diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2014-09-01 17:34:33 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2014-09-01 17:34:33 +0000 |
commit | 3513d07732e00be85d2b3cb49fa9b72a8ed404ec (patch) | |
tree | e4d246b69499f8d4d80e31f3b4782ac70b0549e3 /test/ruby | |
parent | 06042f854ff815c6287bce132ed8e23d2a600a93 (diff) |
merge revision(s) r46547: [Backport #9976]
* hash.c (env_aset, env_has_key, env_assoc, env_has_value),
(env_rassoc, env_key): prohibit tainted strings if $SAFE is
non-zero. [Bug #9976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@47346 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/ruby')
-rw-r--r-- | test/ruby/test_env.rb | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/test/ruby/test_env.rb b/test/ruby/test_env.rb index 0ada9606ae..ddbdcf24bc 100644 --- a/test/ruby/test_env.rb +++ b/test/ruby/test_env.rb @@ -451,4 +451,85 @@ class TestEnv < Test::Unit::TestCase end; end end + + def test_taint_aref + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV["FOO".taint] + end.call + end + end + + def test_taint_fetch + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.fetch("FOO".taint) + end.call + end + end + + def test_taint_assoc + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.assoc("FOO".taint) + end.call + end + end + + def test_taint_rassoc + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.rassoc("FOO".taint) + end.call + end + end + + def test_taint_key + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.key("FOO".taint) + end.call + end + end + + def test_taint_key_p + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.key?("FOO".taint) + end.call + end + end + + def test_taint_value_p + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV.value?("FOO".taint) + end.call + end + end + + def test_taint_aset_value + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV["FOO"] = "BAR".taint + end.call + end + end + + def test_taint_aset_key + assert_raise(SecurityError) do + proc do + $SAFE = 2 + ENV["FOO".taint] = "BAR" + end.call + end + end end |