diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-05-15 01:26:51 +0900 |
---|---|---|
committer | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-05-21 15:53:34 +0900 |
commit | 10e63f3f56cc0f559816d921f3e771dea02f3eb9 (patch) | |
tree | df0f386e88128881e8bd3f5cdee75f638239a8a0 | |
parent | a298bdf8606bda9c9868c44618c5b70a96c2712c (diff) |
[ruby/rdoc] Vertical-bar is disallowed in path names on Windows
No risk of remote code execution, when the file cannot be created.
https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58
```
Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch'
D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799'
460: temp_dir do
461: file_list = ['| touch evil.txt && echo tags']
462: file_list.each do |f|
=> 463: FileUtils.touch f
464: end
465:
466: assert_equal file_list, @rdoc.remove_unparseable(file_list)
```
https://github.com/ruby/rdoc/commit/a7df7dc8fa
-rw-r--r-- | test/rdoc/test_rdoc_rdoc.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb index 15f5383fa7..22e9bb2b8a 100644 --- a/test/rdoc/test_rdoc_rdoc.rb +++ b/test/rdoc/test_rdoc_rdoc.rb @@ -460,7 +460,7 @@ class TestRDocRDoc < RDoc::TestCase temp_dir do file_list = ['| touch evil.txt && echo tags'] file_list.each do |f| - FileUtils.touch f + FileUtils.touch f rescue omit end assert_equal file_list, @rdoc.remove_unparseable(file_list) |