summaryrefslogtreecommitdiff
path: root/spec/ruby/security
diff options
context:
space:
mode:
Diffstat (limited to 'spec/ruby/security')
-rw-r--r--spec/ruby/security/cve_2010_1330_spec.rb2
-rw-r--r--spec/ruby/security/cve_2014_8080_spec.rb34
-rw-r--r--spec/ruby/security/cve_2017_17742_spec.rb37
-rw-r--r--spec/ruby/security/cve_2018_16396_spec.rb14
-rw-r--r--spec/ruby/security/cve_2019_8322_spec.rb24
-rw-r--r--spec/ruby/security/cve_2019_8323_spec.rb64
-rw-r--r--spec/ruby/security/cve_2019_8325_spec.rb62
-rw-r--r--spec/ruby/security/cve_2020_10663_spec.rb25
8 files changed, 94 insertions, 168 deletions
diff --git a/spec/ruby/security/cve_2010_1330_spec.rb b/spec/ruby/security/cve_2010_1330_spec.rb
index 33e88d652e..2594439550 100644
--- a/spec/ruby/security/cve_2010_1330_spec.rb
+++ b/spec/ruby/security/cve_2010_1330_spec.rb
@@ -8,7 +8,7 @@ describe "String#gsub" do
# #gsub on a string in the UTF-8 encoding but with invalid an UTF-8 byte
# sequence.
- str = "\xF6<script>"
+ str = +"\xF6<script>"
str.force_encoding Encoding::BINARY
str.gsub(/</, "&lt;").should == "\xF6&lt;script>".b
str.force_encoding Encoding::UTF_8
diff --git a/spec/ruby/security/cve_2014_8080_spec.rb b/spec/ruby/security/cve_2014_8080_spec.rb
deleted file mode 100644
index 23770f94b1..0000000000
--- a/spec/ruby/security/cve_2014_8080_spec.rb
+++ /dev/null
@@ -1,34 +0,0 @@
-require_relative '../spec_helper'
-
-ruby_version_is ''...'3.0' do
- require 'rexml/document'
-
- describe "REXML::Document.new" do
-
- it "resists CVE-2014-8080 by raising an exception when entity expansion has grown too large" do
- xml = <<XML
- <?xml version="1.0" encoding="UTF-8" ?>
- <!DOCTYPE x [
- <!ENTITY % x0 "xxxxxxxxxx">
- <!ENTITY % x1 "%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;">
- <!ENTITY % x2 "%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;">
- <!ENTITY % x3 "%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;">
- <!ENTITY % x4 "%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;">
- <!ENTITY % x5 "%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;">
- <!ENTITY % x6 "%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;">
- <!ENTITY % x7 "%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;">
- <!ENTITY % x8 "%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;">
- <!ENTITY % x9 "%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;">
- ]>
- <x>
- %x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;
- </x>
-XML
-
- -> {
- REXML::Document.new(xml).doctype.entities['x9'].value
- }.should raise_error(REXML::ParseException, /entity expansion has grown too large/)
- end
-
- end
-end
diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb
deleted file mode 100644
index b0d93e42b8..0000000000
--- a/spec/ruby/security/cve_2017_17742_spec.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-require_relative '../spec_helper'
-
-# webrick is no longer in stdlib in Ruby 3+
-ruby_version_is ""..."3.0" do
- require "webrick"
- require "stringio"
- require "net/http"
-
- describe "WEBrick" do
- describe "resists CVE-2017-17742" do
- it "for a response splitting headers" do
- config = WEBrick::Config::HTTP
- res = WEBrick::HTTPResponse.new config
- res['X-header'] = "malicious\r\nCookie: hack"
- io = StringIO.new
- res.send_response io
- io.rewind
- res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
- res.code.should == '500'
- io.string.should_not =~ /hack/
- end
-
- it "for a response splitting cookie headers" do
- user_input = "malicious\r\nCookie: hack"
- config = WEBrick::Config::HTTP
- res = WEBrick::HTTPResponse.new config
- res.cookies << WEBrick::Cookie.new('author', user_input)
- io = StringIO.new
- res.send_response io
- io.rewind
- res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
- res.code.should == '500'
- io.string.should_not =~ /hack/
- end
- end
- end
-end
diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb
index c9624e9c63..6f8a5d2f5d 100644
--- a/spec/ruby/security/cve_2018_16396_spec.rb
+++ b/spec/ruby/security/cve_2018_16396_spec.rb
@@ -1,21 +1,7 @@
require_relative '../spec_helper'
describe "Array#pack" do
- ruby_version_is ''...'2.7' do
- it "resists CVE-2018-16396 by tainting output based on input" do
- "aAZBbHhuMmPp".each_char do |f|
- ["123456".taint].pack(f).tainted?.should be_true
- end
- end
- end
end
describe "String#unpack" do
- ruby_version_is ''...'2.7' do
- it "resists CVE-2018-16396 by tainting output based on input" do
- "aAZBbHhuMm".each_char do |f|
- "123456".taint.unpack(f).first.tainted?.should be_true
- end
- end
- end
end
diff --git a/spec/ruby/security/cve_2019_8322_spec.rb b/spec/ruby/security/cve_2019_8322_spec.rb
index a84d7a5a95..b70d78c033 100644
--- a/spec/ruby/security/cve_2019_8322_spec.rb
+++ b/spec/ruby/security/cve_2019_8322_spec.rb
@@ -5,19 +5,17 @@ require 'rubygems'
require 'rubygems/safe_yaml'
require 'rubygems/commands/owner_command'
-platform_is_not :darwin do # frequent timeout/hang on macOS
- describe "CVE-2019-8322 is resisted by" do
- it "sanitising owner names" do
- command = Gem::Commands::OwnerCommand.new
- def command.rubygems_api_request(*args)
- Struct.new(:body).new("---\n- email: \"\e]2;nyan\a\"\n handle: handle\n id: id\n")
- end
- def command.with_response(response)
- yield response
- end
- command.should_receive(:say).with("Owners for gem: name")
- command.should_receive(:say).with("- .]2;nyan.")
