From ffd0820ab317542f8780aac475da590a4bdbc7a8 Mon Sep 17 00:00:00 2001 From: Jeremy Evans Date: Tue, 24 Sep 2019 20:59:12 -0700 Subject: Deprecate taint/trust and related methods, and make the methods no-ops This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby. --- array.c | 11 -- bin/erb | 6 +- class.c | 12 -- dir.c | 4 +- encoding.c | 1 - enum.c | 4 - enumerator.c | 3 - error.c | 17 +- ext/cgi/escape/escape.c | 2 - ext/etc/etc.c | 2 + ext/io/console/console.c | 1 + ext/nkf/nkf.c | 1 - ext/openssl/ossl_rand.c | 8 + ext/openssl/ossl_x509store.c | 2 + ext/pathname/pathname.c | 16 +- ext/socket/ancdata.c | 5 +- ext/socket/init.c | 5 +- ext/socket/raddrinfo.c | 10 +- ext/socket/socket.c | 7 +- file.c | 16 -- gc.c | 5 - hash.c | 53 +----- include/ruby/intern.h | 4 +- io.c | 8 - lib/cgi/core.rb | 4 +- lib/cgi/session/pstore.rb | 1 - lib/delegate.rb | 29 +-- lib/drb/drb.rb | 14 +- lib/drb/ssl.rb | 2 - lib/drb/unix.rb | 1 - lib/find.rb | 4 +- lib/net/imap.rb | 2 +- lib/pp.rb | 6 +- lib/resolv.rb | 4 - lib/set.rb | 10 -- lib/singleton.rb | 8 +- marshal.c | 23 +-- node.h | 2 +- object.c | 122 +++---------- pack.c | 33 +--- proc.c | 6 - range.c | 2 - rational.c | 1 - re.c | 25 --- ruby.c | 1 - safe.c | 8 - signal.c | 6 +- spec/ruby/core/array/clear_spec.rb | 28 +-- spec/ruby/core/array/compact_spec.rb | 44 ++--- spec/ruby/core/array/concat_spec.rb | 110 ++++++------ spec/ruby/core/array/delete_at_spec.rb | 38 ++-- spec/ruby/core/array/delete_if_spec.rb | 24 +-- spec/ruby/core/array/delete_spec.rb | 36 ++-- spec/ruby/core/array/flatten_spec.rb | 12 +- spec/ruby/core/array/multiply_spec.rb | 64 +++---- spec/ruby/core/array/pack/p_spec.rb | 32 ++-- spec/ruby/core/array/pack/shared/basic.rb | 12 +- spec/ruby/core/array/pack/shared/taint.rb | 48 ++--- spec/ruby/core/array/plus_spec.rb | 26 +-- spec/ruby/core/array/pop_spec.rb | 80 +++++---- spec/ruby/core/array/shared/clone.rb | 36 ++-- spec/ruby/core/array/shared/collect.rb | 46 ++--- spec/ruby/core/array/shared/inspect.rb | 36 ++-- spec/ruby/core/array/shared/join.rb | 96 +++++----- spec/ruby/core/array/shift_spec.rb | 26 +-- spec/ruby/core/array/uniq_spec.rb | 90 +++++++--- spec/ruby/core/enumerable/group_by_spec.rb | 14 +- spec/ruby/core/enumerable/shared/entries.rb | 12 +- spec/ruby/core/enumerable/uniq_spec.rb | 90 +++++++--- spec/ruby/core/hash/reject_spec.rb | 8 +- spec/ruby/core/hash/shared/eql.rb | 96 ++++++---- spec/ruby/core/hash/shared/to_s.rb | 16 +- spec/ruby/core/hash/to_a_spec.rb | 12 +- spec/ruby/core/io/gets_spec.rb | 32 ++-- spec/ruby/core/kernel/clone_spec.rb | 12 +- spec/ruby/core/kernel/inspect_spec.rb | 12 +- spec/ruby/core/kernel/shared/dup_clone.rb | 34 ++-- spec/ruby/core/kernel/taint_spec.rb | 62 +++---- spec/ruby/core/kernel/tainted_spec.rb | 14 +- spec/ruby/core/kernel/to_s_spec.rb | 12 +- spec/ruby/core/kernel/trust_spec.rb | 34 ++-- spec/ruby/core/kernel/untaint_spec.rb | 34 ++-- spec/ruby/core/kernel/untrust_spec.rb | 34 ++-- spec/ruby/core/kernel/untrusted_spec.rb | 42 ++--- spec/ruby/core/marshal/dump_spec.rb | 36 ++-- spec/ruby/core/marshal/shared/load.rb | 136 +++++++------- spec/ruby/core/matchdata/post_match_spec.rb | 28 +-- spec/ruby/core/matchdata/pre_match_spec.rb | 28 +-- spec/ruby/core/module/append_features_spec.rb | 20 ++- spec/ruby/core/module/extend_object_spec.rb | 20 ++- spec/ruby/core/module/prepend_features_spec.rb | 20 ++- spec/ruby/core/range/inspect_spec.rb | 20 ++- spec/ruby/core/range/to_s_spec.rb | 20 ++- spec/ruby/core/string/b_spec.rb | 12 +- spec/ruby/core/string/capitalize_spec.rb | 8 +- spec/ruby/core/string/center_spec.rb | 24 +-- spec/ruby/core/string/chomp_spec.rb | 66 ++++--- spec/ruby/core/string/chop_spec.rb | 18 +- spec/ruby/core/string/crypt_spec.rb | 44 ++--- spec/ruby/core/string/delete_prefix_spec.rb | 8 +- spec/ruby/core/string/delete_spec.rb | 10 +- spec/ruby/core/string/delete_suffix_spec.rb | 8 +- spec/ruby/core/string/downcase_spec.rb | 10 +- spec/ruby/core/string/dump_spec.rb | 16 +- spec/ruby/core/string/element_set_spec.rb | 34 ++-- spec/ruby/core/string/gsub_spec.rb | 196 +++++++++++---------- spec/ruby/core/string/insert_spec.rb | 18 +- spec/ruby/core/string/inspect_spec.rb | 16 +- spec/ruby/core/string/ljust_spec.rb | 24 +-- spec/ruby/core/string/lstrip_spec.rb | 10 +- spec/ruby/core/string/modulo_spec.rb | 68 +++---- spec/ruby/core/string/plus_spec.rb | 16 +- spec/ruby/core/string/prepend_spec.rb | 12 +- spec/ruby/core/string/reverse_spec.rb | 8 +- spec/ruby/core/string/rjust_spec.rb | 24 +-- spec/ruby/core/string/rstrip_spec.rb | 10 +- spec/ruby/core/string/scan_spec.rb | 56 +++--- spec/ruby/core/string/shared/chars.rb | 16 +- spec/ruby/core/string/shared/concat.rb | 16 +- spec/ruby/core/string/shared/each_line.rb | 8 +- spec/ruby/core/string/shared/replace.rb | 48 ++--- spec/ruby/core/string/shared/slice.rb | 150 ++++++++-------- spec/ruby/core/string/shared/succ.rb | 8 +- spec/ruby/core/string/shared/to_s.rb | 8 +- spec/ruby/core/string/slice_spec.rb | 108 ++++++------ spec/ruby/core/string/split_spec.rb | 58 +++--- spec/ruby/core/string/squeeze_spec.rb | 14 +- spec/ruby/core/string/strip_spec.rb | 10 +- spec/ruby/core/string/sub_spec.rb | 144 ++++++++------- spec/ruby/core/string/swapcase_spec.rb | 8 +- spec/ruby/core/string/tr_s_spec.rb | 14 +- spec/ruby/core/string/tr_spec.rb | 14 +- spec/ruby/core/string/undump_spec.rb | 12 +- spec/ruby/core/string/unpack/p_spec.rb | 12 +- spec/ruby/core/string/unpack/shared/taint.rb | 128 +++++++------- spec/ruby/core/string/upcase_spec.rb | 10 +- spec/ruby/core/symbol/shared/slice.rb | 24 +-- spec/ruby/language/string_spec.rb | 28 +-- spec/ruby/library/delegate/delegator/taint_spec.rb | 24 +-- spec/ruby/library/delegate/delegator/trust_spec.rb | 22 +-- .../library/delegate/delegator/untaint_spec.rb | 26 +-- .../library/delegate/delegator/untrust_spec.rb | 24 +-- spec/ruby/library/pathname/new_spec.rb | 8 +- .../library/readline/history/delete_at_spec.rb | 12 +- spec/ruby/library/readline/history/each_spec.rb | 8 +- .../readline/history/element_reference_spec.rb | 8 +- spec/ruby/library/readline/history/pop_spec.rb | 12 +- spec/ruby/library/readline/history/shift_spec.rb | 12 +- spec/ruby/library/readline/readline_spec.rb | 8 +- spec/ruby/library/stringscanner/initialize_spec.rb | 1 - .../library/stringscanner/shared/extract_range.rb | 16 +- .../stringscanner/shared/extract_range_matched.rb | 14 +- spec/ruby/library/stringscanner/shared/peek.rb | 14 +- spec/ruby/optional/capi/object_spec.rb | 120 +++++++------ spec/ruby/optional/capi/string_spec.rb | 44 +++-- spec/ruby/security/cve_2018_16396_spec.rb | 16 +- spec/ruby/shared/string/times.rb | 12 +- sprintf.c | 5 - string.c | 120 ++----------- struct.c | 2 - test/-ext-/string/test_fstring.rb | 30 ---- test/-ext-/test_printf.rb | 9 - test/bigdecimal/test_bigdecimal.rb | 9 + test/cgi/test_cgi_util.rb | 7 - test/drb/test_drb.rb | 9 - test/fiddle/test_func.rb | 12 ++ test/fiddle/test_handle.rb | 23 +++ test/net/imap/test_imap_response_parser.rb | 38 ++-- test/pathname/test_pathname.rb | 47 ----- test/readline/test_readline.rb | 15 ++ test/rss/test_parser.rb | 2 +- test/ruby/test_array.rb | 68 ++----- test/ruby/test_econv.rb | 1 - test/ruby/test_encoding.rb | 3 - test/ruby/test_env.rb | 7 - test/ruby/test_exception.rb | 22 --- test/ruby/test_file.rb | 20 --- test/ruby/test_file_exhaustive.rb | 44 ----- test/ruby/test_hash.rb | 62 ++----- test/ruby/test_io.rb | 7 - test/ruby/test_m17n.rb | 15 -- test/ruby/test_marshal.rb | 70 -------- test/ruby/test_method.rb | 3 - test/ruby/test_object.rb | 48 +---- test/ruby/test_pack.rb | 16 -- test/ruby/test_proc.rb | 3 - test/ruby/test_range.rb | 10 -- test/ruby/test_refinement.rb | 1 - test/ruby/test_require.rb | 25 --- test/ruby/test_rubyoptions.rb | 7 - test/ruby/test_signal.rb | 5 - test/ruby/test_string.rb | 79 ++------- test/ruby/test_symbol.rb | 8 - test/ruby/test_trace.rb | 11 -- test/strscan/test_stringscanner.rb | 81 --------- test/test_set.rb | 9 - thread.c | 1 - time.c | 1 - transcode.c | 3 - variable.c | 7 - vm.c | 1 - 201 files changed, 2319 insertions(+), 2901 deletions(-) diff --git a/array.c b/array.c index 3aab2ec2a3..e3bbef6efc 100644 --- a/array.c +++ b/array.c @@ -2285,7 +2285,6 @@ ary_join_0(VALUE ary, VALUE sep, long max, VALUE result) if (i > 0 && !NIL_P(sep)) rb_str_buf_append(result, sep); rb_str_buf_append(result, val); - if (OBJ_TAINTED(val)) OBJ_TAINT(result); } } @@ -2346,11 +2345,9 @@ VALUE rb_ary_join(VALUE ary, VALUE sep) { long len = 1, i; - int taint = FALSE; VALUE val, tmp, result; if (RARRAY_LEN(ary) == 0) return rb_usascii_str_new(0, 0); - if (OBJ_TAINTED(ary)) taint = TRUE; if (!NIL_P(sep)) { StringValue(sep); @@ -2364,7 +2361,6 @@ rb_ary_join(VALUE ary, VALUE sep) int first; result = rb_str_buf_new(len + (RARRAY_LEN(ary)-i)*10); rb_enc_associate(result, rb_usascii_encoding()); - if (taint) OBJ_TAINT(result); ary_join_0(ary, sep, i, result); first = i == 0; ary_join_1(ary, ary, sep, i, result, &first); @@ -2377,7 +2373,6 @@ rb_ary_join(VALUE ary, VALUE sep) result = rb_str_new(0, len); rb_str_set_len(result, 0); - if (taint) OBJ_TAINT(result); ary_join_0(ary, sep, RARRAY_LEN(ary), result); return result; @@ -2419,7 +2414,6 @@ rb_ary_join_m(int argc, VALUE *argv, VALUE ary) static VALUE inspect_ary(VALUE ary, VALUE dummy, int recur) { - int tainted = OBJ_TAINTED(ary); long i; VALUE s, str; @@ -2427,13 +2421,11 @@ inspect_ary(VALUE ary, VALUE dummy, int recur) str = rb_str_buf_new2("["); for (i=0; i 0) rb_str_buf_cat2(str, ", "); else rb_enc_copy(str, s); rb_str_buf_append(str, s); } rb_str_buf_cat2(str, "]"); - if (tainted) OBJ_TAINT(str); return str; } @@ -4135,8 +4127,6 @@ rb_ary_times(VALUE ary, VALUE times) } } out: - OBJ_INFECT(ary2, ary); - return ary2; } @@ -5315,7 +5305,6 @@ rb_ary_flatten(int argc, VALUE *argv, VALUE ary) if (result == ary) { result = ary_make_shared_copy(ary); } - OBJ_INFECT(result, ary); return result; } diff --git a/bin/erb b/bin/erb index d5e51ee969..2435224fe1 100755 --- a/bin/erb +++ b/bin/erb @@ -128,10 +128,10 @@ EOU exit 2 unless src trim = trim_mode_opt(trim_mode, disable_percent) if safe_level.nil? - erb = factory.new(src.untaint, trim_mode: trim) + erb = factory.new(src, trim_mode: trim) else # [deprecated] This will be removed at Ruby 2.7. - erb = factory.new(src.untaint, safe_level, trim_mode: trim) + erb = factory.new(src, safe_level, trim_mode: trim) end erb.filename = filename if output @@ -143,7 +143,7 @@ EOU puts erb.src end else - bind = TOPLEVEL_BINDING.taint + bind = TOPLEVEL_BINDING if variables enc = erb.encoding for var, val in variables do diff --git a/class.c b/class.c index 0b2bd2c703..c253b4b642 100644 --- a/class.c +++ b/class.c @@ -205,7 +205,6 @@ rb_class_boot(VALUE super) RCLASS_SET_SUPER(klass, super); RCLASS_M_TBL_INIT(klass); - OBJ_INFECT(klass, super); return (VALUE)klass; } @@ -511,8 +510,6 @@ make_metaclass(VALUE klass) while (RB_TYPE_P(super, T_ICLASS)) super = RCLASS_SUPER(super); RCLASS_SET_SUPER(metaclass, super ? ENSURE_EIGENCLASS(super) : rb_cClass); - OBJ_INFECT(metaclass, RCLASS_SUPER(metaclass)); - return metaclass; } @@ -851,8 +848,6 @@ rb_include_class_new(VALUE module, VALUE super) else { RBASIC_SET_CLASS(klass, module); } - OBJ_INFECT(klass, module); - OBJ_INFECT(klass, super); return (VALUE)klass; } @@ -867,7 +862,6 @@ ensure_includable(VALUE klass, VALUE module) if (!NIL_P(rb_refinement_module_get_refined_class(module))) { rb_raise(rb_eArgError, "refinement module is not allowed"); } - OBJ_INFECT(klass, module); } void @@ -1660,12 +1654,6 @@ singleton_class_of(VALUE obj) RCLASS_SERIAL(klass) = serial; } - if (OBJ_TAINTED(obj)) { - OBJ_TAINT(klass); - } - else { - FL_UNSET(klass, FL_TAINT); - } RB_FL_SET_RAW(klass, RB_OBJ_FROZEN_RAW(obj)); return klass; diff --git a/dir.c b/dir.c index cefb5e7475..93c696b42b 100644 --- a/dir.c +++ b/dir.c @@ -1129,9 +1129,8 @@ rb_dir_getwd_ospath(void) DATA_PTR(path_guard) = path; #ifdef __APPLE__ cwd = rb_str_normalize_ospath(path, strlen(path)); - OBJ_TAINT(cwd); #else - cwd = rb_tainted_str_new2(path); + cwd = rb_str_new2(path); #endif DATA_PTR(path_guard) = 0; @@ -2564,7 +2563,6 @@ push_pattern(const char *path, VALUE ary, void *enc) #if defined _WIN32 || defined __APPLE__ VALUE name = rb_utf8_str_new_cstr(path); rb_encoding *eenc = rb_default_internal_encoding(); - OBJ_TAINT(name); name = rb_str_conv_enc(name, NULL, eenc ? eenc : enc); #else VALUE name = rb_external_str_new_with_enc(path, strlen(path), enc); diff --git a/encoding.c b/encoding.c index b000e0f4a9..50093df601 100644 --- a/encoding.c +++ b/encoding.c @@ -649,7 +649,6 @@ load_encoding(const char *name) else if (ISUPPER(*s)) *s = (char)TOLOWER(*s); ++s; } - FL_UNSET(enclib, FL_TAINT); enclib = rb_fstring(enclib); ruby_verbose = Qfalse; ruby_debug = Qfalse; diff --git a/enum.c b/enum.c index 829d67a046..0653280f8f 100644 --- a/enum.c +++ b/enum.c @@ -647,7 +647,6 @@ enum_to_a(int argc, VALUE *argv, VALUE obj) VALUE ary = rb_ary_new(); rb_block_call(obj, id_each, argc, argv, collect_all, ary); - OBJ_INFECT(ary, obj); return ary; } @@ -657,7 +656,6 @@ enum_hashify(VALUE obj, int argc, const VALUE *argv, rb_block_call_func *iter) { VALUE hash = rb_hash_new(); rb_block_call(obj, id_each, argc, argv, iter, hash); - OBJ_INFECT(hash, obj); return hash; } @@ -1245,7 +1243,6 @@ enum_sort_by(VALUE obj) buf = rb_ary_tmp_new(SORT_BY_BUFSIZE*2); rb_ary_store(buf, SORT_BY_BUFSIZE*2-1, Qnil); memo = MEMO_NEW(0, 0, 0); - OBJ_INFECT(memo, obj); data = (struct sort_by_data *)&memo->v1; RB_OBJ_WRITE(memo, &data->ary, ary); RB_OBJ_WRITE(memo, &data->buf, buf); @@ -1270,7 +1267,6 @@ enum_sort_by(VALUE obj) } rb_ary_resize(ary, RARRAY_LEN(ary)/2); RBASIC_SET_CLASS_RAW(ary, rb_cArray); - OBJ_INFECT(ary, memo); return ary; } diff --git a/enumerator.c b/enumerator.c index 5f21455ddd..a5d7106b60 100644 --- a/enumerator.c +++ b/enumerator.c @@ -1077,7 +1077,6 @@ inspect_enumerator(VALUE obj, VALUE dummy, int recur) if (recur) { str = rb_sprintf("#<%"PRIsVALUE": ...>", rb_class_path(cname)); - OBJ_TAINT(str); return str; } @@ -1172,7 +1171,6 @@ append_method(VALUE obj, VALUE str, ID default_method, VALUE default_args) rb_str_append(str, rb_inspect(arg)); rb_str_buf_cat2(str, ", "); - OBJ_INFECT(str, arg); } if (!NIL_P(kwds)) { rb_hash_foreach(kwds, kwd_append, str); @@ -3609,7 +3607,6 @@ arith_seq_inspect(VALUE self) rb_str_append(str, rb_inspect(arg)); rb_str_buf_cat2(str, ", "); - OBJ_INFECT(str, arg); } if (!NIL_P(kwds)) { rb_hash_foreach(kwds, kwd_append, str); diff --git a/error.c b/error.c index 6ce49e0aa2..0859036615 100644 --- a/error.c +++ b/error.c @@ -2018,7 +2018,6 @@ syserr_initialize(int argc, VALUE *argv, VALUE self) if (!NIL_P(func)) rb_str_catf(errmsg, " @ %"PRIsVALUE, func); rb_str_catf(errmsg, " - %"PRIsVALUE, str); - OBJ_INFECT(errmsg, mesg); } mesg = errmsg; @@ -2319,19 +2318,7 @@ syserr_eqq(VALUE self, VALUE exc) /* * Document-class: SecurityError * - * Raised when attempting a potential unsafe operation, typically when - * the $SAFE level is raised above 0. - * - * foo = "bar" - * proc = Proc.new do - * $SAFE = 3 - * foo.untaint - * end - * proc.call - * - * raises the exception: - * - * SecurityError: Insecure: Insecure operation `untaint' at level 3 + * No longer used by internal code. */ /* @@ -2971,12 +2958,14 @@ rb_check_frozen(VALUE obj) void rb_error_untrusted(VALUE obj) { + rb_warning("rb_error_untrusted is deprecated and will be removed in Ruby 3.2."); } #undef rb_check_trusted void rb_check_trusted(VALUE obj) { + rb_warning("rb_check_trusted is deprecated and will be removed in Ruby 3.2."); } void diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c index 76d8f0d067..47188819cd 100644 --- a/ext/cgi/escape/escape.c +++ b/ext/cgi/escape/escape.c @@ -30,8 +30,6 @@ static inline void preserve_original_state(VALUE orig, VALUE dest) { rb_enc_associate(dest, rb_enc_get(orig)); - - RB_OBJ_INFECT_RAW(dest, orig); } static VALUE diff --git a/ext/etc/etc.c b/ext/etc/etc.c index 1bb10e0b38..28761df8c1 100644 --- a/ext/etc/etc.c +++ b/ext/etc/etc.c @@ -219,6 +219,7 @@ etc_getpwnam(VALUE obj, VALUE nam) struct passwd *pwd; const char *p = StringValueCStr(nam); + rb_check_safe_obj(nam); pwd = getpwnam(p); if (pwd == 0) rb_raise(rb_eArgError, "can't find user for %"PRIsVALUE, nam); return setup_passwd(pwd); @@ -462,6 +463,7 @@ etc_getgrnam(VALUE obj, VALUE nam) struct group *grp; const char *p = StringValueCStr(nam); + rb_check_safe_obj(nam); grp = getgrnam(p); if (grp == 0) rb_raise(rb_eArgError, "can't find group for %"PRIsVALUE, nam); return setup_group(grp); diff --git a/ext/io/console/console.c b/ext/io/console/console.c index 42b000fc30..4f0470940a 100644 --- a/ext/io/console/console.c +++ b/ext/io/console/console.c @@ -1483,6 +1483,7 @@ prompt(int argc, VALUE *argv, VALUE io) if (argc > 0 && !NIL_P(argv[0])) { VALUE str = argv[0]; StringValueCStr(str); + rb_check_safe_obj(str); rb_io_write(io, str); } } diff --git a/ext/nkf/nkf.c b/ext/nkf/nkf.c index c958c91753..37717e4799 100644 --- a/ext/nkf/nkf.c +++ b/ext/nkf/nkf.c @@ -168,7 +168,6 @@ rb_nkf_convert(VALUE obj, VALUE opt, VALUE src) /* use _result_ end */ rb_str_set_len(tmp, output_ctr); - OBJ_INFECT(tmp, src); if (mimeout_f) rb_enc_associate(tmp, rb_usascii_encoding()); diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c index 4a4f9dd5bf..c95857060a 100644 --- a/ext/openssl/ossl_rand.c +++ b/ext/openssl/ossl_rand.c @@ -67,6 +67,8 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy) static VALUE ossl_rand_load_file(VALUE self, VALUE filename) { + rb_check_safe_obj(filename); + if(!RAND_load_file(StringValueCStr(filename), -1)) { ossl_raise(eRandomError, NULL); } @@ -84,6 +86,8 @@ ossl_rand_load_file(VALUE self, VALUE filename) static VALUE ossl_rand_write_file(VALUE self, VALUE filename) { + rb_check_safe_obj(filename); + if (RAND_write_file(StringValueCStr(filename)) == -1) { ossl_raise(eRandomError, NULL); } @@ -160,6 +164,8 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len) static VALUE ossl_rand_egd(VALUE self, VALUE filename) { + rb_check_safe_obj(filename); + if (RAND_egd(StringValueCStr(filename)) == -1) { ossl_raise(eRandomError, NULL); } @@ -180,6 +186,8 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) { int n = NUM2INT(len); + rb_check_safe_obj(filename); + if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) { ossl_raise(eRandomError, NULL); } diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 61543d44f6..2909eeda17 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -304,6 +304,7 @@ ossl_x509store_add_file(VALUE self, VALUE file) char *path = NULL; if(file != Qnil){ + rb_check_safe_obj(file); path = StringValueCStr(file); } GetX509Store(self, store); @@ -339,6 +340,7 @@ ossl_x509store_add_path(VALUE self, VALUE dir) char *path = NULL; if(dir != Qnil){ + rb_check_safe_obj(dir); path = StringValueCStr(dir); } GetX509Store(self, store); diff --git a/ext/pathname/pathname.c b/ext/pathname/pathname.c index 75d04d0aee..15f80d487e 100644 --- a/ext/pathname/pathname.c +++ b/ext/pathname/pathname.c @@ -110,7 +110,6 @@ path_initialize(VALUE self, VALUE arg) str = rb_obj_dup(str); set_strpath(self, str); - OBJ_INFECT(self, str); return self; } @@ -134,15 +133,12 @@ path_freeze(VALUE self) * call-seq: * pathname.taint -> obj * - * Taints this Pathname. - * - * See Object.taint. + * Returns pathname. This method is deprecated and will be removed in Ruby 3.2. */ static VALUE path_taint(VALUE self) { - rb_call_super(0, 0); - rb_obj_taint(get_strpath(self)); + rb_warning("Pathname#taint is deprecated and will be removed in Ruby 3.2."); return self; } @@ -150,15 +146,12 @@ path_taint(VALUE self) * call-seq: * pathname.untaint -> obj * - * Untaints this Pathname. - * - * See Object.untaint. + * Returns pathname. This method is deprecated and will be removed in Ruby 3.2. */ static VALUE path_untaint(VALUE self) { - rb_call_super(0, 0); - rb_obj_untaint(get_strpath(self)); + rb_warning("Pathname#untaint is deprecated and will be removed in Ruby 3.2."); return self; } @@ -308,7 +301,6 @@ path_sub_ext(VALUE self, VALUE repl) } str2 = rb_str_subseq(str, 0, ext-p); rb_str_append(str2, repl); - OBJ_INFECT(str2, str); return rb_class_new_instance(1, &str2, rb_obj_class(self)); } diff --git a/ext/socket/ancdata.c b/ext/socket/ancdata.c index 69c766e6fd..84463af061 100644 --- a/ext/socket/ancdata.c +++ b/ext/socket/ancdata.c @@ -1631,10 +1631,9 @@ bsock_recvmsg_internal(VALUE sock, } if (NIL_P(dat_str)) - dat_str = rb_tainted_str_new(datbuf, ss); + dat_str = rb_str_new(datbuf, ss); else { rb_str_resize(dat_str, ss); - OBJ_TAINT(dat_str); rb_obj_reveal(dat_str, rb_cString); } @@ -1660,7 +1659,7 @@ bsock_recvmsg_internal(VALUE sock, } ctl_end = (char*)cmh + cmh->cmsg_len; clen = (ctl_end <= msg_end ? ctl_end : msg_end) - (char*)CMSG_DATA(cmh); - ctl = ancdata_new(family, cmh->cmsg_level, cmh->cmsg_type, rb_tainted_str_new((char*)CMSG_DATA(cmh), clen)); + ctl = ancdata_new(family, cmh->cmsg_level, cmh->cmsg_type, rb_str_new((char*)CMSG_DATA(cmh), clen)); if (request_scm_rights) make_io_for_unix_rights(ctl, cmh, msg_end); else diff --git a/ext/socket/init.c b/ext/socket/init.c index 44d1506973..0675194d74 100644 --- a/ext/socket/init.c +++ b/ext/socket/init.c @@ -143,7 +143,7 @@ rsock_strbuf(VALUE str, long buflen) { long len; - if (NIL_P(str)) return rb_tainted_str_new(0, buflen); + if (NIL_P(str)) return rb_str_new(0, buflen); StringValue(str); len = RSTRING_LEN(str); @@ -201,7 +201,6 @@ rsock_s_recvfrom(VALUE sock, int argc, VALUE *argv, enum sock_recv_type from) if (slen != RSTRING_LEN(str)) { rb_str_set_len(str, slen); } - rb_obj_taint(str); switch (from) { case RECV_RECV: return str; @@ -282,7 +281,6 @@ rsock_s_recvfrom_nonblock(VALUE sock, VALUE len, VALUE flg, VALUE str, if (slen != RSTRING_LEN(str)) { rb_str_set_len(str, slen); } - rb_obj_taint(str); switch (from) { case RECV_RECV: return str; @@ -329,7 +327,6 @@ rsock_read_nonblock(VALUE sock, VALUE length, VALUE buf, VALUE ex) VALUE str = rsock_strbuf(buf, len); char *ptr; - OBJ_TAINT(str); GetOpenFile(sock, fptr); if (len == 0) { diff --git a/ext/socket/raddrinfo.c b/ext/socket/raddrinfo.c index cc296749b0..9ec2fdc329 100644 --- a/ext/socket/raddrinfo.c +++ b/ext/socket/raddrinfo.c @@ -969,7 +969,7 @@ init_addrinfo_getaddrinfo(rb_addrinfo_t *rai, VALUE node, VALUE service, canonname = Qnil; if (res->ai->ai_canonname) { - canonname = rb_tainted_str_new_cstr(res->ai->ai_canonname); + canonname = rb_str_new_cstr(res->ai->ai_canonname); OBJ_FREEZE(canonname); } @@ -1019,8 +1019,6 @@ make_inspectname(VALUE node, VALUE service, struct addrinfo *res) rb_str_catf(inspectname, ":%d", FIX2INT(service)); } if (!NIL_P(inspectname)) { - OBJ_INFECT(inspectname, node); - OBJ_INFECT(inspectname, service); OBJ_FREEZE(inspectname); } return inspectname; @@ -1039,7 +1037,7 @@ addrinfo_firstonly_new(VALUE node, VALUE service, VALUE family, VALUE socktype, canonname = Qnil; if (res->ai->ai_canonname) { - canonname = rb_tainted_str_new_cstr(res->ai->ai_canonname); + canonname = rb_str_new_cstr(res->ai->ai_canonname); OBJ_FREEZE(canonname); } @@ -1069,7 +1067,7 @@ addrinfo_list_new(VALUE node, VALUE service, VALUE family, VALUE socktype, VALUE VALUE canonname = Qnil; if (r->ai_canonname) { - canonname = rb_tainted_str_new_cstr(r->ai_canonname); + canonname = rb_str_new_cstr(r->ai_canonname); OBJ_FREEZE(canonname); } @@ -1908,7 +1906,6 @@ addrinfo_to_sockaddr(VALUE self) rb_addrinfo_t *rai = get_addrinfo(self); VALUE ret; ret = rb_str_new((char*)&rai->addr, rai->sockaddr_len); - OBJ_INFECT(ret, self); return ret; } @@ -2591,7 +2588,6 @@ addrinfo_s_unix(int argc, VALUE *argv, VALUE self) addr = addrinfo_s_allocate(rb_cAddrinfo); DATA_PTR(addr) = rai = alloc_addrinfo(); init_unix_addrinfo(rai, path, socktype); - OBJ_INFECT(addr, path); return addr; } diff --git a/ext/socket/socket.c b/ext/socket/socket.c index f1017910ce..bfeb30340c 100644 --- a/ext/socket/socket.c +++ b/ext/socket/socket.c @@ -1164,7 +1164,7 @@ sock_s_getservbyport(int argc, VALUE *argv, VALUE _) if (!sp) { rb_raise(rb_eSocket, "no such service for port %d/%s", (int)portnum, protoname); } - return rb_tainted_str_new2(sp->s_name); + return rb_str_new2(sp->s_name); } /* @@ -1414,8 +1414,6 @@ sock_s_pack_sockaddr_in(VALUE self, VALUE port, VALUE host) VALUE addr = rb_str_new((char*)res->ai->ai_addr, res->ai->ai_addrlen); rb_freeaddrinfo(res); - OBJ_INFECT(addr, port); - OBJ_INFECT(addr, host); return addr; } @@ -1457,7 +1455,6 @@ sock_s_unpack_sockaddr_in(VALUE self, VALUE addr) #endif } host = rsock_make_ipaddr((struct sockaddr*)sockaddr, RSTRING_SOCKLEN(addr)); - OBJ_INFECT(host, addr); return rb_assoc_new(INT2NUM(ntohs(sockaddr->sin_port)), host); } @@ -1487,7 +1484,6 @@ sock_s_pack_sockaddr_un(VALUE self, VALUE path) } memcpy(sockaddr.sun_path, RSTRING_PTR(path), RSTRING_LEN(path)); addr = rb_str_new((char*)&sockaddr, rsock_unix_sockaddr_len(path)); - OBJ_INFECT(addr, path); return addr; } @@ -1524,7 +1520,6 @@ sock_s_unpack_sockaddr_un(VALUE self, VALUE addr) RSTRING_LEN(addr), (int)sizeof(struct sockaddr_un)); } path = rsock_unixpath_str(sockaddr, RSTRING_SOCKLEN(addr)); - OBJ_INFECT(path, addr); return path; } #endif diff --git a/file.c b/file.c index 67ef2d0503..05cdf51e77 100644 --- a/file.c +++ b/file.c @@ -160,8 +160,6 @@ VALUE rb_cFile; VALUE rb_mFileTest; VALUE rb_cStat; -#define insecure_obj_p(obj, level) ((level) > 0 && OBJ_TAINTED(obj)) - static VALUE file_path_convert(VALUE name) { @@ -1074,7 +1072,6 @@ rb_stat_inspect(VALUE self) } } rb_str_buf_cat2(str, ">"); - OBJ_INFECT(str, self); return str; } @@ -3651,18 +3648,15 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na const char *s, *b, *fend; char *buf, *p, *pend, *root; size_t buflen, bdiff; - int tainted; rb_encoding *enc, *fsenc = rb_filesystem_encoding(); s = StringValuePtr(fname); fend = s + RSTRING_LEN(fname); enc = rb_enc_get(fname); BUFINIT(); - tainted = OBJ_TAINTED(fname); if (s[0] == '~' && abs_mode == 0) { /* execute only if NOT absolute_path() */ long userlen = 0; - tainted = 1; if (isdirsep(s[1]) || s[1] == '\0') { buf = 0; b = 0; @@ -3720,7 +3714,6 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na } if (!same) { char *e = append_fspath(result, fname, getcwdofdrv(*s), &enc, fsenc); - tainted = 1; BUFINIT(); p = e; } @@ -3742,7 +3735,6 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na } else { char *e = append_fspath(result, fname, ruby_getcwd(), &enc, fsenc); - tainted = 1; BUFINIT(); p = e; } @@ -3993,7 +3985,6 @@ rb_file_expand_path_internal(VALUE fname, VALUE dname, int abs_mode, int long_na } #endif - if (tainted) OBJ_TAINT(result); rb_str_set_len(result, p - buf); rb_enc_check(fname, result); ENC_CODERANGE_CLEAR(result); @@ -4340,7 +4331,6 @@ rb_check_realpath_emulate(VALUE basedir, VALUE path, enum rb_realpath_mode mode) } } - rb_obj_taint(resolved); RB_GC_GUARD(unresolved_path); RB_GC_GUARD(curdir); return resolved; @@ -4409,7 +4399,6 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode } } - rb_obj_taint(resolved); RB_GC_GUARD(unresolved_path); return resolved; #else @@ -4631,7 +4620,6 @@ rb_file_s_basename(int argc, VALUE *argv, VALUE _) basename = rb_str_new(p, f); rb_enc_copy(basename, fname); - OBJ_INFECT(basename, fname); return basename; } @@ -4693,7 +4681,6 @@ rb_file_dirname(VALUE fname) rb_str_cat(dirname, ".", 1); #endif rb_enc_copy(dirname, fname); - OBJ_INFECT(dirname, fname); return dirname; } @@ -4802,7 +4789,6 @@ rb_file_s_extname(VALUE klass, VALUE fname) if (len < 1) return rb_str_new(0, 0); extname = rb_str_subseq(fname, e - name, len); /* keep the dot, too! */ - OBJ_INFECT(extname, fname); return extname; } @@ -4873,7 +4859,6 @@ rb_file_join(VALUE ary) len += RARRAY_LEN(ary) - 1; result = rb_str_buf_new(len); RBASIC_CLEAR_CLASS(result); - OBJ_INFECT(result, ary); for (i=0; i "); v = SPECIAL_CONST_P(v) ? rb_inspect(v) : rb_any_to_s(v); rb_str_append(str, v); - OBJ_INFECT(str, k); - OBJ_INFECT(str, v); return ST_CONTINUE; } diff --git a/hash.c b/hash.c index b0746cb4c6..ab9af762a9 100644 --- a/hash.c +++ b/hash.c @@ -40,7 +40,7 @@ #define HAS_EXTRA_STATES(hash, klass) ( \ ((klass = has_extra_methods(rb_obj_class(hash))) != 0) || \ - FL_TEST((hash), FL_EXIVAR|FL_TAINT|RHASH_PROC_DEFAULT) || \ + FL_TEST((hash), FL_EXIVAR|RHASH_PROC_DEFAULT) || \ !NIL_P(RHASH_IFNONE(hash))) #define SET_DEFAULT(hash, ifnone) ( \ @@ -1554,7 +1554,7 @@ rb_hash_dup(VALUE hash) { const VALUE flags = RBASIC(hash)->flags; VALUE ret = hash_dup(hash, rb_obj_class(hash), - flags & (FL_EXIVAR|FL_TAINT|RHASH_PROC_DEFAULT)); + flags & (FL_EXIVAR|RHASH_PROC_DEFAULT)); if (flags & FL_EXIVAR) rb_copy_generic_ivar(ret, hash); return ret; @@ -2744,7 +2744,7 @@ hash_aset(st_data_t *key, st_data_t *val, struct update_arg *arg, int existing) VALUE rb_hash_key_str(VALUE key) { - if (!RB_FL_ANY_RAW(key, FL_TAINT|FL_EXIVAR) && RBASIC_CLASS(key) == rb_cString) { + if (!RB_FL_ANY_RAW(key, FL_EXIVAR) && RBASIC_CLASS(key) == rb_cString) { return rb_fstring(key); } else { @@ -3200,7 +3200,6 @@ rb_hash_to_a(VALUE hash) ary = rb_ary_new_capa(RHASH_SIZE(hash)); rb_hash_foreach(hash, to_a_i, ary); - OBJ_INFECT(ary, hash); return ary; } @@ -3218,11 +3217,9 @@ inspect_i(VALUE key, VALUE value, VALUE str) rb_enc_copy(str, str2); } rb_str_buf_append(str, str2); - OBJ_INFECT(str, str2); rb_str_buf_cat_ascii(str, "=>"); str2 = rb_inspect(value); rb_str_buf_append(str, str2); - OBJ_INFECT(str, str2); return ST_CONTINUE; } @@ -3236,7 +3233,6 @@ inspect_hash(VALUE hash, VALUE dummy, int recur) str = rb_str_buf_new2("{"); rb_hash_foreach(hash, inspect_i, str); rb_str_buf_cat2(str, "}"); - OBJ_INFECT(str, hash); return str; } @@ -3303,7 +3299,6 @@ rb_hash_to_h_block(VALUE hash) { VALUE h = rb_hash_new_with_size(RHASH_SIZE(hash)); rb_hash_foreach(hash, to_h_i, h); - OBJ_INFECT(h, hash); return h; } @@ -4556,8 +4551,6 @@ rb_hash_bulk_insert(long argc, const VALUE *argv, VALUE hash) } } -static int path_tainted = -1; - static char **origenviron; #ifdef _WIN32 #define GET_ENVIRON(e) ((e) = rb_w32_get_environ()) @@ -4615,7 +4608,6 @@ env_enc_str_new(const char *ptr, long len, rb_encoding *enc) VALUE str = rb_external_str_new_with_enc(ptr, len, enc); #endif - OBJ_TAINT(str); rb_obj_freeze(str); return str; } @@ -4639,15 +4631,13 @@ env_str_new2(const char *ptr) return env_str_new(ptr, strlen(ptr)); } -static int env_path_tainted(const char *); - static const char TZ_ENV[] = "TZ"; extern bool ruby_tz_uptodate_p; static rb_encoding * env_encoding_for(const char *name, const char *ptr) { - if (ENVMATCH(name, PATH_ENV) && !env_path_tainted(ptr)) { + if (ENVMATCH(name, PATH_ENV)) { return rb_filesystem_encoding(); } else { @@ -4725,7 +4715,6 @@ env_delete(VALUE name) ruby_setenv(nam, 0); if (ENVMATCH(nam, PATH_ENV)) { RB_GC_GUARD(name); - path_tainted = 0; } else if (ENVMATCH(nam, TZ_ENV)) { ruby_tz_uptodate_p = FALSE; @@ -4842,28 +4831,11 @@ env_fetch(int argc, VALUE *argv, VALUE _) return env_name_new(nam, env); } -static void -path_tainted_p(const char *path) -{ - path_tainted = rb_path_check(path)?0:1; -} - -static int -env_path_tainted(const char *path) -{ - if (path_tainted < 0) { - path_tainted_p(path); - } - return path_tainted; -} - int rb_env_path_tainted(void) { - if (path_tainted < 0) { - path_tainted_p(getenv(PATH_ENV)); - } - return path_tainted; + rb_warning("rb_env_path_tainted is deprecated and will be removed in Ruby 3.2."); + return 0; } #if defined(_WIN32) || (defined(HAVE_SETENV) && defined(HAVE_UNSETENV)) @@ -5133,14 +5105,6 @@ env_aset(VALUE nm, VALUE val) ruby_setenv(name, value); if (ENVMATCH(name, PATH_ENV)) { RB_GC_GUARD(nm); - if (OBJ_TAINTED(val)) { - /* already tainted, no check */ - path_tainted = 1; - return val; - } - else { - path_tainted_p(value); - } } else if (ENVMATCH(name, TZ_ENV)) { ruby_tz_uptodate_p = FALSE; @@ -5342,7 +5306,6 @@ env_reject_bang(VALUE ehash) VALUE val = rb_f_getenv(Qnil, RARRAY_AREF(keys, i)); if (!NIL_P(val)) { if (RTEST(rb_yield_values(2, RARRAY_AREF(keys, i), val))) { - FL_UNSET(RARRAY_AREF(keys, i), FL_TAINT); env_delete(RARRAY_AREF(keys, i)); del++; } @@ -5452,7 +5415,6 @@ env_select_bang(VALUE ehash) VALUE val = rb_f_getenv(Qnil, RARRAY_AREF(keys, i)); if (!NIL_P(val)) { if (!RTEST(rb_yield_values(2, RARRAY_AREF(keys, i), val))) { - FL_UNSET(RARRAY_AREF(keys, i), FL_TAINT); env_delete(RARRAY_AREF(keys, i)); del++; } @@ -5581,7 +5543,6 @@ env_inspect(VALUE _) } FREE_ENVIRON(environ); rb_str_buf_cat2(str, "}"); - OBJ_TAINT(str); return str; } @@ -5755,7 +5716,7 @@ env_rassoc(VALUE dmy, VALUE obj) if (s++) { long len = strlen(s); if (RSTRING_LEN(obj) == len && strncmp(s, RSTRING_PTR(obj), len) == 0) { - VALUE result = rb_assoc_new(rb_tainted_str_new(*env, s-*env-1), obj); + VALUE result = rb_assoc_new(rb_str_new(*env, s-*env-1), obj); FREE_ENVIRON(environ); return result; } diff --git a/include/ruby/intern.h b/include/ruby/intern.h index e20aa3155d..8ce3ed721c 100644 --- a/include/ruby/intern.h +++ b/include/ruby/intern.h @@ -308,10 +308,8 @@ void rb_check_trusted(VALUE); rb_error_frozen_object(frozen_obj); \ } \ } while (0) -#define rb_check_trusted_internal(obj) ((void) 0) #ifdef __GNUC__ #define rb_check_frozen(obj) __extension__({rb_check_frozen_internal(obj);}) -#define rb_check_trusted(obj) __extension__({rb_check_trusted_internal(obj);}) #else static inline void rb_check_frozen_inline(VALUE obj) @@ -322,7 +320,7 @@ rb_check_frozen_inline(VALUE obj) static inline void rb_check_trusted_inline(VALUE obj) { - rb_check_trusted_internal(obj); + rb_check_trusted(obj); } #define rb_check_trusted(obj) rb_check_trusted_inline(obj) #endif diff --git a/io.c b/io.c index 47d37d121a..63d8172e07 100644 --- a/io.c +++ b/io.c @@ -2525,7 +2525,6 @@ remain_size(rb_io_t *fptr) static VALUE io_enc_str(VALUE str, rb_io_t *fptr) { - OBJ_TAINT(str); rb_enc_associate(str, io_read_encoding(fptr)); return str; } @@ -2655,7 +2654,6 @@ io_shift_cbuf(rb_io_t *fptr, int len, VALUE *strp) else { rb_str_cat(str, fptr->cbuf.ptr+fptr->cbuf.off, len); } - OBJ_TAINT(str); rb_enc_associate(str, fptr->encs.enc); } fptr->cbuf.off += len; @@ -2820,7 +2818,6 @@ io_getpartial(int argc, VALUE *argv, VALUE io, int no_exception, int nonblock) } shrinkable = io_setstrbuf(&str, len); - OBJ_TAINT(str); GetOpenFile(io, fptr); rb_io_check_byte_readable(fptr); @@ -2963,7 +2960,6 @@ io_read_nonblock(rb_execution_context_t *ec, VALUE io, VALUE length, VALUE str, } shrinkable = io_setstrbuf(&str, len); - OBJ_TAINT(str); rb_bool_expected(ex, "exception"); GetOpenFile(io, fptr); @@ -3150,7 +3146,6 @@ io_read(int argc, VALUE *argv, VALUE io) } #endif if (n == 0) return Qnil; - OBJ_TAINT(str); return str; } @@ -5185,7 +5180,6 @@ rb_io_sysread(int argc, VALUE *argv, VALUE io) if (n == 0 && ilen > 0) { rb_eof_error(); } - OBJ_TAINT(str); return str; } @@ -5269,7 +5263,6 @@ rb_io_pread(int argc, VALUE *argv, VALUE io) if (n == 0 && arg.count > 0) { rb_eof_error(); } - OBJ_TAINT(str); return str; } @@ -7088,7 +7081,6 @@ check_pipe_command(VALUE filename_or_command) if (rb_enc_ascget(s, e, &chlen, rb_enc_get(filename_or_command)) == '|') { VALUE cmd = rb_str_new(s+chlen, l-chlen); - OBJ_INFECT(cmd, filename_or_command); return cmd; } return Qnil; diff --git a/lib/cgi/core.rb b/lib/cgi/core.rb index ac75e54139..bec76e0749 100644 --- a/lib/cgi/core.rb +++ b/lib/cgi/core.rb @@ -544,11 +544,11 @@ class CGI /Content-Disposition:.