diff options
Diffstat (limited to 'spec/ruby/security')
| -rw-r--r-- | spec/ruby/security/cve_2018_16396_spec.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb new file mode 100644 index 0000000000..e462e0022d --- /dev/null +++ b/spec/ruby/security/cve_2018_16396_spec.rb @@ -0,0 +1,21 @@ +require_relative '../spec_helper' + +describe "Array#pack" do + + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMmPp".each_char do |f| + ["123456".taint].pack(f).tainted?.should be_true + end + end + +end + +describe "String#unpack" do + + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMm".each_char do |f| + "123456".taint.unpack(f).first.tainted?.should be_true + end + end + +end |