diff options
Diffstat (limited to 'spec/ruby/security/cve_2018_16396_spec.rb')
| -rw-r--r-- | spec/ruby/security/cve_2018_16396_spec.rb | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb index e462e0022d..303c47a8c7 100644 --- a/spec/ruby/security/cve_2018_16396_spec.rb +++ b/spec/ruby/security/cve_2018_16396_spec.rb @@ -2,9 +2,11 @@ require_relative '../spec_helper' describe "Array#pack" do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMmPp".each_char do |f| - ["123456".taint].pack(f).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMmPp".each_char do |f| + ["123456".taint].pack(f).tainted?.should be_true + end end end @@ -12,9 +14,11 @@ end describe "String#unpack" do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMm".each_char do |f| - "123456".taint.unpack(f).first.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMm".each_char do |f| + "123456".taint.unpack(f).first.tainted?.should be_true + end end end |