* filename=(?:"(.*?)"|([^;\r\n]*))/i.match(head) filename = $1 || $2 || ''.dup filename = CGI.unescape(filename) if unescape_filename?() - body.instance_variable_set(:@original_filename, filename.taint) + body.instance_variable_set(:@original_filename, filename) ## content type /Content-Type: (.*)/i.match(head) (content_type = $1 || ''.dup).chomp! - body.instance_variable_set(:@content_type, content_type.taint) + body.instance_variable_set(:@content_type, content_type) ## query parameter name /Content-Disposition:.* name=(?:"(.*?)"|([^;\r\n]*))/i.match(head) name = $1 || $2 || '' diff --git a/lib/cgi/session/pstore.rb b/lib/cgi/session/pstore.rb index 5a6e25d137..cc3006400f 100644 --- a/lib/cgi/session/pstore.rb +++ b/lib/cgi/session/pstore.rb @@ -50,7 +50,6 @@ class CGI require 'digest/md5' md5 = Digest::MD5.hexdigest(id)[0,16] path = dir+"/"+prefix+md5 - path.untaint if File::exist?(path) @hash = nil else diff --git a/lib/delegate.rb b/lib/delegate.rb index 7a2ad50ac3..8c176dc82c 100644 --- a/lib/delegate.rb +++ b/lib/delegate.rb @@ -219,36 +219,13 @@ class Delegator < BasicObject end private :initialize_clone, :initialize_dup - ## - # :method: trust - # Trust both the object returned by \_\_getobj\_\_ and self. - # - - ## - # :method: untrust - # Untrust both the object returned by \_\_getobj\_\_ and self. - # - - ## - # :method: taint - # Taint both the object returned by \_\_getobj\_\_ and self. - # - - ## - # :method: untaint - # Untaint both the object returned by \_\_getobj\_\_ and self. - # - ## # :method: freeze # Freeze both the object returned by \_\_getobj\_\_ and self. # - - [:trust, :untrust, :taint, :untaint, :freeze].each do |method| - define_method method do - __getobj__.send(method) - super() - end + def freeze + __getobj__.freeze + super() end @delegator_api = self.public_instance_methods diff --git a/lib/drb/drb.rb b/lib/drb/drb.rb index 0063e20144..5673fa3880 100644 --- a/lib/drb/drb.rb +++ b/lib/drb/drb.rb @@ -233,7 +233,7 @@ require_relative 'eq' # def get_logger(name) # if !@loggers.has_key? name # # make the filename safe, then declare it to be so -# fname = name.gsub(/[.\/\\\:]/, "_").untaint +# fname = name.gsub(/[.\/\\\:]/, "_") # @loggers[name] = Logger.new(name, @basedir + "/" + fname) # end # return @loggers[name] @@ -594,16 +594,9 @@ module DRb raise(DRbConnError, 'premature marshal format(can\'t read)') if str.size < sz DRb.mutex.synchronize do begin - save = Thread.current[:drb_untaint] - Thread.current[:drb_untaint] = [] Marshal::load(str) rescue NameError, ArgumentError DRbUnknown.new($!, str) - ensure - Thread.current[:drb_untaint].each do |x| - x.untaint - end - Thread.current[:drb_untaint] = save end end end @@ -843,8 +836,6 @@ module DRb # URI protocols. def self.open(uri, config) host, port, = parse_uri(uri) - host.untaint - port.untaint soc = TCPSocket.open(host, port) self.new(uri, soc, config) end @@ -1061,9 +1052,6 @@ module DRb if DRb.here?(uri) obj = DRb.to_obj(ref) - if ((! obj.tainted?) && Thread.current[:drb_untaint]) - Thread.current[:drb_untaint].push(obj) - end return obj end diff --git a/lib/drb/ssl.rb b/lib/drb/ssl.rb index 48ba35ace7..3d528c6172 100644 --- a/lib/drb/ssl.rb +++ b/lib/drb/ssl.rb @@ -248,8 +248,6 @@ module DRb # configuration. Either a Hash or DRb::DRbSSLSocket::SSLConfig def self.open(uri, config) host, port, = parse_uri(uri) - host.untaint - port.untaint soc = TCPSocket.open(host, port) ssl_conf = SSLConfig::new(config) ssl_conf.setup_ssl_context diff --git a/lib/drb/unix.rb b/lib/drb/unix.rb index 89957c9e7b..1629ad3bcd 100644 --- a/lib/drb/unix.rb +++ b/lib/drb/unix.rb @@ -27,7 +27,6 @@ module DRb def self.open(uri, config) filename, = parse_uri(uri) - filename.untaint soc = UNIXSocket.open(filename) self.new(uri, soc, config) end diff --git a/lib/find.rb b/lib/find.rb index 458cb84608..3f54cf6b93 100644 --- a/lib/find.rb +++ b/lib/find.rb @@ -46,7 +46,7 @@ module Find ps = [path] while file = ps.shift catch(:prune) do - yield file.dup.taint + yield file.dup begin s = File.lstat(file) rescue Errno::ENOENT, Errno::EACCES, Errno::ENOTDIR, Errno::ELOOP, Errno::ENAMETOOLONG @@ -63,7 +63,7 @@ module Find fs.sort! fs.reverse_each {|f| f = File.join(file, f) - ps.unshift f.untaint + ps.unshift f } end end diff --git a/lib/net/imap.rb b/lib/net/imap.rb index 1c7e89ba14..aa46e47ef1 100644 --- a/lib/net/imap.rb +++ b/lib/net/imap.rb @@ -3238,7 +3238,7 @@ module Net if atom atom else - symbol = flag.capitalize.untaint.intern + symbol = flag.capitalize.intern @flag_symbols[symbol] = true if @flag_symbols.length > IMAP.max_flag_count raise FlagCountError, "number of flag symbols exceeded" diff --git a/lib/pp.rb b/lib/pp.rb index de4b79c4de..2cfc2c4009 100644 --- a/lib/pp.rb +++ b/lib/pp.rb @@ -106,17 +106,17 @@ class PP < PrettyPrint # and preserves the previous set of objects being printed. def guard_inspect_key if Thread.current[:__recursive_key__] == nil - Thread.current[:__recursive_key__] = {}.compare_by_identity.taint + Thread.current[:__recursive_key__] = {}.compare_by_identity end if Thread.current[:__recursive_key__][:inspect] == nil - Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity.taint + Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity end save = Thread.current[:__recursive_key__][:inspect] begin - Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity.taint + Thread.current[:__recursive_key__][:inspect] = {}.compare_by_identity yield ensure Thread.current[:__recursive_key__][:inspect] = save diff --git a/lib/resolv.rb b/lib/resolv.rb index 3d401cc509..e7b45e785a 100644 --- a/lib/resolv.rb +++ b/lib/resolv.rb @@ -194,15 +194,12 @@ class Resolv line.sub!(/#.*/, '') addr, hostname, *aliases = line.split(/\s+/) next unless addr - addr.untaint - hostname.untaint @addr2name[addr] = [] unless @addr2name.include? addr @addr2name[addr] << hostname @addr2name[addr] += aliases @name2addr[hostname] = [] unless @name2addr.include? hostname @name2addr[hostname] << addr aliases.each {|n| - n.untaint @name2addr[n] = [] unless @name2addr.include? n @name2addr[n] << addr } @@ -964,7 +961,6 @@ class Resolv f.each {|line| line.sub!(/[#;].*/, '') keyword, *args = line.split(/\s+/) - args.each(&:untaint) next unless keyword case keyword when 'nameserver' diff --git a/lib/set.rb b/lib/set.rb index a0e945e0a8..5a96c81832 100644 --- a/lib/set.rb +++ b/lib/set.rb @@ -147,16 +147,6 @@ class Set super end - def taint # :nodoc: - @hash.taint - super - end - - def untaint # :nodoc: - @hash.untaint - super - end - # Returns the number of elements. def size @hash.size diff --git a/lib/singleton.rb b/lib/singleton.rb index d457fa0b0f..8e8a779a2e 100644 --- a/lib/singleton.rb +++ b/lib/singleton.rb @@ -58,10 +58,9 @@ # == Singleton and Marshal # # By default Singleton's #_dump(depth) returns the empty string. Marshalling by -# default will strip state information, e.g. instance variables and taint -# state, from the instance. Classes using Singleton can provide custom -# _load(str) and _dump(depth) methods to retain some of the previous state of -# the instance. +# default will strip state information, e.g. instance variables from the instance. +# Classes using Singleton can provide custom _load(str) and _dump(depth) methods +# to retain some of the previous state of the instance. # # require 'singleton' # @@ -82,7 +81,6 @@ # a = Example.instance # a.keep = "keep this" # a.strip = "get rid of this" -# a.taint # # stored_state = Marshal.dump(a) # diff --git a/marshal.c b/marshal.c index 71480bf5b8..df8da10b27 100644 --- a/marshal.c +++ b/marshal.c @@ -150,16 +150,12 @@ rb_marshal_define_compat(VALUE newclass, VALUE oldclass, VALUE (*dumper)(VALUE), st_insert(compat_allocator_table(), (st_data_t)allocator, (st_data_t)compat); } -#define MARSHAL_INFECTION FL_TAINT -STATIC_ASSERT(marshal_infection_is_int, MARSHAL_INFECTION == (int)MARSHAL_INFECTION); - struct dump_arg { VALUE str, dest; st_table *symbols; st_table *data; st_table *compat_tbl; st_table *encodings; - int infection; }; struct dump_call_arg { @@ -268,7 +264,6 @@ w_nbyte(const char *s, long n, struct dump_arg *arg) { VALUE buf = arg->str; rb_str_buf_cat(buf, s, n); - RBASIC(buf)->flags |= arg->infection; if (arg->dest && RSTRING_LEN(buf) >= BUFSIZ) { rb_io_write(arg->dest, buf); rb_str_resize(buf, 0); @@ -770,8 +765,6 @@ w_object(VALUE obj, struct dump_arg *arg, int limit) rb_builtin_type_name(BUILTIN_TYPE(obj))); } - arg->infection |= (int)FL_TEST(obj, MARSHAL_INFECTION); - if (rb_obj_respond_to(obj, s_mdump, TRUE)) { st_add_direct(arg->data, obj, arg->data->num_entries); @@ -1077,7 +1070,6 @@ rb_marshal_dump_limited(VALUE obj, VALUE port, int limit) arg->dest = 0; arg->symbols = st_init_numtable(); arg->data = rb_init_identtable(); - arg->infection = 0; arg->compat_tbl = 0; arg->encodings = 0; arg->str = rb_str_buf_new(0); @@ -1116,7 +1108,6 @@ struct load_arg { st_table *data; VALUE proc; st_table *compat_tbl; - int infection; }; static VALUE @@ -1195,7 +1186,6 @@ r_byte1_buffered(struct load_arg *arg) str = load_funcall(arg, arg->src, s_read, 1, &n); if (NIL_P(str)) too_short(); StringValue(str); - arg->infection |= (int)FL_TEST(str, MARSHAL_INFECTION); memcpy(arg->buf, RSTRING_PTR(str), RSTRING_LEN(str)); arg->offset = 0; arg->buflen = RSTRING_LEN(str); @@ -1294,7 +1284,6 @@ r_bytes1(long len, struct load_arg *arg) if (NIL_P(str)) too_short(); StringValue(str); if (RSTRING_LEN(str) != len) too_short(); - arg->infection |= (int)FL_TEST(str, MARSHAL_INFECTION); return str; } @@ -1325,7 +1314,6 @@ r_bytes1_buffered(long len, struct load_arg *arg) tmp_len = RSTRING_LEN(tmp); if (tmp_len < need_len) too_short(); - arg->infection |= (int)FL_TEST(tmp, MARSHAL_INFECTION); str = rb_str_new(arg->buf+arg->offset, buflen); rb_str_cat(str, RSTRING_PTR(tmp), need_len); @@ -1472,12 +1460,6 @@ r_entry0(VALUE v, st_index_t num, struct load_arg *arg) else { st_insert(arg->data, num, (st_data_t)v); } - if (arg->infection && - !RB_TYPE_P(v, T_CLASS) && !RB_TYPE_P(v, T_MODULE)) { - OBJ_TAINT(v); - if ((VALUE)real_obj != Qundef) - OBJ_TAINT((VALUE)real_obj); - } return v; } @@ -2117,25 +2099,22 @@ marshal_load(int argc, VALUE *argv, VALUE _) VALUE rb_marshal_load_with_proc(VALUE port, VALUE proc) { - int major, minor, infection = 0; + int major, minor; VALUE v; VALUE wrapper; /* used to avoid memory leak in case of exception */ struct load_arg *arg; v = rb_check_string_type(port); if (!NIL_P(v)) { - infection = (int)FL_TEST(port, MARSHAL_INFECTION); /* original taintedness */ port = v; } else if (rb_respond_to(port, s_getbyte) && rb_respond_to(port, s_read)) { rb_check_funcall(port, s_binmode, 0, 0); - infection = (int)FL_TAINT; } else { io_needed(); } wrapper = TypedData_Make_Struct(0, struct load_arg, &load_arg_data, arg); - arg->infection = infection; arg->src = port; arg->offset = 0; arg->symbols = st_init_numtable(); diff --git a/node.h b/node.h index 84f7464e6e..217b344550 100644 --- a/node.h +++ b/node.h @@ -175,7 +175,7 @@ typedef struct RNode { #define RNODE(obj) (R_CAST(RNode)(obj)) -/* FL : 0..4: T_TYPES, 5: KEEP_WB, 6: PROMOTED, 7: FINALIZE, 8: TAINT, 9: UNTRUSTED, 10: EXIVAR, 11: FREEZE */ +/* FL : 0..4: T_TYPES, 5: KEEP_WB, 6: PROMOTED, 7: FINALIZE, 8: UNUSED, 9: UNUSED, 10: EXIVAR, 11: FREEZE */ /* NODE_FL: 0..4: T_TYPES, 5: KEEP_WB, 6: PROMOTED, 7: NODE_FL_NEWLINE, * 8..14: nd_type, * 15..: nd_line diff --git a/object.c b/object.c index 65294c3645..4d2d006c79 100644 --- a/object.c +++ b/object.c @@ -346,7 +346,7 @@ init_copy(VALUE dest, VALUE obj) rb_raise(rb_eTypeError, "[bug] frozen object (%s) allocated", rb_obj_classname(dest)); } RBASIC(dest)->flags &= ~(T_MASK|FL_EXIVAR); - RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR|FL_TAINT); + RBASIC(dest)->flags |= RBASIC(obj)->flags & (T_MASK|FL_EXIVAR); rb_copy_wb_protected_attribute(dest, obj); rb_copy_generic_ivar(dest, obj); rb_gc_copy_finalizer(dest, obj); @@ -383,7 +383,7 @@ special_object_p(VALUE obj) * Produces a shallow copy of obj---the instance variables of * obj are copied, but not the objects they reference. * #clone copies the frozen (unless +:freeze+ keyword argument is - * given with a false value) and tainted state of obj. See + * given with a false value) state of obj. See * also the discussion under Object#dup. * * class Klass @@ -491,7 +491,6 @@ rb_obj_clone(VALUE obj) * * Produces a shallow copy of obj---the instance variables of * obj are copied, but not the objects they reference. - * #dup copies the tainted state of obj. * * This method may have class-specific behavior. If so, that * behavior will be documented under the #+initialize_copy+ method of @@ -616,7 +615,6 @@ rb_obj_init_copy(VALUE obj, VALUE orig) { if (obj == orig) return obj; rb_check_frozen(obj); - rb_check_trusted(obj); if (TYPE(obj) != TYPE(orig) || rb_obj_class(obj) != rb_obj_class(orig)) { rb_raise(rb_eTypeError, "initialize_copy should take same class object"); } @@ -659,7 +657,6 @@ rb_any_to_s(VALUE obj) VALUE cname = rb_class_name(CLASS_OF(obj)); str = rb_sprintf("#<%"PRIsVALUE":%p>", cname, (void*)obj); - OBJ_INFECT(str, obj); return str; } @@ -728,7 +725,6 @@ inspect_obj(VALUE obj, VALUE str, int recur) } rb_str_cat2(str, ">"); RSTRING_PTR(str)[0] = '#'; - OBJ_INFECT(str, obj); return str; } @@ -1164,26 +1160,15 @@ rb_obj_dummy1(VALUE _x, VALUE _y) /** * call-seq: - * obj.tainted? -> true or false + * obj.tainted? -> false * - * Returns true if the object is tainted. - * - * See #taint for more information. - *-- - * Determines if \a obj is tainted. Equivalent to \c Object\#tainted? in Ruby. - * \param[in] obj the object to be determined - * \retval Qtrue if the object is tainted - * \retval Qfalse if the object is not tainted - * \sa rb_obj_taint - * \sa rb_obj_untaint - *++ + * Returns false. This method is deprecated and will be removed in Ruby 3.2. */ VALUE rb_obj_tainted(VALUE obj) { - if (OBJ_TAINTED(obj)) - return Qtrue; + rb_warning("Object#tainted? is deprecated and will be removed in Ruby 3.2."); return Qfalse; } @@ -1191,33 +1176,13 @@ rb_obj_tainted(VALUE obj) * call-seq: * obj.taint -> obj * - * Mark the object as tainted. - * - * Objects that are marked as tainted will be restricted from various built-in - * methods. This is to prevent insecure data, such as command-line arguments - * or strings read from Kernel#gets, from inadvertently compromising the user's - * system. - * - * To check whether an object is tainted, use #tainted?. - * - * You should only untaint a tainted object if your code has inspected it and - * determined that it is safe. To do so use #untaint. - *-- - * Marks the object as tainted. Equivalent to \c Object\#taint in Ruby - * \param[in] obj the object to be tainted - * \return the object itself - * \sa rb_obj_untaint - * \sa rb_obj_tainted - *++ + * Returns object. This method is deprecated and will be removed in Ruby 3.2. */ VALUE rb_obj_taint(VALUE obj) { - if (!OBJ_TAINTED(obj) && OBJ_TAINTABLE(obj)) { - rb_check_frozen(obj); - OBJ_TAINT(obj); - } + rb_warning("Object#taint is deprecated and will be removed in Ruby 3.2."); return obj; } @@ -1226,74 +1191,42 @@ rb_obj_taint(VALUE obj) * call-seq: * obj.untaint -> obj * - * Removes the tainted mark from the object. - * - * See #taint for more information. - *-- - * Removes the tainted mark from the object. - * Equivalent to \c Object\#untaint in Ruby. - * - * \param[in] obj the object to be tainted - * \return the object itself - * \sa rb_obj_taint - * \sa rb_obj_tainted - *++ + * Returns object. This method is deprecated and will be removed in Ruby 3.2. */ VALUE rb_obj_untaint(VALUE obj) { - if (OBJ_TAINTED(obj)) { - rb_check_frozen(obj); - FL_UNSET(obj, FL_TAINT); - } + rb_warning("Object#untaint is deprecated and will be removed in Ruby 3.2."); return obj; } /** * call-seq: - * obj.untrusted? -> true or false + * obj.untrusted? -> false * - * Deprecated method that is equivalent to #tainted?. - *-- - * \deprecated Use rb_obj_tainted. - * - * Trustiness used to have independent semantics from taintedness. - * But now trustiness of objects is obsolete and this function behaves - * the same as rb_obj_tainted. - * - * \sa rb_obj_tainted - *++ + * Returns false. This method is deprecated and will be removed in Ruby 3.2. */ VALUE rb_obj_untrusted(VALUE obj) { - rb_warning("untrusted? is deprecated and its behavior is same as tainted?"); - return rb_obj_tainted(obj); + rb_warning("Object#untrusted? is deprecated and will be removed in Ruby 3.2."); + return Qfalse; } /** * call-seq: * obj.untrust -> obj * - * Deprecated method that is equivalent to #taint. - *-- - * \deprecated Use rb_obj_taint(obj) - * - * Trustiness used to have independent semantics from taintedness. - * But now trustiness of objects is obsolete and this function behaves - * the same as rb_obj_taint. - * - * \sa rb_obj_taint - *++ + * Returns object. This method is deprecated and will be removed in Ruby 3.2. */ VALUE rb_obj_untrust(VALUE obj) { - rb_warning("untrust is deprecated and its behavior is same as taint"); - return rb_obj_taint(obj); + rb_warning("Object#untrust is deprecated and will be removed in Ruby 3.2."); + return obj; } @@ -1301,37 +1234,24 @@ rb_obj_untrust(VALUE obj) * call-seq: * obj.trust -> obj * - * Deprecated method that is equivalent to #untaint. - *-- - * \deprecated Use rb_obj_untaint(obj) - * - * Trustiness used to have independent semantics from taintedness. - * But now trustiness of objects is obsolete and this function behaves - * the same as rb_obj_untaint. - * - * \sa rb_obj_untaint - *++ + * Returns object. This method is deprecated and will be removed in Ruby 3.2. */ VALUE rb_obj_trust(VALUE obj) { - rb_warning("trust is deprecated and its behavior is same as untaint"); - return rb_obj_untaint(obj); + rb_warning("Object#trust is deprecated and will be removed in Ruby 3.2."); + return obj; } /** - * Convenient function to infect \a victim with the taintedness of \a carrier. - * - * It just keeps the taintedness of \a victim if \a carrier is not tainted. - * \param[in,out] victim the object being infected with the taintness of \a carrier - * \param[in] carrier a possibly tainted object + * Does nothing. This method is deprecated and will be removed in Ruby 3.2. */ void rb_obj_infect(VALUE victim, VALUE carrier) { - OBJ_INFECT(victim, carrier); + rb_warning("rb_obj_infect is deprecated and will be removed in Ruby 3.2."); } /** diff --git a/pack.c b/pack.c index c91531f58d..ae5a9a18e2 100644 --- a/pack.c +++ b/pack.c @@ -296,7 +296,6 @@ pack_pack(rb_execution_context_t *ec, VALUE ary, VALUE fmt, VALUE buffer) StringValue(from); ptr = RSTRING_PTR(from); plen = RSTRING_LEN(from); - OBJ_INFECT(res, from); } if (p[-1] == '*') @@ -657,7 +656,6 @@ pack_pack(rb_execution_context_t *ec, VALUE ary, VALUE fmt, VALUE buffer) StringValue(from); ptr = RSTRING_PTR(from); plen = RSTRING_LEN(from); - OBJ_INFECT(res, from); if (len == 0 && type == 'm') { encodes(res, ptr, plen, type, 0); @@ -685,7 +683,6 @@ pack_pack(rb_execution_context_t *ec, VALUE ary, VALUE fmt, VALUE buffer) case 'M': /* quoted-printable encoded string */ from = rb_obj_as_string(NEXTFROM); - OBJ_INFECT(res, from); if (len <= 1) len = 72; qpencode(res, from, len); @@ -711,8 +708,6 @@ pack_pack(rb_execution_context_t *ec, VALUE ary, VALUE fmt, VALUE buffer) } else { t = StringValuePtr(from); - OBJ_INFECT(res, from); - rb_obj_taint(from); } if (!associates) { associates = rb_ary_new(); @@ -764,7 +759,6 @@ pack_pack(rb_execution_context_t *ec, VALUE ary, VALUE fmt, VALUE buffer) if (associates) { str_associate(res, associates); } - OBJ_INFECT(res, fmt); switch (enc_info) { case 1: ENCODING_CODERANGE_SET(res, rb_usascii_encindex(), ENC_CODERANGE_7BIT); @@ -923,15 +917,6 @@ hex2num(char c) # define AVOID_CC_BUG #endif -static VALUE -infected_str_new(const char *ptr, long len, VALUE str) -{ - VALUE s = rb_str_new(ptr, len); - - OBJ_INFECT(s, str); - return s; -} - /* unpack mode */ #define UNPACK_ARRAY 0 #define UNPACK_BLOCK 1 @@ -1052,7 +1037,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) if (*t != ' ' && *t != '\0') break; t--; len--; } - UNPACK_PUSH(infected_str_new(s, len, str)); + UNPACK_PUSH(rb_str_new(s, len)); s += end; } break; @@ -1063,7 +1048,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) if (len > send-s) len = send-s; while (t < s+len && *t) t++; - UNPACK_PUSH(infected_str_new(s, t-s, str)); + UNPACK_PUSH(rb_str_new(s, t-s)); if (t < send) t++; s = star ? t : s+len; } @@ -1071,7 +1056,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) case 'a': if (len > send - s) len = send - s; - UNPACK_PUSH(infected_str_new(s, len, str)); + UNPACK_PUSH(rb_str_new(s, len)); s += len; break; @@ -1086,7 +1071,6 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); - OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i>= 1; @@ -1108,7 +1092,6 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode) len = (send - s) * 8; bits = 0; bitstr = rb_usascii_str_new(0, len); - OBJ_INFECT(bitstr, str); t = RSTRING_PTR(bitstr); for (i=0; i"); - OBJ_INFECT_RAW(str, self); return str; } @@ -1490,8 +1489,6 @@ mnew_missing(VALUE klass, VALUE obj, ID id, VALUE mclass) RB_OBJ_WRITE(method, &data->me, me); - OBJ_INFECT(method, klass); - return method; } @@ -1548,7 +1545,6 @@ mnew_internal(const rb_method_entry_t *me, VALUE klass, VALUE iclass, RB_OBJ_WRITE(method, &data->iclass, iclass); RB_OBJ_WRITE(method, &data->me, me); - OBJ_INFECT(method, klass); return method; } @@ -1691,7 +1687,6 @@ method_unbind(VALUE obj) RB_OBJ_WRITE(method, &data->recv, Qundef); RB_OBJ_WRITE(method, &data->klass, orig->klass); RB_OBJ_WRITE(method, &data->me, rb_method_entry_clone(orig->me)); - OBJ_INFECT(method, obj); return method; } @@ -2775,7 +2770,6 @@ method_inspect(VALUE method) TypedData_Get_Struct(method, struct METHOD, &method_data_type, data); str = rb_sprintf("#<% "PRIsVALUE": ", rb_obj_class(method)); - OBJ_INFECT_RAW(str, method); mklass = data->klass; diff --git a/range.c b/range.c index cbbff5347a..07a0b40430 100644 --- a/range.c +++ b/range.c @@ -1325,7 +1325,6 @@ range_to_s(VALUE range) str = rb_str_dup(str); rb_str_cat(str, "...", EXCL(range) ? 3 : 2); rb_str_append(str, str2); - OBJ_INFECT(str, range); return str; } @@ -1349,7 +1348,6 @@ inspect_range(VALUE range, VALUE dummy, int recur) str2 = rb_inspect(RANGE_END(range)); } if (str2 != Qundef) rb_str_append(str, str2); - OBJ_INFECT(str, range); return str; } diff --git a/rational.c b/rational.c index bd71c215ee..c606f3c625 100644 --- a/rational.c +++ b/rational.c @@ -1853,7 +1853,6 @@ nurat_marshal_load(VALUE self, VALUE a) VALUE num, den; rb_check_frozen(self); - rb_check_trusted(self); Check_Type(a, T_ARRAY); if (RARRAY_LEN(a) != 2) diff --git a/re.c b/re.c index 4b9d662525..11f4679721 100644 --- a/re.c +++ b/re.c @@ -462,7 +462,6 @@ rb_reg_desc(const char *s, long len, VALUE re) if (RBASIC(re)->flags & REG_ENCODING_NONE) rb_str_buf_cat2(str, "n"); } - OBJ_INFECT(str, re); return str; } @@ -488,7 +487,6 @@ rb_reg_source(VALUE re) rb_reg_check(re); str = rb_str_dup(RREGEXP_SRC(re)); - if (OBJ_TAINTED(re)) OBJ_TAINT(str); return str; } @@ -647,7 +645,6 @@ rb_reg_str_with_term(VALUE re, int term) } rb_enc_copy(str, re); - OBJ_INFECT(str, re); return str; } @@ -1337,7 +1334,6 @@ match_set_string(VALUE m, VALUE string, long pos, long len) if (err) rb_memerror(); rmatch->regs.beg[0] = pos; rmatch->regs.end[0] = pos + len; - OBJ_INFECT(match, string); } void @@ -1601,20 +1597,14 @@ rb_reg_search0(VALUE re, VALUE str, long pos, int reverse, int set_backref_str) onig_region_free(regs, 0); if (err) rb_memerror(); } - else { - FL_UNSET(match, FL_TAINT); - } if (set_backref_str) { RMATCH(match)->str = rb_str_new4(str); - OBJ_INFECT(match, str); } RMATCH(match)->regexp = re; rb_backref_set(match); - OBJ_INFECT(match, re); - return result; } @@ -1685,18 +1675,12 @@ rb_reg_start_with_p(VALUE re, VALUE str) onig_region_free(regs, 0); if (err) rb_memerror(); } - else { - FL_UNSET(match, FL_TAINT); - } RMATCH(match)->str = rb_str_new4(str); - OBJ_INFECT(match, str); RMATCH(match)->regexp = re; rb_backref_set(match); - OBJ_INFECT(match, re); - return true; } @@ -1740,7 +1724,6 @@ rb_reg_nth_match(int nth, VALUE match) end = END(nth); len = end - start; str = rb_str_subseq(RMATCH(match)->str, start, len); - OBJ_INFECT(str, match); return str; } @@ -1773,7 +1756,6 @@ rb_reg_match_pre(VALUE match) regs = RMATCH_REGS(match); if (BEG(0) == -1) return Qnil; str = rb_str_subseq(RMATCH(match)->str, 0, BEG(0)); - if (OBJ_TAINTED(match)) OBJ_TAINT(str); return str; } @@ -1803,7 +1785,6 @@ rb_reg_match_post(VALUE match) str = RMATCH(match)->str; pos = END(0); str = rb_str_subseq(str, pos, RSTRING_LEN(str) - pos); - if (OBJ_TAINTED(match)) OBJ_TAINT(str); return str; } @@ -1855,7 +1836,6 @@ match_array(VALUE match, int start) VALUE ary; VALUE target; int i; - int taint = OBJ_TAINTED(match); match_check(match); regs = RMATCH_REGS(match); @@ -1868,7 +1848,6 @@ match_array(VALUE match, int start) } else { VALUE str = rb_str_subseq(target, regs->beg[i], regs->end[i]-regs->beg[i]); - if (taint) OBJ_TAINT(str); rb_ary_push(ary, str); } } @@ -2129,8 +2108,6 @@ match_to_s(VALUE match) match_check(match); if (NIL_P(str)) str = rb_str_new(0,0); - if (OBJ_TAINTED(match)) OBJ_TAINT(str); - if (OBJ_TAINTED(RMATCH(match)->str)) OBJ_TAINT(str); return str; } @@ -2891,7 +2868,6 @@ rb_reg_initialize_str(VALUE obj, VALUE str, int options, onig_errmsg_buffer err, } ret = rb_reg_initialize(obj, RSTRING_PTR(str), RSTRING_LEN(str), enc, options, err, sourcefile, sourceline); - OBJ_INFECT(obj, str); if (ret == 0) reg_set_source(obj, str, str_enc); return ret; } @@ -3580,7 +3556,6 @@ rb_reg_quote(VALUE str) t += rb_enc_mbcput(c, t, enc); } rb_str_resize(tmp, t - RSTRING_PTR(tmp)); - OBJ_INFECT(tmp, str); return tmp; } diff --git a/ruby.c b/ruby.c index 8df0fcfec3..1f0bf8811b 100644 --- a/ruby.c +++ b/ruby.c @@ -2227,7 +2227,6 @@ external_str_new_cstr(const char *p) #if UTF8_PATH VALUE str = rb_utf8_str_new_cstr(p); str = str_conv_enc(str, NULL, rb_default_external_encoding()); - OBJ_TAINT_RAW(str); return str; #else return rb_external_str_new_cstr(p); diff --git a/safe.c b/safe.c index 7f340ffae2..a6b4905337 100644 --- a/safe.c +++ b/safe.c @@ -9,11 +9,6 @@ **********************************************************************/ -/* safe-level: - 0 - strings from streams/environment/ARGV are tainted (default) - 1 - no dangerous operation by tainted value -*/ - #define SAFE_LEVEL_MAX RUBY_SAFE_LEVEL_MAX #include "ruby/ruby.h" @@ -141,9 +136,6 @@ void rb_check_safe_obj(VALUE x) { rb_warn("rb_check_safe_obj will be removed in Ruby 3.0"); - if (rb_safe_level() > 0 && OBJ_TAINTED(x)) { - rb_insecure_operation(); - } } void diff --git a/signal.c b/signal.c index 82aeb81718..17aca47692 100644 --- a/signal.c +++ b/signal.c @@ -1195,7 +1195,7 @@ trap_handler(VALUE *cmd, int sig) if (!NIL_P(command)) { const char *cptr; long len; - SafeStringValue(command); /* taint check */ + StringValue(command); *cmd = command; RSTRING_GETMEM(command, cptr, len); switch (len) { @@ -1393,10 +1393,6 @@ sig_trap(int argc, VALUE *argv, VALUE _) func = trap_handler(&cmd, sig); } - if (OBJ_TAINTED(cmd)) { - rb_raise(rb_eSecurityError, "Insecure: tainted signal trap"); - } - return trap(sig, func, cmd); } diff --git a/spec/ruby/core/array/clear_spec.rb b/spec/ruby/core/array/clear_spec.rb index 8f83a012b7..d399d5a373 100644 --- a/spec/ruby/core/array/clear_spec.rb +++ b/spec/ruby/core/array/clear_spec.rb @@ -20,24 +20,28 @@ describe "Array#clear" do a.size.should == 0 end - it "keeps tainted status" do - a = [1] - a.taint - a.tainted?.should be_true - a.clear - a.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "keeps tainted status" do + a = [1] + a.taint + a.tainted?.should be_true + a.clear + a.tainted?.should be_true + end end it "does not accept any arguments" do -> { [1].clear(true) }.should raise_error(ArgumentError) end - it "keeps untrusted status" do - a = [1] - a.untrust - a.untrusted?.should be_true - a.clear - a.untrusted?.should be_true + ruby_version_is ''...'2.7' do + it "keeps untrusted status" do + a = [1] + a.untrust + a.untrusted?.should be_true + a.clear + a.untrusted?.should be_true + end end it "raises a #{frozen_error_class} on a frozen array" do diff --git a/spec/ruby/core/array/compact_spec.rb b/spec/ruby/core/array/compact_spec.rb index ecccddeb9f..ee3dfc0ca2 100644 --- a/spec/ruby/core/array/compact_spec.rb +++ b/spec/ruby/core/array/compact_spec.rb @@ -22,16 +22,18 @@ describe "Array#compact" do ArraySpecs::MyArray[1, 2, 3, nil].compact.should be_an_instance_of(Array) end - it "does not keep tainted status even if all elements are removed" do - a = [nil, nil] - a.taint - a.compact.tainted?.should be_false - end + ruby_version_is ''...'2.7' do + it "does not keep tainted status even if all elements are removed" do + a = [nil, nil] + a.taint + a.compact.tainted?.should be_false + end - it "does not keep untrusted status even if all elements are removed" do - a = [nil, nil] - a.untrust - a.compact.untrusted?.should be_false + it "does not keep untrusted status even if all elements are removed" do + a = [nil, nil] + a.untrust + a.compact.untrusted?.should be_false + end end end @@ -57,18 +59,20 @@ describe "Array#compact!" do [1, 2, false, 3].compact!.should == nil end - it "keeps tainted status even if all elements are removed" do - a = [nil, nil] - a.taint - a.compact! - a.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps tainted status even if all elements are removed" do + a = [nil, nil] + a.taint + a.compact! + a.tainted?.should be_true + end - it "keeps untrusted status even if all elements are removed" do - a = [nil, nil] - a.untrust - a.compact! - a.untrusted?.should be_true + it "keeps untrusted status even if all elements are removed" do + a = [nil, nil] + a.untrust + a.compact! + a.untrusted?.should be_true + end end it "raises a #{frozen_error_class} on a frozen array" do diff --git a/spec/ruby/core/array/concat_spec.rb b/spec/ruby/core/array/concat_spec.rb index cc707d9948..b297c091a3 100644 --- a/spec/ruby/core/array/concat_spec.rb +++ b/spec/ruby/core/array/concat_spec.rb @@ -41,60 +41,62 @@ describe "Array#concat" do -> { ArraySpecs.frozen_array.concat([]) }.should raise_error(frozen_error_class) end - it "keeps tainted status" do - ary = [1, 2] - ary.taint - ary.concat([3]) - ary.tainted?.should be_true - ary.concat([]) - ary.tainted?.should be_true - end - - it "is not infected by the other" do - ary = [1,2] - other = [3]; other.taint - ary.tainted?.should be_false - ary.concat(other) - ary.tainted?.should be_false - end - - it "keeps the tainted status of elements" do - ary = [ Object.new, Object.new, Object.new ] - ary.each {|x| x.taint } - - ary.concat([ Object.new ]) - ary[0].tainted?.should be_true - ary[1].tainted?.should be_true - ary[2].tainted?.should be_true - ary[3].tainted?.should be_false - end - - it "keeps untrusted status" do - ary = [1, 2] - ary.untrust - ary.concat([3]) - ary.untrusted?.should be_true - ary.concat([]) - ary.untrusted?.should be_true - end - - it "is not infected untrustedness by the other" do - ary = [1,2] - other = [3]; other.untrust - ary.untrusted?.should be_false - ary.concat(other) - ary.untrusted?.should be_false - end - - it "keeps the untrusted status of elements" do - ary = [ Object.new, Object.new, Object.new ] - ary.each {|x| x.untrust } - - ary.concat([ Object.new ]) - ary[0].untrusted?.should be_true - ary[1].untrusted?.should be_true - ary[2].untrusted?.should be_true - ary[3].untrusted?.should be_false + ruby_version_is ''...'2.7' do + it "keeps tainted status" do + ary = [1, 2] + ary.taint + ary.concat([3]) + ary.tainted?.should be_true + ary.concat([]) + ary.tainted?.should be_true + end + + it "is not infected by the other" do + ary = [1,2] + other = [3]; other.taint + ary.tainted?.should be_false + ary.concat(other) + ary.tainted?.should be_false + end + + it "keeps the tainted status of elements" do + ary = [ Object.new, Object.new, Object.new ] + ary.each {|x| x.taint } + + ary.concat([ Object.new ]) + ary[0].tainted?.should be_true + ary[1].tainted?.should be_true + ary[2].tainted?.should be_true + ary[3].tainted?.should be_false + end + + it "keeps untrusted status" do + ary = [1, 2] + ary.untrust + ary.concat([3]) + ary.untrusted?.should be_true + ary.concat([]) + ary.untrusted?.should be_true + end + + it "is not infected untrustedness by the other" do + ary = [1,2] + other = [3]; other.untrust + ary.untrusted?.should be_false + ary.concat(other) + ary.untrusted?.should be_false + end + + it "keeps the untrusted status of elements" do + ary = [ Object.new, Object.new, Object.new ] + ary.each {|x| x.untrust } + + ary.concat([ Object.new ]) + ary[0].untrusted?.should be_true + ary[1].untrusted?.should be_true + ary[2].untrusted?.should be_true + ary[3].untrusted?.should be_false + end end it "appends elements to an Array with enough capacity that has been shifted" do diff --git a/spec/ruby/core/array/delete_at_spec.rb b/spec/ruby/core/array/delete_at_spec.rb index c3111fe3d8..0ed56c18bb 100644 --- a/spec/ruby/core/array/delete_at_spec.rb +++ b/spec/ruby/core/array/delete_at_spec.rb @@ -39,23 +39,25 @@ describe "Array#delete_at" do -> { [1,2,3].freeze.delete_at(0) }.should raise_error(frozen_error_class) end - it "keeps tainted status" do - ary = [1, 2] - ary.taint - ary.tainted?.should be_true - ary.delete_at(0) - ary.tainted?.should be_true - ary.delete_at(0) # now empty - ary.tainted?.should be_true - end - - it "keeps untrusted status" do - ary = [1, 2] - ary.untrust - ary.untrusted?.should be_true - ary.delete_at(0) - ary.untrusted?.should be_true - ary.delete_at(0) # now empty - ary.untrusted?.should be_true + ruby_version_is ''...'2.7' do + it "keeps tainted status" do + ary = [1, 2] + ary.taint + ary.tainted?.should be_true + ary.delete_at(0) + ary.tainted?.should be_true + ary.delete_at(0) # now empty + ary.tainted?.should be_true + end + + it "keeps untrusted status" do + ary = [1, 2] + ary.untrust + ary.untrusted?.should be_true + ary.delete_at(0) + ary.untrusted?.should be_true + ary.delete_at(0) # now empty + ary.untrusted?.should be_true + end end end diff --git a/spec/ruby/core/array/delete_if_spec.rb b/spec/ruby/core/array/delete_if_spec.rb index 9f22f7e086..2312917c41 100644 --- a/spec/ruby/core/array/delete_if_spec.rb +++ b/spec/ruby/core/array/delete_if_spec.rb @@ -47,18 +47,20 @@ describe "Array#delete_if" do -> { ArraySpecs.empty_frozen_array.delete_if {} }.should raise_error(frozen_error_class) end - it "keeps tainted status" do - @a.taint - @a.tainted?.should be_true - @a.delete_if{ true } - @a.