diff options
| author | eregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-27 10:48:40 +0000 |
|---|---|---|
| committer | eregon <eregon@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-27 10:48:40 +0000 |
| commit | 3e6337b88b5255aba07b8f44de72cd5885f59465 (patch) | |
| tree | 6146781aa381404b88ea4bfa2a44e75e8bc90d14 /spec/ruby/security/cve_2018_16396_spec.rb | |
| parent | ecc707e233a5577ea2048b3199d4baaf96c6b0f8 (diff) | |
Update to ruby/spec@8b743a3
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'spec/ruby/security/cve_2018_16396_spec.rb')
| -rw-r--r-- | spec/ruby/security/cve_2018_16396_spec.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb new file mode 100644 index 0000000000..e462e0022d --- /dev/null +++ b/spec/ruby/security/cve_2018_16396_spec.rb @@ -0,0 +1,21 @@ +require_relative '../spec_helper' + +describe "Array#pack" do + + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMmPp".each_char do |f| + ["123456".taint].pack(f).tainted?.should be_true + end + end + +end + +describe "String#unpack" do + + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMm".each_char do |f| + "123456".taint.unpack(f).first.tainted?.should be_true + end + end + +end |