up the documentation of <code>Object</code> and <code>Module</code> or call informative methods at runtime (<code>puts Object.methods</code>).

class Example

def initialize

p example.instance_variable_set :@private_data, 42 # => 42

p example.instance_variable_get :@private_data # => 42

 

=={{header|Scala}}==

override def toString = s"Hello, I am $name"

}

field.set(foo, "Edith")

println(foo)

 

=={{header|Sidef}}==

Sidef's object model does not enforce privacy, but it allows storing private attributes inside the container of an object, which is an hash:

has public = "foo"

method init {

 

# Access private attributes

 

=={{header|Swift}}==

Swift reflection provides a Collection of label-value pairs for struct properties

var notSoSecret = "Hello!"

private var secret = 42

print("Value of the secret is \(secret)")

}

{{out}}

<pre>Value of the secret is 42</pre>

=={{header|Tcl}}==

Tcl's object properties are just variables in the a per-instance namespace; all that's required to get hold of them is to discover the name of the namespace concerned:

 

oo::class create Example {

$e print

set [info object namespace $e]::name "Edith"

Hello, I am Eric

Hello, I am Edith

Like the other .NET languages, VB can use Reflection ([https://docs.microsoft.com/en-us/dotnet/framework/reflection-and-codedom/reflection Microsoft docs]).

 

 

' MyClass is a VB keyword.

Console.WriteLine(answer)

End Sub

 

{{out}}

 

However, there is no such thing as a private method. Although conventionally methods which are not intended to be called from outside the class are suffixed with an underscore, this doesn't prevent anyone from accessing them as the following example shows.

construct new() { _safe = 42 } // the field _safe is private

safe { _safe } // provides public access to field

var s = Safe.new()

var a = [s.safe, s.doubleSafe, s.notSoSafe_]

 

{{out}}

=={{header|zkl}}==

In zkl, privacy is more convention than enforced (unlike const or protected).

C.v; C.f; C.D; // all generate NotFoundError exceptions

However:

C.fcns[1]() //-->123

C.classes //-->L(Class(D))

In the case of private vars, the name isn't saved.