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps tainted status" do + @a.taint + @a.tainted?.should be_true + @a.delete_if{ true } + @a.tainted?.should be_true + end - it "keeps untrusted status" do - @a.untrust - @a.untrusted?.should be_true - @a.delete_if{ true } - @a.untrusted?.should be_true + it "keeps untrusted status" do + @a.untrust + @a.untrusted?.should be_true + @a.delete_if{ true } + @a.untrusted?.should be_true + end end it_behaves_like :enumeratorized_with_origin_size, :delete_if, [1,2,3] diff --git a/spec/ruby/core/array/delete_spec.rb b/spec/ruby/core/array/delete_spec.rb index c55f4ad672..41e211e660 100644 --- a/spec/ruby/core/array/delete_spec.rb +++ b/spec/ruby/core/array/delete_spec.rb @@ -44,23 +44,25 @@ describe "Array#delete" do -> { [1, 2, 3].freeze.delete(1) }.should raise_error(frozen_error_class) end - it "keeps tainted status" do - a = [1, 2] - a.taint - a.tainted?.should be_true - a.delete(2) - a.tainted?.should be_true - a.delete(1) # now empty - a.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps tainted status" do + a = [1, 2] + a.taint + a.tainted?.should be_true + a.delete(2) + a.tainted?.should be_true + a.delete(1) # now empty + a.tainted?.should be_true + end - it "keeps untrusted status" do - a = [1, 2] - a.untrust - a.untrusted?.should be_true - a.delete(2) - a.untrusted?.should be_true - a.delete(1) # now empty - a.untrusted?.should be_true + it "keeps untrusted status" do + a = [1, 2] + a.untrust + a.untrusted?.should be_true + a.delete(2) + a.untrusted?.should be_true + a.delete(1) # now empty + a.untrusted?.should be_true + end end end diff --git a/spec/ruby/core/array/flatten_spec.rb b/spec/ruby/core/array/flatten_spec.rb index b506f899b4..66af20ad70 100644 --- a/spec/ruby/core/array/flatten_spec.rb +++ b/spec/ruby/core/array/flatten_spec.rb @@ -145,12 +145,14 @@ describe "Array#flatten" do end end - it "returns a tainted array if self is tainted" do - [].taint.flatten.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted array if self is tainted" do + [].taint.flatten.tainted?.should be_true + end - it "returns an untrusted array if self is untrusted" do - [].untrust.flatten.untrusted?.should be_true + it "returns an untrusted array if self is untrusted" do + [].untrust.flatten.untrusted?.should be_true + end end it "performs respond_to? and method_missing-aware checks when coercing elements to array" do diff --git a/spec/ruby/core/array/multiply_spec.rb b/spec/ruby/core/array/multiply_spec.rb index ab654ce489..4060666d4b 100644 --- a/spec/ruby/core/array/multiply_spec.rb +++ b/spec/ruby/core/array/multiply_spec.rb @@ -88,42 +88,44 @@ describe "Array#* with an integer" do end end - it "copies the taint status of the original array even if the passed count is 0" do - ary = [1, 2, 3] - ary.taint - (ary * 0).tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "copies the taint status of the original array even if the passed count is 0" do + ary = [1, 2, 3] + ary.taint + (ary * 0).tainted?.should == true + end - it "copies the taint status of the original array even if the array is empty" do - ary = [] - ary.taint - (ary * 3).tainted?.should == true - end + it "copies the taint status of the original array even if the array is empty" do + ary = [] + ary.taint + (ary * 3).tainted?.should == true + end - it "copies the taint status of the original array if the passed count is not 0" do - ary = [1, 2, 3] - ary.taint - (ary * 1).tainted?.should == true - (ary * 2).tainted?.should == true - end + it "copies the taint status of the original array if the passed count is not 0" do + ary = [1, 2, 3] + ary.taint + (ary * 1).tainted?.should == true + (ary * 2).tainted?.should == true + end - it "copies the untrusted status of the original array even if the passed count is 0" do - ary = [1, 2, 3] - ary.untrust - (ary * 0).untrusted?.should == true - end + it "copies the untrusted status of the original array even if the passed count is 0" do + ary = [1, 2, 3] + ary.untrust + (ary * 0).untrusted?.should == true + end - it "copies the untrusted status of the original array even if the array is empty" do - ary = [] - ary.untrust - (ary * 3).untrusted?.should == true - end + it "copies the untrusted status of the original array even if the array is empty" do + ary = [] + ary.untrust + (ary * 3).untrusted?.should == true + end - it "copies the untrusted status of the original array if the passed count is not 0" do - ary = [1, 2, 3] - ary.untrust - (ary * 1).untrusted?.should == true - (ary * 2).untrusted?.should == true + it "copies the untrusted status of the original array if the passed count is not 0" do + ary = [1, 2, 3] + ary.untrust + (ary * 1).untrusted?.should == true + (ary * 2).untrusted?.should == true + end end end diff --git a/spec/ruby/core/array/pack/p_spec.rb b/spec/ruby/core/array/pack/p_spec.rb index 857d403313..d7dff8a4da 100644 --- a/spec/ruby/core/array/pack/p_spec.rb +++ b/spec/ruby/core/array/pack/p_spec.rb @@ -15,14 +15,16 @@ describe "Array#pack with format 'P'" do ["hello"].pack("P").unpack("P5").should == ["hello"] end - it "taints the input string" do - input_string = "hello" - [input_string].pack("P") - input_string.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "taints the input string" do + input_string = "hello" + [input_string].pack("P") + input_string.tainted?.should be_true + end - it "does not taint the output string in normal cases" do - ["hello"].pack("P").tainted?.should be_false + it "does not taint the output string in normal cases" do + ["hello"].pack("P").tainted?.should be_false + end end it "with nil gives a null pointer" do @@ -42,14 +44,16 @@ describe "Array#pack with format 'p'" do ["hello"].pack("p").unpack("p").should == ["hello"] end - it "taints the input string" do - input_string = "hello" - [input_string].pack("p") - input_string.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "taints the input string" do + input_string = "hello" + [input_string].pack("p") + input_string.tainted?.should be_true + end - it "does not taint the output string in normal cases" do - ["hello"].pack("p").tainted?.should be_false + it "does not taint the output string in normal cases" do + ["hello"].pack("p").tainted?.should be_false + end end it "with nil gives a null pointer" do diff --git a/spec/ruby/core/array/pack/shared/basic.rb b/spec/ruby/core/array/pack/shared/basic.rb index bc366987c8..9061273ad6 100644 --- a/spec/ruby/core/array/pack/shared/basic.rb +++ b/spec/ruby/core/array/pack/shared/basic.rb @@ -33,8 +33,10 @@ describe :array_pack_basic_non_float, shared: true do [@obj, @obj].pack(d).should be_an_instance_of(String) end - it "taints the output string if the format string is tainted" do - [@obj, @obj].pack("x"+pack_format.taint).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the output string if the format string is tainted" do + [@obj, @obj].pack("x"+pack_format.taint).tainted?.should be_true + end end end @@ -49,8 +51,10 @@ describe :array_pack_basic_float, shared: true do [1.2, 4.7].pack(d).should be_an_instance_of(String) end - it "taints the output string if the format string is tainted" do - [3.2, 2.8].pack("x"+pack_format.taint).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the output string if the format string is tainted" do + [3.2, 2.8].pack("x"+pack_format.taint).tainted?.should be_true + end end end diff --git a/spec/ruby/core/array/pack/shared/taint.rb b/spec/ruby/core/array/pack/shared/taint.rb index 88f349cb24..565f04b8b9 100644 --- a/spec/ruby/core/array/pack/shared/taint.rb +++ b/spec/ruby/core/array/pack/shared/taint.rb @@ -1,33 +1,35 @@ describe :array_pack_taint, shared: true do - it "returns a tainted string when a pack argument is tainted" do - ["abcd".taint, 0x20].pack(pack_format("3C")).tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted string when a pack argument is tainted" do + ["abcd".taint, 0x20].pack(pack_format("3C")).tainted?.should be_true + end - it "does not return a tainted string when the array is tainted" do - ["abcd", 0x20].taint.pack(pack_format("3C")).tainted?.should be_false - end + it "does not return a tainted string when the array is tainted" do + ["abcd", 0x20].taint.pack(pack_format("3C")).tainted?.should be_false + end - it "returns a tainted string when the format is tainted" do - ["abcd", 0x20].pack(pack_format("3C").taint).tainted?.should be_true - end + it "returns a tainted string when the format is tainted" do + ["abcd", 0x20].pack(pack_format("3C").taint).tainted?.should be_true + end - it "returns a tainted string when an empty format is tainted" do - ["abcd", 0x20].pack("".taint).tainted?.should be_true - end + it "returns a tainted string when an empty format is tainted" do + ["abcd", 0x20].pack("".taint).tainted?.should be_true + end - it "returns a untrusted string when the format is untrusted" do - ["abcd", 0x20].pack(pack_format("3C").untrust).untrusted?.should be_true - end + it "returns a untrusted string when the format is untrusted" do + ["abcd", 0x20].pack(pack_format("3C").untrust).untrusted?.should be_true + end - it "returns a untrusted string when the empty format is untrusted" do - ["abcd", 0x20].pack("".untrust).untrusted?.should be_true - end + it "returns a untrusted string when the empty format is untrusted" do + ["abcd", 0x20].pack("".untrust).untrusted?.should be_true + end - it "returns a untrusted string when a pack argument is untrusted" do - ["abcd".untrust, 0x20].pack(pack_format("3C")).untrusted?.should be_true - end + it "returns a untrusted string when a pack argument is untrusted" do + ["abcd".untrust, 0x20].pack(pack_format("3C")).untrusted?.should be_true + end - it "returns a trusted string when the array is untrusted" do - ["abcd", 0x20].untrust.pack(pack_format("3C")).untrusted?.should be_false + it "returns a trusted string when the array is untrusted" do + ["abcd", 0x20].untrust.pack(pack_format("3C")).untrusted?.should be_false + end end end diff --git a/spec/ruby/core/array/plus_spec.rb b/spec/ruby/core/array/plus_spec.rb index 7692163980..45f8438208 100644 --- a/spec/ruby/core/array/plus_spec.rb +++ b/spec/ruby/core/array/plus_spec.rb @@ -41,17 +41,19 @@ describe "Array#+" do ([5, 6] + ArraySpecs::ToAryArray[1, 2]).should == [5, 6, 1, 2] end - it "does not get infected even if an original array is tainted" do - ([1, 2] + [3, 4]).tainted?.should be_false - ([1, 2].taint + [3, 4]).tainted?.should be_false - ([1, 2] + [3, 4].taint).tainted?.should be_false - ([1, 2].taint + [3, 4].taint).tainted?.should be_false - end - - it "does not infected even if an original array is untrusted" do - ([1, 2] + [3, 4]).untrusted?.should be_false - ([1, 2].untrust + [3, 4]).untrusted?.should be_false - ([1, 2] + [3, 4].untrust).untrusted?.should be_false - ([1, 2].untrust + [3, 4].untrust).untrusted?.should be_false + ruby_version_is ''...'2.7' do + it "does not get infected even if an original array is tainted" do + ([1, 2] + [3, 4]).tainted?.should be_false + ([1, 2].taint + [3, 4]).tainted?.should be_false + ([1, 2] + [3, 4].taint).tainted?.should be_false + ([1, 2].taint + [3, 4].taint).tainted?.should be_false + end + + it "does not infected even if an original array is untrusted" do + ([1, 2] + [3, 4]).untrusted?.should be_false + ([1, 2].untrust + [3, 4]).untrusted?.should be_false + ([1, 2] + [3, 4].untrust).untrusted?.should be_false + ([1, 2].untrust + [3, 4].untrust).untrusted?.should be_false + end end end diff --git a/spec/ruby/core/array/pop_spec.rb b/spec/ruby/core/array/pop_spec.rb index 7dbd6cb3cc..2cfecbb2b4 100644 --- a/spec/ruby/core/array/pop_spec.rb +++ b/spec/ruby/core/array/pop_spec.rb @@ -30,12 +30,14 @@ describe "Array#pop" do array.pop.should == [1, 'two', 3.0, array, array, array, array] end - it "keeps taint status" do - a = [1, 2].taint - a.pop - a.tainted?.should be_true - a.pop - a.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "keeps taint status" do + a = [1, 2].taint + a.pop + a.tainted?.should be_true + a.pop + a.tainted?.should be_true + end end it "raises a #{frozen_error_class} on a frozen array" do @@ -46,12 +48,14 @@ describe "Array#pop" do -> { ArraySpecs.empty_frozen_array.pop }.should raise_error(frozen_error_class) end - it "keeps untrusted status" do - a = [1, 2].untrust - a.pop - a.untrusted?.should be_true - a.pop - a.untrusted?.should be_true + ruby_version_is ''...'2.7' do + it "keeps untrusted status" do + a = [1, 2].untrust + a.pop + a.untrusted?.should be_true + a.pop + a.untrusted?.should be_true + end end describe "passed a number n as an argument" do @@ -132,24 +136,26 @@ describe "Array#pop" do ArraySpecs::MyArray[1, 2, 3].pop(2).should be_an_instance_of(Array) end - it "returns an untainted array even if the array is tainted" do - ary = [1, 2].taint - ary.pop(2).tainted?.should be_false - ary.pop(0).tainted?.should be_false - end - - it "keeps taint status" do - a = [1, 2].taint - a.pop(2) - a.tainted?.should be_true - a.pop(2) - a.tainted?.should be_true - end - - it "returns a trusted array even if the array is untrusted" do - ary = [1, 2].untrust - ary.pop(2).untrusted?.should be_false - ary.pop(0).untrusted?.should be_false + ruby_version_is ''...'2.7' do + it "returns an untainted array even if the array is tainted" do + ary = [1, 2].taint + ary.pop(2).tainted?.should be_false + ary.pop(0).tainted?.should be_false + end + + it "keeps taint status" do + a = [1, 2].taint + a.pop(2) + a.tainted?.should be_true + a.pop(2) + a.tainted?.should be_true + end + + it "returns a trusted array even if the array is untrusted" do + ary = [1, 2].untrust + ary.pop(2).untrusted?.should be_false + ary.pop(0).untrusted?.should be_false + end end it "raises a #{frozen_error_class} on a frozen array" do @@ -157,12 +163,14 @@ describe "Array#pop" do -> { ArraySpecs.frozen_array.pop(0) }.should raise_error(frozen_error_class) end - it "keeps untrusted status" do - a = [1, 2].untrust - a.pop(2) - a.untrusted?.should be_true - a.pop(2) - a.untrusted?.should be_true + ruby_version_is ''...'2.7' do + it "keeps untrusted status" do + a = [1, 2].untrust + a.pop(2) + a.untrusted?.should be_true + a.pop(2) + a.untrusted?.should be_true + end end end end diff --git a/spec/ruby/core/array/shared/clone.rb b/spec/ruby/core/array/shared/clone.rb index 95d0d0a3d5..f6f581b17c 100644 --- a/spec/ruby/core/array/shared/clone.rb +++ b/spec/ruby/core/array/shared/clone.rb @@ -18,25 +18,27 @@ describe :array_clone, shared: true do b.__id__.should_not == a.__id__ end - it "copies taint status from the original" do - a = [1, 2, 3, 4] - b = [1, 2, 3, 4] - a.taint - aa = a.send @method - bb = b.send @method + ruby_version_is ''...'2.7' do + it "copies taint status from the original" do + a = [1, 2, 3, 4] + b = [1, 2, 3, 4] + a.taint + aa = a.send @method + bb = b.send @method - aa.tainted?.should == true - bb.tainted?.should == false - end + aa.tainted?.should == true + bb.tainted?.should == false + end - it "copies untrusted status from the original" do - a = [1, 2, 3, 4] - b = [1, 2, 3, 4] - a.untrust - aa = a.send @method - bb = b.send @method + it "copies untrusted status from the original" do + a = [1, 2, 3, 4] + b = [1, 2, 3, 4] + a.untrust + aa = a.send @method + bb = b.send @method - aa.untrusted?.should == true - bb.untrusted?.should == false + aa.untrusted?.should == true + bb.untrusted?.should == false + end end end diff --git a/spec/ruby/core/array/shared/collect.rb b/spec/ruby/core/array/shared/collect.rb index 80e2739893..cbe32d2ab4 100644 --- a/spec/ruby/core/array/shared/collect.rb +++ b/spec/ruby/core/array/shared/collect.rb @@ -42,16 +42,18 @@ describe :array_collect, shared: true do }.should raise_error(ArgumentError) end - it "does not copy tainted status" do - a = [1, 2, 3] - a.taint - a.send(@method){|x| x}.tainted?.should be_false - end + ruby_version_is ''...'2.7' do + it "does not copy tainted status" do + a = [1, 2, 3] + a.taint + a.send(@method){|x| x}.tainted?.should be_false + end - it "does not copy untrusted status" do - a = [1, 2, 3] - a.untrust - a.send(@method){|x| x}.untrusted?.should be_false + it "does not copy untrusted status" do + a = [1, 2, 3] + a.untrust + a.send(@method){|x| x}.untrusted?.should be_false + end end before :all do @@ -94,19 +96,21 @@ describe :array_collect_b, shared: true do a.should == ["1!", "2!", "3!"] end - it "keeps tainted status" do - a = [1, 2, 3] - a.taint - a.tainted?.should be_true - a.send(@method){|x| x} - a.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps tainted status" do + a = [1, 2, 3] + a.taint + a.tainted?.should be_true + a.send(@method){|x| x} + a.tainted?.should be_true + end - it "keeps untrusted status" do - a = [1, 2, 3] - a.untrust - a.send(@method){|x| x} - a.untrusted?.should be_true + it "keeps untrusted status" do + a = [1, 2, 3] + a.untrust + a.send(@method){|x| x} + a.untrusted?.should be_true + end end describe "when frozen" do diff --git a/spec/ruby/core/array/shared/inspect.rb b/spec/ruby/core/array/shared/inspect.rb index 434440c25b..736f8d946b 100644 --- a/spec/ruby/core/array/shared/inspect.rb +++ b/spec/ruby/core/array/shared/inspect.rb @@ -64,28 +64,30 @@ describe :array_inspect, shared: true do ArraySpecs.empty_recursive_array.send(@method).should == "[[...]]" end - it "taints the result if the Array is non-empty and tainted" do - [1, 2].taint.send(@method).tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "taints the result if the Array is non-empty and tainted" do + [1, 2].taint.send(@method).tainted?.should be_true + end - it "does not taint the result if the Array is tainted but empty" do - [].taint.send(@method).tainted?.should be_false - end + it "does not taint the result if the Array is tainted but empty" do + [].taint.send(@method).tainted?.should be_false + end - it "taints the result if an element is tainted" do - ["str".taint].send(@method).tainted?.should be_true - end + it "taints the result if an element is tainted" do + ["str".taint].send(@method).tainted?.should be_true + end - it "untrusts the result if the Array is untrusted" do - [1, 2].untrust.send(@method).untrusted?.should be_true - end + it "untrusts the result if the Array is untrusted" do + [1, 2].untrust.send(@method).untrusted?.should be_true + end - it "does not untrust the result if the Array is untrusted but empty" do - [].untrust.send(@method).untrusted?.should be_false - end + it "does not untrust the result if the Array is untrusted but empty" do + [].untrust.send(@method).untrusted?.should be_false + end - it "untrusts the result if an element is untrusted" do - ["str".untrust].send(@method).untrusted?.should be_true + it "untrusts the result if an element is untrusted" do + ["str".untrust].send(@method).untrusted?.should be_true + end end describe "with encoding" do diff --git a/spec/ruby/core/array/shared/join.rb b/spec/ruby/core/array/shared/join.rb index 38bdde9502..5e7193de8a 100644 --- a/spec/ruby/core/array/shared/join.rb +++ b/spec/ruby/core/array/shared/join.rb @@ -58,32 +58,34 @@ describe :array_join_with_default_separator, shared: true do -> { ArraySpecs.empty_recursive_array.send(@method) }.should raise_error(ArgumentError) end - it "taints the result if the Array is tainted and non-empty" do - [1, 2].taint.send(@method).tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "taints the result if the Array is tainted and non-empty" do + [1, 2].taint.send(@method).tainted?.should be_true + end - it "does not taint the result if the Array is tainted but empty" do - [].taint.send(@method).tainted?.should be_false - end + it "does not taint the result if the Array is tainted but empty" do + [].taint.send(@method).tainted?.should be_false + end - it "taints the result if the result of coercing an element is tainted" do - s = mock("taint") - s.should_receive(:to_s).and_return("str".taint) - [s].send(@method).tainted?.should be_true - end + it "taints the result if the result of coercing an element is tainted" do + s = mock("taint") + s.should_receive(:to_s).and_return("str".taint) + [s].send(@method).tainted?.should be_true + end - it "untrusts the result if the Array is untrusted and non-empty" do - [1, 2].untrust.send(@method).untrusted?.should be_true - end + it "untrusts the result if the Array is untrusted and non-empty" do + [1, 2].untrust.send(@method).untrusted?.should be_true + end - it "does not untrust the result if the Array is untrusted but empty" do - [].untrust.send(@method).untrusted?.should be_false - end + it "does not untrust the result if the Array is untrusted but empty" do + [].untrust.send(@method).untrusted?.should be_false + end - it "untrusts the result if the result of coercing an element is untrusted" do - s = mock("untrust") - s.should_receive(:to_s).and_return("str".untrust) - [s].send(@method).untrusted?.should be_true + it "untrusts the result if the result of coercing an element is untrusted" do + s = mock("untrust") + s.should_receive(:to_s).and_return("str".untrust) + [s].send(@method).untrusted?.should be_true + end end it "uses the first encoding when other strings are compatible" do @@ -125,39 +127,41 @@ describe :array_join_with_string_separator, shared: true do [1, [2, ArraySpecs::MyArray[3, 4], 5], 6].send(@method, ":").should == "1:2:3:4:5:6" end - describe "with a tainted separator" do - before :each do - @sep = ":".taint - end + ruby_version_is ''...'2.7' do + describe "with a tainted separator" do + before :each do + @sep = ":".taint + end - it "does not taint the result if the array is empty" do - [].send(@method, @sep).tainted?.should be_false - end + it "does not taint the result if the array is empty" do + [].send(@method, @sep).tainted?.should be_false + end - it "does not taint the result if the array has only one element" do - [1].send(@method, @sep).tainted?.should be_false - end + it "does not taint the result if the array has only one element" do + [1].send(@method, @sep).tainted?.should be_false + end - it "taints the result if the array has two or more elements" do - [1, 2].send(@method, @sep).tainted?.should be_true + it "taints the result if the array has two or more elements" do + [1, 2].send(@method, @sep).tainted?.should be_true + end end - end - describe "with an untrusted separator" do - before :each do - @sep = ":".untrust - end + describe "with an untrusted separator" do + before :each do + @sep = ":".untrust + end - it "does not untrust the result if the array is empty" do - [].send(@method, @sep).untrusted?.should be_false - end + it "does not untrust the result if the array is empty" do + [].send(@method, @sep).untrusted?.should be_false + end - it "does not untrust the result if the array has only one element" do - [1].send(@method, @sep).untrusted?.should be_false - end + it "does not untrust the result if the array has only one element" do + [1].send(@method, @sep).untrusted?.should be_false + end - it "untrusts the result if the array has two or more elements" do - [1, 2].send(@method, @sep).untrusted?.should be_true + it "untrusts the result if the array has two or more elements" do + [1, 2].send(@method, @sep).untrusted?.should be_true + end end end end diff --git a/spec/ruby/core/array/shift_spec.rb b/spec/ruby/core/array/shift_spec.rb index ef3c9fe1cd..13f1abbbfe 100644 --- a/spec/ruby/core/array/shift_spec.rb +++ b/spec/ruby/core/array/shift_spec.rb @@ -117,18 +117,20 @@ describe "Array#shift" do ArraySpecs::MyArray[1, 2, 3].shift(2).should be_an_instance_of(Array) end - it "returns an untainted array even if the array is tainted" do - ary = [1, 2].taint - ary.shift(2).tainted?.should be_false - ary.shift(0).tainted?.should be_false - end - - it "keeps taint status" do - a = [1, 2].taint - a.shift(2) - a.tainted?.should be_true - a.shift(2) - a.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "returns an untainted array even if the array is tainted" do + ary = [1, 2].taint + ary.shift(2).tainted?.should be_false + ary.shift(0).tainted?.should be_false + end + + it "keeps taint status" do + a = [1, 2].taint + a.shift(2) + a.tainted?.should be_true + a.shift(2) + a.tainted?.should be_true + end end end end diff --git a/spec/ruby/core/array/uniq_spec.rb b/spec/ruby/core/array/uniq_spec.rb index c9bdd3dacd..4b56f3c841 100644 --- a/spec/ruby/core/array/uniq_spec.rb +++ b/spec/ruby/core/array/uniq_spec.rb @@ -39,44 +39,76 @@ describe "Array#uniq" do [x, y].uniq.should == [x, y] end - it "compares elements with matching hash codes with #eql?" do - a = Array.new(2) do - obj = mock('0') - obj.should_receive(:hash).at_least(1).and_return(0) - - def obj.eql?(o) - # It's undefined whether the impl does a[0].eql?(a[1]) or - # a[1].eql?(a[0]) so we taint both. - taint - o.taint - false + ruby_version_is '2.7' do + it "compares elements with matching hash codes with #eql?" do + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + false + end + + obj end - obj - end + a.uniq.should == a - a.uniq.should == a - a[0].tainted?.should == true - a[1].tainted?.should == true + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) - a = Array.new(2) do - obj = mock('0') - obj.should_receive(:hash).at_least(1).and_return(0) + def obj.eql?(o) + true + end - def obj.eql?(o) - # It's undefined whether the impl does a[0].eql?(a[1]) or - # a[1].eql?(a[0]) so we taint both. - taint - o.taint - true + obj end - obj + a.uniq.size.should == 1 end + end - a.uniq.size.should == 1 - a[0].tainted?.should == true - a[1].tainted?.should == true + ruby_version_is ''...'2.7' do + it "compares elements with matching hash codes with #eql?" do + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + # It's undefined whether the impl does a[0].eql?(a[1]) or + # a[1].eql?(a[0]) so we taint both. + taint + o.taint + false + end + + obj + end + + a.uniq.should == a + a[0].tainted?.should == true + a[1].tainted?.should == true + + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + # It's undefined whether the impl does a[0].eql?(a[1]) or + # a[1].eql?(a[0]) so we taint both. + taint + o.taint + true + end + + obj + end + + a.uniq.size.should == 1 + a[0].tainted?.should == true + a[1].tainted?.should == true + end end it "compares elements based on the value returned from the block" do diff --git a/spec/ruby/core/enumerable/group_by_spec.rb b/spec/ruby/core/enumerable/group_by_spec.rb index 580a90cf0c..52b5a68d64 100644 --- a/spec/ruby/core/enumerable/group_by_spec.rb +++ b/spec/ruby/core/enumerable/group_by_spec.rb @@ -33,12 +33,14 @@ describe "Enumerable#group_by" do [3, 4, 5] => [[3, 4, 5]] } end - it "returns a tainted hash if self is tainted" do - EnumerableSpecs::Empty.new.taint.group_by {}.tainted?.should be_true - end - - it "returns an untrusted hash if self is untrusted" do - EnumerableSpecs::Empty.new.untrust.group_by {}.untrusted?.should be_true + ruby_version_is ''...'2.7' do + it "returns a tainted hash if self is tainted" do + EnumerableSpecs::Empty.new.taint.group_by {}.tainted?.should be_true + end + + it "returns an untrusted hash if self is untrusted" do + EnumerableSpecs::Empty.new.untrust.group_by {}.untrusted?.should be_true + end end it_behaves_like :enumerable_enumeratorized_with_origin_size, :group_by diff --git a/spec/ruby/core/enumerable/shared/entries.rb b/spec/ruby/core/enumerable/shared/entries.rb index f52844cb45..590ce73bcf 100644 --- a/spec/ruby/core/enumerable/shared/entries.rb +++ b/spec/ruby/core/enumerable/shared/entries.rb @@ -14,11 +14,13 @@ describe :enumerable_entries, shared: true do count.arguments_passed.should == [:hello, "world"] end - it "returns a tainted array if self is tainted" do - EnumerableSpecs::Empty.new.taint.send(@method).tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted array if self is tainted" do + EnumerableSpecs::Empty.new.taint.send(@method).tainted?.should be_true + end - it "returns an untrusted array if self is untrusted" do - EnumerableSpecs::Empty.new.untrust.send(@method).untrusted?.should be_true + it "returns an untrusted array if self is untrusted" do + EnumerableSpecs::Empty.new.untrust.send(@method).untrusted?.should be_true + end end end diff --git a/spec/ruby/core/enumerable/uniq_spec.rb b/spec/ruby/core/enumerable/uniq_spec.rb index c286882e92..82c041d4ef 100644 --- a/spec/ruby/core/enumerable/uniq_spec.rb +++ b/spec/ruby/core/enumerable/uniq_spec.rb @@ -31,44 +31,76 @@ describe 'Enumerable#uniq' do [x, y].to_enum.uniq.should == [x, y] end - it "compares elements with matching hash codes with #eql?" do - a = Array.new(2) do - obj = mock('0') - obj.should_receive(:hash).at_least(1).and_return(0) - - def obj.eql?(o) - # It's undefined whether the impl does a[0].eql?(a[1]) or - # a[1].eql?(a[0]) so we taint both. - taint - o.taint - false + ruby_version_is '2.7' do + it "compares elements with matching hash codes with #eql?" do + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + false + end + + obj end - obj - end + a.uniq.should == a - a.uniq.should == a - a[0].tainted?.should == true - a[1].tainted?.should == true + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) - a = Array.new(2) do - obj = mock('0') - obj.should_receive(:hash).at_least(1).and_return(0) + def obj.eql?(o) + true + end - def obj.eql?(o) - # It's undefined whether the impl does a[0].eql?(a[1]) or - # a[1].eql?(a[0]) so we taint both. - taint - o.taint - true + obj end - obj + a.to_enum.uniq.size.should == 1 end + end + + ruby_version_is ''...'2.7' do + it "compares elements with matching hash codes with #eql?" do + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + # It's undefined whether the impl does a[0].eql?(a[1]) or + # a[1].eql?(a[0]) so we taint both. + taint + o.taint + false + end + + obj + end + + a.uniq.should == a + a[0].tainted?.should == true + a[1].tainted?.should == true + + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + # It's undefined whether the impl does a[0].eql?(a[1]) or + # a[1].eql?(a[0]) so we taint both. + taint + o.taint + true + end + + obj + end - a.to_enum.uniq.size.should == 1 - a[0].tainted?.should == true - a[1].tainted?.should == true + a.to_enum.uniq.size.should == 1 + a[0].tainted?.should == true + a[1].tainted?.should == true + end end context 'when yielded with multiple arguments' do diff --git a/spec/ruby/core/hash/reject_spec.rb b/spec/ruby/core/hash/reject_spec.rb index 8016be5e83..1051ebd76c 100644 --- a/spec/ruby/core/hash/reject_spec.rb +++ b/spec/ruby/core/hash/reject_spec.rb @@ -32,9 +32,11 @@ describe "Hash#reject" do HashSpecs::MyHash[1 => 2, 3 => 4].reject { true }.should be_kind_of(Hash) end - it "does not taint the resulting hash" do - h = { a: 1 }.taint - h.reject {false}.tainted?.should == false + ruby_version_is ''...'2.7' do + it "does not taint the resulting hash" do + h = { a: 1 }.taint + h.reject {false}.tainted?.should == false + end end end diff --git a/spec/ruby/core/hash/shared/eql.rb b/spec/ruby/core/hash/shared/eql.rb index 1aed5f51fb..d8c33179fc 100644 --- a/spec/ruby/core/hash/shared/eql.rb +++ b/spec/ruby/core/hash/shared/eql.rb @@ -149,46 +149,80 @@ describe :hash_eql_additional, shared: true do h.send(@method, HashSpecs::MyHash[h]).should be_true end - # Why isn't this true of eql? too ? - it "compares keys with matching hash codes via eql?" do - a = Array.new(2) do - obj = mock('0') - obj.should_receive(:hash).at_least(1).and_return(0) - - # It's undefined whether the impl does a[0].eql?(a[1]) or - # a[1].eql?(a[0]) so we taint both. - def obj.eql?(o) - return true if self.equal?(o) - taint - o.taint - false + ruby_version_is '2.7' do + # Why isn't this true of eql? too ? + it "compares keys with matching hash codes via eql?" do + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + return true if self.equal?