2 files changed, 35 insertions, 0 deletions

diff --git a/test/fiddle/test_func.rb b/test/fiddle/test_func.rb
index ca89173766..d170c59a75 100644
--- a/test/fiddle/test_func.rb
+++ b/test/fiddle/test_func.rb
@@ -11,6 +11,18 @@ module Fiddle
       assert_nil f.call(10)
     end
 
+    def test_syscall_with_tainted_string
+      f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
+      Thread.new {
+        $SAFE = 1
+        assert_raise(SecurityError) do
+          f.call("uname -rs".dup.taint)
+        end
+      }.join
+    ensure
+      $SAFE = 0
+    end
+
     def test_sinf
       begin
         f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)
diff --git a/test/fiddle/test_handle.rb b/test/fiddle/test_handle.rb
index 17f9c92a11..c0fac39908 100644
--- a/test/fiddle/test_handle.rb
+++ b/test/fiddle/test_handle.rb
@@ -8,6 +8,29 @@ module Fiddle
   class TestHandle < TestCase
     include Fiddle
 
+    def test_safe_handle_open
+      Thread.new do
+        $SAFE = 1
+        assert_raise(SecurityError) {
+          Fiddle::Handle.new(LIBC_SO.dup.taint)
+        }
+      end.join
+    ensure
+      $SAFE = 0
+    end
+
+    def test_safe_function_lookup
+      Thread.new do
+        h = Fiddle::Handle.new(LIBC_SO)
+        $SAFE = 1
+        assert_raise(SecurityError) {
+          h["qsort".dup.taint]
+        }
+      end.join
+    ensure
+      $SAFE = 0
+    end
+
     def test_to_i
       handle = Fiddle::Handle.new(LIBC_SO)
       assert_kind_of Integer, handle.to_i