hash.c: prohibit tainted strings

* hash.c (env_aset, env_has_key, env_assoc, env_has_value), (env_rassoc, env_key): prohibit tainted strings if $SAFE is non-zero. [Bug #9976] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46547 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-06-25 01:20:01 +0000
committer: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-06-25 01:20:01 +0000
commit: 51a1c68bc748f1fce2461b3c8a2a75c9c20477d6 (patch)
tree: a4edcf3abada40121589dcf7ff2bef62aaa28c5a /test/ruby/test_env.rb
parent: 20014eb3e06ea70a80caddea35c50ef3bb403c8c (diff)
1 files changed, 81 insertions, 0 deletions
diff --git a/test/ruby/test_env.rb b/test/ruby/test_env.rb
index 847b5f819b..41d1ccf306 100644
--- a/test/ruby/test_env.rb
+++ b/test/ruby/test_env.rb
@@ -426,4 +426,85 @@ class TestEnv < Test::Unit::TestCase
       assert_predicate(ENV.fetch(k), :frozen?, "fetch(#{k.dump})")
     end
   end
+
+  def test_taint_aref
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV["FOO".taint]
+      end.call
+    end
+  end
+
+  def test_taint_fetch
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.fetch("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_assoc
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.assoc("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_rassoc
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.rassoc("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_key
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.key("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_key_p
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.key?("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_value_p
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV.value?("FOO".taint)
+      end.call
+    end
+  end
+
+  def test_taint_aset_value
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV["FOO"] = "BAR".taint
+      end.call
+    end
+  end
+
+  def test_taint_aset_key
+    assert_raise(SecurityError) do
+      proc do
+        $SAFE = 2
+        ENV["FOO".taint] = "BAR"
+      end.call
+    end
+  end
 end
author	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-06-25 01:20:01 +0000
committer	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-06-25 01:20:01 +0000
commit	51a1c68bc748f1fce2461b3c8a2a75c9c20477d6 (patch)
tree	a4edcf3abada40121589dcf7ff2bef62aaa28c5a /test/ruby/test_env.rb
parent	20014eb3e06ea70a80caddea35c50ef3bb403c8c (diff)