(o) + false + end + + obj end - obj - end + { a[0] => 1 }.send(@method, { a[1] => 1 }).should be_false - { a[0] => 1 }.send(@method, { a[1] => 1 }).should be_false - a[0].tainted?.should be_true - a[1].tainted?.should be_true + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) - a = Array.new(2) do - obj = mock('0') - obj.should_receive(:hash).at_least(1).and_return(0) + def obj.eql?(o) + true + end - def obj.eql?(o) - # It's undefined whether the impl does a[0].send(@method, a[1]) or - # a[1].send(@method, a[0]) so we taint both. - taint - o.taint - true + obj end - obj + { a[0] => 1 }.send(@method, { a[1] => 1 }).should be_true end + end + + ruby_version_is ''...'2.7' do + # Why isn't this true of eql? too ? + it "compares keys with matching hash codes via eql?" do + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + # It's undefined whether the impl does a[0].eql?(a[1]) or + # a[1].eql?(a[0]) so we taint both. + def obj.eql?(o) + return true if self.equal?(o) + taint + o.taint + false + end + + obj + end - { a[0] => 1 }.send(@method, { a[1] => 1 }).should be_true - a[0].tainted?.should be_true - a[1].tainted?.should be_true + { a[0] => 1 }.send(@method, { a[1] => 1 }).should be_false + a[0].tainted?.should be_true + a[1].tainted?.should be_true + + a = Array.new(2) do + obj = mock('0') + obj.should_receive(:hash).at_least(1).and_return(0) + + def obj.eql?(o) + # It's undefined whether the impl does a[0].send(@method, a[1]) or + # a[1].send(@method, a[0]) so we taint both. + taint + o.taint + true + end + + obj + end + + { a[0] => 1 }.send(@method, { a[1] => 1 }).should be_true + a[0].tainted?.should be_true + a[1].tainted?.should be_true + end end it "compares the values in self to values in other hash" do diff --git a/spec/ruby/core/hash/shared/to_s.rb b/spec/ruby/core/hash/shared/to_s.rb index d180d08c2c..b0e3705d01 100644 --- a/spec/ruby/core/hash/shared/to_s.rb +++ b/spec/ruby/core/hash/shared/to_s.rb @@ -77,14 +77,16 @@ describe :hash_to_s, shared: true do y.send(@method).should == "{1=>{0=>{...}}}" end - it "returns a tainted string if self is tainted and not empty" do - {}.taint.send(@method).tainted?.should be_false - { nil => nil }.taint.send(@method).tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted string if self is tainted and not empty" do + {}.taint.send(@method).tainted?.should be_false + { nil => nil }.taint.send(@method).tainted?.should be_true + end - it "returns an untrusted string if self is untrusted and not empty" do - {}.untrust.send(@method).untrusted?.should be_false - { nil => nil }.untrust.send(@method).untrusted?.should be_true + it "returns an untrusted string if self is untrusted and not empty" do + {}.untrust.send(@method).untrusted?.should be_false + { nil => nil }.untrust.send(@method).untrusted?.should be_true + end end it "does not raise if inspected result is not default external encoding" do diff --git a/spec/ruby/core/hash/to_a_spec.rb b/spec/ruby/core/hash/to_a_spec.rb index 33ad7cdec9..46f871389a 100644 --- a/spec/ruby/core/hash/to_a_spec.rb +++ b/spec/ruby/core/hash/to_a_spec.rb @@ -27,11 +27,13 @@ describe "Hash#to_a" do ent.should == pairs end - it "returns a tainted array if self is tainted" do - {}.taint.to_a.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted array if self is tainted" do + {}.taint.to_a.tainted?.should be_true + end - it "returns an untrusted array if self is untrusted" do - {}.untrust.to_a.untrusted?.should be_true + it "returns an untrusted array if self is untrusted" do + {}.untrust.to_a.untrusted?.should be_true + end end end diff --git a/spec/ruby/core/io/gets_spec.rb b/spec/ruby/core/io/gets_spec.rb index 8f6ec0dfc7..39b2108476 100644 --- a/spec/ruby/core/io/gets_spec.rb +++ b/spec/ruby/core/io/gets_spec.rb @@ -38,9 +38,11 @@ describe "IO#gets" do IOSpecs.lines.each { |line| line.should == @io.gets } end - it "returns tainted strings" do - while line = @io.gets - line.tainted?.should == true + ruby_version_is ''...'2.7' do + it "returns tainted strings" do + while line = @io.gets + line.tainted?.should == true + end end end @@ -62,9 +64,11 @@ describe "IO#gets" do @io.gets(nil).should == IOSpecs.lines.join("") end - it "returns tainted strings" do - while line = @io.gets(nil) - line.tainted?.should == true + ruby_version_is ''...'2.7' do + it "returns tainted strings" do + while line = @io.gets(nil) + line.tainted?.should == true + end end end @@ -96,9 +100,11 @@ describe "IO#gets" do @io.gets.should == IOSpecs.lines[4] end - it "returns tainted strings" do - while line = @io.gets("") - line.tainted?.should == true + ruby_version_is ''...'2.7' do + it "returns tainted strings" do + while line = @io.gets("") + line.tainted?.should == true + end end end @@ -120,9 +126,11 @@ describe "IO#gets" do @io.gets("la linea").should == "Voici la ligne une.\nQui \303\250 la linea" end - it "returns tainted strings" do - while line = @io.gets("la") - line.tainted?.should == true + ruby_version_is ''...'2.7' do + it "returns tainted strings" do + while line = @io.gets("la") + line.tainted?.should == true + end end end diff --git a/spec/ruby/core/kernel/clone_spec.rb b/spec/ruby/core/kernel/clone_spec.rb index eb8739d571..f20ea618b5 100644 --- a/spec/ruby/core/kernel/clone_spec.rb +++ b/spec/ruby/core/kernel/clone_spec.rb @@ -108,9 +108,15 @@ describe "Kernel#clone" do cloned.bar.should == ['a'] end - it 'copies frozen? and tainted?' do - o = ''.taint.freeze.clone + it 'copies frozen?' do + o = ''.freeze.clone o.frozen?.should be_true - o.tainted?.should be_true + end + + ruby_version_is ''...'2.7' do + it 'copies tainted?' do + o = ''.taint.clone + o.tainted?.should be_true + end end end diff --git a/spec/ruby/core/kernel/inspect_spec.rb b/spec/ruby/core/kernel/inspect_spec.rb index b5ba1a3903..a946d032db 100644 --- a/spec/ruby/core/kernel/inspect_spec.rb +++ b/spec/ruby/core/kernel/inspect_spec.rb @@ -6,12 +6,14 @@ describe "Kernel#inspect" do Object.new.inspect.should be_an_instance_of(String) end - it "returns a tainted string if self is tainted" do - Object.new.taint.inspect.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted string if self is tainted" do + Object.new.taint.inspect.tainted?.should be_true + end - it "returns an untrusted string if self is untrusted" do - Object.new.untrust.inspect.untrusted?.should be_true + it "returns an untrusted string if self is untrusted" do + Object.new.untrust.inspect.untrusted?.should be_true + end end it "does not call #to_s if it is defined" do diff --git a/spec/ruby/core/kernel/shared/dup_clone.rb b/spec/ruby/core/kernel/shared/dup_clone.rb index d1ee64bd09..a52ccab359 100644 --- a/spec/ruby/core/kernel/shared/dup_clone.rb +++ b/spec/ruby/core/kernel/shared/dup_clone.rb @@ -52,14 +52,16 @@ describe :kernel_dup_clone, shared: true do o2.original.should equal(o) end - it "preserves tainted state from the original" do - o = ObjectSpecDupInitCopy.new - o2 = o.send(@method) - o.taint - o3 = o.send(@method) - - o2.tainted?.should == false - o3.tainted?.should == true + ruby_version_is ''...'2.7' do + it "preserves tainted state from the original" do + o = ObjectSpecDupInitCopy.new + o2 = o.send(@method) + o.taint + o3 = o.send(@method) + + o2.tainted?.should == false + o3.tainted?.should == true + end end it "does not preserve the object_id" do @@ -69,14 +71,16 @@ describe :kernel_dup_clone, shared: true do o2.object_id.should_not == old_object_id end - it "preserves untrusted state from the original" do - o = ObjectSpecDupInitCopy.new - o2 = o.send(@method) - o.untrust - o3 = o.send(@method) + ruby_version_is ''...'2.7' do + it "preserves untrusted state from the original" do + o = ObjectSpecDupInitCopy.new + o2 = o.send(@method) + o.untrust + o3 = o.send(@method) - o2.untrusted?.should == false - o3.untrusted?.should == true + o2.untrusted?.should == false + o3.untrusted?.should == true + end end it "returns nil for NilClass" do diff --git a/spec/ruby/core/kernel/taint_spec.rb b/spec/ruby/core/kernel/taint_spec.rb index 000295f6d2..6de009a46c 100644 --- a/spec/ruby/core/kernel/taint_spec.rb +++ b/spec/ruby/core/kernel/taint_spec.rb @@ -2,44 +2,46 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "Kernel#taint" do - it "returns self" do - o = Object.new - o.taint.should equal(o) - end - - it "sets the tainted bit" do - o = Object.new - o.taint - o.tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "returns self" do + o = Object.new + o.taint.should equal(o) + end - it "raises #{frozen_error_class} on an untainted, frozen object" do - o = Object.new.freeze - -> { o.taint }.should raise_error(frozen_error_class) - end + it "sets the tainted bit" do + o = Object.new + o.taint + o.tainted?.should == true + end - it "does not raise an error on a tainted, frozen object" do - o = Object.new.taint.freeze - o.taint.should equal(o) - end + it "raises #{frozen_error_class} on an untainted, frozen object" do + o = Object.new.freeze + -> { o.taint }.should raise_error(frozen_error_class) + end - it "has no effect on immediate values" do - [nil, true, false].each do |v| - v.taint - v.tainted?.should == false + it "does not raise an error on a tainted, frozen object" do + o = Object.new.taint.freeze + o.taint.should equal(o) end - end - it "no raises a RuntimeError on symbols" do - v = :sym - -> { v.taint }.should_not raise_error(RuntimeError) - v.tainted?.should == false - end + it "has no effect on immediate values" do + [nil, true, false].each do |v| + v.taint + v.tainted?.should == false + end + end - it "no raises error on fixnum values" do - [1].each do |v| + it "no raises a RuntimeError on symbols" do + v = :sym -> { v.taint }.should_not raise_error(RuntimeError) v.tainted?.should == false end + + it "no raises error on fixnum values" do + [1].each do |v| + -> { v.taint }.should_not raise_error(RuntimeError) + v.tainted?.should == false + end + end end end diff --git a/spec/ruby/core/kernel/tainted_spec.rb b/spec/ruby/core/kernel/tainted_spec.rb index c024756110..72ce346dda 100644 --- a/spec/ruby/core/kernel/tainted_spec.rb +++ b/spec/ruby/core/kernel/tainted_spec.rb @@ -2,11 +2,13 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "Kernel#tainted?" do - it "returns true if Object is tainted" do - o = mock('o') - p = mock('p') - p.taint - o.tainted?.should == false - p.tainted?.should == true + ruby_version_is ''...'2.7' do + it "returns true if Object is tainted" do + o = mock('o') + p = mock('p') + p.taint + o.tainted?.should == false + p.tainted?.should == true + end end end diff --git a/spec/ruby/core/kernel/to_s_spec.rb b/spec/ruby/core/kernel/to_s_spec.rb index 4b59520ce7..64b40f46e5 100644 --- a/spec/ruby/core/kernel/to_s_spec.rb +++ b/spec/ruby/core/kernel/to_s_spec.rb @@ -6,11 +6,13 @@ describe "Kernel#to_s" do Object.new.to_s.should =~ /Object/ end - it "returns a tainted result if self is tainted" do - Object.new.taint.to_s.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted result if self is tainted" do + Object.new.taint.to_s.tainted?.should be_true + end - it "returns an untrusted result if self is untrusted" do - Object.new.untrust.to_s.untrusted?.should be_true + it "returns an untrusted result if self is untrusted" do + Object.new.untrust.to_s.untrusted?.should be_true + end end end diff --git a/spec/ruby/core/kernel/trust_spec.rb b/spec/ruby/core/kernel/trust_spec.rb index d34aa293ec..13f085f420 100644 --- a/spec/ruby/core/kernel/trust_spec.rb +++ b/spec/ruby/core/kernel/trust_spec.rb @@ -2,24 +2,26 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "Kernel#trust" do - it "returns self" do - o = Object.new - o.trust.should equal(o) - end + ruby_version_is ''...'2.7' do + it "returns self" do + o = Object.new + o.trust.should equal(o) + end - it "clears the untrusted bit" do - o = Object.new.untrust - o.trust - o.untrusted?.should == false - end + it "clears the untrusted bit" do + o = Object.new.untrust + o.trust + o.untrusted?.should == false + end - it "raises #{frozen_error_class} on an untrusted, frozen object" do - o = Object.new.untrust.freeze - -> { o.trust }.should raise_error(frozen_error_class) - end + it "raises #{frozen_error_class} on an untrusted, frozen object" do + o = Object.new.untrust.freeze + -> { o.trust }.should raise_error(frozen_error_class) + end - it "does not raise an error on a trusted, frozen object" do - o = Object.new.freeze - o.trust.should equal(o) + it "does not raise an error on a trusted, frozen object" do + o = Object.new.freeze + o.trust.should equal(o) + end end end diff --git a/spec/ruby/core/kernel/untaint_spec.rb b/spec/ruby/core/kernel/untaint_spec.rb index 94e4a8fd44..58485fcc58 100644 --- a/spec/ruby/core/kernel/untaint_spec.rb +++ b/spec/ruby/core/kernel/untaint_spec.rb @@ -2,24 +2,26 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "Kernel#untaint" do - it "returns self" do - o = Object.new - o.untaint.should equal(o) - end + ruby_version_is ''...'2.7' do + it "returns self" do + o = Object.new + o.untaint.should equal(o) + end - it "clears the tainted bit" do - o = Object.new.taint - o.untaint - o.tainted?.should == false - end + it "clears the tainted bit" do + o = Object.new.taint + o.untaint + o.tainted?.should == false + end - it "raises #{frozen_error_class} on a tainted, frozen object" do - o = Object.new.taint.freeze - -> { o.untaint }.should raise_error(frozen_error_class) - end + it "raises #{frozen_error_class} on a tainted, frozen object" do + o = Object.new.taint.freeze + -> { o.untaint }.should raise_error(frozen_error_class) + end - it "does not raise an error on an untainted, frozen object" do - o = Object.new.freeze - o.untaint.should equal(o) + it "does not raise an error on an untainted, frozen object" do + o = Object.new.freeze + o.untaint.should equal(o) + end end end diff --git a/spec/ruby/core/kernel/untrust_spec.rb b/spec/ruby/core/kernel/untrust_spec.rb index 2ee3dbb170..c6eb79af1c 100644 --- a/spec/ruby/core/kernel/untrust_spec.rb +++ b/spec/ruby/core/kernel/untrust_spec.rb @@ -2,24 +2,26 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "Kernel#untrust" do - it "returns self" do - o = Object.new - o.untrust.should equal(o) - end + ruby_version_is ''...'2.7' do + it "returns self" do + o = Object.new + o.untrust.should equal(o) + end - it "sets the untrusted bit" do - o = Object.new - o.untrust - o.untrusted?.should == true - end + it "sets the untrusted bit" do + o = Object.new + o.untrust + o.untrusted?.should == true + end - it "raises #{frozen_error_class} on a trusted, frozen object" do - o = Object.new.freeze - -> { o.untrust }.should raise_error(frozen_error_class) - end + it "raises #{frozen_error_class} on a trusted, frozen object" do + o = Object.new.freeze + -> { o.untrust }.should raise_error(frozen_error_class) + end - it "does not raise an error on an untrusted, frozen object" do - o = Object.new.untrust.freeze - o.untrust.should equal(o) + it "does not raise an error on an untrusted, frozen object" do + o = Object.new.untrust.freeze + o.untrust.should equal(o) + end end end diff --git a/spec/ruby/core/kernel/untrusted_spec.rb b/spec/ruby/core/kernel/untrusted_spec.rb index 3f894b0bab..ccebfe38be 100644 --- a/spec/ruby/core/kernel/untrusted_spec.rb +++ b/spec/ruby/core/kernel/untrusted_spec.rb @@ -2,27 +2,29 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "Kernel#untrusted?" do - it "returns the untrusted status of an object" do - o = mock('o') - o.untrusted?.should == false - o.untrust - o.untrusted?.should == true - end + ruby_version_is ''...'2.7' do + it "returns the untrusted status of an object" do + o = mock('o') + o.untrusted?.should == false + o.untrust + o.untrusted?.should == true + end - it "has no effect on immediate values" do - a = nil - b = true - c = false - a.untrust - b.untrust - c.untrust - a.untrusted?.should == false - b.untrusted?.should == false - c.untrusted?.should == false - end + it "has no effect on immediate values" do + a = nil + b = true + c = false + a.untrust + b.untrust + c.untrust + a.untrusted?.should == false + b.untrusted?.should == false + c.untrusted?.should == false + end - it "has effect on immediate values" do - d = 1 - -> { d.untrust }.should_not raise_error(RuntimeError) + it "has effect on immediate values" do + d = 1 + -> { d.untrust }.should_not raise_error(RuntimeError) + end end end diff --git a/spec/ruby/core/marshal/dump_spec.rb b/spec/ruby/core/marshal/dump_spec.rb index 700f090a2f..3a7a083dd8 100644 --- a/spec/ruby/core/marshal/dump_spec.rb +++ b/spec/ruby/core/marshal/dump_spec.rb @@ -581,27 +581,29 @@ describe "Marshal.dump" do -> { Marshal.dump(m) }.should raise_error(TypeError) end - it "returns an untainted string if object is untainted" do - Marshal.dump(Object.new).tainted?.should be_false - end + ruby_version_is ''...'2.7' do + it "returns an untainted string if object is untainted" do + Marshal.dump(Object.new).tainted?.should be_false + end - it "returns a tainted string if object is tainted" do - Marshal.dump(Object.new.taint).tainted?.should be_true - end + it "returns a tainted string if object is tainted" do + Marshal.dump(Object.new.taint).tainted?.should be_true + end - it "returns a tainted string if nested object is tainted" do - Marshal.dump([[Object.new.taint]]).tainted?.should be_true - end + it "returns a tainted string if nested object is tainted" do + Marshal.dump([[Object.new.taint]]).tainted?.should be_true + end - it "returns a trusted string if object is trusted" do - Marshal.dump(Object.new).untrusted?.should be_false - end + it "returns a trusted string if object is trusted" do + Marshal.dump(Object.new).untrusted?.should be_false + end - it "returns an untrusted string if object is untrusted" do - Marshal.dump(Object.new.untrust).untrusted?.should be_true - end + it "returns an untrusted string if object is untrusted" do + Marshal.dump(Object.new.untrust).untrusted?.should be_true + end - it "returns an untrusted string if nested object is untrusted" do - Marshal.dump([[Object.new.untrust]]).untrusted?.should be_true + it "returns an untrusted string if nested object is untrusted" do + Marshal.dump([[Object.new.untrust]]).untrusted?.should be_true + end end end diff --git a/spec/ruby/core/marshal/shared/load.rb b/spec/ruby/core/marshal/shared/load.rb index f92d49c68c..b90a6a99ce 100644 --- a/spec/ruby/core/marshal/shared/load.rb +++ b/spec/ruby/core/marshal/shared/load.rb @@ -182,85 +182,87 @@ describe :marshal_load, shared: true do end end - it "returns an untainted object if source is untainted" do - x = Object.new - y = Marshal.send(@method, Marshal.dump(x)) - y.tainted?.should be_false - end - - describe "when source is tainted" do - it "returns a tainted object" do + ruby_version_is ''...'2.7' do + it "returns an untainted object if source is untainted" do x = Object.new - x.taint - s = Marshal.dump(x) - y = Marshal.send(@method, s) - y.tainted?.should be_true + y = Marshal.send(@method, Marshal.dump(x)) + y.tainted?.should be_false + end + + describe "when source is tainted" do + it "returns a tainted object" do + x = Object.new + x.taint + s = Marshal.dump(x) + y = Marshal.send(@method, s) + y.tainted?.should be_true + + # note that round-trip via Marshal does not preserve + # the taintedness at each level of the nested structure + y = Marshal.send(@method, Marshal.dump([[x]])) + y.tainted?.should be_true + y.first.tainted?.should be_true + y.first.first.tainted?.should be_true + end - # note that round-trip via Marshal does not preserve - # the taintedness at each level of the nested structure - y = Marshal.send(@method, Marshal.dump([[x]])) - y.tainted?.should be_true - y.first.tainted?.should be_true - y.first.first.tainted?.should be_true - end + it "does not taint Symbols" do + x = [:x] + y = Marshal.send(@method, Marshal.dump(x).taint) + y.tainted?.should be_true + y.first.tainted?.should be_false + end - it "does not taint Symbols" do - x = [:x] - y = Marshal.send(@method, Marshal.dump(x).taint) - y.tainted?.should be_true - y.first.tainted?.should be_false - end + it "does not taint Fixnums" do + x = [1] + y = Marshal.send(@method, Marshal.dump(x).taint) + y.tainted?.should be_true + y.first.tainted?.should be_false + end - it "does not taint Fixnums" do - x = [1] - y = Marshal.send(@method, Marshal.dump(x).taint) - y.tainted?.should be_true - y.first.tainted?.should be_false - end + it "does not taint Bignums" do + x = [bignum_value] + y = Marshal.send(@method, Marshal.dump(x).taint) + y.tainted?.should be_true + y.first.tainted?.should be_false + end - it "does not taint Bignums" do - x = [bignum_value] - y = Marshal.send(@method, Marshal.dump(x).taint) - y.tainted?.should be_true - y.first.tainted?.should be_false + it "does not taint Floats" do + x = [1.2] + y = Marshal.send(@method, Marshal.dump(x).taint) + y.tainted?.should be_true + y.first.tainted?.should be_false + end end - it "does not taint Floats" do - x = [1.2] - y = Marshal.send(@method, Marshal.dump(x).taint) + it "preserves taintedness of nested structure" do + x = Object.new + a = [[x]] + x.taint + y = Marshal.send(@method, Marshal.dump(a)) y.tainted?.should be_true - y.first.tainted?.should be_false + y.first.tainted?.should be_true + y.first.first.tainted?.should be_true end - end - it "preserves taintedness of nested structure" do - x = Object.new - a = [[x]] - x.taint - y = Marshal.send(@method, Marshal.dump(a)) - y.tainted?.should be_true - y.first.tainted?.should be_true - y.first.first.tainted?.should be_true - end - - it "returns a trusted object if source is trusted" do - x = Object.new - y = Marshal.send(@method, Marshal.dump(x)) - y.untrusted?.should be_false - end + it "returns a trusted object if source is trusted" do + x = Object.new + y = Marshal.send(@method, Marshal.dump(x)) + y.untrusted?.should be_false + end - it "returns an untrusted object if source is untrusted" do - x = Object.new - x.untrust - y = Marshal.send(@method, Marshal.dump(x)) - y.untrusted?.should be_true + it "returns an untrusted object if source is untrusted" do + x = Object.new + x.untrust + y = Marshal.send(@method, Marshal.dump(x)) + y.untrusted?.should be_true - # note that round-trip via Marshal does not preserve - # the untrustedness at each level of the nested structure - y = Marshal.send(@method, Marshal.dump([[x]])) - y.untrusted?.should be_true - y.first.untrusted?.should be_true - y.first.first.untrusted?.should be_true + # note that round-trip via Marshal does not preserve + # the untrustedness at each level of the nested structure + y = Marshal.send(@method, Marshal.dump([[x]])) + y.untrusted?.should be_true + y.first.untrusted?.should be_true + y.first.first.untrusted?.should be_true + end end # Note: Ruby 1.9 should be compatible with older marshal format diff --git a/spec/ruby/core/matchdata/post_match_spec.rb b/spec/ruby/core/matchdata/post_match_spec.rb index 6e13438124..4ae51f107e 100644 --- a/spec/ruby/core/matchdata/post_match_spec.rb +++ b/spec/ruby/core/matchdata/post_match_spec.rb @@ -6,20 +6,22 @@ describe "MatchData#post_match" do $'.should == ': The Movie' end - it "keeps taint status from the source string" do - str = "THX1138: The Movie" - str.taint - res = /(.)(.)(\d+)(\d)/.match(str).post_match - res.tainted?.should be_true - $'.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps taint status from the source string" do + str = "THX1138: The Movie" + str.taint + res = /(.)(.)(\d+)(\d)/.match(str).post_match + res.tainted?.should be_true + $'.tainted?.should be_true + end - it "keeps untrusted status from the source string" do - str = "THX1138: The Movie" - str.untrust - res = /(.)(.)(\d+)(\d)/.match(str).post_match - res.untrusted?.should be_true - $'.untrusted?.should be_true + it "keeps untrusted status from the source string" do + str = "THX1138: The Movie" + str.untrust + res = /(.)(.)(\d+)(\d)/.match(str).post_match + res.untrusted?.should be_true + $'.untrusted?.should be_true + end end it "sets the encoding to the encoding of the source String" do diff --git a/spec/ruby/core/matchdata/pre_match_spec.rb b/spec/ruby/core/matchdata/pre_match_spec.rb index 816cc91eb2..824612c84c 100644 --- a/spec/ruby/core/matchdata/pre_match_spec.rb +++ b/spec/ruby/core/matchdata/pre_match_spec.rb @@ -6,20 +6,22 @@ describe "MatchData#pre_match" do $`.should == 'T' end - it "keeps taint status from the source string" do - str = "THX1138: The Movie" - str.taint - res = /(.)(.)(\d+)(\d)/.match(str).pre_match - res.tainted?.should be_true - $`.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps taint status from the source string" do + str = "THX1138: The Movie" + str.taint + res = /(.)(.)(\d+)(\d)/.match(str).pre_match + res.tainted?.should be_true + $`.tainted?.should be_true + end - it "keeps untrusted status from the source string" do - str = "THX1138: The Movie" - str.untrust - res = /(.)(.)(\d+)(\d)/.match(str).pre_match - res.untrusted?.should be_true - $`.untrusted?.should be_true + it "keeps untrusted status from the source string" do + str = "THX1138: The Movie" + str.untrust + res = /(.)(.)(\d+)(\d)/.match(str).pre_match + res.untrusted?.should be_true + $`.untrusted?.should be_true + end end it "sets the encoding to the encoding of the source String" do diff --git a/spec/ruby/core/module/append_features_spec.rb b/spec/ruby/core/module/append_features_spec.rb index 584aa11dfa..8fb3febc04 100644 --- a/spec/ruby/core/module/append_features_spec.rb +++ b/spec/ruby/core/module/append_features_spec.rb @@ -47,16 +47,18 @@ describe "Module#append_features" do end - it "copies own tainted status to the given module" do - other = Module.new - Module.new.taint.send :append_features, other - other.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "copies own tainted status to the given module" do + other = Module.new + Module.new.taint.send :append_features, other + other.tainted?.should be_true + end - it "copies own untrusted status to the given module" do - other = Module.new - Module.new.untrust.send :append_features, other - other.untrusted?.should be_true + it "copies own untrusted status to the given module" do + other = Module.new + Module.new.untrust.send :append_features, other + other.untrusted?.should be_true + end end describe "when other is frozen" do diff --git a/spec/ruby/core/module/extend_object_spec.rb b/spec/ruby/core/module/extend_object_spec.rb index bc97a55e7c..e66b87efef 100644 --- a/spec/ruby/core/module/extend_object_spec.rb +++ b/spec/ruby/core/module/extend_object_spec.rb @@ -42,16 +42,18 @@ describe "Module#extend_object" do ScratchPad.recorded.should == :extended end - it "does not copy own tainted status to the given object" do - other = Object.new - Module.new.taint.send :extend_object, other - other.tainted?.should be_false - end + ruby_version_is ''...'2.7' do + it "does not copy own tainted status to the given object" do + other = Object.new + Module.new.taint.send :extend_object, other + other.tainted?.should be_false + end - it "does not copy own untrusted status to the given object" do - other = Object.new - Module.new.untrust.send :extend_object, other - other.untrusted?.should be_false + it "does not copy own untrusted status to the given object" do + other = Object.new + Module.new.untrust.send :extend_object, other + other.untrusted?.should be_false + end end describe "when given a frozen object" do diff --git a/spec/ruby/core/module/prepend_features_spec.rb b/spec/ruby/core/module/prepend_features_spec.rb index b6fce9aba0..2d1fa713b7 100644 --- a/spec/ruby/core/module/prepend_features_spec.rb +++ b/spec/ruby/core/module/prepend_features_spec.rb @@ -28,16 +28,18 @@ describe "Module#prepend_features" do }.should raise_error(ArgumentError) end - it "copies own tainted status to the given module" do - other = Module.new - Module.new.taint.send :prepend_features, other - other.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "copies own tainted status to the given module" do + other = Module.new + Module.new.taint.send :prepend_features, other + other.tainted?.should be_true + end - it "copies own untrusted status to the given module" do - other = Module.new - Module.new.untrust.send :prepend_features, other - other.untrusted?.should be_true + it "copies own untrusted status to the given module" do + other = Module.new + Module.new.untrust.send :prepend_features, other + other.untrusted?.should be_true + end end it "clears caches of the given module" do diff --git a/spec/ruby/core/range/inspect_spec.rb b/spec/ruby/core/range/inspect_spec.rb index 3c130812d0..837f7e69ab 100644 --- a/spec/ruby/core/range/inspect_spec.rb +++ b/spec/ruby/core/range/inspect_spec.rb @@ -12,15 +12,17 @@ describe "Range#inspect" do (0.5..2.4).inspect.should == "0.5..2.4" end - it "returns a tainted string if either end is tainted" do - (("a".taint)..."c").inspect.tainted?.should be_true - ("a"...("c".taint)).inspect.tainted?.should be_true - ("a"..."c").taint.inspect.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted string if either end is tainted" do + (("a".taint)..."c").inspect.tainted?.should be_true + ("a"...("c".taint)).inspect.tainted?.should be_true + ("a"..."c").taint.inspect.tainted?.should be_true + end - it "returns a untrusted string if either end is untrusted" do - (("a".untrust)..."c").inspect.untrusted?.should be_true - ("a"...("c".untrust)).inspect.untrusted?.should be_true - ("a"..."c").untrust.inspect.untrusted?.should be_true + it "returns a untrusted string if either end is untrusted" do + (("a".untrust)..."c").inspect.untrusted?.should be_true + ("a"...("c".untrust)).inspect.untrusted?.should be_true + ("a"..."c").untrust.inspect.untrusted?.should be_true + end end end diff --git a/spec/ruby/core/range/to_s_spec.rb b/spec/ruby/core/range/to_s_spec.rb index 4c37e81fe0..7392aa9890 100644 --- a/spec/ruby/core/range/to_s_spec.rb +++ b/spec/ruby/core/range/to_s_spec.rb @@ -11,15 +11,17 @@ describe "Range#to_s" do (0.5..2.4).to_s.should == "0.5..2.4" end - it "returns a tainted string if either end is tainted" do - (("a".taint)..."c").to_s.tainted?.should be_true - ("a"...("c".taint)).to_s.tainted?.should be_true - ("a"..."c").taint.to_s.tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted string if either end is tainted" do + (("a".taint)..."c").to_s.tainted?.should be_true + ("a"...("c".taint)).to_s.tainted?.should be_true + ("a"..."c").taint.to_s.tainted?.should be_true + end - it "returns a untrusted string if either end is untrusted" do - (("a".untrust)..."c").to_s.untrusted?.should be_true - ("a"...("c".untrust)).to_s.untrusted?.should be_true - ("a"..."c").untrust.to_s.untrusted?.should be_true + it "returns a untrusted string if either end is untrusted" do + (("a".untrust)..."c").to_s.untrusted?.should be_true + ("a"...("c".untrust)).to_s.untrusted?.should be_true + ("a"..."c").untrust.to_s.untrusted?.should be_true + end end end diff --git a/spec/ruby/core/string/b_spec.rb b/spec/ruby/core/string/b_spec.rb index b43cb5393a..b2e3d326ba 100644 --- a/spec/ruby/core/string/b_spec.rb +++ b/spec/ruby/core/string/b_spec.rb @@ -13,10 +13,12 @@ describe "String#b" do str.should == "こんちには" end - it "copies own tainted/untrusted status to the returning value" do - utf_8 = "こんちには".taint.untrust - ret = utf_8.b - ret.tainted?.should be_true - ret.untrusted?.should be_true + ruby_version_is ''...'2.7' do + it "copies own tainted/untrusted status to the returning value" do + utf_8 = "こんちには".taint.untrust + ret = utf_8.b + ret.tainted?.should be_true + ret.untrusted?.should be_true + end end end diff --git a/spec/ruby/core/string/capitalize_spec.rb b/spec/ruby/core/string/capitalize_spec.rb index df64cdaa3b..41dd63f63e 100644 --- a/spec/ruby/core/string/capitalize_spec.rb +++ b/spec/ruby/core/string/capitalize_spec.rb @@ -12,9 +12,11 @@ describe "String#capitalize" do "123ABC".capitalize.should == "123abc" end - it "taints resulting string when self is tainted" do - "".taint.capitalize.tainted?.should == true - "hello".taint.capitalize.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints resulting string when self is tainted" do + "".taint.capitalize.tainted?.should == true + "hello".taint.capitalize.tainted?.should == true + end end describe "full Unicode case mapping" do diff --git a/spec/ruby/core/string/center_spec.rb b/spec/ruby/core/string/center_spec.rb index 27f8b7387f..0284fc28dc 100644 --- a/spec/ruby/core/string/center_spec.rb +++ b/spec/ruby/core/string/center_spec.rb @@ -47,12 +47,14 @@ describe "String#center with length, padding" do "radiology".center(8, '-').should == "radiology" end - it "taints result when self or padstr is tainted" do - "x".taint.center(4).tainted?.should == true - "x".taint.center(0).tainted?.should == true - "".taint.center(0).tainted?.should == true - "x".taint.center(4, "*").tainted?.should == true - "x".center(4, "*".taint).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints result when self or padstr is tainted" do + "x".taint.center(4).tainted?.should == true + "x".taint.center(0).tainted?.should == true + "".taint.center(0).tainted?.should == true + "x".taint.center(4, "*").tainted?.should == true + "x".center(4, "*".taint).tainted?.should == true + end end it "calls #to_int to convert length to an integer" do @@ -98,10 +100,12 @@ describe "String#center with length, padding" do "foo".center(10, StringSpecs::MyString.new("x")).should be_an_instance_of(String) end - it "when padding is tainted and self is untainted returns a tainted string if and only if length is longer than self" do - "hello".center(4, 'X'.taint).tainted?.should be_false - "hello".center(5, 'X'.taint).tainted?.should be_false - "hello".center(6, 'X'.taint).