summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorJeremy Evans <code@jeremyevans.net>2019-09-20 19:06:22 -0700
committerJeremy Evans <code@jeremyevans.net>2019-11-18 01:00:25 +0200
commitc5c05460ac20abcbc0ed686eb4acf06da7a39a79 (patch)
tree991109a68f3b1cd2e256a936701d3b2badd3ddac /test
parent7b6a8b5b54448235e17ed187d9d73f56893e1b6f (diff)
Warn on access/modify of $SAFE, and remove effects of modifying $SAFE
This removes the security features added by $SAFE = 1, and warns for access or modification of $SAFE from Ruby-level, as well as warning when calling all public C functions related to $SAFE. This modifies some internal functions that took a safe level argument to no longer take the argument. rb_require_safe now warns, rb_require_string has been added as a version that takes a VALUE and does not warn. One public C function that still takes a safe level argument and that this doesn't warn for is rb_eval_cmd. We may want to consider adding an alternative method that does not take a safe level argument, and warn for rb_eval_cmd.
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/2476
Diffstat (limited to 'test')
-rw-r--r--test/net/imap/test_imap_response_parser.rb13
-rw-r--r--test/pathname/test_pathname.rb10
-rw-r--r--test/readline/test_readline.rb15
-rw-r--r--test/ruby/test_alias.rb6
-rw-r--r--test/ruby/test_file.rb12
-rw-r--r--test/ruby/test_optimization.rb11
-rw-r--r--test/ruby/test_proc.rb39
-rw-r--r--test/ruby/test_require.rb7
-rw-r--r--test/ruby/test_rubyoptions.rb14
-rw-r--r--test/ruby/test_thread.rb17
-rw-r--r--test/test_tempfile.rb11
-rw-r--r--test/test_tmpdir.rb13
-rw-r--r--test/win32ole/test_win32ole.rb49
-rw-r--r--test/win32ole/test_win32ole_event.rb15
14 files changed, 0 insertions, 232 deletions
diff --git a/test/net/imap/test_imap_response_parser.rb b/test/net/imap/test_imap_response_parser.rb
index ed31a03f5ae..5c2d54566d2 100644
--- a/test/net/imap/test_imap_response_parser.rb
+++ b/test/net/imap/test_imap_response_parser.rb
@@ -20,19 +20,6 @@ class IMAPResponseParserTest < Test::Unit::TestCase
end
end
- def test_flag_list_safe
- parser = Net::IMAP::ResponseParser.new
- response = lambda {
- $SAFE = 1
- parser.parse(<<EOF.gsub(/\n/, "\r\n").taint)
-* LIST (\\HasChildren) "." "INBOX"
-EOF
- }.call
- assert_equal [:Haschildren], response.data.attr
- ensure
- $SAFE = 0
- end
-
def test_flag_list_too_many_flags
parser = Net::IMAP::ResponseParser.new
assert_nothing_raised do
diff --git a/test/pathname/test_pathname.rb b/test/pathname/test_pathname.rb
index 39c792d18ef..4d480a50f3f 100644
--- a/test/pathname/test_pathname.rb
+++ b/test/pathname/test_pathname.rb
@@ -1467,16 +1467,6 @@ class TestPathname < Test::Unit::TestCase
assert(File.fnmatch("*.*", Pathname.new("bar.baz")))
end
- def test_file_join
- assert_equal("foo/bar", File.join(Pathname.new("foo"), Pathname.new("bar")))
- lambda {
- $SAFE = 1
- assert_equal("foo/bar", File.join(Pathname.new("foo"), Pathname.new("bar").taint))
- }.call
- ensure
- $SAFE = 0
- end
-
def test_relative_path_from_casefold
assert_separately([], <<-'end;') # do
module File::Constants
diff --git a/test/readline/test_readline.rb b/test/readline/test_readline.rb
index 4e82d46d91e..f87435498ce 100644
--- a/test/readline/test_readline.rb
