diff options
| author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-05-15 01:26:51 +0900 |
|---|---|---|
| committer | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-05-21 15:53:34 +0900 |
| commit | 10e63f3f56cc0f559816d921f3e771dea02f3eb9 (patch) | |
| tree | df0f386e88128881e8bd3f5cdee75f638239a8a0 /spec/ruby/core/array/pack | |
| parent | a298bdf8606bda9c9868c44618c5b70a96c2712c (diff) | |
[ruby/rdoc] Vertical-bar is disallowed in path names on Windows
No risk of remote code execution, when the file cannot be created.
https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58
```
Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch'
D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799'
460: temp_dir do
461: file_list = ['| touch evil.txt && echo tags']
462: file_list.each do |f|
=> 463: FileUtils.touch f
464: end
465:
466: assert_equal file_list, @rdoc.remove_unparseable(file_list)
```
https://github.com/ruby/rdoc/commit/a7df7dc8fa
Diffstat (limited to 'spec/ruby/core/array/pack')
0 files changed, 0 insertions, 0 deletions