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "when padding is tainted and self is untainted returns a tainted string if and only if length is longer than self" do + "hello".center(4, 'X'.taint).tainted?.should be_false + "hello".center(5, 'X'.taint).tainted?.should be_false + "hello".center(6, 'X'.taint).tainted?.should be_true + end end describe "with width" do diff --git a/spec/ruby/core/string/chomp_spec.rb b/spec/ruby/core/string/chomp_spec.rb index 9db47d1dc6..20a0925959 100644 --- a/spec/ruby/core/string/chomp_spec.rb +++ b/spec/ruby/core/string/chomp_spec.rb @@ -38,8 +38,10 @@ describe "String#chomp" do "".chomp.should == "" end - it "taints the result if self is tainted" do - "abc".taint.chomp.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc".taint.chomp.tainted?.should be_true + end end it "returns subclass instances when called on a subclass" do @@ -63,8 +65,10 @@ describe "String#chomp" do str.chomp(nil).should_not equal(str) end - it "taints the result if self is tainted" do - "abc".taint.chomp(nil).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc".taint.chomp(nil).tainted?.should be_true + end end it "returns an empty String when self is empty" do @@ -93,8 +97,10 @@ describe "String#chomp" do "abc\r\n\r\n\r\n".chomp("").should == "abc" end - it "taints the result if self is tainted" do - "abc".taint.chomp("").tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc".taint.chomp("").tainted?.should be_true + end end it "returns an empty String when self is empty" do @@ -115,8 +121,10 @@ describe "String#chomp" do "abc\r\n\r\n".chomp("\n").should == "abc\r\n" end - it "taints the result if self is tainted" do - "abc".taint.chomp("\n").tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc".taint.chomp("\n").tainted?.should be_true + end end it "returns an empty String when self is empty" do @@ -151,12 +159,14 @@ describe "String#chomp" do "".chomp("abc").should == "" end - it "taints the result if self is tainted" do - "abc".taint.chomp("abc").tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc".taint.chomp("abc").tainted?.should be_true + end - it "does not taint the result when the argument is tainted" do - "abc".chomp("abc".taint).tainted?.should be_false + it "does not taint the result when the argument is tainted" do + "abc".chomp("abc".taint).tainted?.should be_false + end end it "returns an empty String when the argument equals self" do @@ -201,8 +211,10 @@ describe "String#chomp!" do "".chomp!.should be_nil end - it "taints the result if self is tainted" do - "abc\n".taint.chomp!.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc\n".taint.chomp!.tainted?.should be_true + end end it "returns subclass instances when called on a subclass" do @@ -247,8 +259,10 @@ describe "String#chomp!" do "abc\r\n\r\n\r\n".chomp!("").should == "abc" end - it "taints the result if self is tainted" do - "abc\n".taint.chomp!("").tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc\n".taint.chomp!("").tainted?.should be_true + end end it "returns nil when self is empty" do @@ -269,8 +283,10 @@ describe "String#chomp!" do "abc\r\n\r\n".chomp!("\n").should == "abc\r\n" end - it "taints the result if self is tainted" do - "abc\n".taint.chomp!("\n").tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc\n".taint.chomp!("\n").tainted?.should be_true + end end it "returns nil when self is empty" do @@ -305,12 +321,14 @@ describe "String#chomp!" do "".chomp!("abc").should be_nil end - it "taints the result if self is tainted" do - "abc".taint.chomp!("abc").tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "abc".taint.chomp!("abc").tainted?.should be_true + end - it "does not taint the result when the argument is tainted" do - "abc".chomp!("abc".taint).tainted?.should be_false + it "does not taint the result when the argument is tainted" do + "abc".chomp!("abc".taint).tainted?.should be_false + end end end diff --git a/spec/ruby/core/string/chop_spec.rb b/spec/ruby/core/string/chop_spec.rb index 35a5766b2f..9e893c3bea 100644 --- a/spec/ruby/core/string/chop_spec.rb +++ b/spec/ruby/core/string/chop_spec.rb @@ -49,14 +49,16 @@ describe "String#chop" do s.chop.should_not equal(s) end - it "taints result when self is tainted" do - "hello".taint.chop.tainted?.should == true - "".taint.chop.tainted?.should == true - end - - it "untrusts result when self is untrusted" do - "hello".untrust.chop.untrusted?.should == true - "".untrust.chop.untrusted?.should == true + ruby_version_is ''...'2.7' do + it "taints result when self is tainted" do + "hello".taint.chop.tainted?.should == true + "".taint.chop.tainted?.should == true + end + + it "untrusts result when self is untrusted" do + "hello".untrust.chop.untrusted?.should == true + "".untrust.chop.untrusted?.should == true + end end it "returns subclass instances when called on a subclass" do diff --git a/spec/ruby/core/string/crypt_spec.rb b/spec/ruby/core/string/crypt_spec.rb index 7a0f8835f2..6a9a4ae235 100644 --- a/spec/ruby/core/string/crypt_spec.rb +++ b/spec/ruby/core/string/crypt_spec.rb @@ -25,17 +25,19 @@ describe "String#crypt" do "mypassword".crypt(obj).should == "$2a$04$0WVaz0pV3jzfZ5G5tpmHWuBQGbkjzgtSc3gJbmdy0GAGMa45MFM2." end - it "taints the result if either salt or self is tainted" do - tainted_salt = "$2a$04$0WVaz0pV3jzfZ5G5tpmHWu" - tainted_str = "mypassword" - - tainted_salt.taint - tainted_str.taint - - "mypassword".crypt("$2a$04$0WVaz0pV3jzfZ5G5tpmHWu").tainted?.should == false - tainted_str.crypt("$2a$04$0WVaz0pV3jzfZ5G5tpmHWu").tainted?.should == true - "mypassword".crypt(tainted_salt).tainted?.should == true - tainted_str.crypt(tainted_salt).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints the result if either salt or self is tainted" do + tainted_salt = "$2a$04$0WVaz0pV3jzfZ5G5tpmHWu" + tainted_str = "mypassword" + + tainted_salt.taint + tainted_str.taint + + "mypassword".crypt("$2a$04$0WVaz0pV3jzfZ5G5tpmHWu").tainted?.should == false + tainted_str.crypt("$2a$04$0WVaz0pV3jzfZ5G5tpmHWu").tainted?.should == true + "mypassword".crypt(tainted_salt).tainted?.should == true + tainted_str.crypt(tainted_salt).tainted?.should == true + end end it "doesn't return subclass instances" do @@ -83,17 +85,19 @@ describe "String#crypt" do "".crypt(obj).should == "aaQSqAReePlq6" end - it "taints the result if either salt or self is tainted" do - tainted_salt = "aa" - tainted_str = "hello" + ruby_version_is ''...'2.7' do + it "taints the result if either salt or self is tainted" do + tainted_salt = "aa" + tainted_str = "hello" - tainted_salt.taint - tainted_str.taint + tainted_salt.taint + tainted_str.taint - "hello".crypt("aa").tainted?.should == false - tainted_str.crypt("aa").tainted?.should == true - "hello".crypt(tainted_salt).tainted?.should == true - tainted_str.crypt(tainted_salt).tainted?.should == true + "hello".crypt("aa").tainted?.should == false + tainted_str.crypt("aa").tainted?.should == true + "hello".crypt(tainted_salt).tainted?.should == true + tainted_str.crypt(tainted_salt).tainted?.should == true + end end it "doesn't return subclass instances" do diff --git a/spec/ruby/core/string/delete_prefix_spec.rb b/spec/ruby/core/string/delete_prefix_spec.rb index b88c503658..92c301b44a 100644 --- a/spec/ruby/core/string/delete_prefix_spec.rb +++ b/spec/ruby/core/string/delete_prefix_spec.rb @@ -22,9 +22,11 @@ ruby_version_is '2.5' do r.should == s end - it "taints resulting strings when other is tainted" do - 'hello'.taint.delete_prefix('hell').tainted?.should == true - 'hello'.taint.delete_prefix('').tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints resulting strings when other is tainted" do + 'hello'.taint.delete_prefix('hell').tainted?.should == true + 'hello'.taint.delete_prefix('').tainted?.should == true + end end it "doesn't set $~" do diff --git a/spec/ruby/core/string/delete_spec.rb b/spec/ruby/core/string/delete_spec.rb index 6136cd54af..130228041e 100644 --- a/spec/ruby/core/string/delete_spec.rb +++ b/spec/ruby/core/string/delete_spec.rb @@ -68,11 +68,13 @@ describe "String#delete" do -> { "hello".delete("^h-e") }.should raise_error(ArgumentError) end - it "taints result when self is tainted" do - "hello".taint.delete("e").tainted?.should == true - "hello".taint.delete("a-z").tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints result when self is tainted" do + "hello".taint.delete("e").tainted?.should == true + "hello".taint.delete("a-z").tainted?.should == true - "hello".delete("e".taint).tainted?.should == false + "hello".delete("e".taint).tainted?.should == false + end end it "tries to convert each set arg to a string using to_str" do diff --git a/spec/ruby/core/string/delete_suffix_spec.rb b/spec/ruby/core/string/delete_suffix_spec.rb index 94909cf71d..edc0f73158 100644 --- a/spec/ruby/core/string/delete_suffix_spec.rb +++ b/spec/ruby/core/string/delete_suffix_spec.rb @@ -22,9 +22,11 @@ ruby_version_is '2.5' do r.should == s end - it "taints resulting strings when other is tainted" do - 'hello'.taint.delete_suffix('ello').tainted?.should == true - 'hello'.taint.delete_suffix('').tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints resulting strings when other is tainted" do + 'hello'.taint.delete_suffix('ello').tainted?.should == true + 'hello'.taint.delete_suffix('').tainted?.should == true + end end it "doesn't set $~" do diff --git a/spec/ruby/core/string/downcase_spec.rb b/spec/ruby/core/string/downcase_spec.rb index 31c8f3f446..84e94ee104 100644 --- a/spec/ruby/core/string/downcase_spec.rb +++ b/spec/ruby/core/string/downcase_spec.rb @@ -68,10 +68,12 @@ describe "String#downcase" do -> { "ABC".downcase(:invalid_option) }.should raise_error(ArgumentError) end - it "taints result when self is tainted" do - "".taint.downcase.tainted?.should == true - "x".taint.downcase.tainted?.should == true - "X".taint.downcase.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints result when self is tainted" do + "".taint.downcase.tainted?.should == true + "x".taint.downcase.tainted?.should == true + "X".taint.downcase.tainted?.should == true + end end it "returns a subclass instance for subclasses" do diff --git a/spec/ruby/core/string/dump_spec.rb b/spec/ruby/core/string/dump_spec.rb index 95eb9aa874..260ee37adb 100644 --- a/spec/ruby/core/string/dump_spec.rb +++ b/spec/ruby/core/string/dump_spec.rb @@ -3,14 +3,16 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "String#dump" do - it "taints the result if self is tainted" do - "foo".taint.dump.tainted?.should == true - "foo\n".taint.dump.tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "foo".taint.dump.tainted?.should == true + "foo\n".taint.dump.tainted?.should == true + end - it "untrusts the result if self is untrusted" do - "foo".untrust.dump.untrusted?.should == true - "foo\n".untrust.dump.untrusted?.should == true + it "untrusts the result if self is untrusted" do + "foo".untrust.dump.untrusted?.should == true + "foo\n".untrust.dump.untrusted?.should == true + end end it "does not take into account if a string is frozen" do diff --git a/spec/ruby/core/string/element_set_spec.rb b/spec/ruby/core/string/element_set_spec.rb index 34e122b055..608efc23b3 100644 --- a/spec/ruby/core/string/element_set_spec.rb +++ b/spec/ruby/core/string/element_set_spec.rb @@ -14,14 +14,16 @@ describe "String#[]= with Fixnum index" do a.should == "bamelo" end - it "taints self if other_str is tainted" do - a = "hello" - a[0] = "".taint - a.tainted?.should == true - - a = "hello" - a[0] = "x".taint - a.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints self if other_str is tainted" do + a = "hello" + a[0] = "".taint + a.tainted?.should == true + + a = "hello" + a[0] = "x".taint + a.tainted?.should == true + end end it "raises an IndexError without changing self if idx is outside of self" do @@ -485,14 +487,16 @@ describe "String#[]= with Fixnum index, count" do a.should == "hellobob" end - it "taints self if other_str is tainted" do - a = "hello" - a[0, 0] = "".taint - a.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints self if other_str is tainted" do + a = "hello" + a[0, 0] = "".taint + a.tainted?.should == true - a = "hello" - a[1, 4] = "x".taint - a.tainted?.should == true + a = "hello" + a[1, 4] = "x".taint + a.tainted?.should == true + end end it "calls #to_int to convert the index and count objects" do diff --git a/spec/ruby/core/string/gsub_spec.rb b/spec/ruby/core/string/gsub_spec.rb index cd66a4f875..f1d2d5ac06 100644 --- a/spec/ruby/core/string/gsub_spec.rb +++ b/spec/ruby/core/string/gsub_spec.rb @@ -160,24 +160,26 @@ describe "String#gsub with pattern and replacement" do it_behaves_like :string_gsub_named_capture, :gsub - it "taints the result if the original string or replacement is tainted" do - hello = "hello" - hello_t = "hello" - a = "a" - a_t = "a" - empty = "" - empty_t = "" + ruby_version_is ''...'2.7' do + it "taints the result if the original string or replacement is tainted" do + hello = "hello" + hello_t = "hello" + a = "a" + a_t = "a" + empty = "" + empty_t = "" - hello_t.taint; a_t.taint; empty_t.taint + hello_t.taint; a_t.taint; empty_t.taint - hello_t.gsub(/./, a).tainted?.should == true - hello_t.gsub(/./, empty).tainted?.should == true + hello_t.gsub(/./, a).tainted?.should == true + hello_t.gsub(/./, empty).tainted?.should == true - hello.gsub(/./, a_t).tainted?.should == true - hello.gsub(/./, empty_t).tainted?.should == true - hello.gsub(//, empty_t).tainted?.should == true + hello.gsub(/./, a_t).tainted?.should == true + hello.gsub(/./, empty_t).tainted?.should == true + hello.gsub(//, empty_t).tainted?.should == true - hello.gsub(//.taint, "foo").tainted?.should == false + hello.gsub(//.taint, "foo").tainted?.should == false + end end it "handles pattern collapse" do @@ -186,24 +188,26 @@ describe "String#gsub with pattern and replacement" do str.gsub(reg, ".").should == ".こ.に.ち.わ." end - it "untrusts the result if the original string or replacement is untrusted" do - hello = "hello" - hello_t = "hello" - a = "a" - a_t = "a" - empty = "" - empty_t = "" + ruby_version_is ''...'2.7' do + it "untrusts the result if the original string or replacement is untrusted" do + hello = "hello" + hello_t = "hello" + a = "a" + a_t = "a" + empty = "" + empty_t = "" - hello_t.untrust; a_t.untrust; empty_t.untrust + hello_t.untrust; a_t.untrust; empty_t.untrust - hello_t.gsub(/./, a).untrusted?.should == true - hello_t.gsub(/./, empty).untrusted?.should == true + hello_t.gsub(/./, a).untrusted?.should == true + hello_t.gsub(/./, empty).untrusted?.should == true - hello.gsub(/./, a_t).untrusted?.should == true - hello.gsub(/./, empty_t).untrusted?.should == true - hello.gsub(//, empty_t).untrusted?.should == true + hello.gsub(/./, a_t).untrusted?.should == true + hello.gsub(/./, empty_t).untrusted?.should == true + hello.gsub(//, empty_t).untrusted?.should == true - hello.gsub(//.untrust, "foo").untrusted?.should == false + hello.gsub(//.untrust, "foo").untrusted?.should == false + end end it "tries to convert pattern to a string using to_str" do @@ -322,26 +326,27 @@ describe "String#gsub with pattern and Hash" do "hello".gsub(/(.+)/, 'hello' => repl ).should == repl end - it "untrusts the result if the original string is untrusted" do - str = "Ghana".untrust - str.gsub(/[Aa]na/, 'ana' => '').untrusted?.should be_true - end + ruby_version_is ''...'2.7' do + it "untrusts the result if the original string is untrusted" do + str = "Ghana".untrust + str.gsub(/[Aa]na/, 'ana' => '').untrusted?.should be_true + end - it "untrusts the result if a hash value is untrusted" do - str = "Ghana" - str.gsub(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true - end + it "untrusts the result if a hash value is untrusted" do + str = "Ghana" + str.gsub(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true + end - it "taints the result if the original string is tainted" do - str = "Ghana".taint - str.gsub(/[Aa]na/, 'ana' => '').tainted?.should be_true - end + it "taints the result if the original string is tainted" do + str = "Ghana".taint + str.gsub(/[Aa]na/, 'ana' => '').tainted?.should be_true + end - it "taints the result if a hash value is tainted" do - str = "Ghana" - str.gsub(/a$/, 'a' => 'di'.taint).tainted?.should be_true + it "taints the result if a hash value is tainted" do + str = "Ghana" + str.gsub(/a$/, 'a' => 'di'.taint).tainted?.should be_true + end end - end describe "String#gsub! with pattern and Hash" do @@ -411,26 +416,27 @@ describe "String#gsub! with pattern and Hash" do "hello".gsub!(/(.+)/, 'hello' => repl ).should == repl end - it "keeps untrusted state" do - str = "Ghana".untrust - str.gsub!(/[Aa]na/, 'ana' => '').untrusted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps untrusted state" do + str = "Ghana".untrust + str.gsub!(/[Aa]na/, 'ana' => '').untrusted?.should be_true + end - it "untrusts self if a hash value is untrusted" do - str = "Ghana" - str.gsub!(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true - end + it "untrusts self if a hash value is untrusted" do + str = "Ghana" + str.gsub!(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true + end - it "keeps tainted state" do - str = "Ghana".taint - str.gsub!(/[Aa]na/, 'ana' => '').tainted?.should be_true - end + it "keeps tainted state" do + str = "Ghana".taint + str.gsub!(/[Aa]na/, 'ana' => '').tainted?.should be_true + end - it "taints self if a hash value is tainted" do - str = "Ghana" - str.gsub!(/a$/, 'a' => 'di'.taint).tainted?.should be_true + it "taints self if a hash value is tainted" do + str = "Ghana" + str.gsub!(/a$/, 'a' => 'di'.taint).tainted?.should be_true + end end - end describe "String#gsub with pattern and block" do @@ -504,24 +510,26 @@ describe "String#gsub with pattern and block" do "hello".gsub(/.+/) { obj }.should == "ok" end - it "untrusts the result if the original string or replacement is untrusted" do - hello = "hello" - hello_t = "hello" - a = "a" - a_t = "a" - empty = "" - empty_t = "" + ruby_version_is ''...'2.7' do + it "untrusts the result if the original string or replacement is untrusted" do + hello = "hello" + hello_t = "hello" + a = "a" + a_t = "a" + empty = "" + empty_t = "" - hello_t.untrust; a_t.untrust; empty_t.untrust + hello_t.untrust; a_t.untrust; empty_t.untrust - hello_t.gsub(/./) { a }.untrusted?.should == true - hello_t.gsub(/./) { empty }.untrusted?.should == true + hello_t.gsub(/./) { a }.untrusted?.should == true + hello_t.gsub(/./) { empty }.untrusted?.should == true - hello.gsub(/./) { a_t }.untrusted?.should == true - hello.gsub(/./) { empty_t }.untrusted?.should == true - hello.gsub(//) { empty_t }.untrusted?.should == true + hello.gsub(/./) { a_t }.untrusted?.should == true + hello.gsub(/./) { empty_t }.untrusted?.should == true + hello.gsub(//) { empty_t }.untrusted?.should == true - hello.gsub(//.untrust) { "foo" }.untrusted?.should == false + hello.gsub(//.untrust) { "foo" }.untrusted?.should == false + end end it "uses the compatible encoding if they are compatible" do @@ -583,16 +591,18 @@ describe "String#gsub! with pattern and replacement" do a.should == "*¿** **é*?*" end - it "taints self if replacement is tainted" do - a = "hello" - a.gsub!(/./.taint, "foo").tainted?.should == false - a.gsub!(/./, "foo".taint).tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "taints self if replacement is tainted" do + a = "hello" + a.gsub!(/./.taint, "foo").tainted?.should == false + a.gsub!(/./, "foo".taint).tainted?.should == true + end - it "untrusts self if replacement is untrusted" do - a = "hello" - a.gsub!(/./.untrust, "foo").untrusted?.should == false - a.gsub!(/./, "foo".untrust).untrusted?.should == true + it "untrusts self if replacement is untrusted" do + a = "hello" + a.gsub!(/./.untrust, "foo").untrusted?.should == false + a.gsub!(/./, "foo".untrust).untrusted?.should == true + end end it "returns nil if no modifications were made" do @@ -620,16 +630,18 @@ describe "String#gsub! with pattern and block" do a.should == "h*ll*" end - it "taints self if block's result is tainted" do - a = "hello" - a.gsub!(/./.taint) { "foo" }.tainted?.should == false - a.gsub!(/./) { "foo".taint }.tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "taints self if block's result is tainted" do + a = "hello" + a.gsub!(/./.taint) { "foo" }.tainted?.should == false + a.gsub!(/./) { "foo".taint }.tainted?.should == true + end - it "untrusts self if block's result is untrusted" do - a = "hello" - a.gsub!(/./.untrust) { "foo" }.untrusted?.should == false - a.gsub!(/./) { "foo".untrust }.untrusted?.should == true + it "untrusts self if block's result is untrusted" do + a = "hello" + a.gsub!(/./.untrust) { "foo" }.untrusted?.should == false + a.gsub!(/./) { "foo".untrust }.untrusted?.should == true + end end it "returns nil if no modifications were made" do diff --git a/spec/ruby/core/string/insert_spec.rb b/spec/ruby/core/string/insert_spec.rb index 588b8ab272..de7c12423a 100644 --- a/spec/ruby/core/string/insert_spec.rb +++ b/spec/ruby/core/string/insert_spec.rb @@ -41,14 +41,16 @@ describe "String#insert with index, other" do "abcd".insert(-3, other).should == "abXYZcd" end - it "taints self if string to insert is tainted" do - str = "abcd" - str.insert(0, "T".taint).tainted?.should == true - - str = "abcd" - other = mock('T') - def other.to_str() "T".taint end - str.insert(0, other).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints self if string to insert is tainted" do + str = "abcd" + str.insert(0, "T".taint).tainted?.should == true + + str = "abcd" + other = mock('T') + def other.to_str() "T".taint end + str.insert(0, other).tainted?.should == true + end end it "raises a TypeError if other can't be converted to string" do diff --git a/spec/ruby/core/string/inspect_spec.rb b/spec/ruby/core/string/inspect_spec.rb index c1674c73c8..8ddbae132a 100644 --- a/spec/ruby/core/string/inspect_spec.rb +++ b/spec/ruby/core/string/inspect_spec.rb @@ -3,14 +3,16 @@ require_relative '../../spec_helper' require_relative 'fixtures/classes' describe "String#inspect" do - it "taints the result if self is tainted" do - "foo".taint.inspect.tainted?.should == true - "foo\n".taint.inspect.tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "foo".taint.inspect.tainted?.should == true + "foo\n".taint.inspect.tainted?.should == true + end - it "untrusts the result if self is untrusted" do - "foo".untrust.inspect.untrusted?.should == true - "foo\n".untrust.inspect.untrusted?.should == true + it "untrusts the result if self is untrusted" do + "foo".untrust.inspect.untrusted?.should == true + "foo\n".untrust.inspect.untrusted?.should == true + end end it "does not return a subclass instance" do diff --git a/spec/ruby/core/string/ljust_spec.rb b/spec/ruby/core/string/ljust_spec.rb index ed4cb86859..f377e39775 100644 --- a/spec/ruby/core/string/ljust_spec.rb +++ b/spec/ruby/core/string/ljust_spec.rb @@ -31,12 +31,14 @@ describe "String#ljust with length, padding" do "radiology".ljust(8, '-').should == "radiology" end - it "taints result when self or padstr is tainted" do - "x".taint.ljust(4).tainted?.should == true - "x".taint.ljust(0).tainted?.should == true - "".taint.ljust(0).tainted?.should == true - "x".taint.ljust(4, "*").tainted?.should == true - "x".ljust(4, "*".taint).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints result when self or padstr is tainted" do + "x".taint.ljust(4).tainted?.should == true + "x".taint.ljust(0).tainted?.should == true + "".taint.ljust(0).tainted?.should == true + "x".taint.ljust(4, "*").tainted?.should == true + "x".ljust(4, "*".taint).tainted?.should == true + end end it "tries to convert length to an integer using to_int" do @@ -81,10 +83,12 @@ describe "String#ljust with length, padding" do "foo".ljust(10, StringSpecs::MyString.new("x")).should be_an_instance_of(String) end - it "when padding is tainted and self is untainted returns a tainted string if and only if length is longer than self" do - "hello".ljust(4, 'X'.taint).tainted?.should be_false - "hello".ljust(5, 'X'.taint).tainted?.should be_false - "hello".ljust(6, 'X'.taint).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "when padding is tainted and self is untainted returns a tainted string if and only if length is longer than self" do + "hello".ljust(4, 'X'.taint).tainted?.should be_false + "hello".ljust(5, 'X'.taint).tainted?.should be_false + "hello".ljust(6, 'X'.taint).tainted?.should be_true + end end describe "with width" do diff --git a/spec/ruby/core/string/lstrip_spec.rb b/spec/ruby/core/string/lstrip_spec.rb index 7f9363d398..b1a4e8541f 100644 --- a/spec/ruby/core/string/lstrip_spec.rb +++ b/spec/ruby/core/string/lstrip_spec.rb @@ -14,10 +14,12 @@ describe "String#lstrip" do "\x00hello".lstrip.should == "\x00hello" end - it "taints the result when self is tainted" do - "".taint.lstrip.tainted?.should == true - "ok".taint.lstrip.tainted?.should == true - " ok".taint.lstrip.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints the result when self is tainted" do + "".taint.lstrip.tainted?.should == true + "ok".taint.lstrip.tainted?.should == true + " ok".taint.lstrip.tainted?.should == true + end end end diff --git a/spec/ruby/core/string/modulo_spec.rb b/spec/ruby/core/string/modulo_spec.rb index 0ac0963403..a16112bf44 100644 --- a/spec/ruby/core/string/modulo_spec.rb +++ b/spec/ruby/core/string/modulo_spec.rb @@ -297,24 +297,26 @@ describe "String#%" do end end - it "always taints the result when the format string is tainted" do - universal = mock('0') - def universal.to_int() 0 end - def universal.to_str() "0" end - def universal.to_f() 0.0 end - - [ - "", "foo", - "%b", "%B", "%c", "%d", "%e", "%E", - "%f", "%g", "%G", "%i", "%o", "%p", - "%s", "%u", "%x", "%X" - ].each do |format| - subcls_format = StringSpecs::MyString.new(format) - subcls_format.taint - format.taint - - (format % universal).tainted?.should == true - (subcls_format % universal).tainted?.should == true + ruby_version_is ''...'2.7' do + it "always taints the result when the format string is tainted" do + universal = mock('0') + def universal.to_int() 0 end + def universal.to_str() "0" end + def universal.to_f() 0.0 end + + [ + "", "foo", + "%b", "%B", "%c", "%d", "%e", "%E", + "%f", "%g", "%G", "%i", "%o", "%p", + "%s", "%u", "%x", "%X" + ].each do |format| + subcls_format = StringSpecs::MyString.new(format) + subcls_format.taint + format.taint + + (format % universal).tainted?.should == true + (subcls_format % universal).tainted?.should == true + end end end @@ -571,16 +573,18 @@ describe "String#%" do # ("%p" % obj).should == "obj" end - it "taints result for %p when argument.inspect is tainted" do - obj = mock('x') - def obj.inspect() "x".taint end + ruby_version_is ''...'2.7' do + it "taints result for %p when argument.inspect is tainted" do + obj = mock('x') + def obj.inspect() "x".taint end - ("%p" % obj).tainted?.should == true + ("%p" % obj).tainted?.should == true - obj = mock('x'); obj.taint - def obj.inspect() "x" end + obj = mock('x'); obj.taint + def obj.inspect() "x" end - ("%p" % obj).tainted?.should == false + ("%p" % obj).tainted?.should == false + end end it "supports string formats using %s" do @@ -611,9 +615,11 @@ describe "String#%" do # ("%s" % obj).should == "obj" end - it "taints result for %s when argument is tainted" do - ("%s" % "x".taint).tainted?.should == true - ("%s" % mock('x').taint).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints result for %s when argument is tainted" do + ("%s" % "x".taint).tainted?.should == true + ("%s" % mock('x').taint).tainted?.should == true + end end # MRI crashes on this one. @@ -776,8 +782,10 @@ describe "String#%" do (format % "0xA").should == (format % 0xA) end - it "doesn't taint the result for #{format} when argument is tainted" do - (format % "5".taint).tainted?.should == false + ruby_version_is ''...'2.7' do + it "doesn't taint the result for #{format} when argument is tainted" do + (format % "5".taint).tainted?.should == false + end end end diff --git a/spec/ruby/core/string/plus_spec.rb b/spec/ruby/core/string/plus_spec.rb index b8e3bf0a4b..9f0db6427c 100644 --- a/spec/ruby/core/string/plus_spec.rb +++ b/spec/ruby/core/string/plus_spec.rb @@ -32,13 +32,15 @@ describe "String#+" do ("hello" + StringSpecs::MyString.new("")).should be_an_instance_of(String) end - it "taints the result when self or other is tainted" do - strs = ["", "OK", StringSpecs::MyString.new(""), StringSpecs::MyString.new("OK")] - strs += strs.map { |s| s.dup.taint } - - strs.each do |str| - strs.each do |other| - (str + other).tainted?.should == (str.tainted? | other.tainted?) + ruby_version_is ''...'2.7' do + it "taints the result when self or other is tainted" do + strs = ["", "OK", StringSpecs::MyString.new(""), StringSpecs::MyString.new("OK")] + strs += strs.map { |s| s.dup.taint } + + strs.each do |str| + strs.each do |other| + (str + other).tainted?.should == (str.tainted? | other.tainted?) + end end end end diff --git a/spec/ruby/core/string/prepend_spec.rb b/spec/ruby/core/string/prepend_spec.rb index 485c578e2d..c20c5a9e59 100644 --- a/spec/ruby/core/string/prepend_spec.rb +++ b/spec/ruby/core/string/prepend_spec.rb @@ -34,12 +34,14 @@ describe "String#prepend" do a.should == "hello world" end - it "taints self if other is tainted" do - x = "x" - x.prepend("".taint).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints self if other is tainted" do + x = "x" + x.prepend("".taint).tainted?.should be_true - x = "x" - x.prepend("y".taint).tainted?.should be_true + x = "x" + x.prepend("y".taint).tainted?.should be_true + end end it "takes multiple arguments" do diff --git a/spec/ruby/core/string/reverse_spec.rb b/spec/ruby/core/string/reverse_spec.rb index 3941ea0521..eef46063a5 100644 --- a/spec/ruby/core/string/reverse_spec.rb +++ b/spec/ruby/core/string/reverse_spec.rb @@ -10,9 +10,11 @@ describe "String#reverse" do "".reverse.should == "" end - it "taints the result if self is tainted" do - "".taint.reverse.tainted?.should == true - "m".taint.reverse.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + "".taint.reverse.tainted?.should == true + "m".taint.reverse.tainted?.should == true + end end it "reverses a string with multi byte characters" do diff --git a/spec/ruby/core/string/rjust_spec.rb b/spec/ruby/core/string/rjust_spec.rb index 1ba298e8f3..9285ecb6a7 100644 --- a/spec/ruby/core/string/rjust_spec.rb +++ b/spec/ruby/core/string/rjust_spec.rb @@ -31,12 +31,14 @@ describe "String#rjust with length, padding" do "radiology".rjust(8, '-').should == "radiology" end - it "taints result when self or padstr is tainted" do - "x".taint.rjust(4).tainted?.should == true - "x".taint.rjust(0).tainted?.should == true - "".taint.rjust(0).tainted?.should == true - "x".taint.rjust(4, "*").tainted?.should == true - "x".rjust(4, "*".taint).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints result when self or padstr is tainted" do + "x".taint.rjust(4).tainted?.should == true + "x".taint.rjust(0).tainted?.should == true + "".taint.rjust(0).tainted?.should == true + "x".taint.rjust(4, "*").tainted?.should == true + "x".rjust(4, "*".taint).tainted?.should == true + end end it "tries to convert length to an integer using to_int" do @@ -81,10 +83,12 @@ describe "String#rjust with length, padding" do "foo".rjust(10, StringSpecs::MyString.new("x")).should be_an_instance_of(String) end - it "when padding is tainted and self is untainted returns a tainted string if and only if length is longer than self" do - "hello".rjust(4, 'X'.taint).tainted?.should be_false - "hello".rjust(5, 'X'.taint).tainted?.should be_false - "hello".rjust(6, 'X'.taint).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "when padding is tainted and self is untainted returns a tainted string if and only if length is longer than self" do + "hello".rjust(4, 'X'.taint).tainted?.should be_false + "hello".rjust(5, 'X'.taint).tainted?.should be_false + "hello".rjust(6, 'X'.taint).tainted?.should be_true + end end describe "with width" do diff --git a/spec/ruby/core/string/rstrip_spec.rb b/spec/ruby/core/string/rstrip_spec.rb index 2f32836e54..9482765e89 100644 --- a/spec/ruby/core/string/rstrip_spec.rb +++ b/spec/ruby/core/string/rstrip_spec.rb @@ -14,10 +14,12 @@ describe "String#rstrip" do "\x00 \x00hello\x00 \x00".rstrip.should == "\x00 \x00hello" end - it "taints the result when self is tainted" do - "".taint.rstrip.tainted?.should == true - "ok".taint.rstrip.tainted?.should == true - "ok ".taint.rstrip.