+++ b/test/readline/test_readline.rb
@@ -41,21 +41,6 @@ module BasetestReadline
assert_equal("> ", stdout.read(2))
assert_equal(1, Readline::HISTORY.length)
assert_equal("hello", Readline::HISTORY[0])
-
- # Work around lack of SecurityError in Reline
- # test mode with tainted prompt
- return if kind_of?(TestRelineAsReadline)
-
- Thread.start {
- $SAFE = 1
- assert_raise(SecurityError) do
- replace_stdio(stdin.path, stdout.path) do
- Readline.readline("> ".taint)
- end
- end
- }.join
- ensure
- $SAFE = 0
end
end
diff --git a/test/ruby/test_alias.rb b/test/ruby/test_alias.rb
index e81636fa433..33fb82e1d73 100644
--- a/test/ruby/test_alias.rb
+++ b/test/ruby/test_alias.rb
@@ -47,12 +47,6 @@ class TestAlias < Test::Unit::TestCase
assert_raise(NoMethodError) { x.quux }
end
- class C
- def m
- $SAFE
- end
- end
-
def test_nonexistmethod
assert_raise(NameError){
Class.new{
diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb
index f984a8fd23e..5599040e1e8 100644
--- a/test/ruby/test_file.rb
+++ b/test/ruby/test_file.rb
@@ -471,18 +471,6 @@ class TestFile < Test::Unit::TestCase
end
end
- def test_untainted_path
- bug5374 = '[ruby-core:39745]'
- cwd = ("./"*40+".".taint).dup.untaint
- in_safe = proc {|safe| $SAFE = safe; File.stat(cwd)}
- assert_not_send([cwd, :tainted?])
- (0..1).each do |level|
- assert_nothing_raised(SecurityError, bug5374) {in_safe[level]}
- end
- ensure
- $SAFE = 0
- end
-
if /(bcc|ms|cyg)win|mingw|emx/ =~ RUBY_PLATFORM
def test_long_unc
feature3399 = '[ruby-core:30623]'
diff --git a/test/ruby/test_optimization.rb b/test/ruby/test_optimization.rb
index f26b31f1158..b42314b7657 100644
--- a/test/ruby/test_optimization.rb
+++ b/test/ruby/test_optimization.rb
@@ -714,17 +714,6 @@ class TestRubyOptimization < Test::Unit::TestCase
END
end
- def test_block_parameter_should_restore_safe_level
- assert_separately [], <<-END
- #
- def foo &b
- $SAFE = 1
- b.call
- end
- assert_equal 1, foo{$SAFE}
- END
- end
-
def test_peephole_optimization_without_trace
assert_separately [], <<-END
RubyVM::InstructionSequence.compile_option = {trace_instruction: false}
diff --git a/test/ruby/test_proc.rb b/test/ruby/test_proc.rb
index 5c12043873c..0e0b5c7b8b7 100644
--- a/test/ruby/test_proc.rb
+++ b/test/ruby/test_proc.rb
@@ -157,45 +157,6 @@ class TestProc < Test::Unit::TestCase
assert_equal(12, Proc.new{|a,&b| b.call(a)}.call(12) {|x| x})
end
- def test_safe
- safe = $SAFE
- c = Class.new
- x = c.new
-
- p = proc {
- $SAFE += 1
- proc {$SAFE}
- }.call
-
- assert_equal(safe + 1, $SAFE)
- assert_equal(safe + 1, p.call)
- assert_equal(safe + 1, $SAFE)
-
- $SAFE = 0
- c.class_eval {define_method(:safe, p)}
- assert_equal(safe, x.safe)
-
- $SAFE = 0
- p = proc {$SAFE += 1}
- assert_equal(safe + 1, p.call)
- assert_equal(safe + 1, $SAFE)
-
- $SAFE = 0
- c.class_eval {define_method(:inc, p)}
- assert_equal(safe + 1, proc {x.inc; $SAFE}.call)
- assert_equal(safe + 1, $SAFE)
-
- $SAFE = 0
- assert_equal(safe + 1, proc {x.method(:inc).call; $SAFE}.call)
- assert_equal(safe + 1, $SAFE)
-
- $SAFE = 0
- assert_equal(safe + 1, proc {x.method(:inc).to_proc.call; $SAFE}.call)
- assert_equal(safe + 1, $SAFE)
- ensure
- $SAFE = 0
- end
-
def m2
"OK"
end
diff --git a/test/ruby/test_require.rb b/test/ruby/test_require.rb
index 560ce3ff288..e21ed88e475 100644
