4 files changed, 96 insertions, 117 deletions

diff --git a/spec/ruby/security/cve_2011_4815_spec.rb b/spec/ruby/security/cve_2011_4815_spec.rb
index 44543e6206..02ef10d562 100644
--- a/spec/ruby/security/cve_2011_4815_spec.rb
+++ b/spec/ruby/security/cve_2011_4815_spec.rb
@@ -22,15 +22,12 @@ describe "Float#hash" do
   it_behaves_like :resists_cve_2011_4815, '3.14'
 end
 
-# https://bugs.ruby-lang.org/issues/14420
-guard_not -> { platform_is :windows and PlatformGuard.implementation?(:ruby) } do
-  describe "Rational#hash" do
-    it_behaves_like :resists_cve_2011_4815, 'Rational(1, 2)'
-  end
+describe "Rational#hash" do
+  it_behaves_like :resists_cve_2011_4815, 'Rational(1, 2)'
+end
 
-  describe "Complex#hash" do
-    it_behaves_like :resists_cve_2011_4815, 'Complex(1, 2)'
-  end
+describe "Complex#hash" do
+  it_behaves_like :resists_cve_2011_4815, 'Complex(1, 2)'
 end
 
 describe "String#hash" do
diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb
index f1205412c6..72776cb497 100644
--- a/spec/ruby/security/cve_2017_17742_spec.rb
+++ b/spec/ruby/security/cve_2017_17742_spec.rb
@@ -4,37 +4,31 @@ require "webrick"
 require "stringio"
 require "net/http"
 
-guard -> {
-  ruby_version_is "2.3.7"..."2.4" or
-  ruby_version_is "2.4.4"..."2.5" or
-  ruby_version_is "2.5.1"
-} do
-  describe "WEBrick" do
-    describe "resists CVE-2017-17742" do
-      it "for a response splitting headers" do
-        config = WEBrick::Config::HTTP
-        res = WEBrick::HTTPResponse.new config
-        res['X-header'] = "malicious\r\nCookie: hack"
-        io = StringIO.new
-        res.send_response io
-        io.rewind
-        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-        res.code.should == '500'
-        io.string.should_not =~ /hack/
-      end
+describe "WEBrick" do
+  describe "resists CVE-2017-17742" do
+    it "for a response splitting headers" do
+      config = WEBrick::Config::HTTP
+      res = WEBrick::HTTPResponse.new config
+      res['X-header'] = "malicious\r\nCookie: hack"
+      io = StringIO.new
+      res.send_response io
+      io.rewind
+      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+      res.code.should == '500'
+      io.string.should_not =~ /hack/
+    end
 
-      it "for a response splitting cookie headers" do
-        user_input = "malicious\r\nCookie: hack"
-        config = WEBrick::Config::HTTP
-        res = WEBrick::HTTPResponse.new config
-        res.cookies << WEBrick::Cookie.new('author', user_input)
-        io = StringIO.new
-        res.send_response io
-        io.rewind
-        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-        res.code.should == '500'
-        io.string.should_not =~ /hack/
-      end
+    it "for a response splitting cookie headers" do
+      user_input = "malicious\r\nCookie: hack"
+      config = WEBrick::Config::HTTP
+      res = WEBrick::HTTPResponse.new config
+      res.cookies << WEBrick::Cookie.new('author', user_input)
+      io = StringIO.new
+      res.send_response io
+      io.rewind
+      res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+      res.code.should == '500'
+      io.string.should_not =~ /hack/
     end
   end
 end
diff --git a/spec/ruby/security/cve_2018_6914_spec.rb b/spec/ruby/security/cve_2018_6914_spec.rb
index 657341e474..1837ca0cef 100644
--- a/spec/ruby/security/cve_2018_6914_spec.rb
+++ b/spec/ruby/security/cve_2018_6914_spec.rb
@@ -2,58 +2,52 @@ require_relative '../spec_helper'
 
 require 'tempfile'
 
-guard -> {
-  ruby_version_is "2.3.7"..."2.4" or
-  ruby_version_is "2.4.4"..."2.5" or
-  ruby_version_is "2.5.1"
-} do
-  describe "CVE-2018-6914 is resisted by" do
-    before :all do
-      @traversal_path = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/'
-      @traversal_path.delete!(':') if /mswin|mingw/ =~ RUBY_PLATFORM
-    end
-
-    it "Tempfile.open by deleting separators" do
-      begin
-        expect = Dir.glob(@traversal_path + '*').count
-        t = Tempfile.open([@traversal_path, 'foo'])
-        actual = Dir.glob(@traversal_path + '*').count
-        actual.should == expect
-      ensure
-        t.close!
-      end
-    end
-
-    it "Tempfile.new by deleting separators" do
-      begin
-        expect = Dir.glob(@traversal_path + '*').count
-        t = Tempfile.new(@traversal_path + 'foo')
-        actual = Dir.glob(@traversal_path + '*').count
-        actual.should == expect
-      ensure
-        t.close!
-      end
-    end
+describe "CVE-2018-6914 is resisted by" do
+  before :all do
+    @traversal_path = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/'
+    @traversal_path.delete!(':') if /mswin|mingw/ =~ RUBY_PLATFORM
+  end
 