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints the result when self is tainted" do + "".taint.rstrip.tainted?.should == true + "ok".taint.rstrip.tainted?.should == true + "ok ".taint.rstrip.tainted?.should == true + end end end diff --git a/spec/ruby/core/string/scan_spec.rb b/spec/ruby/core/string/scan_spec.rb index 06400fc745..024e97022a 100644 --- a/spec/ruby/core/string/scan_spec.rb +++ b/spec/ruby/core/string/scan_spec.rb @@ -65,24 +65,26 @@ describe "String#scan" do -> { "cruel world".scan(mock('x')) }.should raise_error(TypeError) end - it "taints the results if the String argument is tainted" do - a = "hello hello hello".scan("hello".taint) - a.each { |m| m.tainted?.should be_true } - end + ruby_version_is ''...'2.7' do + it "taints the results if the String argument is tainted" do + a = "hello hello hello".scan("hello".taint) + a.each { |m| m.tainted?.should be_true } + end - it "taints the results when passed a String argument if self is tainted" do - a = "hello hello hello".taint.scan("hello") - a.each { |m| m.tainted?.should be_true } - end + it "taints the results when passed a String argument if self is tainted" do + a = "hello hello hello".taint.scan("hello") + a.each { |m| m.tainted?.should be_true } + end - it "taints the results if the Regexp argument is tainted" do - a = "hello".scan(/./.taint) - a.each { |m| m.tainted?.should be_true } - end + it "taints the results if the Regexp argument is tainted" do + a = "hello".scan(/./.taint) + a.each { |m| m.tainted?.should be_true } + end - it "taints the results when passed a Regexp argument if self is tainted" do - a = "hello".taint.scan(/./) - a.each { |m| m.tainted?.should be_true } + it "taints the results when passed a Regexp argument if self is tainted" do + a = "hello".taint.scan(/./) + a.each { |m| m.tainted?.should be_true } + end end # jruby/jruby#5513 @@ -171,20 +173,22 @@ describe "String#scan with pattern and block" do $~.should == nil end - it "taints the results if the String argument is tainted" do - "hello hello hello".scan("hello".taint).each { |m| m.tainted?.should be_true } - end + ruby_version_is ''...'2.7' do + it "taints the results if the String argument is tainted" do + "hello hello hello".scan("hello".taint).each { |m| m.tainted?.should be_true } + end - it "taints the results when passed a String argument if self is tainted" do - "hello hello hello".taint.scan("hello").each { |m| m.tainted?.should be_true } - end + it "taints the results when passed a String argument if self is tainted" do + "hello hello hello".taint.scan("hello").each { |m| m.tainted?.should be_true } + end - it "taints the results if the Regexp argument is tainted" do - "hello".scan(/./.taint).each { |m| m.tainted?.should be_true } - end + it "taints the results if the Regexp argument is tainted" do + "hello".scan(/./.taint).each { |m| m.tainted?.should be_true } + end - it "taints the results when passed a Regexp argument if self is tainted" do - "hello".taint.scan(/./).each { |m| m.tainted?.should be_true } + it "taints the results when passed a Regexp argument if self is tainted" do + "hello".taint.scan(/./).each { |m| m.tainted?.should be_true } + end end it "passes block arguments as individual arguments when blocks are provided" do diff --git a/spec/ruby/core/string/shared/chars.rb b/spec/ruby/core/string/shared/chars.rb index c8716521bd..9c7a4deb8b 100644 --- a/spec/ruby/core/string/shared/chars.rb +++ b/spec/ruby/core/string/shared/chars.rb @@ -64,15 +64,17 @@ describe :string_chars, shared: true do ] end - it "taints resulting strings when self is tainted" do - str = "hello" + ruby_version_is ''...'2.7' do + it "taints resulting strings when self is tainted" do + str = "hello" - str.send(@method) do |x| - x.tainted?.should == false - end + str.send(@method) do |x| + x.tainted?.should == false + end - str.dup.taint.send(@method) do |x| - x.tainted?.should == true + str.dup.taint.send(@method) do |x| + x.tainted?.should == true + end end end end diff --git a/spec/ruby/core/string/shared/concat.rb b/spec/ruby/core/string/shared/concat.rb index 53a8bc23fb..435158496e 100644 --- a/spec/ruby/core/string/shared/concat.rb +++ b/spec/ruby/core/string/shared/concat.rb @@ -39,14 +39,16 @@ describe :string_concat, shared: true do str.should be_an_instance_of(StringSpecs::MyString) end - it "taints self if other is tainted" do - "x".send(@method, "".taint).tainted?.should == true - "x".send(@method, "y".taint).tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "taints self if other is tainted" do + "x".send(@method, "".taint).tainted?.should == true + "x".send(@method, "y".taint).tainted?.should == true + end - it "untrusts self if other is untrusted" do - "x".send(@method, "".untrust).untrusted?.should == true - "x".send(@method, "y".untrust).untrusted?.should == true + it "untrusts self if other is untrusted" do + "x".send(@method, "".untrust).untrusted?.should == true + "x".send(@method, "y".untrust).untrusted?.should == true + end end describe "with Integer" do diff --git a/spec/ruby/core/string/shared/each_line.rb b/spec/ruby/core/string/shared/each_line.rb index 241a90eee3..843b123f57 100644 --- a/spec/ruby/core/string/shared/each_line.rb +++ b/spec/ruby/core/string/shared/each_line.rb @@ -40,10 +40,12 @@ describe :string_each_line, shared: true do b.should == ["foo\n", "🤡🤡🤡🤡🤡🤡🤡\n", "bar\n", "baz\n"] end - it "taints substrings that are passed to the block if self is tainted" do - "one\ntwo\r\nthree".taint.send(@method) { |s| s.tainted?.should == true } + ruby_version_is ''...'2.7' do + it "taints substrings that are passed to the block if self is tainted" do + "one\ntwo\r\nthree".taint.send(@method) { |s| s.tainted?.should == true } - "x.y.".send(@method, ".".taint) { |s| s.tainted?.should == false } + "x.y.".send(@method, ".".taint) { |s| s.tainted?.should == false } + end end it "passes self as a whole to the block if the separator is nil" do diff --git a/spec/ruby/core/string/shared/replace.rb b/spec/ruby/core/string/shared/replace.rb index f13afb3f95..620021eb92 100644 --- a/spec/ruby/core/string/shared/replace.rb +++ b/spec/ruby/core/string/shared/replace.rb @@ -10,32 +10,34 @@ describe :string_replace, shared: true do a.should == "another string" end - it "taints self if other is tainted" do - a = "" - b = "".taint - a.send(@method, b) - a.tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "taints self if other is tainted" do + a = "" + b = "".taint + a.send(@method, b) + a.tainted?.should == true + end - it "does not untaint self if other is untainted" do - a = "".taint - b = "" - a.send(@method, b) - a.tainted?.should == true - end + it "does not untaint self if other is untainted" do + a = "".taint + b = "" + a.send(@method, b) + a.tainted?.should == true + end - it "untrusts self if other is untrusted" do - a = "" - b = "".untrust - a.send(@method, b) - a.untrusted?.should == true - end + it "untrusts self if other is untrusted" do + a = "" + b = "".untrust + a.send(@method, b) + a.untrusted?.should == true + end - it "does not trust self if other is trusted" do - a = "".untrust - b = "" - a.send(@method, b) - a.untrusted?.should == true + it "does not trust self if other is trusted" do + a = "".untrust + b = "" + a.send(@method, b) + a.untrusted?.should == true + end end it "replaces the encoding of self with that of other" do diff --git a/spec/ruby/core/string/shared/slice.rb b/spec/ruby/core/string/shared/slice.rb index ef7a8787ce..b192005369 100644 --- a/spec/ruby/core/string/shared/slice.rb +++ b/spec/ruby/core/string/shared/slice.rb @@ -80,13 +80,15 @@ describe :string_slice_index_length, shared: true do "hello there".send(@method, -3,2).should == "er" end - it "always taints resulting strings when self is tainted" do - str = "hello world" - str.taint - - str.send(@method, 0,0).tainted?.should == true - str.send(@method, 0,1).tainted?.should == true - str.send(@method, 2,1).tainted?.should == true + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self is tainted" do + str = "hello world" + str.taint + + str.send(@method, 0,0).tainted?.should == true + str.send(@method, 0,1).tainted?.should == true + str.send(@method, 2,1).tainted?.should == true + end end it "returns a string with the same encoding" do @@ -234,16 +236,18 @@ describe :string_slice_range, shared: true do "x".send(@method, 1...-1).should == "" end - it "always taints resulting strings when self is tainted" do - str = "hello world" - str.taint + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self is tainted" do + str = "hello world" + str.taint - str.send(@method, 0..0).tainted?.should == true - str.send(@method, 0...0).tainted?.should == true - str.send(@method, 0..1).tainted?.should == true - str.send(@method, 0...1).tainted?.should == true - str.send(@method, 2..3).tainted?.should == true - str.send(@method, 2..0).tainted?.should == true + str.send(@method, 0..0).tainted?.should == true + str.send(@method, 0...0).tainted?.should == true + str.send(@method, 0..1).tainted?.should == true + str.send(@method, 0...1).tainted?.should == true + str.send(@method, 2..3).tainted?.should == true + str.send(@method, 2..0).tainted?.should == true + end end it "returns subclass instances" do @@ -302,23 +306,25 @@ describe :string_slice_regexp, shared: true do end not_supported_on :opal do - it "always taints resulting strings when self or regexp is tainted" do - strs = ["hello world"] - strs += strs.map { |s| s.dup.taint } + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self or regexp is tainted" do + strs = ["hello world"] + strs += strs.map { |s| s.dup.taint } - strs.each do |str| - str.send(@method, //).tainted?.should == str.tainted? - str.send(@method, /hello/).tainted?.should == str.tainted? + strs.each do |str| + str.send(@method, //).tainted?.should == str.tainted? + str.send(@method, /hello/).tainted?.should == str.tainted? - tainted_re = /./ - tainted_re.taint + tainted_re = /./ + tainted_re.taint - str.send(@method, tainted_re).tainted?.should == true + str.send(@method, tainted_re).tainted?.should == true + end end - end - it "returns an untrusted string if the regexp is untrusted" do - "hello".send(@method, /./.untrust).untrusted?.should be_true + it "returns an untrusted string if the regexp is untrusted" do + "hello".send(@method, /./.untrust).untrusted?.should be_true + end end end @@ -352,31 +358,33 @@ describe :string_slice_regexp_index, shared: true do "har".send(@method, /(.)(.)(.)/, -3).should == "h" end - it "always taints resulting strings when self or regexp is tainted" do - strs = ["hello world"] - strs += strs.map { |s| s.dup.taint } + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self or regexp is tainted" do + strs = ["hello world"] + strs += strs.map { |s| s.dup.taint } - strs.each do |str| - str.send(@method, //, 0).tainted?.should == str.tainted? - str.send(@method, /hello/, 0).tainted?.should == str.tainted? + strs.each do |str| + str.send(@method, //, 0).tainted?.should == str.tainted? + str.send(@method, /hello/, 0).tainted?.should == str.tainted? - str.send(@method, /(.)(.)(.)/, 0).tainted?.should == str.tainted? - str.send(@method, /(.)(.)(.)/, 1).tainted?.should == str.tainted? - str.send(@method, /(.)(.)(.)/, -1).tainted?.should == str.tainted? - str.send(@method, /(.)(.)(.)/, -2).tainted?.should == str.tainted? + str.send(@method, /(.)(.)(.)/, 0).tainted?.should == str.tainted? + str.send(@method, /(.)(.)(.)/, 1).tainted?.should == str.tainted? + str.send(@method, /(.)(.)(.)/, -1).tainted?.should == str.tainted? + str.send(@method, /(.)(.)(.)/, -2).tainted?.should == str.tainted? - tainted_re = /(.)(.)(.)/ - tainted_re.taint + tainted_re = /(.)(.)(.)/ + tainted_re.taint - str.send(@method, tainted_re, 0).tainted?.should == true - str.send(@method, tainted_re, 1).tainted?.should == true - str.send(@method, tainted_re, -1).tainted?.should == true + str.send(@method, tainted_re, 0).tainted?.should == true + str.send(@method, tainted_re, 1).tainted?.should == true + str.send(@method, tainted_re, -1).tainted?.should == true + end end - end - not_supported_on :opal do - it "returns an untrusted string if the regexp is untrusted" do - "hello".send(@method, /(.)/.untrust, 1).untrusted?.should be_true + not_supported_on :opal do + it "returns an untrusted string if the regexp is untrusted" do + "hello".send(@method, /(.)/.untrust, 1).untrusted?.should be_true + end end end @@ -432,15 +440,17 @@ describe :string_slice_string, shared: true do "hello there".send(@method, s).should == s end - it "taints resulting strings when other is tainted" do - strs = ["", "hello world", "hello"] - strs += strs.map { |s| s.dup.taint } + ruby_version_is ''...'2.7' do + it "taints resulting strings when other is tainted" do + strs = ["", "hello world", "hello"] + strs += strs.map { |s| s.dup.taint } - strs.each do |str| - strs.each do |other| - r = str.send(@method, other) + strs.each do |str| + strs.each do |other| + r = str.send(@method, other) - r.tainted?.should == !r.nil? & other.tainted? + r.tainted?.should == !r.nil? & other.tainted? + end end end end @@ -493,25 +503,27 @@ describe :string_slice_regexp_group, shared: true do "hello there".send(@method, /(?h(?.))/, 'g').should == "e" end - it "always taints resulting strings when self or regexp is tainted" do - strs = ["hello world"] - strs += strs.map { |s| s.dup.taint } + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self or regexp is tainted" do + strs = ["hello world"] + strs += strs.map { |s| s.dup.taint } - strs.each do |str| - str.send(@method, /(?hello)/, 'hi').tainted?.should == str.tainted? + strs.each do |str| + str.send(@method, /(?hello)/, 'hi').tainted?.should == str.tainted? - str.send(@method, /(?(.)(.)(.))/, 'g').tainted?.should == str.tainted? - str.send(@method, /(?.)(.)(.)/, 'h').tainted?.should == str.tainted? - str.send(@method, /(.)(?.)(.)/, 'a').tainted?.should == str.tainted? - str.send(@method, /(.)(.)(?.)/, 'r').tainted?.should == str.tainted? - str.send(@method, /(?.)(?.)(?.)/, 'r').tainted?.should == str.tainted? + str.send(@method, /(?(.)(.)(.))/, 'g').tainted?.should == str.tainted? + str.send(@method, /(?.)(.)(.)/, 'h').tainted?.should == str.tainted? + str.send(@method, /(.)(?.)(.)/, 'a').tainted?.should == str.tainted? + str.send(@method, /(.)(.)(?.)/, 'r').tainted?.should == str.tainted? + str.send(@method, /(?.)(?.)(?.)/, 'r').tainted?.should == str.tainted? - tainted_re = /(?.)(?.)(?.)/ - tainted_re.taint + tainted_re = /(?.)(?.)(?.)/ + tainted_re.taint - str.send(@method, tainted_re, 'a').tainted?.should be_true - str.send(@method, tainted_re, 'b').tainted?.should be_true - str.send(@method, tainted_re, 'c').tainted?.should be_true + str.send(@method, tainted_re, 'a').tainted?.should be_true + str.send(@method, tainted_re, 'b').tainted?.should be_true + str.send(@method, tainted_re, 'c').tainted?.should be_true + end end end diff --git a/spec/ruby/core/string/shared/succ.rb b/spec/ruby/core/string/shared/succ.rb index 31b4a8b5dd..80e4659102 100644 --- a/spec/ruby/core/string/shared/succ.rb +++ b/spec/ruby/core/string/shared/succ.rb @@ -65,9 +65,11 @@ describe :string_succ, shared: true do StringSpecs::MyString.new("z").send(@method).should be_an_instance_of(StringSpecs::MyString) end - it "taints the result if self is tainted" do - ["", "a", "z", "Z", "9", "\xFF", "\xFF\xFF"].each do |s| - s.taint.send(@method).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + ["", "a", "z", "Z", "9", "\xFF", "\xFF\xFF"].each do |s| + s.taint.send(@method).tainted?.should == true + end end end end diff --git a/spec/ruby/core/string/shared/to_s.rb b/spec/ruby/core/string/shared/to_s.rb index a5a13e4f26..36283be4d0 100644 --- a/spec/ruby/core/string/shared/to_s.rb +++ b/spec/ruby/core/string/shared/to_s.rb @@ -11,8 +11,10 @@ describe :string_to_s, shared: true do s.should be_an_instance_of(String) end - it "taints the result when self is tainted" do - "x".taint.send(@method).tainted?.should == true - StringSpecs::MyString.new("x").taint.send(@method).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints the result when self is tainted" do + "x".taint.send(@method).tainted?.should == true + StringSpecs::MyString.new("x").taint.send(@method).tainted?.should == true + end end end diff --git a/spec/ruby/core/string/slice_spec.rb b/spec/ruby/core/string/slice_spec.rb index 2af663117c..f9f4938af3 100644 --- a/spec/ruby/core/string/slice_spec.rb +++ b/spec/ruby/core/string/slice_spec.rb @@ -94,12 +94,14 @@ describe "String#slice! with index, length" do a.should == "h" end - it "always taints resulting strings when self is tainted" do - str = "hello world" - str.taint + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self is tainted" do + str = "hello world" + str.taint - str.slice!(0, 0).tainted?.should == true - str.slice!(2, 1).tainted?.should == true + str.slice!(0, 0).tainted?.should == true + str.slice!(2, 1).tainted?.should == true + end end it "returns nil if the given position is out of self" do @@ -184,12 +186,14 @@ describe "String#slice! Range" do b.should == "hello" end - it "always taints resulting strings when self is tainted" do - str = "hello world" - str.taint + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self is tainted" do + str = "hello world" + str.taint - str.slice!(0..0).tainted?.should == true - str.slice!(2..3).tainted?.should == true + str.slice!(0..0).tainted?.should == true + str.slice!(2..3).tainted?.should == true + end end it "returns subclass instances" do @@ -271,26 +275,28 @@ describe "String#slice! with Regexp" do s.should == "this is a string" end - it "always taints resulting strings when self or regexp is tainted" do - strs = ["hello world"] - strs += strs.map { |s| s.dup.taint } + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self or regexp is tainted" do + strs = ["hello world"] + strs += strs.map { |s| s.dup.taint } - strs.each do |str| - str = str.dup - str.slice!(//).tainted?.should == str.tainted? - str.slice!(/hello/).tainted?.should == str.tainted? + strs.each do |str| + str = str.dup + str.slice!(//).tainted?.should == str.tainted? + str.slice!(/hello/).tainted?.should == str.tainted? - tainted_re = /./ - tainted_re.taint + tainted_re = /./ + tainted_re.taint - str.slice!(tainted_re).tainted?.should == true + str.slice!(tainted_re).tainted?.should == true + end end - end - it "doesn't taint self when regexp is tainted" do - s = "hello" - s.slice!(/./.taint) - s.tainted?.should == false + it "doesn't taint self when regexp is tainted" do + s = "hello" + s.slice!(/./.taint) + s.tainted?.should == false + end end it "returns subclass instances" do @@ -330,26 +336,28 @@ describe "String#slice! with Regexp, index" do str.should == "ho here" end - it "always taints resulting strings when self or regexp is tainted" do - strs = ["hello world"] - strs += strs.map { |s| s.dup.taint } + ruby_version_is ''...'2.7' do + it "always taints resulting strings when self or regexp is tainted" do + strs = ["hello world"] + strs += strs.map { |s| s.dup.taint } - strs.each do |str| - str = str.dup - str.slice!(//, 0).tainted?.should == str.tainted? - str.slice!(/hello/, 0).tainted?.should == str.tainted? + strs.each do |str| + str = str.dup + str.slice!(//, 0).tainted?.should == str.tainted? + str.slice!(/hello/, 0).tainted?.should == str.tainted? - tainted_re = /(.)(.)(.)/ - tainted_re.taint + tainted_re = /(.)(.)(.)/ + tainted_re.taint - str.slice!(tainted_re, 1).tainted?.should == true + str.slice!(tainted_re, 1).tainted?.should == true + end end - end - it "doesn't taint self when regexp is tainted" do - s = "hello" - s.slice!(/(.)(.)/.taint, 1) - s.tainted?.should == false + it "doesn't taint self when regexp is tainted" do + s = "hello" + s.slice!(/(.)(.)/.taint, 1) + s.tainted?.should == false + end end it "returns nil if there was no match" do @@ -416,17 +424,19 @@ describe "String#slice! with String" do c.should == "he hello" end - it "taints resulting strings when other is tainted" do - strs = ["", "hello world", "hello"] - strs += strs.map { |s| s.dup.taint } + ruby_version_is ''...'2.7' do + it "taints resulting strings when other is tainted" do + strs = ["", "hello world", "hello"] + strs += strs.map { |s| s.dup.taint } - strs.each do |str| - str = str.dup - strs.each do |other| - other = other.dup - r = str.slice!(other) + strs.each do |str| + str = str.dup + strs.each do |other| + other = other.dup + r = str.slice!(other) - r.tainted?.should == !r.nil? & other.tainted? + r.tainted?.should == !r.nil? & other.tainted? + end end end end diff --git a/spec/ruby/core/string/split_spec.rb b/spec/ruby/core/string/split_spec.rb index 655f0dae76..cfb030ad8d 100644 --- a/spec/ruby/core/string/split_spec.rb +++ b/spec/ruby/core/string/split_spec.rb @@ -165,16 +165,18 @@ describe "String#split with String" do s.split(':').first.should == 'silly' end - it "taints the resulting strings if self is tainted" do - ["", "x.y.z.", " x y "].each do |str| - ["", ".", " "].each do |pat| - [-1, 0, 1, 2].each do |limit| - str.dup.taint.split(pat).each do |x| - x.tainted?.should == true - end - - str.split(pat.dup.taint).each do |x| - x.tainted?.should == false + ruby_version_is ''...'2.7' do + it "taints the resulting strings if self is tainted" do + ["", "x.y.z.", " x y "].each do |str| + ["", ".", " "].each do |pat| + [-1, 0, 1, 2].each do |limit| + str.dup.taint.split(pat).each do |x| + x.tainted?.should == true + end + + str.split(pat.dup.taint).each do |x| + x.tainted?.should == false + end end end end @@ -355,29 +357,31 @@ describe "String#split with Regexp" do s.split(/:/).first.should == 'silly' end - it "taints the resulting strings if self is tainted" do - ["", "x:y:z:", " x y "].each do |str| - [//, /:/, /\s+/].each do |pat| - [-1, 0, 1, 2].each do |limit| - str.dup.taint.split(pat, limit).each do |x| - # See the spec below for why the conditional is here - x.tainted?.should be_true unless x.empty? + ruby_version_is ''...'2.7' do + it "taints the resulting strings if self is tainted" do + ["", "x:y:z:", " x y "].each do |str| + [//, /:/, /\s+/].each do |pat| + [-1, 0, 1, 2].each do |limit| + str.dup.taint.split(pat, limit).each do |x| + # See the spec below for why the conditional is here + x.tainted?.should be_true unless x.empty? + end end end end end - end - it "taints an empty string if self is tainted" do - ":".taint.split(//, -1).last.tainted?.should be_true - end + it "taints an empty string if self is tainted" do + ":".taint.split(//, -1).last.tainted?.should be_true + end - it "doesn't taints the resulting strings if the Regexp is tainted" do - ["", "x:y:z:", " x y "].each do |str| - [//, /:/, /\s+/].each do |pat| - [-1, 0, 1, 2].each do |limit| - str.split(pat.dup.taint, limit).each do |x| - x.tainted?.should be_false + it "doesn't taints the resulting strings if the Regexp is tainted" do + ["", "x:y:z:", " x y "].each do |str| + [//, /:/, /\s+/].each do |pat| + [-1, 0, 1, 2].each do |limit| + str.split(pat.dup.taint, limit).each do |x| + x.tainted?.should be_false + end end end end diff --git a/spec/ruby/core/string/squeeze_spec.rb b/spec/ruby/core/string/squeeze_spec.rb index bcc320bb5b..2e96684b9d 100644 --- a/spec/ruby/core/string/squeeze_spec.rb +++ b/spec/ruby/core/string/squeeze_spec.rb @@ -54,12 +54,14 @@ describe "String#squeeze" do -> { s.squeeze("^e-b") }.should raise_error(ArgumentError) end - it "taints the result when self is tainted" do - "hello".taint.squeeze("e").tainted?.should == true - "hello".taint.squeeze("a-z").tainted?.should == true - - "hello".squeeze("e".taint).tainted?.should == false - "hello".squeeze("l".taint).tainted?.should == false + ruby_version_is ''...'2.7' do + it "taints the result when self is tainted" do + "hello".taint.squeeze("e").tainted?.should == true + "hello".taint.squeeze("a-z").tainted?.should == true + + "hello".squeeze("e".taint).tainted?.should == false + "hello".squeeze("l".taint).tainted?.should == false + end end it "tries to convert each set arg to a string using to_str" do diff --git a/spec/ruby/core/string/strip_spec.rb b/spec/ruby/core/string/strip_spec.rb index c205746483..728b3104fa 100644 --- a/spec/ruby/core/string/strip_spec.rb +++ b/spec/ruby/core/string/strip_spec.rb @@ -13,10 +13,12 @@ describe "String#strip" do " \x00 goodbye \x00 ".strip.should == "\x00 goodbye" end - it "taints the result when self is tainted" do - "".taint.strip.tainted?.should == true - "ok".taint.strip.tainted?.should == true - " ok ".taint.strip.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints the result when self is tainted" do + "".taint.strip.tainted?.should == true + "ok".taint.strip.tainted?.should == true + " ok ".taint.strip.tainted?.should == true + end end end diff --git a/spec/ruby/core/string/sub_spec.rb b/spec/ruby/core/string/sub_spec.rb index 630f0d6b70..2a859c2fc7 100644 --- a/spec/ruby/core/string/sub_spec.rb +++ b/spec/ruby/core/string/sub_spec.rb @@ -137,24 +137,26 @@ describe "String#sub with pattern, replacement" do "hello".sub(/./, 'hah\\').should == 'hah\\ello' end - it "taints the result if the original string or replacement is tainted" do - hello = "hello" - hello_t = "hello" - a = "a" - a_t = "a" - empty = "" - empty_t = "" + ruby_version_is ''...'2.7' do + it "taints the result if the original string or replacement is tainted" do + hello = "hello" + hello_t = "hello" + a = "a" + a_t = "a" + empty = "" + empty_t = "" - hello_t.taint; a_t.taint; empty_t.taint + hello_t.taint; a_t.taint; empty_t.taint - hello_t.sub(/./, a).tainted?.should == true - hello_t.sub(/./, empty).tainted?.should == true + hello_t.sub(/./, a).tainted?.should == true + hello_t.sub(/./, empty).tainted?.should == true - hello.sub(/./, a_t).tainted?.should == true - hello.sub(/./, empty_t).tainted?.should == true - hello.sub(//, empty_t).tainted?.should == true + hello.sub(/./, a_t).tainted?.should == true + hello.sub(/./, empty_t).tainted?.should == true + hello.sub(//, empty_t).tainted?.should == true - hello.sub(//.taint, "foo").tainted?.should == false + hello.sub(//.taint, "foo").tainted?.should == false + end end it "tries to convert pattern to a string using to_str" do @@ -285,24 +287,26 @@ describe "String#sub with pattern and block" do "hello".sub(/.+/) { obj }.should == "ok" end - it "taints the result if the original string or replacement is tainted" do - hello = "hello" - hello_t = "hello" - a = "a" - a_t = "a" - empty = "" - empty_t = "" + ruby_version_is ''...'2.7' do + it "taints the result if the original string or replacement is tainted" do + hello = "hello" + hello_t = "hello" + a = "a" + a_t = "a" + empty = "" + empty_t = "" - hello_t.taint; a_t.taint; empty_t.taint + hello_t.taint; a_t.taint; empty_t.taint - hello_t.sub(/./) { a }.tainted?.should == true - hello_t.sub(/./) { empty }.tainted?.should == true + hello_t.sub(/./) { a }.tainted?.should == true + hello_t.sub(/./) { empty }.tainted?.should == true - hello.sub(/./) { a_t }.tainted?.should == true - hello.sub(/./) { empty_t }.tainted?.should == true - hello.sub(//) { empty_t }.tainted?.should == true + hello.sub(/./) { a_t }.tainted?.should == true + hello.sub(/./) { empty_t }.tainted?.should == true + hello.sub(//) { empty_t }.tainted?.should == true - hello.sub(//.taint) { "foo" }.tainted?.should == false + hello.sub(//.taint) { "foo" }.tainted?.should == false + end end end @@ -313,10 +317,12 @@ describe "String#sub! with pattern, replacement" do a.should == "h*llo" end - it "taints self if replacement is tainted" do - a = "hello" - a.sub!(/./.taint, "foo").tainted?.should == false - a.sub!(/./, "foo".taint).tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints self if replacement is tainted" do + a = "hello" + a.sub!(/./.taint, "foo").tainted?.should == false + a.sub!(/./, "foo".taint).tainted?.should == true + end end it "returns nil if no modifications were made" do @@ -361,10 +367,12 @@ describe "String#sub! with pattern and block" do offsets.should == [[1, 2]] end - it "taints self if block's result is tainted" do - a = "hello" - a.sub!(/./.taint) { "foo" }.tainted?.should == false - a.sub!(/./) { "foo".taint }.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints self if block's result is tainted" do + a = "hello" + a.sub!(/./.taint) { "foo" }.tainted?.should == false + a.sub!(/./) { "foo".taint }.tainted?.should == true + end end it "returns nil if no modifications were made" do @@ -452,24 +460,26 @@ describe "String#sub with pattern and Hash" do "hello".sub(/(.+)/, 'hello' => repl ).should == repl end - it "untrusts the result if the original string is untrusted" do - str = "Ghana".untrust - str.sub(/[Aa]na/, 'ana' => '').untrusted?.should be_true - end + ruby_version_is ''...'2.7' do + it "untrusts the result if the original string is untrusted" do + str = "Ghana".untrust + str.sub(/[Aa]na/, 'ana' => '').untrusted?.should be_true + end - it "untrusts the result if a hash value is untrusted" do - str = "Ghana" - str.sub(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true - end + it "untrusts the result if a hash value is untrusted" do + str = "Ghana" + str.sub(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true + end - it "taints the result if the original string is tainted" do - str = "Ghana".taint - str.sub(/[Aa]na/, 'ana' => '').tainted?.should be_true - end + it "taints the result if the original string is tainted" do + str = "Ghana".taint + str.sub(/[Aa]na/, 'ana' => '').tainted?.should be_true + end - it "taints the result if a hash value is tainted" do - str = "Ghana" - str.sub(/a$/, 'a' => 'di'.taint).tainted?.should be_true + it "taints the result if a hash value is tainted" do + str = "Ghana" + str.sub(/a$/, 'a' => 'di'.taint).tainted?.should be_true + end end end @@ -537,24 +547,26 @@ describe "String#sub! with pattern and Hash" do "hello".sub!(/(.+)/, 'hello' => repl ).should == repl end - it "keeps untrusted state" do - str = "Ghana".untrust - str.sub!(/[Aa]na/, 'ana' => '').untrusted?.should be_true - end + ruby_version_is ''...'2.7' do + it "keeps untrusted state" do + str = "Ghana".untrust + str.sub!(/[Aa]na/, 'ana' => '').untrusted?.should be_true + end - it "untrusts self if a hash value is untrusted" do - str = "Ghana" - str.sub!(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true - end + it "untrusts self if a hash value is untrusted" do + str = "Ghana" + str.sub!(/a$/, 'a' => 'di'.untrust).untrusted?.should be_true + end - it "keeps tainted state" do - str = "Ghana".taint - str.sub!(/[Aa]na/, 'ana' => '').tainted?.should be_true - end + it "keeps tainted state" do + str = "Ghana".taint + str.sub!(/[Aa]na/, 'ana' => '').tainted?.should be_true + end - it "taints self if a hash value is tainted" do - str = "Ghana" - str.sub!(/a$/, 'a' => 'di'.taint).tainted?.should be_true + it "taints self if a hash value is tainted" do + str = "Ghana" + str.sub!(/a$/, 'a' => 'di'.taint).tainted?.should be_true + end end end diff --git a/spec/ruby/core/string/swapcase_spec.rb b/spec/ruby/core/string/swapcase_spec.rb index 95edcec7d1..c1a1608a81 100644 --- a/spec/ruby/core/string/swapcase_spec.rb +++ b/spec/ruby/core/string/swapcase_spec.rb @@ -9,9 +9,11 @@ describe "String#swapcase" do "+++---111222???".swapcase.should == "+++---111222???" end - it "taints resulting string when self is tainted" do - "".taint.swapcase.tainted?.should == true - "hello".taint.swapcase.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints resulting string when self is tainted" do + "".taint.swapcase.tainted?.should == true + "hello".taint.swapcase.tainted?.should == true + end end describe "full Unicode case mapping" do diff --git a/spec/ruby/core/string/tr_s_spec.rb b/spec/ruby/core/string/tr_s_spec.rb index 4380f2d548..a05e421e99 100644 --- a/spec/ruby/core/string/tr_s_spec.rb +++ b/spec/ruby/core/string/tr_s_spec.rb @@ -49,14 +49,16 @@ describe "String#tr_s" do StringSpecs::MyString.new("hello").tr_s("e", "a").should be_an_instance_of(StringSpecs::MyString) end - it "taints the result when self is tainted" do - ["h", "hello"].each do |str| - tainted_str = str.dup.taint + ruby_version_is ''...'2.7' do + it "taints the result when self is tainted" do + ["h", "hello"].each do |str| + tainted_str = str.dup.taint - tainted_str.tr_s("e", "a").tainted?.should == true + tainted_str.tr_s("e", "a").tainted?.should == true - str.tr_s("e".taint, "a").tainted?.should == false - str.tr_s("e", "a".taint).tainted?.should == false + str.tr_s("e".taint, "a").tainted?.should == false + str.tr_s("e", "a".taint).tainted?.should == false + end end end diff --git a/spec/ruby/core/string/tr_spec.rb b/spec/ruby/core/string/tr_spec.rb index 721ebab51c..ae826fd79b 100644 --- a/spec/ruby/core/string/tr_spec.rb +++ b/spec/ruby/core/string/tr_spec.rb @@ -61,14 +61,16 @@ describe "String#tr" do StringSpecs::MyString.new("hello").tr("e", "a").should be_an_instance_of(StringSpecs::MyString) end - it "taints the result when self is tainted" do - ["h", "hello"].each do |str| - tainted_str = str.dup.taint + ruby_version_is ''...'2.7' do + it "taints the result when self is tainted" do + ["h", "hello"].each do |str| + tainted_str = str.dup.taint - tainted_str.tr("e", "a").tainted?.should == true + tainted_str.tr("e", "a").tainted?.should == true - str.tr("e".taint, "a").tainted?.should == false - str.tr("e", "a".taint).tainted?.should == false + str.tr("e".taint, "a").tainted?.should == false + str.tr("e", "a".taint).tainted?.should == false + end end end diff --git a/spec/ruby/core/string/undump_spec.rb b/spec/ruby/core/string/undump_spec.rb index 315d27cad4..e83c53ce89 100644 --- a/spec/ruby/core/string/undump_spec.rb +++ b/spec/ruby/core/string/undump_spec.rb @@ -4,12 +4,14 @@ require_relative 'fixtures/classes' ruby_version_is '2.5' do describe "String#undump" do - it "taints the result if self is tainted" do - '"foo"'.taint.undump.tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "taints the result if self is tainted" do + '"foo"'.taint.undump.tainted?.should == true + end - it "untrusts the result if self is untrusted" do - '"foo"'.untrust.undump.untrusted?.should == true + it "untrusts the result if self is untrusted" do + '"foo"'.untrust.undump.untrusted?.should == true + end end it "does not take into account if a string is frozen" do diff --git a/spec/ruby/core/string/unpack/p_spec.rb b/spec/ruby/core/string/unpack/p_spec.rb index a544bc29c1..3e187d674f 100644 --- a/spec/ruby/core/string/unpack/p_spec.rb +++ b/spec/ruby/core/string/unpack/p_spec.rb @@ -18,8 +18,10 @@ describe "String#unpack with format 'P'" do -> { packed.to_sym.to_s.unpack("P5") }.should raise_error(ArgumentError, /no associated pointer/) end - it "taints the unpacked string" do - ["hello"].pack("P").unpack("P5").first.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the unpacked string" do + ["hello"].pack("P").unpack("P5").first.tainted?.should be_true + end end it "reads as many characters as specified" do @@ -46,7 +48,9 @@ describe "String#unpack with format 'p'" do -> { packed.to_sym.to_s.unpack("p") }.should raise_error(ArgumentError, /no associated pointer/) end - it "taints the unpacked string" do - ["hello"].pack("p").unpack("p").first.