diff options
author | Jeremy Evans <code@jeremyevans.net> | 2019-06-20 11:50:22 -0700 |
---|---|---|
committer | Jeremy Evans <code@jeremyevans.net> | 2019-07-30 11:55:59 -0700 |
commit | a50bc9f3c8e0696ede25305c03eadecc543b863b (patch) | |
tree | e3e1e6086bdff4812d98e62b86df434e8cdcea23 | |
parent | ceb9e276b934a8a63299b0b96d2c430c9854de7f (diff) |
Do not always taint the result of File#path
The result should only be tainted if the path given to the method
was tainted.
The code to always taint the result was added in
a4934a42cbb84b6679912226581c71b435671f55 (svn revision 4892) in
2003 by matz. However, the change wasn't mentioned in the
commit message, and it may have been committed by accident.
Skip part of a readline test that uses Reline. Reline in general
would pass the test, but Reline's test mode doesn't raise a
SecurityError if passing a tainted prompt and $SAFE >= 1. This
was hidden earlier because File#path was always returning a
tainted string.
Fixes [Bug #14485]
-rw-r--r-- | file.c | 2 | ||||
-rw-r--r-- | test/readline/test_readline.rb | 5 | ||||
-rw-r--r-- | test/ruby/test_file_exhaustive.rb | 17 |
3 files changed, 23 insertions, 1 deletions
@@ -475,7 +475,7 @@ rb_file_path(VALUE obj) rb_raise(rb_eIOError, "File is unnamed (TMPFILE?)"); } - return rb_obj_taint(rb_str_dup(fptr->pathv)); + return rb_str_dup(fptr->pathv); } static size_t diff --git a/test/readline/test_readline.rb b/test/readline/test_readline.rb index e040ac53c3..e71d329973 100644 --- a/test/readline/test_readline.rb +++ b/test/readline/test_readline.rb @@ -41,6 +41,11 @@ module BasetestReadline assert_equal("> ", stdout.read(2)) assert_equal(1, Readline::HISTORY.length) assert_equal("hello", Readline::HISTORY[0]) + + # Work around lack of SecurityError in Reline + # test mode with tainted prompt + return if kind_of?(TestRelineAsReadline) + Thread.start { $SAFE = 1 assert_raise(SecurityError) do diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index 98a894698d..3cedf97489 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -187,6 +187,23 @@ class TestFileExhaustive < Test::Unit::TestCase end end + def test_path_taint + [regular_file, utf8_file].each do |file| + file.untaint + assert_equal(false, File.open(file) {|f| f.path}.tainted?) + assert_equal(true, File.open(file.dup.taint) {|f| f.path}.tainted?) + o = Object.new + class << o; self; end.class_eval do + define_method(:to_path) { file } + end + assert_equal(false, File.open(o) {|f| f.path}.tainted?) + class << o; self; end.class_eval do + define_method(:to_path) { file.dup.taint } + end + assert_equal(true, File.open(o) {|f| f.path}.tainted?) + end + end + def assert_integer(n) assert_kind_of(Integer, n) end |