-    it "Tempfile.create by deleting separators" do
+  it "Tempfile.open by deleting separators" do
+    begin
       expect = Dir.glob(@traversal_path + '*').count
-      Tempfile.create(@traversal_path + 'foo')
+      t = Tempfile.open([@traversal_path, 'foo'])
       actual = Dir.glob(@traversal_path + '*').count
       actual.should == expect
+    ensure
+      t.close!
     end
+  end
 
-    it "Dir.mktmpdir by deleting separators" do
+  it "Tempfile.new by deleting separators" do
+    begin
       expect = Dir.glob(@traversal_path + '*').count
-      Dir.mktmpdir(@traversal_path + 'foo')
+      t = Tempfile.new(@traversal_path + 'foo')
       actual = Dir.glob(@traversal_path + '*').count
       actual.should == expect
+    ensure
+      t.close!
     end
+  end
 
-    it "Dir.mktmpdir with an array by deleting separators" do
-      expect = Dir.glob(@traversal_path + '*').count
-      Dir.mktmpdir([@traversal_path, 'foo'])
-      actual = Dir.glob(@traversal_path + '*').count
-      actual.should == expect
-    end
+  it "Tempfile.create by deleting separators" do
+    expect = Dir.glob(@traversal_path + '*').count
+    Tempfile.create(@traversal_path + 'foo')
+    actual = Dir.glob(@traversal_path + '*').count
+    actual.should == expect
+  end
+
+  it "Dir.mktmpdir by deleting separators" do
+    expect = Dir.glob(@traversal_path + '*').count
+    Dir.mktmpdir(@traversal_path + 'foo')
+    actual = Dir.glob(@traversal_path + '*').count
+    actual.should == expect
+  end
+
+  it "Dir.mktmpdir with an array by deleting separators" do
+    expect = Dir.glob(@traversal_path + '*').count
+    Dir.mktmpdir([@traversal_path, 'foo'])
+    actual = Dir.glob(@traversal_path + '*').count
+    actual.should == expect
   end
 end
diff --git a/spec/ruby/security/cve_2018_8780_spec.rb b/spec/ruby/security/cve_2018_8780_spec.rb
index 44be29bf22..febb1de51d 100644
--- a/spec/ruby/security/cve_2018_8780_spec.rb
+++ b/spec/ruby/security/cve_2018_8780_spec.rb
@@ -1,53 +1,47 @@
 require_relative '../spec_helper'
 
-guard -> {
-  ruby_version_is "2.3.7"..."2.4" or
-  ruby_version_is "2.4.4"..."2.5" or
-  ruby_version_is "2.5.1"
-} do
-  describe "CVE-2018-8780 is resisted by" do
-    before :all do
-      @root = File.realpath(tmp(""))
-    end
+describe "CVE-2018-8780 is resisted by" do
+  before :all do
+    @root = File.realpath(tmp(""))
+  end
+
+  it "Dir.glob by raising an exception when there is a NUL byte" do
+    lambda {
+      Dir.glob([[@root, File.join(@root, "*")].join("\0")])
+    }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
+  end
+
+  it "Dir.entries by raising an exception when there is a NUL byte" do
+    lambda {
+      Dir.entries(@root+"\0")
+    }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
+  end
+
+  it "Dir.foreach by raising an exception when there is a NUL byte" do
+    lambda {
+      Dir.foreach(@root+"\0").to_a
+    }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
+  end
 
-    it "Dir.glob by raising an exception when there is a NUL byte" do
+  ruby_version_is "2.4" do
+    it "Dir.empty? by raising an exception when there is a NUL byte" do
       lambda {
-        Dir.glob([[@root, File.join(@root, "*")].join("\0")])
+        Dir.empty?(@root+"\0")
       }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
     end
+  end
 
-    it "Dir.entries by raising an exception when there is a NUL byte" do
+  ruby_version_is "2.5" do
+    it "Dir.children by raising an exception when there is a NUL byte" do
       lambda {
-        Dir.entries(@root+"\0")
+        Dir.children(@root+"\0")
       }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
     end
 
-    it "Dir.foreach by raising an exception when there is a NUL byte" do
+    it "Dir.each_child by raising an exception when there is a NUL byte" do
       lambda {
-        Dir.foreach(@root+"\0").to_a
+        Dir.each_child(@root+"\0").to_a
       }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
     end
-
-    ruby_version_is "2.5" do
-      it "Dir.children by raising an exception when there is a NUL byte" do
-        lambda {
-          Dir.children(@root+"\0")
-        }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
-      end
-
-      it "Dir.each_child by raising an exception when there is a NUL byte" do
-        lambda {
-          Dir.each_child(@root+"\0").to_a
-        }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
-      end
-    end
-
-    ruby_version_is "2.4" do
-      it "Dir.empty? by raising an exception when there is a NUL byte" do
-        lambda {
-          Dir.empty?(@root+"\0")
-        }.should raise_error(ArgumentError, /(path name|string) contains null byte/)
-      end
-    end
   end
 end