--- a/test/ruby/test_require.rb
+++ b/test/ruby/test_require.rb
@@ -398,13 +398,6 @@ class TestRequire < Test::Unit::TestCase
assert_separately([], <<-INPUT)
abs_dir = "#{ abs_dir }"
- $: << abs_dir.taint
- $SAFE = 1
- assert_raise(SecurityError) {require "#{ file }"}
- INPUT
-
- assert_separately([], <<-INPUT)
- abs_dir = "#{ abs_dir }"
$: << abs_dir << 'elsewhere'.taint
assert_nothing_raised {require "#{ file }"}
INPUT
diff --git a/test/ruby/test_rubyoptions.rb b/test/ruby/test_rubyoptions.rb
index 22ea6b5293e..27a9434a5c6 100644
--- a/test/ruby/test_rubyoptions.rb
+++ b/test/ruby/test_rubyoptions.rb
@@ -79,14 +79,6 @@ class TestRubyOptions < Test::Unit::TestCase
ENV['RUBYOPT'] = save_rubyopt
end
- def test_safe_level
- assert_in_out_err(%w(-T -e) + [""], "", [],
- /no -e allowed in tainted mode \(SecurityError\)/)
-
- assert_in_out_err(%w(-T4 -S foo.rb), "", [],
- /no -S allowed in tainted mode \(SecurityError\)/)
- end
-
def test_debug
assert_in_out_err(["--disable-gems", "-de", "p $DEBUG"], "", %w(true), [])
@@ -326,12 +318,6 @@ class TestRubyOptions < Test::Unit::TestCase
ENV['RUBYOPT'] = '-e "p 1"'
assert_in_out_err([], "", [], /invalid switch in RUBYOPT: -e \(RuntimeError\)/)
- ENV['RUBYOPT'] = '-T1'
- assert_in_out_err(["--disable-gems"], "", [], /no program input from stdin allowed in tainted mode \(SecurityError\)/)
-
- ENV['RUBYOPT'] = '-T4'
- assert_in_out_err(["--disable-gems"], "", [], /no program input from stdin allowed in tainted mode \(SecurityError\)/)
-
ENV['RUBYOPT'] = '-Eus-ascii -KN'
assert_in_out_err(%w(-Eutf-8 -KU), "p '\u3042'") do |r, e|
assert_equal("\"\u3042\"", r.join.force_encoding(Encoding::UTF_8))
diff --git a/test/ruby/test_thread.rb b/test/ruby/test_thread.rb
index e0efb7b2e0b..adfad7e7e8c 100644
--- a/test/ruby/test_thread.rb
+++ b/test/ruby/test_thread.rb
@@ -533,23 +533,6 @@ class TestThread < Test::Unit::TestCase
waiter&.kill&.join
end
- def test_safe_level
- ok = false
- t = Thread.new do
- EnvUtil.suppress_warning do
- $SAFE = 1
- end
- ok = true
- sleep
- end
- Thread.pass until ok
- assert_equal($SAFE, Thread.current.safe_level)
- assert_equal($SAFE, t.safe_level)
- ensure
- $SAFE = 0
- t&.kill&.join
- end
-
def test_thread_local
t = Thread.new { sleep }
diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb
index 7c911a1bf7b..6b087f92074 100644
--- a/test/test_tempfile.rb
+++ b/test/test_tempfile.rb
@@ -31,17 +31,6 @@ class TestTempfile < Test::Unit::TestCase
assert_equal "hello world", File.read(path)
end
- def test_saves_in_dir_tmpdir_by_default
- t = tempfile("foo")
- assert_equal Dir.tmpdir, File.dirname(t.path)
- bug3733 = '[ruby-dev:42089]'
- assert_nothing_raised(SecurityError, bug3733) {
- proc {$SAFE = 1; File.expand_path(Dir.tmpdir)}.call
- }
- ensure
- $SAFE = 0
- end
-
def test_saves_in_given_directory
subdir = File.join(Dir.tmpdir, "tempfile-test-#{rand}")
Dir.mkdir(subdir)
diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb
index 42bcbc00a8e..c599dcf516e 100644
--- a/test/test_tmpdir.rb
+++ b/test/test_tmpdir.rb
@@ -11,19 +11,6 @@ class TestTmpdir < Test::Unit::TestCase
assert_equal(tmpdir_org, Dir.tmpdir)
end
- def test_tmpdir_modifiable_safe
- Thread.new {
- $SAFE = 1
- tmpdir = Dir.tmpdir
- assert_equal(false, tmpdir.frozen?)
