Monkey patch

Last updated March 31, 2024

In computer programming, monkey patching is a technique used to dynamically update the behavior of a piece of code at run-time. It is used to extend or modify the runtime code of dynamic languages such as Smalltalk, JavaScript, Objective-C, Ruby, Perl, Python, Groovy, and Lisp without altering the original source code.

Etymology

The term monkey patch seems to have come from an earlier term, guerrilla patch, which referred to changing code sneakily – and possibly incompatibly with other such patches – at runtime. The word guerrilla , nearly homophonous with gorilla , became monkey, possibly to make the patch sound less intimidating.^[1]

An alternative etymology is that it refers to “monkeying about” with the code (messing with it).^{[ citation needed ]}

Despite the name's suggestion, the "monkey patch" is sometimes the official method of extending a program. For example, web browsers such as Firefox and Internet Explorer used to encourage this, although modern browsers (including Firefox) now have an official extensions system.^{[ citation needed ]}

Definitions

The definition of the term varies depending upon the community using it. In Ruby,^[2] Python,^[3] and many other dynamic programming languages, the term monkey patch only refers to dynamic modifications of a class or module at runtime, motivated by the intent to patch existing third-party code as a workaround to a bug or feature which does not act as desired. Other forms of modifying classes at runtime have different names, based on their different intents. For example, in Zope and Plone, security patches are often delivered using dynamic class modification, but they are called hot fixes.^{[ citation needed ]}

Applications

Monkey patching is used to:

Replace methods / classes / attributes / functions at runtime, e.g. to stub out a function during testing;
Modify/extend behaviour of a third-party product without maintaining a private copy of the source code;
Apply the result of a patch at runtime to the state in memory, instead of the source code on disk;
Distribute security or behavioural fixes that live alongside the original source code (an example of this would be distributing the fix as a plugin for the Ruby on Rails platform);

Pitfalls

Malicious, incompetently written, and/or poorly documented monkey patches can lead to problems:

They can lead to upgrade problems when the patch makes assumptions about the patched object that are no longer true; a new release may very well break the patch. For this reason monkey patches are often made conditional, and only applied if appropriate.^[4]
If two modules attempt to monkey patch the same method, one of them (whichever one runs last) "wins" and the other patch has no effect, unless monkey patches are written with a pattern like alias_method_chain.^[5]
They create a discrepancy between the original source code and the observed behaviour that can be very confusing to anyone unaware of the existence of the patch. For example, the Linux kernel detects proprietary and other third-party modules such as the Nvidia driver, which tamper with kernel structures, so that developers will not waste their time trying to debug a problem that they cannot fix.^[6]
They can be written with malicious code in order to attack the main program, or each other. As an example, in 2009, Giorgio Maone, developer of NoScript, attacked the Adblock Plus extension for Firefox, adding exceptions so that advertisements on his own websites would work. The offending code also made sure that if the user attempted to remove the exceptions, they would be added again. The spat caused widespread anger, leading to a back and forth war between new adblock rules being pushed to users, followed by Maone sabotaging the new ones, which eventually led to Mozilla stepping in to change policies regarding add-ons.^[7]

Examples

The following Python example monkey-patches the value of Pi from the standard Python math library to make it compliant with the Indiana Pi Bill.

>>> importmath>>> math.pi3.141592653589793>>> math.pi=3.2# monkey-patch the value of Pi in the math module>>> math.pi3.2================================ RESTART ================================>>> importmath>>> math.pi3.141592653589793>>>

Related Research Articles

JavaScript, often abbreviated as JS, is a programming language and core technology of the Web, alongside HTML and CSS. 99% of websites use JavaScript on the client side for webpage behavior.

SpiderMonkey is an open-source JavaScript and WebAssembly engine by the Mozilla Foundation.

In computer science, a dynamic programming language is a class of high-level programming languages which at runtime execute many common programming behaviours that static programming languages perform during compilation. These behaviors could include an extension of the program, by adding new code, by extending objects and definitions, or by modifying the type system. Although similar behaviors can be emulated in nearly any language, with varying degrees of difficulty, complexity and performance costs, dynamic languages provide direct tools to make use of them. Many of these features were first implemented as native features in the Lisp programming language.

In object-oriented programming languages, a mixin is a class that contains methods for use by other classes without having to be the parent class of those other classes. How those other classes gain access to the mixin's methods depends on the language. Mixins are sometimes described as being "included" rather than "inherited".

In computer programming, duck typing is an application of the duck test—"If it walks like a duck and it quacks like a duck, then it must be a duck"—to determine whether an object can be used for a particular purpose. With nominative typing, an object is of a given type if it is declared as such. With duck typing, an object is of a given type if it has all methods and properties required by that type. Duck typing may be viewed as a usage-based structural equivalence between a given object and the requirements of a type.

A patch is a set of changes to a computer program or its supporting data designed to update or repair it. This includes bugfixes or bug fixes to remove security vulnerabilities and correct bugs (errors). Patches are often written to improve the functionality, usability, or performance of a program. The majority of patches are provided by software vendors for operating system and application updates.

Netscape Plugin Application Programming Interface (NPAPI) is a deprecated application programming interface (API) for web browser plugins, initially developed for Netscape Navigator 2.0 in 1995 and subsequently adopted by other browsers.

The Mozilla Application Suite is a discontinued cross-platform integrated Internet suite. Its development was initiated by Netscape Communications Corporation, before their acquisition by AOL. It was based on the source code of Netscape Communicator. The development was spearheaded by the Mozilla Organization from 1998 to 2003, and by the Mozilla Foundation from 2003 to 2006.