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the unpacked string" do + ["hello"].pack("p").unpack("p").first.tainted?.should be_true + end end end diff --git a/spec/ruby/core/string/unpack/shared/taint.rb b/spec/ruby/core/string/unpack/shared/taint.rb index 391338192a..061a3e26ad 100644 --- a/spec/ruby/core/string/unpack/shared/taint.rb +++ b/spec/ruby/core/string/unpack/shared/taint.rb @@ -1,81 +1,83 @@ describe :string_unpack_taint, shared: true do - it "does not taint returned arrays if given an untainted format string" do - "".unpack(unpack_format(2)).tainted?.should be_false - end + ruby_version_is ''...'2.7' do + it "does not taint returned arrays if given an untainted format string" do + "".unpack(unpack_format(2)).tainted?.should be_false + end - it "does not taint returned arrays if given a tainted format string" do - format_string = unpack_format(2).dup - format_string.taint - "".unpack(format_string).tainted?.should be_false - end + it "does not taint returned arrays if given a tainted format string" do + format_string = unpack_format(2).dup + format_string.taint + "".unpack(format_string).tainted?.should be_false + end - it "does not taint returned strings if given an untainted format string" do - "".unpack(unpack_format(2)).any?(&:tainted?).should be_false - end + it "does not taint returned strings if given an untainted format string" do + "".unpack(unpack_format(2)).any?(&:tainted?).should be_false + end - it "does not taint returned strings if given a tainted format string" do - format_string = unpack_format(2).dup - format_string.taint - "".unpack(format_string).any?(&:tainted?).should be_false - end + it "does not taint returned strings if given a tainted format string" do + format_string = unpack_format(2).dup + format_string.taint + "".unpack(format_string).any?(&:tainted?).should be_false + end - it "does not taint returned arrays if given an untainted packed string" do - "".unpack(unpack_format(2)).tainted?.should be_false - end + it "does not taint returned arrays if given an untainted packed string" do + "".unpack(unpack_format(2)).tainted?.should be_false + end - it "does not taint returned arrays if given a tainted packed string" do - packed_string = "" - packed_string.taint - packed_string.unpack(unpack_format(2)).tainted?.should be_false - end + it "does not taint returned arrays if given a tainted packed string" do + packed_string = "" + packed_string.taint + packed_string.unpack(unpack_format(2)).tainted?.should be_false + end - it "does not taint returned strings if given an untainted packed string" do - "".unpack(unpack_format(2)).any?(&:tainted?).should be_false - end + it "does not taint returned strings if given an untainted packed string" do + "".unpack(unpack_format(2)).any?(&:tainted?).should be_false + end - it "taints returned strings if given a tainted packed string" do - packed_string = "" - packed_string.taint - packed_string.unpack(unpack_format(2)).all?(&:tainted?).should be_true - end + it "taints returned strings if given a tainted packed string" do + packed_string = "" + packed_string.taint + packed_string.unpack(unpack_format(2)).all?(&:tainted?).should be_true + end - it "does not untrust returned arrays if given an untrusted format string" do - "".unpack(unpack_format(2)).untrusted?.should be_false - end + it "does not untrust returned arrays if given an untrusted format string" do + "".unpack(unpack_format(2)).untrusted?.should be_false + end - it "does not untrust returned arrays if given a untrusted format string" do - format_string = unpack_format(2).dup - format_string.untrust - "".unpack(format_string).untrusted?.should be_false - end + it "does not untrust returned arrays if given a untrusted format string" do + format_string = unpack_format(2).dup + format_string.untrust + "".unpack(format_string).untrusted?.should be_false + end - it "does not untrust returned strings if given an untainted format string" do - "".unpack(unpack_format(2)).any?(&:untrusted?).should be_false - end + it "does not untrust returned strings if given an untainted format string" do + "".unpack(unpack_format(2)).any?(&:untrusted?).should be_false + end - it "does not untrust returned strings if given a untrusted format string" do - format_string = unpack_format(2).dup - format_string.untrust - "".unpack(format_string).any?(&:untrusted?).should be_false - end + it "does not untrust returned strings if given a untrusted format string" do + format_string = unpack_format(2).dup + format_string.untrust + "".unpack(format_string).any?(&:untrusted?).should be_false + end - it "does not untrust returned arrays if given an trusted packed string" do - "".unpack(unpack_format(2)).untrusted?.should be_false - end + it "does not untrust returned arrays if given an trusted packed string" do + "".unpack(unpack_format(2)).untrusted?.should be_false + end - it "does not untrust returned arrays if given a untrusted packed string" do - packed_string = "" - packed_string.untrust - packed_string.unpack(unpack_format(2)).untrusted?.should be_false - end + it "does not untrust returned arrays if given a untrusted packed string" do + packed_string = "" + packed_string.untrust + packed_string.unpack(unpack_format(2)).untrusted?.should be_false + end - it "does not untrust returned strings if given an trusted packed string" do - "".unpack(unpack_format(2)).any?(&:untrusted?).should be_false - end + it "does not untrust returned strings if given an trusted packed string" do + "".unpack(unpack_format(2)).any?(&:untrusted?).should be_false + end - it "untrusts returned strings if given a untrusted packed string" do - packed_string = "" - packed_string.untrust - packed_string.unpack(unpack_format(2)).all?(&:untrusted?).should be_true + it "untrusts returned strings if given a untrusted packed string" do + packed_string = "" + packed_string.untrust + packed_string.unpack(unpack_format(2)).all?(&:untrusted?).should be_true + end end end diff --git a/spec/ruby/core/string/upcase_spec.rb b/spec/ruby/core/string/upcase_spec.rb index 72aacd88a9..eb7d708fe0 100644 --- a/spec/ruby/core/string/upcase_spec.rb +++ b/spec/ruby/core/string/upcase_spec.rb @@ -65,10 +65,12 @@ describe "String#upcase" do -> { "abc".upcase(:invalid_option) }.should raise_error(ArgumentError) end - it "taints result when self is tainted" do - "".taint.upcase.tainted?.should == true - "X".taint.upcase.tainted?.should == true - "x".taint.upcase.tainted?.should == true + ruby_version_is ''...'2.7' do + it "taints result when self is tainted" do + "".taint.upcase.tainted?.should == true + "X".taint.upcase.tainted?.should == true + "x".taint.upcase.tainted?.should == true + end end it "returns a subclass instance for subclasses" do diff --git a/spec/ruby/core/symbol/shared/slice.rb b/spec/ruby/core/symbol/shared/slice.rb index 478e0d80ae..3f07f6aedb 100644 --- a/spec/ruby/core/symbol/shared/slice.rb +++ b/spec/ruby/core/symbol/shared/slice.rb @@ -191,12 +191,14 @@ describe :symbol_slice, shared: true do $~.should be_nil end - it "returns a tainted string if the regexp is tainted" do - :symbol.send(@method, /./.taint).tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted string if the regexp is tainted" do + :symbol.send(@method, /./.taint).tainted?.should be_true + end - it "returns an untrusted string if the regexp is untrusted" do - :symbol.send(@method, /./.untrust).untrusted?.should be_true + it "returns an untrusted string if the regexp is untrusted" do + :symbol.send(@method, /./.untrust).untrusted?.should be_true + end end end @@ -219,12 +221,14 @@ describe :symbol_slice, shared: true do :symbol.send(@method, /(sy)(mb)(ol)/, 1.5).should == "sy" end - it "returns a tainted string if the regexp is tainted" do - :symbol.send(@method, /(.)/.taint, 1).tainted?.should be_true - end + ruby_version_is ''...'2.7' do + it "returns a tainted string if the regexp is tainted" do + :symbol.send(@method, /(.)/.taint, 1).tainted?.should be_true + end - it "returns an untrusted string if the regexp is untrusted" do - :symbol.send(@method, /(.)/.untrust, 1).untrusted?.should be_true + it "returns an untrusted string if the regexp is untrusted" do + :symbol.send(@method, /(.)/.untrust, 1).untrusted?.should be_true + end end describe "and an index that cannot be converted to an Integer" do diff --git a/spec/ruby/language/string_spec.rb b/spec/ruby/language/string_spec.rb index a7ca00ef03..d0f62ff3c9 100644 --- a/spec/ruby/language/string_spec.rb +++ b/spec/ruby/language/string_spec.rb @@ -51,24 +51,26 @@ describe "Ruby character strings" do "#\$".should == '#$' end - it "taints the result of interpolation when an interpolated value is tainted" do - "#{"".taint}".tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the result of interpolation when an interpolated value is tainted" do + "#{"".taint}".tainted?.should be_true - @ip.taint - "#@ip".tainted?.should be_true + @ip.taint + "#@ip".tainted?.should be_true - $ip.taint - "#$ip".tainted?.should be_true - end + $ip.taint + "#$ip".tainted?.should be_true + end - it "untrusts the result of interpolation when an interpolated value is untrusted" do - "#{"".untrust}".untrusted?.should be_true + it "untrusts the result of interpolation when an interpolated value is untrusted" do + "#{"".untrust}".untrusted?.should be_true - @ip.untrust - "#@ip".untrusted?.should be_true + @ip.untrust + "#@ip".untrusted?.should be_true - $ip.untrust - "#$ip".untrusted?.should be_true + $ip.untrust + "#$ip".untrusted?.should be_true + end end it "allows using non-alnum characters as string delimiters" do diff --git a/spec/ruby/library/delegate/delegator/taint_spec.rb b/spec/ruby/library/delegate/delegator/taint_spec.rb index 2dd0493b53..b875b5a6b8 100644 --- a/spec/ruby/library/delegate/delegator/taint_spec.rb +++ b/spec/ruby/library/delegate/delegator/taint_spec.rb @@ -6,18 +6,20 @@ describe "Delegator#taint" do @delegate = DelegateSpecs::Delegator.new("") end - it "returns self" do - @delegate.taint.equal?(@delegate).should be_true - end + ruby_version_is ''...'2.7' do + it "returns self" do + @delegate.taint.equal?(@delegate).should be_true + end - it "taints the delegator" do - @delegate.__setobj__(nil) - @delegate.taint - @delegate.tainted?.should be_true - end + it "taints the delegator" do + @delegate.__setobj__(nil) + @delegate.taint + @delegate.tainted?.should be_true + end - it "taints the delegated object" do - @delegate.taint - @delegate.__getobj__.tainted?.should be_true + it "taints the delegated object" do + @delegate.taint + @delegate.__getobj__.tainted?.should be_true + end end end diff --git a/spec/ruby/library/delegate/delegator/trust_spec.rb b/spec/ruby/library/delegate/delegator/trust_spec.rb index ba57b3ea18..492f02e27f 100644 --- a/spec/ruby/library/delegate/delegator/trust_spec.rb +++ b/spec/ruby/library/delegate/delegator/trust_spec.rb @@ -6,17 +6,19 @@ describe "Delegator#trust" do @delegate = DelegateSpecs::Delegator.new([]) end - it "returns self" do - @delegate.trust.equal?(@delegate).should be_true - end + ruby_version_is ''...'2.7' do + it "returns self" do + @delegate.trust.equal?(@delegate).should be_true + end - it "trusts the delegator" do - @delegate.trust - @delegate.untrusted?.should be_false - end + it "trusts the delegator" do + @delegate.trust + @delegate.untrusted?.should be_false + end - it "trusts the delegated object" do - @delegate.trust - @delegate.__getobj__.untrusted?.should be_false + it "trusts the delegated object" do + @delegate.trust + @delegate.__getobj__.untrusted?.should be_false + end end end diff --git a/spec/ruby/library/delegate/delegator/untaint_spec.rb b/spec/ruby/library/delegate/delegator/untaint_spec.rb index ddcf854a43..3f8f7721a9 100644 --- a/spec/ruby/library/delegate/delegator/untaint_spec.rb +++ b/spec/ruby/library/delegate/delegator/untaint_spec.rb @@ -6,19 +6,21 @@ describe "Delegator#untaint" do @delegate = -> { DelegateSpecs::Delegator.new("") }.call end - it "returns self" do - @delegate.untaint.equal?(@delegate).should be_true - end + ruby_version_is ''...'2.7' do + it "returns self" do + @delegate.untaint.equal?(@delegate).should be_true + end - it "untaints the delegator" do - @delegate.untaint - @delegate.tainted?.should be_false - # No additional meaningful test; that it does or not taint - # "for real" the delegator has no consequence - end + it "untaints the delegator" do + @delegate.untaint + @delegate.tainted?.should be_false + # No additional meaningful test; that it does or not taint + # "for real" the delegator has no consequence + end - it "untaints the delegated object" do - @delegate.untaint - @delegate.__getobj__.tainted?.should be_false + it "untaints the delegated object" do + @delegate.untaint + @delegate.__getobj__.tainted?.should be_false + end end end diff --git a/spec/ruby/library/delegate/delegator/untrust_spec.rb b/spec/ruby/library/delegate/delegator/untrust_spec.rb index b7f4bc823e..acc91b099a 100644 --- a/spec/ruby/library/delegate/delegator/untrust_spec.rb +++ b/spec/ruby/library/delegate/delegator/untrust_spec.rb @@ -6,18 +6,20 @@ describe "Delegator#untrust" do @delegate = DelegateSpecs::Delegator.new("") end - it "returns self" do - @delegate.untrust.equal?(@delegate).should be_true - end + ruby_version_is ''...'2.7' do + it "returns self" do + @delegate.untrust.equal?(@delegate).should be_true + end - it "untrusts the delegator" do - @delegate.__setobj__(nil) - @delegate.untrust - @delegate.untrusted?.should be_true - end + it "untrusts the delegator" do + @delegate.__setobj__(nil) + @delegate.untrust + @delegate.untrusted?.should be_true + end - it "untrusts the delegated object" do - @delegate.untrust - @delegate.__getobj__.untrusted?.should be_true + it "untrusts the delegated object" do + @delegate.untrust + @delegate.__getobj__.untrusted?.should be_true + end end end diff --git a/spec/ruby/library/pathname/new_spec.rb b/spec/ruby/library/pathname/new_spec.rb index f400444887..dcb770149f 100644 --- a/spec/ruby/library/pathname/new_spec.rb +++ b/spec/ruby/library/pathname/new_spec.rb @@ -10,9 +10,11 @@ describe "Pathname.new" do -> { Pathname.new("\0")}.should raise_error(ArgumentError) end - it "is tainted if path is tainted" do - path = '/usr/local/bin'.taint - Pathname.new(path).tainted?.should == true + ruby_version_is ''...'2.7' do + it "is tainted if path is tainted" do + path = '/usr/local/bin'.taint + Pathname.new(path).tainted?.should == true + end end it "raises a TypeError if not passed a String type" do diff --git a/spec/ruby/library/readline/history/delete_at_spec.rb b/spec/ruby/library/readline/history/delete_at_spec.rb index 8dcce259bb..c95a6a865e 100644 --- a/spec/ruby/library/readline/history/delete_at_spec.rb +++ b/spec/ruby/library/readline/history/delete_at_spec.rb @@ -35,11 +35,13 @@ with_feature :readline do -> { Readline::HISTORY.delete_at(-10) }.should raise_error(IndexError) end - it "taints the returned strings" do - Readline::HISTORY.push("1", "2", "3") - Readline::HISTORY.delete_at(0).tainted?.should be_true - Readline::HISTORY.delete_at(0).tainted?.should be_true - Readline::HISTORY.delete_at(0).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the returned strings" do + Readline::HISTORY.push("1", "2", "3") + Readline::HISTORY.delete_at(0).tainted?.should be_true + Readline::HISTORY.delete_at(0).tainted?.should be_true + Readline::HISTORY.delete_at(0).tainted?.should be_true + end end end end diff --git a/spec/ruby/library/readline/history/each_spec.rb b/spec/ruby/library/readline/history/each_spec.rb index 4b87df7640..23387bfc98 100644 --- a/spec/ruby/library/readline/history/each_spec.rb +++ b/spec/ruby/library/readline/history/each_spec.rb @@ -20,9 +20,11 @@ with_feature :readline do result.should == ["1", "2", "3"] end - it "yields tainted Objects" do - Readline::HISTORY.each do |x| - x.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "yields tainted Objects" do + Readline::HISTORY.each do |x| + x.tainted?.should be_true + end end end end diff --git a/spec/ruby/library/readline/history/element_reference_spec.rb b/spec/ruby/library/readline/history/element_reference_spec.rb index 09cac5e28f..dfa5367cad 100644 --- a/spec/ruby/library/readline/history/element_reference_spec.rb +++ b/spec/ruby/library/readline/history/element_reference_spec.rb @@ -12,9 +12,11 @@ with_feature :readline do Readline::HISTORY.pop end - it "returns tainted objects" do - Readline::HISTORY[0].tainted?.should be_true - Readline::HISTORY[1].tainted?.should be_true + ruby_version_is ''...'2.7' do + it "returns tainted objects" do + Readline::HISTORY[0].tainted?.should be_true + Readline::HISTORY[1].tainted?.should be_true + end end it "returns the history item at the passed index" do diff --git a/spec/ruby/library/readline/history/pop_spec.rb b/spec/ruby/library/readline/history/pop_spec.rb index 3a4c3579d0..e17be666d8 100644 --- a/spec/ruby/library/readline/history/pop_spec.rb +++ b/spec/ruby/library/readline/history/pop_spec.rb @@ -20,11 +20,13 @@ with_feature :readline do Readline::HISTORY.size.should == 0 end - it "taints the returned strings" do - Readline::HISTORY.push("1", "2", "3") - Readline::HISTORY.pop.tainted?.should be_true - Readline::HISTORY.pop.tainted?.should be_true - Readline::HISTORY.pop.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the returned strings" do + Readline::HISTORY.push("1", "2", "3") + Readline::HISTORY.pop.tainted?.should be_true + Readline::HISTORY.pop.tainted?.should be_true + Readline::HISTORY.pop.tainted?.should be_true + end end end end diff --git a/spec/ruby/library/readline/history/shift_spec.rb b/spec/ruby/library/readline/history/shift_spec.rb index fdc637fc35..ccd90193fd 100644 --- a/spec/ruby/library/readline/history/shift_spec.rb +++ b/spec/ruby/library/readline/history/shift_spec.rb @@ -20,11 +20,13 @@ with_feature :readline do Readline::HISTORY.size.should == 0 end - it "taints the returned strings" do - Readline::HISTORY.push("1", "2", "3") - Readline::HISTORY.shift.tainted?.should be_true - Readline::HISTORY.shift.tainted?.should be_true - Readline::HISTORY.shift.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the returned strings" do + Readline::HISTORY.push("1", "2", "3") + Readline::HISTORY.shift.tainted?.should be_true + Readline::HISTORY.shift.tainted?.should be_true + Readline::HISTORY.shift.tainted?.should be_true + end end end end diff --git a/spec/ruby/library/readline/readline_spec.rb b/spec/ruby/library/readline/readline_spec.rb index f716d7b2df..24d2cbbe86 100644 --- a/spec/ruby/library/readline/readline_spec.rb +++ b/spec/ruby/library/readline/readline_spec.rb @@ -22,9 +22,11 @@ with_feature :readline do File.read(@out).should == "test" end - it "taints the returned strings" do - ruby_exe('File.write ARGV[0], Readline.readline.tainted?', @options) - File.read(@out).should == "true" + ruby_version_is ''...'2.7' do + it "taints the returned strings" do + ruby_exe('File.write ARGV[0], Readline.readline.tainted?', @options) + File.read(@out).should == "true" + end end end end diff --git a/spec/ruby/library/stringscanner/initialize_spec.rb b/spec/ruby/library/stringscanner/initialize_spec.rb index 07f71572ce..047d9d058b 100644 --- a/spec/ruby/library/stringscanner/initialize_spec.rb +++ b/spec/ruby/library/stringscanner/initialize_spec.rb @@ -12,7 +12,6 @@ describe "StringScanner#initialize" do it "returns an instance of StringScanner" do @s.should be_kind_of(StringScanner) - @s.tainted?.should be_false @s.eos?.should be_false end diff --git a/spec/ruby/library/stringscanner/shared/extract_range.rb b/spec/ruby/library/stringscanner/shared/extract_range.rb index 7e98540b1a..1c14f716c9 100644 --- a/spec/ruby/library/stringscanner/shared/extract_range.rb +++ b/spec/ruby/library/stringscanner/shared/extract_range.rb @@ -9,14 +9,16 @@ describe :extract_range, shared: true do ch.should be_an_instance_of(String) end - it "taints the returned String if the input was tainted" do - str = 'abc' - str.taint + ruby_version_is ''...'2.7' do + it "taints the returned String if the input was tainted" do + str = 'abc' + str.taint - s = StringScanner.new(str) + s = StringScanner.new(str) - s.send(@method).tainted?.should be_true - s.send(@method).tainted?.should be_true - s.send(@method).tainted?.should be_true + s.send(@method).tainted?.should be_true + s.send(@method).tainted?.should be_true + s.send(@method).tainted?.should be_true + end end end diff --git a/spec/ruby/library/stringscanner/shared/extract_range_matched.rb b/spec/ruby/library/stringscanner/shared/extract_range_matched.rb index fe695e8ac1..5c536f5c01 100644 --- a/spec/ruby/library/stringscanner/shared/extract_range_matched.rb +++ b/spec/ruby/library/stringscanner/shared/extract_range_matched.rb @@ -11,12 +11,14 @@ describe :extract_range_matched, shared: true do ch.should be_an_instance_of(String) end - it "taints the returned String if the input was tainted" do - str = 'abc' - str.taint + ruby_version_is ''...'2.7' do + it "taints the returned String if the input was tainted" do + str = 'abc' + str.taint - s = StringScanner.new(str) - s.scan(/\w{1}/) - s.send(@method).tainted?.should be_true + s = StringScanner.new(str) + s.scan(/\w{1}/) + s.send(@method).tainted?.should be_true + end end end diff --git a/spec/ruby/library/stringscanner/shared/peek.rb b/spec/ruby/library/stringscanner/shared/peek.rb index a59afdc6c0..4e2e643353 100644 --- a/spec/ruby/library/stringscanner/shared/peek.rb +++ b/spec/ruby/library/stringscanner/shared/peek.rb @@ -37,11 +37,13 @@ describe :strscan_peek, shared: true do ch.should be_an_instance_of(String) end - it "taints the returned String if the input was tainted" do - str = 'abc' - str.taint - - s = StringScanner.new(str) - s.send(@method, 1).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the returned String if the input was tainted" do + str = 'abc' + str.taint + + s = StringScanner.new(str) + s.send(@method, 1).tainted?.should be_true + end end end diff --git a/spec/ruby/optional/capi/object_spec.rb b/spec/ruby/optional/capi/object_spec.rb index 43b74b9151..30abe715e7 100644 --- a/spec/ruby/optional/capi/object_spec.rb +++ b/spec/ruby/optional/capi/object_spec.rb @@ -414,11 +414,13 @@ describe "CApiObject" do end describe "FL_TEST" do - it "returns correct status for FL_TAINT" do - obj = Object.new - @o.FL_TEST(obj, "FL_TAINT").should == 0 - obj.taint - @o.FL_TEST(obj, "FL_TAINT").should_not == 0 + ruby_version_is ''...'2.7' do + it "returns correct status for FL_TAINT" do + obj = Object.new + @o.FL_TEST(obj, "FL_TAINT").should == 0 + obj.taint + @o.FL_TEST(obj, "FL_TAINT").should_not == 0 + end end it "returns correct status for FL_FREEZE" do @@ -570,61 +572,67 @@ describe "CApiObject" do end describe "OBJ_TAINT" do - it "taints the object" do - obj = mock("tainted") - @o.OBJ_TAINT(obj) - obj.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "taints the object" do + obj = mock("tainted") + @o.OBJ_TAINT(obj) + obj.tainted?.should be_true + end end end describe "OBJ_TAINTED" do - it "returns C true if the object is tainted" do - obj = mock("tainted") - obj.taint - @o.OBJ_TAINTED(obj).should be_true - end + ruby_version_is ''...'2.7' do + it "returns C true if the object is tainted" do + obj = mock("tainted") + obj.taint + @o.OBJ_TAINTED(obj).should be_true + end - it "returns C false if the object is not tainted" do - obj = mock("untainted") - @o.OBJ_TAINTED(obj).should be_false + it "returns C false if the object is not tainted" do + obj = mock("untainted") + @o.OBJ_TAINTED(obj).should be_false + end end end describe "OBJ_INFECT" do - it "does not taint the first argument if the second argument is not tainted" do - host = mock("host") - source = mock("source") - @o.OBJ_INFECT(host, source) - host.tainted?.should be_false - end + ruby_version_is ''...'2.7' do + it "does not taint the first argument if the second argument is not tainted" do + host = mock("host") + source = mock("source") + @o.OBJ_INFECT(host, source) + host.tainted?.should be_false + end - it "taints the first argument if the second argument is tainted" do - host = mock("host") - source = mock("source").taint - @o.OBJ_INFECT(host, source) - host.tainted?.should be_true - end + it "taints the first argument if the second argument is tainted" do + host = mock("host") + source = mock("source").taint + @o.OBJ_INFECT(host, source) + host.tainted?.should be_true + end - it "does not untrust the first argument if the second argument is trusted" do - host = mock("host") - source = mock("source") - @o.OBJ_INFECT(host, source) - host.untrusted?.should be_false - end + it "does not untrust the first argument if the second argument is trusted" do + host = mock("host") + source = mock("source") + @o.OBJ_INFECT(host, source) + host.untrusted?.should be_false + end - it "untrusts the first argument if the second argument is untrusted" do - host = mock("host") - source = mock("source").untrust - @o.OBJ_INFECT(host, source) - host.untrusted?.should be_true - end + it "untrusts the first argument if the second argument is untrusted" do + host = mock("host") + source = mock("source").untrust + @o.OBJ_INFECT(host, source) + host.untrusted?.should be_true + end - it "propagates both taint and distrust" do - host = mock("host") - source = mock("source").taint.untrust - @o.OBJ_INFECT(host, source) - host.tainted?.should be_true - host.untrusted?.should be_true + it "propagates both taint and distrust" do + host = mock("host") + source = mock("source").taint.untrust + @o.OBJ_INFECT(host, source) + host.tainted?.should be_true + host.untrusted?.should be_true + end end end @@ -659,15 +667,17 @@ describe "CApiObject" do end describe "rb_obj_taint" do - it "marks the object passed as tainted" do - obj = "" - obj.tainted?.should == false - @o.rb_obj_taint(obj) - obj.tainted?.should == true - end + ruby_version_is ''...'2.7' do + it "marks the object passed as tainted" do + obj = "" + obj.tainted?.should == false + @o.rb_obj_taint(obj) + obj.tainted?.should == true + end - it "raises a #{frozen_error_class} if the object passed is frozen" do - -> { @o.rb_obj_taint("".freeze) }.should raise_error(frozen_error_class) + it "raises a #{frozen_error_class} if the object passed is frozen" do + -> { @o.rb_obj_taint("".freeze) }.should raise_error(frozen_error_class) + end end end diff --git a/spec/ruby/optional/capi/string_spec.rb b/spec/ruby/optional/capi/string_spec.rb index 53d28f7940..4da31445fe 100644 --- a/spec/ruby/optional/capi/string_spec.rb +++ b/spec/ruby/optional/capi/string_spec.rb @@ -167,8 +167,10 @@ describe "C-API String function" do @s.rb_str_new("hello", 3).should == "hel" end - it "returns a non-tainted string" do - @s.rb_str_new("hello", 5).tainted?.should == false + ruby_version_is ''...'2.7' do + it "returns a non-tainted string" do + @s.rb_str_new("hello", 5).tainted?.should == false + end end it "returns an empty string if len is 0" do @@ -305,19 +307,21 @@ describe "C-API String function" do end end - describe "rb_tainted_str_new" do - it "creates a new tainted String" do - newstring = @s.rb_tainted_str_new("test", 4) - newstring.should == "test" - newstring.tainted?.should be_true + ruby_version_is ''...'2.7' do + describe "rb_tainted_str_new" do + it "creates a new tainted String" do + newstring = @s.rb_tainted_str_new("test", 4) + newstring.should == "test" + newstring.tainted?.should be_true + end end - end - describe "rb_tainted_str_new2" do - it "creates a new tainted String" do - newstring = @s.rb_tainted_str_new2("test") - newstring.should == "test" - newstring.tainted?.should be_true + describe "rb_tainted_str_new2" do + it "creates a new tainted String" do + newstring = @s.rb_tainted_str_new2("test") + newstring.should == "test" + newstring.tainted?.should be_true + end end end @@ -684,8 +688,10 @@ describe :rb_external_str_new, shared: true do @s.send(@method, "#{x80}abc").encoding.should == Encoding::BINARY end - it "returns a tainted String" do - @s.send(@method, "abc").tainted?.should be_true + ruby_version_is ''...'2.7' do + it "returns a tainted String" do + @s.send(@method, "abc").tainted?.should be_true + end end end @@ -767,9 +773,11 @@ describe "C-API String function" do s.encoding.should equal(Encoding::EUC_JP) end - it "returns a tainted String" do - s = @s.rb_external_str_new_with_enc("abc", 3, Encoding::US_ASCII) - s.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "returns a tainted String" do + s = @s.rb_external_str_new_with_enc("abc", 3, Encoding::US_ASCII) + s.tainted?.should be_true + end end end diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb index e462e0022d..303c47a8c7 100644 --- a/spec/ruby/security/cve_2018_16396_spec.rb +++ b/spec/ruby/security/cve_2018_16396_spec.rb @@ -2,9 +2,11 @@ require_relative '../spec_helper' describe "Array#pack" do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMmPp".each_char do |f| - ["123456".taint].pack(f).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMmPp".each_char do |f| + ["123456".taint].pack(f).tainted?.should be_true + end end end @@ -12,9 +14,11 @@ end describe "String#unpack" do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMm".each_char do |f| - "123456".taint.unpack(f).first.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMm".each_char do |f| + "123456".taint.unpack(f).first.tainted?.should be_true + end end end diff --git a/spec/ruby/shared/string/times.rb b/spec/ruby/shared/string/times.rb index 0baefd25b1..6b45f7aa1e 100644 --- a/spec/ruby/shared/string/times.rb +++ b/spec/ruby/shared/string/times.rb @@ -32,12 +32,14 @@ describe :string_times, shared: true do @object.call(MyString.new("cool"), 2).should be_an_instance_of(MyString) end - it "always taints the result when self is tainted" do - ["", "OK", MyString.new(""), MyString.new("OK")].each do |str| - str.taint + ruby_version_is ''...'2.7' do + it "always taints the result when self is tainted" do + ["", "OK", MyString.new(""), MyString.new("OK")].each do |str| + str.taint - [0, 1, 2].each do |arg| - @object.call(str, arg).tainted?.should == true + [0, 1, 2].each do |arg| + @object.call(str, arg).tainted?.should == true + end end end end diff --git a/sprintf.c b/sprintf.c index 9ff7973120..23eb39a73b 100644 --- a/sprintf.c +++ b/sprintf.c @@ -215,7 +215,6 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) int width, prec, flags = FNONE; int nextarg = 1; int posarg = 0; - int tainted = 0; VALUE nextvalue; VALUE tmp; VALUE orig; @@ -239,7 +238,6 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) ++argc; --argv; - if (OBJ_TAINTED(fmt)) tainted = 1; StringValue(fmt); enc = rb_enc_get(fmt); orig = fmt; @@ -479,7 +477,6 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) else { str = rb_obj_as_string(arg); } - if (OBJ_TAINTED(str)) tainted = 1; len = RSTRING_LEN(str); rb_str_set_len(result, blen); if (coderange != ENC_CODERANGE_BROKEN && scanned < blen) { @@ -931,7 +928,6 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) } rb_str_resize(result, blen); - if (tainted) OBJ_TAINT(result); return result; } @@ -1142,7 +1138,6 @@ ruby__sfvextra(rb_printf_buffer *fp, size_t valsize, void *valp, long *sz, int s StringValueCStr(value); RSTRING_GETMEM(value, cp, *sz); ((rb_printf_buffer_extra *)fp)->value = value; - OBJ_INFECT(result, value); return cp; } diff --git a/string.c b/string.c index 554aabad4b..c47e7212c0 100644 --- a/string.c +++ b/string.c @@ -262,7 +262,7 @@ const struct st_hash_type rb_fstring_hash_type = { rb_str_hash, }; -#define BARE_STRING_P(str) (!FL_ANY_RAW(str, FL_TAINT|FL_EXIVAR) && RBASIC_CLASS(str) == rb_cString) +#define BARE_STRING_P(str) (!FL_ANY_RAW(str, FL_EXIVAR) && RBASIC_CLASS(str) == rb_cString) static int fstr_update_callback(st_data_t *key, st_data_t *value, st_data_t arg, int existing) @@ -359,7 +359,6 @@ register_fstring(VALUE str) assert(OBJ_FROZEN(ret)); assert(!FL_TEST_RAW(ret, STR_FAKESTR)); assert(!FL_TEST_RAW(ret, FL_EXIVAR)); - assert(!FL_TEST_RAW(ret, FL_TAINT)); assert(RBASIC_CLASS(ret) == rb_cString); return ret; } @@ -896,28 +895,22 @@ rb_enc_str_new_static(const char *ptr, long len, rb_encoding *enc) VALUE rb_tainted_str_new(const char *ptr, long len) { - VALUE str = rb_str_new(ptr, len); - - OBJ_TAINT(str); - return str; + rb_warning("rb_tainted_str_new is deprecated and will be removed in Ruby 3.2."); + return rb_str_new(ptr, len); } static VALUE rb_tainted_str_new_with_enc(const char *ptr, long len, rb_encoding *enc) { - VALUE str = rb_enc_str_new(ptr, len, enc); - - OBJ_TAINT(str); - return str; + rb_warning("rb_tainted_str_new_with_enc is deprecated and will be removed in Ruby 3.2."); + return rb_enc_str_new(ptr, len, enc); } VALUE rb_tainted_str_new_cstr(const char *ptr) { - VALUE str = rb_str_new_cstr(ptr); - - OBJ_TAINT(str); - return str; + rb_warning("rb_tainted_str_new_cstr is deprecated and will be removed in Ruby 3.2."); + return rb_str_new_cstr(ptr); } static VALUE str_cat_conv_enc_opts(VALUE newstr, long ofs, const char *ptr, long len, @@ -950,7 +943,6 @@ rb_str_conv_enc_opts(VALUE str, rb_encoding *from, rb_encoding *to, int ecflags, /* some error, return original */ return str; } - OBJ_INFECT(newstr, str); return newstr; } @@ -1055,28 +1047,28 @@ rb_external_str_new_with_enc(const char *ptr, long len, rb_encoding *eenc) const int eidx = rb_enc_to_index(eenc); if (!ptr) { - return rb_tainted_str_new_with_enc(ptr, len, eenc); + return rb_enc_str_new(ptr, len, eenc); } /* ASCII-8BIT case, no conversion */ if ((eidx == rb_ascii8bit_encindex()) || (eidx == rb_usascii_encindex() && search_nonascii(ptr, ptr + len))) { - return rb_tainted_str_new(ptr, len); + return rb_str_new(ptr, len); } /* no default_internal or same encoding, no conversion */ ienc = rb_default_internal_encoding(); if (!ienc || eenc == ienc) { - return rb_tainted_str_new_with_enc(ptr, len, eenc); + return rb_enc_str_new(ptr, len, eenc); } /* ASCII compatible, and ASCII only string, no conversion in * default_internal */ if ((eidx == rb_ascii8bit_encindex()) || (eidx == rb_usascii_encindex()) || (rb_enc_asciicompat(eenc) && !search_nonascii(ptr, ptr + len))) { - return rb_tainted_str_new_with_enc(ptr, len, ienc); + return rb_enc_str_new(ptr, len, ienc); } /* convert from the given encoding to default_internal */ - str = rb_tainted_str_new_with_enc(NULL, 0, ienc); + str = rb_enc_str_new(NULL, 0, ienc); /* when the conversion failed for some reason, just ignore the * default_internal and result in the given encoding as-is. */ if (NIL_P(rb_str_cat_conv_enc_opts(str, 0, ptr, len, eenc, 0, Qnil))) { @@ -1211,35 +1203,21 @@ str_new_shared(VALUE klass, VALUE str) VALUE rb_str_new_shared(VALUE str) { - VALUE str2 = str_new_shared(rb_obj_class(str), str); - - OBJ_INFECT(str2, str); - return str2; + return str_new_shared(rb_obj_class(str), str); } VALUE rb_str_new_frozen(VALUE orig) { - VALUE str; - if (OBJ_FROZEN(orig)) return orig; - - str = str_new_frozen(rb_obj_class(orig), orig); - OBJ_INFECT(str, orig); - return str; + return str_new_frozen(rb_obj_class(orig), orig); } VALUE rb_str_tmp_frozen_acquire(VALUE orig) { - VALUE tmp; - if (OBJ_FROZEN_RAW(orig)) return orig; - - tmp = str_new_frozen(0, orig); - OBJ_INFECT(tmp, orig); - - return tmp; + return str_new_frozen(0, orig); } void @@ -1286,7 +1264,6 @@ str_new_frozen(VALUE klass, VALUE orig) if ((ofs > 0) || (rest > 0) || (klass != RBASIC(shared)->klass) || - ((RBASIC(shared)->flags ^ RBASIC(orig)->flags) & FL_TAINT) || ENCODING_GET(shared) != ENCODING_GET(orig)) { str = str_new_shared(klass, shared); RSTRING(str)->as.heap.ptr += ofs; @@ -1335,7 +1312,6 @@ str_new_empty(VALUE str) { VALUE v = rb_str_new_with_class(str, 0, 0); rb_enc_copy(v, str); - OBJ_INFECT(v, str); return v; } @@ -1435,7 +1411,6 @@ str_shared_replace(VALUE str, VALUE str2) enc = STR_ENC_GET(str2); cr = ENC_CODERANGE(str2); str_discard(str); - OBJ_INFECT(str, str2); termlen = rb_enc_mbminlen(enc); if (STR_EMBEDDABLE_P(RSTRING_LEN(str2), termlen)) { @@ -1485,9 +1460,6 @@ rb_obj_as_string_result(VALUE str, VALUE obj) { if (!RB_TYPE_P(str, T_STRING)) return rb_any_to_s(obj); - if (!FL_TEST_RAW(str, RSTRING_FSTR) && FL_ABLE(obj)) - /* fstring must not be tainted, at least */ - OBJ_INFECT_RAW(str, obj); return str; } @@ -1510,7 +1482,6 @@ str_replace(VALUE str, VALUE str2) str_replace_shared(str, str2); } - OBJ_INFECT(str, str2); return str; } @@ -1521,7 +1492,7 @@ str_duplicate(VALUE klass, VALUE str) const VALUE flag_mask = RSTRING_NOEMBED | RSTRING_EMBED_LEN_MASK | ENC_CODERANGE_MASK | ENCODING_MASK | - FL_TAINT | FL_FREEZE + FL_FREEZE ; VALUE flags = FL_TEST_RAW(str, flag_mask); VALUE dup = str_alloc(klass); @@ -1533,7 +1504,6 @@ str_duplicate(VALUE klass, VALUE str) } else if (UNLIKELY(!