diff options
Diffstat (limited to 'spec/ruby/security')
-rw-r--r-- | spec/ruby/security/cve_2010_1330_spec.rb | 2 | ||||
-rw-r--r-- | spec/ruby/security/cve_2014_8080_spec.rb | 34 | ||||
-rw-r--r-- | spec/ruby/security/cve_2017_17742_spec.rb | 37 | ||||
-rw-r--r-- | spec/ruby/security/cve_2018_16396_spec.rb | 14 | ||||
-rw-r--r-- | spec/ruby/security/cve_2019_8322_spec.rb | 24 | ||||
-rw-r--r-- | spec/ruby/security/cve_2019_8323_spec.rb | 64 | ||||
-rw-r--r-- | spec/ruby/security/cve_2019_8325_spec.rb | 62 | ||||
-rw-r--r-- | spec/ruby/security/cve_2020_10663_spec.rb | 25 |
8 files changed, 94 insertions, 168 deletions
diff --git a/spec/ruby/security/cve_2010_1330_spec.rb b/spec/ruby/security/cve_2010_1330_spec.rb index 33e88d652e..2594439550 100644 --- a/spec/ruby/security/cve_2010_1330_spec.rb +++ b/spec/ruby/security/cve_2010_1330_spec.rb @@ -8,7 +8,7 @@ describe "String#gsub" do # #gsub on a string in the UTF-8 encoding but with invalid an UTF-8 byte # sequence. - str = "\xF6<script>" + str = +"\xF6<script>" str.force_encoding Encoding::BINARY str.gsub(/</, "<").should == "\xF6<script>".b str.force_encoding Encoding::UTF_8 diff --git a/spec/ruby/security/cve_2014_8080_spec.rb b/spec/ruby/security/cve_2014_8080_spec.rb deleted file mode 100644 index 23770f94b1..0000000000 --- a/spec/ruby/security/cve_2014_8080_spec.rb +++ /dev/null @@ -1,34 +0,0 @@ -require_relative '../spec_helper' - -ruby_version_is ''...'3.0' do - require 'rexml/document' - - describe "REXML::Document.new" do - - it "resists CVE-2014-8080 by raising an exception when entity expansion has grown too large" do - xml = <<XML - <?xml version="1.0" encoding="UTF-8" ?> - <!DOCTYPE x [ - <!ENTITY % x0 "xxxxxxxxxx"> - <!ENTITY % x1 "%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;"> - <!ENTITY % x2 "%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;"> - <!ENTITY % x3 "%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;"> - <!ENTITY % x4 "%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;"> - <!ENTITY % x5 "%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;"> - <!ENTITY % x6 "%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;"> - <!ENTITY % x7 "%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;"> - <!ENTITY % x8 "%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;"> - <!ENTITY % x9 "%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;"> - ]> - <x> - %x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9; - </x> -XML - - -> { - REXML::Document.new(xml).doctype.entities['x9'].value - }.should raise_error(REXML::ParseException, /entity expansion has grown too large/) - end - - end -end diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb deleted file mode 100644 index b0d93e42b8..0000000000 --- a/spec/ruby/security/cve_2017_17742_spec.rb +++ /dev/null @@ -1,37 +0,0 @@ -require_relative '../spec_helper' - -# webrick is no longer in stdlib in Ruby 3+ -ruby_version_is ""..."3.0" do - require "webrick" - require "stringio" - require "net/http" - - describe "WEBrick" do - describe "resists CVE-2017-17742" do - it "for a response splitting headers" do - config = WEBrick::Config::HTTP - res = WEBrick::HTTPResponse.new config - res['X-header'] = "malicious\r\nCookie: hack" - io = StringIO.new - res.send_response io - io.rewind - res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) - res.code.should == '500' - io.string.should_not =~ /hack/ - end - - it "for a response splitting cookie headers" do - user_input = "malicious\r\nCookie: hack" - config = WEBrick::Config::HTTP - res = WEBrick::HTTPResponse.new config - res.cookies << WEBrick::Cookie.new('author', user_input) - io = StringIO.new - res.send_response io - io.rewind - res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) - res.code.should == '500' - io.string.should_not =~ /hack/ - end - end - end -end diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb index c9624e9c63..6f8a5d2f5d 100644 --- a/spec/ruby/security/cve_2018_16396_spec.rb +++ b/spec/ruby/security/cve_2018_16396_spec.rb @@ -1,21 +1,7 @@ require_relative '../spec_helper' describe "Array#pack" do - ruby_version_is ''...'2.7' do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMmPp".each_char do |f| - ["123456".taint].pack(f).tainted?.should be_true - end - end - end end describe "String#unpack" do - ruby_version_is ''...'2.7' do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMm".each_char do |f| - "123456".taint.unpack(f).first.tainted?.should be_true - end - end - end end diff --git a/spec/ruby/security/cve_2019_8322_spec.rb b/spec/ruby/security/cve_2019_8322_spec.rb index a84d7a5a95..b70d78c033 100644 --- a/spec/ruby/security/cve_2019_8322_spec.rb +++ b/spec/ruby/security/cve_2019_8322_spec.rb @@ -5,19 +5,17 @@ require 'rubygems' require 'rubygems/safe_yaml' require 'rubygems/commands/owner_command' -platform_is_not :darwin do # frequent timeout/hang on macOS - describe "CVE-2019-8322 is resisted by" do - it "sanitising owner names" do - command = Gem::Commands::OwnerCommand.new - def command.rubygems_api_request(*args) - Struct.new(:body).new("---\n- email: \"\e]2;nyan\a\"\n handle: handle\n id: id\n") - end - def command.with_response(response) - yield response - end - command.should_receive(:say).with("Owners for gem: name") - command.should_receive(:say).with("- .]2;nyan.") - command.show_owners "name" +describe "CVE-2019-8322 is resisted by" do + it "sanitising owner names" do + command = Gem::Commands::OwnerCommand.new + def command.rubygems_api_request(*args) + Struct.new(:body).new("---\n- email: \"\e]2;nyan\a\"\n handle: handle\n id: id\n") end + def command.with_response(response) + yield response + end + command.should_receive(:say).with("Owners for gem: name") + command.should_receive(:say).with("- .]2;nyan.") + command.show_owners "name" end end diff --git a/spec/ruby/security/cve_2019_8323_spec.rb b/spec/ruby/security/cve_2019_8323_spec.rb index 3632d3b028..49a31a6682 100644 --- a/spec/ruby/security/cve_2019_8323_spec.rb +++ b/spec/ruby/security/cve_2019_8323_spec.rb @@ -1,38 +1,46 @@ require_relative '../spec_helper' -platform_is_not :darwin do # frequent timeout/hang on macOS - require 'optparse' +require 'optparse' - require 'rubygems' - require 'rubygems/gemcutter_utilities' +require 'rubygems' +require 'rubygems/gemcutter_utilities' - describe "CVE-2019-8323 is resisted by" do - describe "sanitising the body" do - it "for success codes" do - cutter = Class.new { - include Gem::GemcutterUtilities - }.new - response = Net::HTTPSuccess.new(nil, nil, nil) - def response.body - "\e]2;nyan\a" - end - cutter.should_receive(:say).with(".]2;nyan.") - cutter.with_response response +describe "CVE-2019-8323 is resisted by" do + describe "sanitising the body" do + it "for success codes" do + cutter = Class.new { + include Gem::GemcutterUtilities + }.new + klass = if defined?(Gem::Net::HTTPSuccess) + Gem::Net::HTTPSuccess + else + Net::HTTPSuccess + end + response = klass.new(nil, nil, nil) + def response.body + "\e]2;nyan\a" end + cutter.should_receive(:say).with(".]2;nyan.") + cutter.with_response response + end - it "for error codes" do - cutter = Class.new { - include Gem::GemcutterUtilities - }.new - def cutter.terminate_interaction(n) - end - response = Net::HTTPNotFound.new(nil, nil, nil) - def response.body - "\e]2;nyan\a" - end - cutter.should_receive(:say).with(".]2;nyan.") - cutter.with_response response + it "for error codes" do + cutter = Class.new { + include Gem::GemcutterUtilities + }.new + def cutter.terminate_interaction(n) + end + klass = if defined?