diff options
Diffstat (limited to 'spec/ruby/security')
| -rw-r--r-- | spec/ruby/security/cve_2011_4815_spec.rb | 41 | ||||
| -rw-r--r-- | spec/ruby/security/cve_2013_4164_spec.rb | 19 | ||||
| -rw-r--r-- | spec/ruby/security/cve_2014_8080_spec.rb | 32 |
3 files changed, 92 insertions, 0 deletions
diff --git a/spec/ruby/security/cve_2011_4815_spec.rb b/spec/ruby/security/cve_2011_4815_spec.rb new file mode 100644 index 0000000000..0a353b742a --- /dev/null +++ b/spec/ruby/security/cve_2011_4815_spec.rb @@ -0,0 +1,41 @@ +require File.expand_path('../../spec_helper', __FILE__) + +describe :resists_cve_2011_4815, shared: true do + it "resists CVE-2011-4815 by having different hash codes in different processes" do + eval("(#{@method}).hash.to_s").should_not == ruby_exe("print (#{@method}).hash") + end +end + +describe "Object#hash" do + it_behaves_like :resists_cve_2011_4815, 'Object.new' +end + +describe "Integer#hash with a small value" do + it_behaves_like :resists_cve_2011_4815, '14' +end + +describe "Integer#hash with a large value" do + it_behaves_like :resists_cve_2011_4815, '100000000000000000000000000000' +end + +describe "Float#hash" do + it_behaves_like :resists_cve_2011_4815, '3.14' +end + +describe "String#hash" do + it_behaves_like :resists_cve_2011_4815, '"abc"' +end + +describe "Symbol#hash" do + ruby_bug "#13376", "2.3.0"..."2.3.4" do + it_behaves_like :resists_cve_2011_4815, ':a' + end +end + +describe "Array#hash" do + it_behaves_like :resists_cve_2011_4815, '[1, 2, 3]' +end + +describe "Hash#hash" do + it_behaves_like :resists_cve_2011_4815, '{a: 1, b: 2, c: 3}' +end diff --git a/spec/ruby/security/cve_2013_4164_spec.rb b/spec/ruby/security/cve_2013_4164_spec.rb new file mode 100644 index 0000000000..06b2bb0306 --- /dev/null +++ b/spec/ruby/security/cve_2013_4164_spec.rb @@ -0,0 +1,19 @@ +require File.expand_path('../../spec_helper', __FILE__) + +require 'json' + +describe "String#to_f" do + + it "resists CVE-2013-4164 by converting very long Strings to a Float" do + "1.#{'1'*1000000}".to_f.should be_close(1.1111111111111112, TOLERANCE) + end + +end + +describe "JSON.parse" do + + it "resists CVE-2013-4164 by converting very long Strings to a Float" do + JSON.parse("[1.#{'1'*1000000}]").first.should be_close(1.1111111111111112, TOLERANCE) + end + +end diff --git a/spec/ruby/security/cve_2014_8080_spec.rb b/spec/ruby/security/cve_2014_8080_spec.rb new file mode 100644 index 0000000000..6453b0c317 --- /dev/null +++ b/spec/ruby/security/cve_2014_8080_spec.rb @@ -0,0 +1,32 @@ +require File.expand_path('../../spec_helper', __FILE__) + +require 'rexml/document' + +describe "REXML::Document.new" do + + it "resists CVE-2014-8080 by raising an exception when entity expansion has grown too large" do + xml = <<XML + <?xml version="1.0" encoding="UTF-8" ?> + <!DOCTYPE x [ + <!ENTITY % x0 "xxxxxxxxxx"> + <!ENTITY % x1 "%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;"> + <!ENTITY % x2 "%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;"> + <!ENTITY % x3 "%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;"> + <!ENTITY % x4 "%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;"> + <!ENTITY % x5 "%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;"> + <!ENTITY % x6 "%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;"> + <!ENTITY % x7 "%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;"> + <!ENTITY % x8 "%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;"> + <!ENTITY % x9 "%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;"> + ]> + <x> + %x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9; + </x> +XML + + lambda { REXML::Document.new(xml).doctype.entities['x9'].value }.should raise_error(REXML::ParseException) { |e| + e.message.should =~ /entity expansion has grown too large/ + } + end + +end |