- tmpdir_org = tmpdir.dup
- tmpdir << "foo"
- assert_equal(tmpdir_org, Dir.tmpdir)
- }.join
- ensure
- $SAFE = 0
- end
-
def test_world_writable
skip "no meaning on this platform" if /mswin|mingw/ =~ RUBY_PLATFORM
Dir.mktmpdir do |tmpdir|
diff --git a/test/win32ole/test_win32ole.rb b/test/win32ole/test_win32ole.rb
index 7dda36ce965..39417805285 100644
--- a/test/win32ole/test_win32ole.rb
+++ b/test/win32ole/test_win32ole.rb
@@ -176,39 +176,6 @@ if defined?(WIN32OLE)
}
end
- def test_s_new_exc_svr_tainted
- th = Thread.start {
- $SAFE = 1
- svr = "Scripting.Dictionary"
- svr.taint
- Thread.current.report_on_exception = false
- WIN32OLE.new(svr)
- }
- exc = assert_raise(SecurityError) {
- th.join
- }
- assert_match(/insecure object creation - `Scripting.Dictionary'/, exc.message)
- ensure
- $SAFE = 0
- end
-
- def test_s_new_exc_host_tainted
- th = Thread.start {
- $SAFE = 1
- svr = "Scripting.Dictionary"
- host = "localhost"
- host.taint
- Thread.current.report_on_exception = false
- WIN32OLE.new(svr, host)
- }
- exc = assert_raise(SecurityError) {
- th.join
- }
- assert_match(/insecure object creation - `localhost'/, exc.message)
- ensure
- $SAFE = 0
- end
-
def test_s_new_DCOM
rshell = WIN32OLE.new("Shell.Application")
assert_instance_of(WIN32OLE, rshell)
@@ -234,22 +201,6 @@ if defined?(WIN32OLE)
}
end
- def test_s_coonect_exc_tainted
- th = Thread.start {
- $SAFE = 1
- svr = "winmgmts:"
- svr.taint
- Thread.current.report_on_exception = false
- WIN32OLE.connect(svr)
- }
- exc = assert_raise(SecurityError) {
- th.join
- }
- assert_match(/insecure connection - `winmgmts:'/, exc.message)
- ensure
- $SAFE = 0
- end
-
def test_invoke_accept_symbol_hash_key
fso = WIN32OLE.new('Scripting.FileSystemObject')
afolder = fso.getFolder(".")
diff --git a/test/win32ole/test_win32ole_event.rb b/test/win32ole/test_win32ole_event.rb
index d8e162596be..742bff4f7a5 100644
--- a/test/win32ole/test_win32ole_event.rb
+++ b/test/win32ole/test_win32ole_event.rb
@@ -401,21 +401,6 @@ if defined?(WIN32OLE_EVENT)
message_loop
assert(h2.ev != "")
end
-
- def test_s_new_exc_tainted
- th = Thread.new {
- $SAFE=1
- str = 'ConnectionEvents'
- str.taint
- WIN32OLE_EVENT.new(@db, str)
- }
- exc = assert_raise(SecurityError) {
- th.join
- }
- assert_match(/insecure event creation - `ConnectionEvents'/, exc.message)
- ensure
- $SAFE = 0
- end
end
end
end