(Gem::Net::HTTPNotFound) + Gem::Net::HTTPNotFound + else + Net::HTTPNotFound + end + response = klass.new(nil, nil, nil) + def response.body + "\e]2;nyan\a" end + cutter.should_receive(:say).with(".]2;nyan.") + cutter.with_response response end end end diff --git a/spec/ruby/security/cve_2019_8325_spec.rb b/spec/ruby/security/cve_2019_8325_spec.rb index 309445a50f..bbddb3a6ce 100644 --- a/spec/ruby/security/cve_2019_8325_spec.rb +++ b/spec/ruby/security/cve_2019_8325_spec.rb @@ -1,38 +1,46 @@ require_relative '../spec_helper' -platform_is_not :darwin do # frequent timeout/hang on macOS - require 'rubygems' - require 'rubygems/command_manager' +require 'rubygems' +require 'rubygems/command_manager' - describe "CVE-2019-8325 is resisted by" do - describe "sanitising error message components" do - it "for the 'while executing' message" do - manager = Gem::CommandManager.new - def manager.process_args(args, build_args) - raise StandardError, "\e]2;nyan\a" - end - def manager.terminate_interaction(n) - end - manager.should_receive(:alert_error).with("While executing gem ... (StandardError)\n .]2;nyan.") - manager.run nil, nil +describe "CVE-2019-8325 is resisted by" do + describe "sanitising error message components" do + before :each do + @ui = Gem::SilentUI.new + end + + after :each do + @ui.close + end + + it "for the 'while executing' message" do + manager = Gem::CommandManager.new + manager.ui = @ui + def manager.process_args(args, build_args) + raise StandardError, "\e]2;nyan\a" end + def manager.terminate_interaction(n) + end + manager.should_receive(:alert_error).with("While executing gem ... (StandardError)\n .]2;nyan.") + manager.run nil, nil + end - it "for the 'invalid option' message" do - manager = Gem::CommandManager.new - def manager.terminate_interaction(n) - end - manager.should_receive(:alert_error).with("Invalid option: --.]2;nyan.. See 'gem --help'.") - manager.process_args ["--\e]2;nyan\a"], nil + it "for the 'invalid option' message" do + manager = Gem::CommandManager.new + def manager.terminate_interaction(n) end + manager.should_receive(:alert_error).with("Invalid option: --.]2;nyan.. See 'gem --help'.") + manager.process_args ["--\e]2;nyan\a"], nil + end - it "for the 'loading command' message" do - manager = Gem::CommandManager.new - def manager.require(x) - raise 'foo' - end - manager.should_receive(:alert_error).with("Loading command: .]2;nyan. (RuntimeError)\n\tfoo") - manager.send :load_and_instantiate, "\e]2;nyan\a" + it "for the 'loading command' message" do + manager = Gem::CommandManager.new + manager.ui = @ui + def manager.require(x) + raise 'foo' end + manager.should_receive(:alert_error).with("Loading command: .]2;nyan. (RuntimeError)\n\tfoo") + manager.send :load_and_instantiate, "\e]2;nyan\a" end end end diff --git a/spec/ruby/security/cve_2020_10663_spec.rb b/spec/ruby/security/cve_2020_10663_spec.rb index 766590d501..cce1beb012 100644 --- a/spec/ruby/security/cve_2020_10663_spec.rb +++ b/spec/ruby/security/cve_2020_10663_spec.rb @@ -18,25 +18,22 @@ module JSONSpecs end guard -> { - ruby_version_is "2.6.6" or JSON.const_defined?(:Pure) or version_is(JSON::VERSION, '2.3.0') } do - platform_is_not :darwin do # frequent timeout/hang on macOS - describe "CVE-2020-10663 is resisted by" do - it "only creating custom objects if passed create_additions: true or using JSON.load" do - obj = JSONSpecs::MyClass.new("bar") - JSONSpecs::MyClass.should.json_creatable? - json = JSON.dump(obj) + describe "CVE-2020-10663 is resisted by" do + it "only creating custom objects if passed create_additions: true or using JSON.load" do + obj = JSONSpecs::MyClass.new("bar") + JSONSpecs::MyClass.should.json_creatable? + json = JSON.dump(obj) - JSON.parse(json, create_additions: true).class.should == JSONSpecs::MyClass - JSON(json, create_additions: true).class.should == JSONSpecs::MyClass - JSON.load(json).class.should == JSONSpecs::MyClass + JSON.parse(json, create_additions: true).class.should == JSONSpecs::MyClass + JSON(json, create_additions: true).class.should == JSONSpecs::MyClass + JSON.load(json).class.should == JSONSpecs::MyClass - JSON.parse(json).class.should == Hash - JSON.parse(json, nil).class.should == Hash - JSON(json).class.should == Hash - end + JSON.parse(json).class.should == Hash + JSON.parse(json, nil).class.should == Hash + JSON(json).class.should == Hash end end end |