- command.show_owners "name"
+describe "CVE-2019-8322 is resisted by" do
+ it "sanitising owner names" do
+ command = Gem::Commands::OwnerCommand.new
+ def command.rubygems_api_request(*args)
+ Struct.new(:body).new("---\n- email: \"\e]2;nyan\a\"\n handle: handle\n id: id\n")
end
+ def command.with_response(response)
+ yield response
+ end
+ command.should_receive(:say).with("Owners for gem: name")
+ command.should_receive(:say).with("- .]2;nyan.")
+ command.show_owners "name"
end
end
diff --git a/spec/ruby/security/cve_2019_8323_spec.rb b/spec/ruby/security/cve_2019_8323_spec.rb
index 3632d3b028..49a31a6682 100644
--- a/spec/ruby/security/cve_2019_8323_spec.rb
+++ b/spec/ruby/security/cve_2019_8323_spec.rb
@@ -1,38 +1,46 @@
require_relative '../spec_helper'
-platform_is_not :darwin do # frequent timeout/hang on macOS
- require 'optparse'
+require 'optparse'
- require 'rubygems'
- require 'rubygems/gemcutter_utilities'
+require 'rubygems'
+require 'rubygems/gemcutter_utilities'
- describe "CVE-2019-8323 is resisted by" do
- describe "sanitising the body" do
- it "for success codes" do
- cutter = Class.new {
- include Gem::GemcutterUtilities
- }.new
- response = Net::HTTPSuccess.new(nil, nil, nil)
- def response.body
- "\e]2;nyan\a"
- end
- cutter.should_receive(:say).with(".]2;nyan.")
- cutter.with_response response
+describe "CVE-2019-8323 is resisted by" do
+ describe "sanitising the body" do
+ it "for success codes" do
+ cutter = Class.new {
+ include Gem::GemcutterUtilities
+ }.new
+ klass = if defined?(Gem::Net::HTTPSuccess)
+ Gem::Net::HTTPSuccess
+ else
+ Net::HTTPSuccess
+ end
+ response = klass.new(nil, nil, nil)
+ def response.body
+ "\e]2;nyan\a"
end
+ cutter.should_receive(:say).with(".]2;nyan.")
+ cutter.with_response response
+ end
- it "for error codes" do
- cutter = Class.new {
- include Gem::GemcutterUtilities
- }.new
- def cutter.terminate_interaction(n)
- end
- response = Net::HTTPNotFound.new(nil, nil, nil)
- def response.body
- "\e]2;nyan\a"
- end
- cutter.should_receive(:say).with(".]2;nyan.")
- cutter.with_response response
+ it "for error codes" do
+ cutter = Class.new {
+ include Gem::GemcutterUtilities
+ }.new
+ def cutter.terminate_interaction(n)
+ end
+ klass = if defined?(Gem::Net::HTTPNotFound)
+ Gem::Net::HTTPNotFound
+ else
+ Net::HTTPNotFound
+ end
+ response = klass.new(nil, nil, nil)
+ def response.body
+ "\e]2;nyan\a"
end
+ cutter.should_receive(:say).with(".]2;nyan.")