In software engineering, profiling is a form of dynamic program analysis that measures, for example, the space (memory) or time complexity of a program, the usage of particular instructions, or the frequency and duration of function calls. Most commonly, profiling information serves to aid program optimization, and more specifically, performance engineering.

NoScript is a free and open-source extension for Firefox- and Chromium-based web browsers, written and maintained by Giorgio Maone, a software developer and member of the Mozilla Security Group.

A foreign function interface (FFI) is a mechanism by which a program written in one programming language can call routines or make use of services written or compiled in another one. An FFI is often used in contexts where calls are made into binary dynamic-link library.

Aptana, Inc. is a company that makes web application development tools for use with a variety of programming languages. Aptana's main products include Aptana Studio, Aptana Cloud and Aptana Jaxer.

Tamarin is a discontinued free software virtual machine with just-in-time compilation (JIT) support intended to implement the 4th edition of the ECMAScript (ES4) language standard. Tamarin source code originates from ActionScript Virtual Machine 2 (AVM2) developed by Adobe Systems, as introduced within Adobe Flash Player 9, which implements ActionScript 3 scripting language. ActionScript Virtual Machine 2 was donated as open-source to Mozilla Foundation on November 7, 2006, to develop Tamarin as a high-performance virtual machine, with the support from broad Mozilla community, to be used by Mozilla and Adobe Systems in the next generation of their JavaScript and ActionScript engines with the ultimate aim to unify the scripting languages across web browsers and Adobe Flash platform and ease the development of better performing rich web applications.

IronRuby is an implementation of the Ruby programming language targeting Microsoft .NET Framework. It is implemented on top of the Dynamic Language Runtime (DLR), a library running on top of the Common Language Infrastructure that provides dynamic typing and dynamic method dispatch, among other things, for dynamic languages.

In computer science, marshalling or marshaling is the process of transforming the memory representation of an object into a data format suitable for storage or transmission, especially between different runtimes. It is typically used when data must be moved between different parts of a computer program or from one program to another.

libffi is a foreign function interface library. It provides a C programming language interface for calling natively compiled functions given information about the target function at run time instead of compile time. It also implements the opposite functionality: libffi can produce a pointer to a function that can accept and decode any combination of arguments defined at run time.

Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

Pylons Project is an open-source organization that develops a set of web application technologies written in Python. Initially the project was a single web framework called Pylons, but after the merger with the repoze.bfg framework under the new name Pyramid, the Pylons Project now consists of multiple related web application technologies.

asm.js is a subset of JavaScript designed to allow computer software written in languages such as C to be run as web applications while maintaining performance characteristics considerably better than standard JavaScript, which is the typical language used for such applications.

The syntax of the Ruby programming language is broadly similar to that of Perl and Python. Class and method definitions are signaled by keywords, whereas code blocks can be defined by either keywords or braces. In contrast to Perl, variables are not obligatorily prefixed with a sigil. When used, the sigil changes the semantics of scope of the variable. For practical purposes there is no distinction between expressions and statements. Line breaks are significant and taken as the end of a statement; a semicolon may be equivalently used. Unlike Python, indentation is not significant.

References

↑ "Glossary — Definition of 'Monkey patch'". Plone Content Management System . Archived from the original on 2021-01-22. Retrieved 2021-07-02. when someone created a guerrilla patch very carefully and tried to avoid any battles, they tried to make it sound less forceful by calling it a monkey patch
↑ Nutter, Charles Oliver. "Refining Ruby". Charles Oliver Nutter.
↑ Biswal, Bimal. "Monkey Patching in Python". Software Technology Tips. Mindfire Solutions. Archived from the original on 22 August 2012. Retrieved 9 December 2013.
↑ Zakas, Nicholas C. (2 March 2010). "Maintainable JavaScript: Don't modify objects you don't own - Human Who Codes". Human Who Codes.
↑ "New in Rails: Module#alias_method_chain". Ruby on Rails.
↑ "Tainted kernels — The Linux Kernel documentation". www.kernel.org. Retrieved 2020-07-12.
↑ Paul, Ryan (2009-05-04). "Mozilla ponders policy change after Firefox extension battle". Ars Technica. Retrieved 2020-07-12.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[plone-1] "Glossary — Definition of 'Monkey patch'". Plone Content Management System . Archived from the original on 2021-01-22. Retrieved 2021-07-02. when someone created a guerrilla patch very carefully and tried to avoid any battles, they tried to make it sound less forceful by calling it a monkey patch

[2] Nutter, Charles Oliver. "Refining Ruby". Charles Oliver Nutter.

[3] Biswal, Bimal. "Monkey Patching in Python". Software Technology Tips. Mindfire Solutions. Archived from the original on 22 August 2012. Retrieved 9 December 2013.

[4] Zakas, Nicholas C. (2 March 2010). "Maintainable JavaScript: Don't modify objects you don't own - Human Who Codes". Human Who Codes.

[5] "New in Rails: Module#alias_method_chain". Ruby on Rails.

[6] "Tainted kernels — The Linux Kernel documentation". www.kernel.org. Retrieved 2020-07-12.

[7] Paul, Ryan (2009-05-04). "Mozilla ponders policy change after Firefox extension battle". Ars Technica. Retrieved 2020-07-12.

[1]

[2]

[3]

[4]

[5]

[6]

[7]