summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--file.c2
-rw-r--r--test/readline/test_readline.rb5
-rw-r--r--test/ruby/test_file_exhaustive.rb17
3 files changed, 23 insertions, 1 deletions
diff --git a/file.c b/file.c
index 0742c52d660..70f32833ba9 100644
--- a/file.c
+++ b/file.c
@@ -475,7 +475,7 @@ rb_file_path(VALUE obj)
rb_raise(rb_eIOError, "File is unnamed (TMPFILE?)");
}
- return rb_obj_taint(rb_str_dup(fptr->pathv));
+ return rb_str_dup(fptr->pathv);
}
static size_t
diff --git a/test/readline/test_readline.rb b/test/readline/test_readline.rb
index e040ac53c32..e71d3299735 100644
--- a/test/readline/test_readline.rb
+++ b/test/readline/test_readline.rb
@@ -41,6 +41,11 @@ module BasetestReadline
assert_equal("> ", stdout.read(2))
assert_equal(1, Readline::HISTORY.length)
assert_equal("hello", Readline::HISTORY[0])
+
+ # Work around lack of SecurityError in Reline
+ # test mode with tainted prompt
+ return if kind_of?(TestRelineAsReadline)
+
Thread.start {
$SAFE = 1
assert_raise(SecurityError) do
diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb
index 98a894698db..3cedf974898 100644
--- a/test/ruby/test_file_exhaustive.rb
+++ b/test/ruby/test_file_exhaustive.rb
@@ -187,6 +187,23 @@ class TestFileExhaustive < Test::Unit::TestCase
end
end
+ def test_path_taint
+ [regular_file, utf8_file].each do |file|
+ file.untaint
+ assert_equal(false, File.open(file) {|f| f.path}.tainted?)
+ assert_equal(true, File.open(file.dup.taint) {|f| f.path}.tainted?)
+ o = Object.new
+ class << o; self; end.class_eval do
+ define_method(:to_path) { file }
+ end
+ assert_equal(false, File.open(o) {|f| f.path}.tainted?)
+ class << o; self; end.class_eval do
+ define_method(:to_path) { file.dup.taint }
+ end
+ assert_equal(true, File.open(o) {|f| f.path}.tainted?)
+ end
+ end
+
def assert_integer(n)
assert_kind_of(Integer, n)
end