+ cutter.with_response response
end
end
end
diff --git a/spec/ruby/security/cve_2019_8325_spec.rb b/spec/ruby/security/cve_2019_8325_spec.rb
index 309445a50f..bbddb3a6ce 100644
--- a/spec/ruby/security/cve_2019_8325_spec.rb
+++ b/spec/ruby/security/cve_2019_8325_spec.rb
@@ -1,38 +1,46 @@
require_relative '../spec_helper'
-platform_is_not :darwin do # frequent timeout/hang on macOS
- require 'rubygems'
- require 'rubygems/command_manager'
+require 'rubygems'
+require 'rubygems/command_manager'
- describe "CVE-2019-8325 is resisted by" do
- describe "sanitising error message components" do
- it "for the 'while executing' message" do
- manager = Gem::CommandManager.new
- def manager.process_args(args, build_args)
- raise StandardError, "\e]2;nyan\a"
- end
- def manager.terminate_interaction(n)
- end
- manager.should_receive(:alert_error).with("While executing gem ... (StandardError)\n .]2;nyan.")
- manager.run nil, nil
+describe "CVE-2019-8325 is resisted by" do
+ describe "sanitising error message components" do
+ before :each do
+ @ui = Gem::SilentUI.new
+ end
+
+ after :each do
+ @ui.close
+ end
+
+ it "for the 'while executing' message" do
+ manager = Gem::CommandManager.new
+ manager.ui = @ui
+ def manager.process_args(args, build_args)
+ raise StandardError, "\e]2;nyan\a"
end
+ def manager.terminate_interaction(n)
+ end
+ manager.should_receive(:alert_error).with("While executing gem ... (StandardError)\n .]2;nyan.")
+ manager.run nil, nil
+ end
- it "for the 'invalid option' message" do
- manager = Gem::CommandManager.new
- def manager.terminate_interaction(n)
- end
- manager.should_receive(:alert_error).with("Invalid option: --.]2;nyan.. See 'gem --help'.")
- manager.process_args ["--\e]2;nyan\a"], nil
+ it "for the 'invalid option' message" do
+ manager = Gem::CommandManager.new
+ def manager.terminate_interaction(n)
end
+ manager.should_receive(:alert_error).with("Invalid option: --.]2;nyan.. See 'gem --help'.")
+ manager.process_args ["--\e]2;nyan\a"], nil
+ end
- it "for the 'loading command' message" do
- manager = Gem::CommandManager.new
- def manager.require(x)
- raise 'foo'
- end
- manager.should_receive(:alert_error).with("Loading command: .]2;nyan. (RuntimeError)\n\tfoo")
- manager.send :load_and_instantiate, "\e]2;nyan\a"
+ it "for the 'loading command' message" do
+ manager = Gem::CommandManager.new
+ manager.ui = @ui
+ def manager.require(x)
+ raise 'foo'
end
+ manager.should_receive(:alert_error).with("Loading command: .]2;nyan. (RuntimeError)\n\tfoo")
+ manager.send :load_and_instantiate, "\e]2;nyan\a"
end
end
end
diff --git a/spec/ruby/security/cve_2020_10663_spec.rb b/spec/ruby/security/cve_2020_10663_spec.rb
index 766590d501..cce1beb012 100644
--- a/spec/ruby/security/cve_2020_10663_spec.rb
+++ b/spec/ruby/security/cve_2020_10663_spec.rb
@@ -18,25 +18,22 @@ module JSONSpecs
end
guard -> {
- ruby_version_is "2.6.6" or
JSON.const_defined?(:Pure) or
version_is(JSON::VERSION, '2.3.0')
} do
- platform_is_not :darwin do # frequent timeout/hang on macOS
- describe "CVE-2020-10663 is resisted by" do
- it "only creating custom objects if passed create_additions: true or using JSON.load" do
- obj = JSONSpecs::MyClass.new("bar")
- JSONSpecs::MyClass.should.json_creatable?
- json = JSON.dump(obj)
+ describe "CVE-2020-10663 is resisted by" do
+ it "only creating custom objects if passed create_additions: true or using JSON.load" do
+ obj = JSONSpecs::MyClass.new("bar")
+ JSONSpecs::MyClass.should.json_creatable?
+ json = JSON.dump(obj)
- JSON.parse(json, create_additions: true).class.should == JSONSpecs::MyClass
- JSON(json, create_additions: true).class.should == JSONSpecs::MyClass
- JSON.load(json).class.should == JSONSpecs::MyClass
+ JSON.parse(json, create_additions: true).class.should == JSONSpecs::MyClass
+ JSON(json, create_additions: true).class.should == JSONSpecs::MyClass
+ JSON.load(json).class.should == JSONSpecs::MyClass
- JSON.parse(json).class.should == Hash
- JSON.parse(json, nil).class.should == Hash
- JSON(json).class.should == Hash
- end
+ JSON.parse(json).class.should == Hash
+ JSON.parse(json, nil).class.should == Hash
+ JSON(json).class.should == Hash
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 05:24:43 +0000