diff options
-rw-r--r-- | file.c | 2 | ||||
-rw-r--r-- | test/ruby/test_file.rb | 17 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 19 insertions, 2 deletions
@@ -3979,7 +3979,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode if (origenc != enc && rb_enc_str_asciionly_p(resolved)) rb_enc_associate(resolved, origenc); - OBJ_TAINT(resolved); + OBJ_INFECT(resolved, unresolved_path); return resolved; } diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb index d0d6a0ebe2..215d579cc5 100644 --- a/test/ruby/test_file.rb +++ b/test/ruby/test_file.rb @@ -292,6 +292,23 @@ class TestFile < Test::Unit::TestCase end end + def test_realpath_taintedness + Dir.mktmpdir('rubytest-realpath') {|tmpdir| + realdir = File.realpath(tmpdir) + assert_predicate(realdir, :tainted?) + dir, base = File.split(realdir) + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + assert_predicate(File.realpath(base, dir), :tainted?) + base.taint + dir.untaint + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + assert_not_predicate(File.realpath(base, dir), :tainted?) + assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?) + } + end + def test_realdirpath Dir.mktmpdir('rubytest-realdirpath') {|tmpdir| realdir = File.realpath(tmpdir) @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.4.5" #define RUBY_RELEASE_DATE "2018-06-30" -#define RUBY_PATCHLEVEL 302 +#define RUBY_PATCHLEVEL 303 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 6 |