Move spec/rubyspec to spec/ruby for consistency

* Other ruby implementations use the spec/ruby directory. [Misc #13792] [ruby-core:82287] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: eregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-09-20 20:18:52 +0000
committer: eregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-09-20 20:18:52 +0000
commit: 1d15d5f08032acf1b7bceacbb450d617ff6e0931 (patch)
tree: a3785a79899302bc149e4a6e72f624ac27dc1f10 /spec/ruby/security/cve_2013_4164_spec.rb
parent: 75bfc6440d595bf339007f4fb280fd4d743e89c1 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/spec/ruby/security/cve_2013_4164_spec.rb b/spec/ruby/security/cve_2013_4164_spec.rb
new file mode 100644
index 0000000000..06b2bb0306
--- /dev/null
+++ b/spec/ruby/security/cve_2013_4164_spec.rb
@@ -0,0 +1,19 @@
+require File.expand_path('../../spec_helper', __FILE__)
+
+require 'json'
+
+describe "String#to_f" do
+
+  it "resists CVE-2013-4164 by converting very long Strings to a Float" do
+    "1.#{'1'*1000000}".to_f.should be_close(1.1111111111111112, TOLERANCE)
+  end
+
+end
+
+describe "JSON.parse" do
+
+  it "resists CVE-2013-4164 by converting very long Strings to a Float" do
+    JSON.parse("[1.#{'1'*1000000}]").first.should be_close(1.1111111111111112, TOLERANCE)
+  end
+
+end
author	eregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-09-20 20:18:52 +0000
committer	eregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-09-20 20:18:52 +0000
commit	1d15d5f08032acf1b7bceacbb450d617ff6e0931 (patch)
tree	a3785a79899302bc149e4a6e72f624ac27dc1f10 /spec/ruby/security/cve_2013_4164_spec.rb
parent	75bfc6440d595bf339007f4fb280fd4d743e89c1 (diff)