(flags & FL_FREEZE))) { str = str_new_frozen(klass, str); - FL_SET_RAW(str, flags & FL_TAINT); flags = FL_TEST_RAW(str, flag_mask); } if (flags & STR_NOEMBED) { @@ -1950,7 +1920,6 @@ rb_str_plus(VALUE str1, VALUE str2) memcpy(ptr3+len1, ptr2, len2); TERM_FILL(&ptr3[len1+len2], termlen); - FL_SET_RAW(str3, OBJ_TAINTED_RAW(str1) | OBJ_TAINTED_RAW(str2)); ENCODING_CODERANGE_SET(str3, rb_enc_to_index(enc), ENC_CODERANGE_AND(ENC_CODERANGE(str1), ENC_CODERANGE(str2))); RB_GC_GUARD(str1); @@ -2014,7 +1983,6 @@ rb_str_times(VALUE str, VALUE times) if (times == INT2FIX(0)) { str2 = str_alloc(rb_obj_class(str)); rb_enc_copy(str2, str); - OBJ_INFECT(str2, str); return str2; } len = NUM2LONG(times); @@ -2030,7 +1998,6 @@ rb_str_times(VALUE str, VALUE times) } STR_SET_LEN(str2, len); rb_enc_copy(str2, str); - OBJ_INFECT(str2, str); return str2; } if (len && LONG_MAX/len < RSTRING_LEN(str)) { @@ -2052,7 +2019,6 @@ rb_str_times(VALUE str, VALUE times) } STR_SET_LEN(str2, len); TERM_FILL(&ptr2[len], termlen); - OBJ_INFECT(str2, str); rb_enc_cr_str_copy_for_substr(str2, str); return str2; @@ -2530,7 +2496,6 @@ rb_str_subseq(VALUE str, long beg, long len) } rb_enc_cr_str_copy_for_substr(str2, str); - OBJ_INFECT(str2, str); return str2; } @@ -2647,7 +2612,6 @@ str_substr(VALUE str, long beg, long len, int empty) else { if (!len && !empty) return Qnil; str2 = rb_str_new_with_class(str, p, len); - OBJ_INFECT(str2, str); RB_GC_GUARD(str); } rb_enc_cr_str_copy_for_substr(str2, str); @@ -2689,8 +2653,8 @@ str_uplus(VALUE str) * * Returns a frozen, possibly pre-existing copy of the string. * - * The string will be deduplicated as long as it is not tainted, - * or has any instance variables set on it. + * The string will be deduplicated as long as it does not have + * any instance variables set on it. */ static VALUE str_uminus(VALUE str) @@ -2999,7 +2963,6 @@ rb_str_buf_append(VALUE str, VALUE str2) rb_enc_cr_str_buf_cat(str, RSTRING_PTR(str2), RSTRING_LEN(str2), ENCODING_GET(str2), str2_cr, &str2_cr); - OBJ_INFECT(str, str2); ENC_CODERANGE_SET(str2, str2_cr); return str; @@ -3041,7 +3004,6 @@ rb_str_concat_literals(size_t num, const VALUE *strary) rb_enc_cr_str_buf_cat(str, RSTRING_PTR(v), RSTRING_LEN(v), encidx, ENC_CODERANGE(v), NULL); - OBJ_INFECT_RAW(str, v); if (encidx != ENCINDEX_US_ASCII) { if (ENCODING_GET_INLINED(str) == ENCINDEX_US_ASCII) rb_enc_set_index(str, encidx); @@ -4137,7 +4099,6 @@ rb_str_succ(VALUE orig) VALUE str; str = rb_str_new_with_class(orig, RSTRING_PTR(orig), RSTRING_LEN(orig)); rb_enc_cr_str_copy_for_substr(str, orig); - OBJ_INFECT(str, orig); return str_succ(str); } @@ -4652,7 +4613,6 @@ rb_str_splice_0(VALUE str, long beg, long len, VALUE val) if (beg == 0 && vlen == 0) { rb_str_drop_bytes(str, len); - OBJ_INFECT(str, val); return; } @@ -4683,7 +4643,6 @@ rb_str_splice_0(VALUE str, long beg, long len, VALUE val) slen += vlen - len; STR_SET_LEN(str, slen); TERM_FILL(&sptr[slen], TERM_LEN(str)); - OBJ_INFECT(str, val); ENC_CODERANGE_SET(str, cr); } @@ -4989,7 +4948,6 @@ rb_pat_search(VALUE pat, VALUE str, long pos, int set_backref_str) str = rb_str_new_frozen(str); rb_backref_set_string(str, pos, RSTRING_LEN(pat)); match = rb_backref_get(); - OBJ_INFECT(match, pat); } else { rb_backref_set(Qnil); @@ -5019,7 +4977,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) { VALUE pat, repl, hash = Qnil; int iter = 0; - int tainted = 0; long plen; int min_arity = rb_block_given_p() ? 1 : 2; long beg; @@ -5034,7 +4991,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) if (NIL_P(hash)) { StringValue(repl); } - tainted = OBJ_TAINTED_RAW(repl); } pat = get_pat_quoted(argv[0], 1); @@ -5094,7 +5050,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) } rb_str_modify(str); rb_enc_associate(str, enc); - tainted |= OBJ_TAINTED_RAW(repl); if (ENC_CODERANGE_UNKNOWN < cr && cr < ENC_CODERANGE_BROKEN) { int cr2 = ENC_CODERANGE(repl); if (cr2 == ENC_CODERANGE_BROKEN || @@ -5119,7 +5074,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) STR_SET_LEN(str, len); TERM_FILL(&RSTRING_PTR(str)[len], TERM_LEN(str)); ENC_CODERANGE_SET(str, cr); - FL_SET_RAW(str, tainted); return str; } @@ -5162,9 +5116,6 @@ rb_str_sub_bang(int argc, VALUE *argv, VALUE str) * The value returned by the block will be substituted for the match on each * call. * - * The result inherits any tainting in the original string or any supplied - * replacement string. - * * "hello".sub(/[aeiou]/, '*') #=> "h*llo" * "hello".sub(/([aeiou])/, '<\1>') #=> "hllo" * "hello".sub(/./) {|s| s.ord.to_s + ' ' } #=> "104 ello" @@ -5203,7 +5154,6 @@ str_gsub(int argc, VALUE *argv, VALUE str, int bang) long offset, blen, slen, len, last; enum {STR, ITER, MAP} mode = STR; char *sp, *cp; - int tainted = 0; int need_backref = -1; rb_encoding *str_enc; @@ -5221,7 +5171,6 @@ str_gsub(int argc, VALUE *argv, VALUE str, int bang) else { mode = MAP; } - tainted = OBJ_TAINTED_RAW(repl); break; default: rb_error_arity(argc, 1, 2); @@ -5281,8 +5230,6 @@ str_gsub(int argc, VALUE *argv, VALUE str, int bang) val = repl; } - tainted |= OBJ_TAINTED_RAW(val); - len = beg0 - offset; /* copy pre-match substr */ if (len) { rb_enc_str_buf_cat(dest, cp, len, str_enc); @@ -5315,11 +5262,9 @@ str_gsub(int argc, VALUE *argv, VALUE str, int bang) } else { RBASIC_SET_CLASS(dest, rb_obj_class(str)); - tainted |= OBJ_TAINTED_RAW(str); str = dest; } - FL_SET_RAW(str, tainted); return str; } @@ -5382,9 +5327,6 @@ rb_str_gsub_bang(int argc, VALUE *argv, VALUE str) * The value returned by the block will be substituted for the match on each * call. * - * The result inherits any tainting in the original string or any supplied - * replacement string. - * * When neither a block nor a second argument is supplied, an * Enumerator is returned. * @@ -5419,7 +5361,7 @@ rb_str_gsub(int argc, VALUE *argv, VALUE str) * call-seq: * str.replace(other_str) -> str * - * Replaces the contents and taintedness of str with the corresponding + * Replaces the contents of str with the corresponding * values in other_str. * * s = "hello" #=> "hello" @@ -5609,8 +5551,6 @@ str_byte_substr(VALUE str, long beg, long len, int empty) } } - OBJ_INFECT_RAW(str2, str); - return str2; } @@ -5727,7 +5667,6 @@ rb_str_reverse(VALUE str) } } STR_SET_LEN(rev, RSTRING_LEN(str)); - OBJ_INFECT_RAW(rev, str); str_enc_copy(rev, str); ENC_CODERANGE_SET(rev, cr); @@ -5981,7 +5920,6 @@ rb_str_escape(VALUE str) if (p > prev) str_buf_cat(result, prev, p - prev); ENCODING_CODERANGE_SET(result, rb_usascii_encindex(), ENC_CODERANGE_7BIT); - OBJ_INFECT_RAW(result, str); return result; } @@ -6088,7 +6026,6 @@ rb_str_inspect(VALUE str) if (p > prev) str_buf_cat(result, prev, p - prev); str_buf_cat2(result, "\""); - OBJ_INFECT_RAW(result, str); return result; } @@ -6251,7 +6188,6 @@ rb_str_dump(VALUE str) snprintf(q, qend-q, nonascii_suffix, enc->name); encidx = rb_ascii8bit_encindex(); } - OBJ_INFECT_RAW(result, str); /* result from dump is ASCII */ rb_enc_associate_index(result, encidx); ENC_CODERANGE_SET(result, ENC_CODERANGE_7BIT); @@ -6486,7 +6422,6 @@ str_undump(VALUE str) } } - OBJ_INFECT(undumped, str); return undumped; invalid_format: rb_raise(rb_eRuntimeError, "invalid dumped string; not wrapped with '\"' nor '\"...\".force_encoding(\"...\")' form"); @@ -6656,7 +6591,6 @@ rb_str_casemap(VALUE source, OnigCaseFoldType *flags, rb_encoding *enc) mapping_buffer_free(current_buffer); /* TODO: check about string terminator character */ - OBJ_INFECT_RAW(target, source); str_enc_copy(target, source); /*ENC_CODERANGE_SET(mapped, cr);*/ @@ -6696,7 +6630,6 @@ rb_str_ascii_casemap(VALUE source, VALUE target, OnigCaseFoldType *flags, rb_enc "; old_length=%ld, new_length=%d\n", old_length, length_or_invalid); } - OBJ_INFECT_RAW(target, source); str_enc_copy(target, source); return target; @@ -6778,7 +6711,6 @@ rb_str_upcase(int argc, VALUE *argv, VALUE str) enc = str_true_enc(str); if (case_option_single_p(flags, enc, str)) { ret = rb_str_new_with_class(str, RSTRING_PTR(str), RSTRING_LEN(str)); - OBJ_INFECT_RAW(ret, str); str_enc_copy(ret, str); upcase_single(ret); } @@ -6907,7 +6839,6 @@ rb_str_downcase(int argc, VALUE *argv, VALUE str) enc = str_true_enc(str); if (case_option_single_p(flags, enc, str)) { ret = rb_str_new_with_class(str, RSTRING_PTR(str), RSTRING_LEN(str)); - OBJ_INFECT_RAW(ret, str); str_enc_copy(ret, str); downcase_single(ret); } @@ -9348,7 +9279,6 @@ scan_once(VALUE str, VALUE pat, long *start, int set_backref_str) } if (!regs || regs->num_regs == 1) { result = rb_str_subseq(str, pos, end - pos); - OBJ_INFECT(result, pat); return result; } result = rb_ary_new2(regs->num_regs); @@ -9356,7 +9286,6 @@ scan_once(VALUE str, VALUE pat, long *start, int set_backref_str) VALUE s = Qnil; if (BEG(i) >= 0) { s = rb_str_subseq(str, BEG(i), END(i)-BEG(i)); - OBJ_INFECT(s, pat); } rb_ary_push(result, s); } @@ -9590,7 +9519,6 @@ rb_str_crypt(VALUE str, VALUE salt) } result = rb_str_new_cstr(res); CRYPT_END(); - FL_SET_RAW(result, OBJ_TAINTED_RAW(str) | OBJ_TAINTED_RAW(salt)); return result; } @@ -9758,8 +9686,6 @@ rb_str_justify(int argc, VALUE *argv, VALUE str, char jflag) } TERM_FILL(p, termlen); STR_SET_LEN(res, p-RSTRING_PTR(res)); - OBJ_INFECT_RAW(res, str); - if (!NIL_P(pad)) OBJ_INFECT_RAW(res, pad); rb_enc_associate(res, enc); if (argc == 2) cr = ENC_CODERANGE_AND(cr, ENC_CODERANGE(pad)); @@ -10209,7 +10135,6 @@ rb_str_b(VALUE str) { VALUE str2 = str_alloc(rb_cString); str_replace_shared_without_enc(str2, str); - OBJ_INFECT_RAW(str2, str); ENC_CODERANGE_CLEAR(str2); return str2; } @@ -10354,7 +10279,6 @@ enc_str_scrub(rb_encoding *enc, VALUE str, VALUE repl, int cr) VALUE buf = Qnil; const char *rep, *p, *e, *p1, *sp; long replen = -1; - int tainted = 0; long slen; if (rb_block_given_p()) { @@ -10368,7 +10292,6 @@ enc_str_scrub(rb_encoding *enc, VALUE str, VALUE repl, int cr) if (!NIL_P(repl)) { repl = str_compat_and_valid(repl, enc); - tainted = OBJ_TAINTED_RAW(repl); } if (rb_enc_dummy_p(enc)) { @@ -10454,7 +10377,6 @@ enc_str_scrub(rb_encoding *enc, VALUE str, VALUE repl, int cr) repl = rb_yield(rb_enc_str_new(p, clen, enc)); str_mod_check(str, sp, slen); repl = str_compat_and_valid(repl, enc); - tainted |= OBJ_TAINTED_RAW(repl); rb_str_buf_cat(buf, RSTRING_PTR(repl), RSTRING_LEN(repl)); if (ENC_CODERANGE(repl) == ENC_CODERANGE_VALID) cr = ENC_CODERANGE_VALID; @@ -10490,7 +10412,6 @@ enc_str_scrub(rb_encoding *enc, VALUE str, VALUE repl, int cr) repl = rb_yield(rb_enc_str_new(p, e-p, enc)); str_mod_check(str, sp, slen); repl = str_compat_and_valid(repl, enc); - tainted |= OBJ_TAINTED_RAW(repl); rb_str_buf_cat(buf, RSTRING_PTR(repl), RSTRING_LEN(repl)); if (ENC_CODERANGE(repl) == ENC_CODERANGE_VALID) cr = ENC_CODERANGE_VALID; @@ -10557,7 +10478,6 @@ enc_str_scrub(rb_encoding *enc, VALUE str, VALUE repl, int cr) repl = rb_yield(rb_enc_str_new(p, clen, enc)); str_mod_check(str, sp, slen); repl = str_compat_and_valid(repl, enc); - tainted |= OBJ_TAINTED_RAW(repl); rb_str_buf_cat(buf, RSTRING_PTR(repl), RSTRING_LEN(repl)); } p += clen; @@ -10585,13 +10505,11 @@ enc_str_scrub(rb_encoding *enc, VALUE str, VALUE repl, int cr) repl = rb_yield(rb_enc_str_new(p, e-p, enc)); str_mod_check(str, sp, slen); repl = str_compat_and_valid(repl, enc); - tainted |= OBJ_TAINTED_RAW(repl); rb_str_buf_cat(buf, RSTRING_PTR(repl), RSTRING_LEN(repl)); } } cr = ENC_CODERANGE_VALID; } - FL_SET_RAW(buf, tainted|OBJ_TAINTED_RAW(str)); ENCODING_CODERANGE_SET(buf, rb_enc_to_index(enc), cr); return buf; } diff --git a/struct.c b/struct.c index f4ae094f00..bf1ff6f386 100644 --- a/struct.c +++ b/struct.c @@ -250,7 +250,6 @@ static void rb_struct_modify(VALUE s) { rb_check_frozen(s); - rb_check_trusted(s); } static VALUE @@ -872,7 +871,6 @@ inspect_struct(VALUE s, VALUE dummy, int recur) rb_str_append(str, rb_inspect(RSTRUCT_GET(s, i))); } rb_str_cat2(str, ">"); - OBJ_INFECT(str, s); return str; } diff --git a/test/-ext-/string/test_fstring.rb b/test/-ext-/string/test_fstring.rb index 71b12e9cce..d51bb033d3 100644 --- a/test/-ext-/string/test_fstring.rb +++ b/test/-ext-/string/test_fstring.rb @@ -12,36 +12,6 @@ class Test_String_Fstring < Test::Unit::TestCase yield fstr end - def test_taint_shared_string - str = __method__.to_s.dup - str.taint - assert_fstring(str) {|s| assert_predicate(s, :tainted?)} - end - - def test_taint_normal_string - str = __method__.to_s * 3 - str.taint - assert_fstring(str) {|s| assert_predicate(s, :tainted?)} - end - - def test_taint_registered_tainted - str = __method__.to_s * 3 - str.taint - assert_fstring(str) {|s| assert_predicate(s, :tainted?)} - - str = __method__.to_s * 3 - assert_fstring(str) {|s| assert_not_predicate(s, :tainted?)} - end - - def test_taint_registered_untainted - str = __method__.to_s * 3 - assert_fstring(str) {|s| assert_not_predicate(s, :tainted?)} - - str = __method__.to_s * 3 - str.taint - assert_fstring(str) {|s| assert_predicate(s, :tainted?)} - end - def test_instance_variable str = __method__.to_s * 3 str.instance_variable_set(:@test, 42) diff --git a/test/-ext-/test_printf.rb b/test/-ext-/test_printf.rb index feaeadd975..cfec388e8c 100644 --- a/test/-ext-/test_printf.rb +++ b/test/-ext-/test_printf.rb @@ -35,15 +35,6 @@ class Test_SPrintf < Test::Unit::TestCase assert_equal("<\u{3042 3044 3046 3048 304a}>", Bug::Printf.s(self)) end - def test_taint - obj = Object.new.taint - assert_equal({to_s: true, inspect: true}, - { - to_s: Bug::Printf.s(obj).tainted?, - inspect: Bug::Printf.v(obj).tainted?, - }) - end - VS = [ #-0x1000000000000000000000000000000000000000000000002, #-0x1000000000000000000000000000000000000000000000001, diff --git a/test/bigdecimal/test_bigdecimal.rb b/test/bigdecimal/test_bigdecimal.rb index dff390b0cc..f6ef88e3f5 100644 --- a/test/bigdecimal/test_bigdecimal.rb +++ b/test/bigdecimal/test_bigdecimal.rb @@ -155,6 +155,15 @@ class TestBigDecimal < Test::Unit::TestCase end end + def test_BigDecimal_with_tainted_string + Thread.new { + $SAFE = 1 + BigDecimal('1'.taint) + }.join + ensure + $SAFE = 0 + end + def test_BigDecimal_with_exception_keyword assert_raise(ArgumentError) { BigDecimal('.', exception: true) diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb index fa1c1e5959..b7bb7b8eae 100644 --- a/test/cgi/test_cgi_util.rb +++ b/test/cgi/test_cgi_util.rb @@ -99,13 +99,6 @@ class CGIUtilTest < Test::Unit::TestCase end end - def test_cgi_escape_html_preserve_tainted - assert_not_predicate CGI.escapeHTML("'&\"><"), :tainted? - assert_predicate CGI.escapeHTML("'&\"><".dup.taint), :tainted? - assert_not_predicate CGI.escapeHTML("Ruby"), :tainted? - assert_predicate CGI.escapeHTML("Ruby".dup.taint), :tainted? - end - def test_cgi_escape_html_dont_freeze assert_not_predicate CGI.escapeHTML("'&\"><".dup), :frozen? assert_not_predicate CGI.escapeHTML("'&\"><".freeze), :frozen? diff --git a/test/drb/test_drb.rb b/test/drb/test_drb.rb index 15e40ac596..9242a22543 100644 --- a/test/drb/test_drb.rb +++ b/test/drb/test_drb.rb @@ -103,15 +103,6 @@ module DRbYield @there.xarray_each {|x| assert_kind_of(XArray, x)} @there.xarray_each {|*x| assert_kind_of(XArray, x[0])} end - - def test_06_taint - x = proc {} - assert_not_predicate(x, :tainted?) - @there.echo_yield(x) {|o| - assert_equal(x, o) - assert_not_predicate(x, :tainted?) - } - end end class TestDRbYield < Test::Unit::TestCase diff --git a/test/fiddle/test_func.rb b/test/fiddle/test_func.rb index ca89173766..d170c59a75 100644 --- a/test/fiddle/test_func.rb +++ b/test/fiddle/test_func.rb @@ -11,6 +11,18 @@ module Fiddle assert_nil f.call(10) end + def test_syscall_with_tainted_string + f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT) + Thread.new { + $SAFE = 1 + assert_raise(SecurityError) do + f.call("uname -rs".dup.taint) + end + }.join + ensure + $SAFE = 0 + end + def test_sinf begin f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT) diff --git a/test/fiddle/test_handle.rb b/test/fiddle/test_handle.rb index 17f9c92a11..c0fac39908 100644 --- a/test/fiddle/test_handle.rb +++ b/test/fiddle/test_handle.rb @@ -8,6 +8,29 @@ module Fiddle class TestHandle < TestCase include Fiddle + def test_safe_handle_open + Thread.new do + $SAFE = 1 + assert_raise(SecurityError) { + Fiddle::Handle.new(LIBC_SO.dup.taint) + } + end.join + ensure + $SAFE = 0 + end + + def test_safe_function_lookup + Thread.new do + h = Fiddle::Handle.new(LIBC_SO) + $SAFE = 1 + assert_raise(SecurityError) { + h["qsort".dup.taint] + } + end.join + ensure + $SAFE = 0 + end + def test_to_i handle = Fiddle::Handle.new(LIBC_SO) assert_kind_of Integer, handle.to_i diff --git a/test/net/imap/test_imap_response_parser.rb b/test/net/imap/test_imap_response_parser.rb index 5c2d54566d..4e470459c9 100644 --- a/test/net/imap/test_imap_response_parser.rb +++ b/test/net/imap/test_imap_response_parser.rb @@ -24,13 +24,13 @@ class IMAPResponseParserTest < Test::Unit::TestCase parser = Net::IMAP::ResponseParser.new assert_nothing_raised do 3.times do |i| - parser.parse(< Envelope-to: info@xxxxxxxx.si @@ -214,7 +214,7 @@ EOF # [Bug #8281] def test_acl parser = Net::IMAP::ResponseParser.new - response = parser.parse(< ", stdout.read(2)) assert_equal(1, Readline::HISTORY.length) assert_equal("hello", Readline::HISTORY[0]) + + # Work around lack of SecurityError in Reline + # test mode with tainted prompt + return if kind_of?(TestRelineAsReadline) + + Thread.start { + $SAFE = 1 + assert_raise(SecurityError) do + replace_stdio(stdin.path, stdout.path) do + Readline.readline("> ".taint) + end + end + }.join + ensure + $SAFE = 0 end end diff --git a/test/rss/test_parser.rb b/test/rss/test_parser.rb index 4e7cc1b963..19344a0643 100644 --- a/test/rss/test_parser.rb +++ b/test/rss/test_parser.rb @@ -19,7 +19,7 @@ EOR @rss_tmp = Tempfile.new(%w"rss10- .rdf") @rss_tmp.print(@rss10) @rss_tmp.close - @rss_file = @rss_tmp.path.untaint + @rss_file = @rss_tmp.path end def teardown diff --git a/test/ruby/test_array.rb b/test/ruby/test_array.rb index 6d730db4ae..476cf795f0 100644 --- a/test/ruby/test_array.rb +++ b/test/ruby/test_array.rb @@ -556,18 +556,14 @@ class TestArray < Test::Unit::TestCase end def test_clone - for taint in [ false, true ] - for frozen in [ false, true ] - a = @cls[*(0..99).to_a] - a.taint if taint - a.freeze if frozen - b = a.clone - - assert_equal(a, b) - assert_not_equal(a.__id__, b.__id__) - assert_equal(a.frozen?, b.frozen?) - assert_equal(a.tainted?, b.tainted?) - end + for frozen in [ false, true ] + a = @cls[*(0..99).to_a] + a.freeze if frozen + b = a.clone + + assert_equal(a, b) + assert_not_equal(a.__id__, b.__id__) + assert_equal(a.frozen?, b.frozen?) end end @@ -754,18 +750,14 @@ class TestArray < Test::Unit::TestCase end def test_dup - for taint in [ false, true ] - for frozen in [ false, true ] - a = @cls[*(0..99).to_a] - a.taint if taint - a.freeze if frozen - b = a.dup - - assert_equal(a, b) - assert_not_equal(a.__id__, b.__id__) - assert_equal(false, b.frozen?) - assert_equal(a.tainted?, b.tainted?) - end + for frozen in [ false, true ] + a = @cls[*(0..99).to_a] + a.freeze if frozen + b = a.dup + + assert_equal(a, b) + assert_not_equal(a.__id__, b.__id__) + assert_equal(false, b.frozen?) end end @@ -865,13 +857,6 @@ class TestArray < Test::Unit::TestCase assert_raise(TypeError, "[ruby-dev:31197]") { [[]].flatten("") } end - def test_flatten_taint - a6 = @cls[[1, 2], 3] - a6.taint - a7 = a6.flatten - assert_equal(true, a7.tainted?) - end - def test_flatten_level0 a8 = @cls[[1, 2], 3] a9 = a8.flatten(0) @@ -1132,20 +1117,6 @@ class TestArray < Test::Unit::TestCase assert_equal("1,2,3", a.join(',')) $, = "" - a = @cls[1, 2, 3] - a.taint - s = a.join - assert_equal(true, s.tainted?) - - bug5902 = '[ruby-core:42161]' - sep = ":".taint - - s = @cls[].join(sep) - assert_equal(false, s.tainted?, bug5902) - s = @cls[1].join(sep) - assert_equal(false, s.tainted?, bug5902) - s = @cls[1, 2].join(sep) - assert_equal(true, s.tainted?, bug5902) e = ''.force_encoding('EUC-JP') u = ''.force_encoding('UTF-8') @@ -2899,13 +2870,6 @@ class TestArray < Test::Unit::TestCase assert_equal(Array2, Array2[*(1..100)][1..99].class) #not embedded end - def test_inspect - a = @cls[1, 2, 3] - a.taint - s = a.inspect - assert_equal(true, s.tainted?) - end - def test_initialize2 a = [1] * 1000 a.instance_eval { initialize } diff --git a/test/ruby/test_econv.rb b/test/ruby/test_econv.rb index 115ff73ea8..a469614d84 100644 --- a/test/ruby/test_econv.rb +++ b/test/ruby/test_econv.rb @@ -685,7 +685,6 @@ class TestEncodingConverter < Test::Unit::TestCase ec = Encoding::Converter.new("utf-8", "euc-jp") assert_raise(Encoding::InvalidByteSequenceError) { ec.convert("a\x80") } assert_raise(Encoding::UndefinedConversionError) { ec.convert("\ufffd") } - assert_predicate(ec.convert("abc".taint), :tainted?) ret = ec.primitive_convert(nil, "", nil, nil) assert_equal(:finished, ret) assert_raise(ArgumentError) { ec.convert("a") } diff --git a/test/ruby/test_encoding.rb b/test/ruby/test_encoding.rb index a088fe1aa4..40fd302c07 100644 --- a/test/ruby/test_encoding.rb +++ b/test/ruby/test_encoding.rb @@ -34,9 +34,6 @@ class TestEncoding < Test::Unit::TestCase assert_raise(TypeError) { e.dup } assert_raise(TypeError) { e.clone } assert_equal(e.object_id, Marshal.load(Marshal.dump(e)).object_id) - assert_not_predicate(e, :tainted?) - Marshal.load(Marshal.dump(e).taint) - assert_not_predicate(e, :tainted?, '[ruby-core:71793] [Bug #11760]') end end diff --git a/test/ruby/test_env.rb b/test/ruby/test_env.rb index b01c3b12ee..d9301ff76c 100644 --- a/test/ruby/test_env.rb +++ b/test/ruby/test_env.rb @@ -46,7 +46,6 @@ class TestEnv < Test::Unit::TestCase end ENV['TEST'] = 'bar' assert_equal('bar', ENV['TEST']) - assert_predicate(ENV['TEST'], :tainted?) if IGNORE_CASE assert_equal('bar', ENV['test']) else @@ -113,7 +112,6 @@ class TestEnv < Test::Unit::TestCase assert_invalid_env {|v| ENV[v]} ENV[PATH_ENV] = "" assert_equal("", ENV[PATH_ENV]) - assert_predicate(ENV[PATH_ENV], :tainted?) assert_nil(ENV[""]) end @@ -136,7 +134,6 @@ class TestEnv < Test::Unit::TestCase assert_nothing_raised { ENV.fetch(PATH_ENV, "foo") } ENV[PATH_ENV] = "" assert_equal("", ENV.fetch(PATH_ENV)) - assert_predicate(ENV.fetch(PATH_ENV), :tainted?) end def test_aset @@ -154,9 +151,6 @@ class TestEnv < Test::Unit::TestCase assert_equal("test", ENV["foo"]) rescue Errno::EINVAL end - - ENV[PATH_ENV] = "/tmp/".taint - assert_equal("/tmp/", ENV[PATH_ENV]) end def test_keys @@ -364,7 +358,6 @@ class TestEnv < Test::Unit::TestCase assert_equal("foo", v) end assert_invalid_env {|var| ENV.assoc(var)} - assert_predicate(v, :tainted?) assert_equal(Encoding.find("locale"), v.encoding) end diff --git a/test/ruby/test_exception.rb b/test/ruby/test_exception.rb index 442a36b2fd..05cc109b48 100644 --- a/test/ruby/test_exception.rb +++ b/test/ruby/test_exception.rb @@ -550,28 +550,6 @@ end.join end end - def test_to_s_taintness_propagation - for exc in [Exception, NameError] - m = "abcdefg" - e = exc.new(m) - e.taint - s = e.to_s - assert_equal(false, m.tainted?, - "#{exc}#to_s should not propagate taintness") - assert_equal(false, s.tainted?, - "#{exc}#to_s should not propagate taintness") - end - - o = Object.new - def o.to_str - "foo" - end - o.taint - e = NameError.new(o) - s = e.to_s - assert_equal(false, s.tainted?) - end - def m m(&->{return 0}) 42 diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb index 5599040e1e..9153298fd0 100644 --- a/test/ruby/test_file.rb +++ b/test/ruby/test_file.rb @@ -287,26 +287,6 @@ class TestFile < Test::Unit::TestCase } end - def test_realpath_taintedness - Dir.mktmpdir('rubytest-realpath') {|tmpdir| - dir = File.realpath(tmpdir).untaint - File.write(File.join(dir, base = "test.file"), '') - base.taint - dir.taint - assert_predicate(File.realpath(base, dir), :tainted?) - base.untaint - dir.taint - assert_predicate(File.realpath(base, dir), :tainted?) - base.taint - dir.untaint - assert_predicate(File.realpath(base, dir), :tainted?) - base.untaint - dir.untaint - assert_predicate(File.realpath(base, dir), :tainted?) - assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?) - } - end - def test_realpath_special_symlink IO.pipe do |r, w| if File.pipe?(path = "/dev/fd/#{r.fileno}") diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index 4bb5479303..b96b727349 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -187,24 +187,6 @@ class TestFileExhaustive < Test::Unit::TestCase end end - def test_path_taint - [regular_file, utf8_file].each do |file| - file.untaint - assert_equal(false, File.open(file) {|f| f.path}.tainted?) - assert_equal(true, File.open(file.dup.taint) {|f| f.path}.tainted?) - o = Object.new - class << o; self; end.class_eval do - define_method(:to_path) { file } - end - assert_equal(false, File.open(o) {|f| f.path}.tainted?) - class << o; self; end.class_eval do - remove_method(:to_path) - define_method(:to_path) { file.dup.taint } - end - assert_equal(true, File.open(o) {|f| f.path}.tainted?) - end - end - def assert_integer(n) assert_kind_of(Integer, n) end @@ -1077,32 +1059,6 @@ class TestFileExhaustive < Test::Unit::TestCase assert_match(%r"\A#{DRIVE}/foo\z"i, File.expand_path('/foo')) end - def test_expand_path_returns_tainted_strings_or_not - assert_equal(true, File.expand_path('foo').tainted?) - assert_equal(true, File.expand_path('foo'.taint).tainted?) - assert_equal(true, File.expand_path('/foo'.taint).tainted?) - assert_equal(true, File.expand_path('foo', 'bar').tainted?) - assert_equal(true, File.expand_path('foo', '/bar'.taint).tainted?) - assert_equal(true, File.expand_path('foo'.taint, '/bar').tainted?) - assert_equal(true, File.expand_path('~').tainted?) if ENV["HOME"] - - if DRIVE - assert_equal(true, File.expand_path('/foo').tainted?) - assert_equal(false, File.expand_path('//foo').tainted?) - assert_equal(true, File.expand_path('C:/foo'.taint).tainted?) - assert_equal(false, File.expand_path('C:/foo').tainted?) - assert_equal(true, File.expand_path('foo', '/bar').tainted?) - assert_equal(true, File.expand_path('foo', 'C:/bar'.taint).tainted?) - assert_equal(true, File.expand_path('foo'.taint, 'C:/bar').tainted?) - assert_equal(false, File.expand_path('foo', 'C:/bar').tainted?) - assert_equal(false, File.expand_path('C:/foo/../bar').tainted?) - assert_equal(false, File.expand_path('foo', '//bar').tainted?) - else - assert_equal(false, File.expand_path('/foo').tainted?) - assert_equal(false, File.expand_path('foo', '/bar').tainted?) - end - end - def test_expand_path_converts_a_pathname_to_an_absolute_pathname_using_home_as_base old_home = ENV["HOME"] home = ENV["HOME"] = "#{DRIVE}/UserHome" diff --git a/test/ruby/test_hash.rb b/test/ruby/test_hash.rb index 8f6d782af4..ccc3355930 100644 --- a/test/ruby/test_hash.rb +++ b/test/ruby/test_hash.rb @@ -320,17 +320,6 @@ class TestHash < Test::Unit::TestCase assert_same "ABC".freeze, c.keys[0] end - def test_tainted_string_key - str = 'str'.taint - h = {} - h[str] = nil - key = h.keys.first - assert_predicate str, :tainted? - assert_not_predicate str, :frozen? - assert_predicate key, :tainted? - assert_predicate key, :frozen? - end - def test_EQUAL # '==' h1 = @cls[ "a" => 1, "c" => 2 ] h2 = @cls[ "a" => 1, "c" => 2, 7 => 35 ] @@ -353,18 +342,14 @@ class TestHash < Test::Unit::TestCase end def test_clone - for taint in [ false, true ] - for frozen in [ false, true ] - a = @h.clone - a.taint if taint - a.freeze if frozen - b = a.clone - - assert_equal(a, b) - assert_not_same(a, b) - assert_equal(a.frozen?, b.frozen?) - assert_equal(a.tainted?, b.tainted?) - end + for frozen in [ false, true ] + a = @h.clone + a.freeze if frozen + b = a.clone + + assert_equal(a, b) + assert_not_same(a, b) + assert_equal(a.frozen?, b.frozen?) end end @@ -451,18 +436,14 @@ class TestHash < Test::Unit::TestCase end def test_dup - for taint in [ false, true ] - for frozen in [ false, true ] - a = @h.dup - a.taint if taint - a.freeze if frozen - b = a.dup - - assert_equal(a, b) - assert_not_same(a, b) - assert_equal(false, b.frozen?) - assert_equal(a.tainted?, b.tainted?) - end + for frozen in [ false, true ] + a = @h.dup + a.freeze if frozen + b = a.dup + + assert_equal(a, b) + assert_not_same(a, b) + assert_equal(false, b.frozen?) end end @@ -712,10 +693,8 @@ class TestHash < Test::Unit::TestCase h.instance_variable_set(:@foo, :foo) h.default = 42 - h.taint h = EnvUtil.suppress_warning {h.reject {false}} assert_instance_of(Hash, h) - assert_not_predicate(h, :tainted?) assert_nil(h.default) assert_not_send([h, :instance_variable_defined?, :@foo]) end @@ -840,11 +819,6 @@ class TestHash < Test::Unit::TestCase assert_equal([3,4], a.delete([3,4])) assert_equal([5,6], a.delete([5,6])) assert_equal(0, a.length) - - h = @cls[ 1=>2, 3=>4, 5=>6 ] - h.taint - a = h.to_a - assert_equal(true, a.tainted?) end def test_to_hash @@ -1037,10 +1011,8 @@ class TestHash < Test::Unit::TestCase h.instance_variable_set(:@foo, :foo) h.default = 42 - h.taint h = h.select {true} assert_instance_of(Hash, h) - assert_not_predicate(h, :tainted?) assert_nil(h.default) assert_not_send([h, :instance_variable_defined?, :@foo]) end @@ -1083,10 +1055,8 @@ class TestHash < Test::Unit::TestCase h.instance_variable_set(:@foo, :foo) h.default = 42 - h.taint h = h.filter {true} assert_instance_of(Hash, h) - assert_not_predicate(h, :tainted?) assert_nil(h.default) assert_not_send([h, :instance_variable_defined?, :@foo]) end diff --git a/test/ruby/test_io.rb b/test/ruby/test_io.rb index cabcc652c1..f3b08154c8 100644 --- a/test/ruby/test_io.rb +++ b/test/ruby/test_io.rb @@ -2768,13 +2768,6 @@ class TestIO < Test::Unit::TestCase } end if /freebsd|linux/ =~ RUBY_PLATFORM and defined? File::NOFOLLOW - def test_tainted - make_tempfile {|t| - assert_predicate(File.read(t.path, 4), :tainted?, '[ruby-dev:38826]') - assert_predicate(File.open(t.path) {|f| f.read(4)}, :tainted?, '[ruby-dev:38826]') - } - end - def test_binmode_after_closed make_tempfile {|t| assert_raise(IOError) {t.binmode} diff --git a/test/ruby/test_m17n.rb b/test/ruby/test_m17n.rb index 44f3cc97a9..6c7d0e6bae 100644 --- a/test/ruby/test_m17n.rb +++ b/test/ruby/test_m17n.rb @@ -1582,8 +1582,6 @@ class TestM17N < Test::Unit::TestCase s = "\u3042" assert_equal(a("\xE3\x81\x82"), s.b) assert_equal(Encoding::ASCII_8BIT, s.b.encoding) - s.taint - assert_predicate(s.b, :tainted?) s = "abc".b assert_predicate(s.b, :ascii_only?) end @@ -1592,16 +1590,13 @@ class TestM17N < Test::Unit::TestCase str = "foo" assert_equal(str, str.scrub) assert_not_same(str, str.scrub) - assert_predicate(str.dup.taint.scrub, :tainted?) str = "\u3042\u3044" assert_equal(str, str.scrub) assert_not_same(str, str.scrub) - assert_predicate(str.dup.taint.scrub, :tainted?) str.force_encoding(Encoding::ISO_2022_JP) # dummy encoding assert_equal(str, str.scrub) assert_not_same(str, str.scrub) assert_nothing_raised(ArgumentError) {str.scrub(nil)} - assert_predicate(str.dup.taint.scrub, :tainted?) end def test_scrub_modification_inside_block @@ -1620,8 +1615,6 @@ class TestM17N < Test::Unit::TestCase def test_scrub_replace_default assert_equal("\uFFFD\uFFFD\uFFFD", u("\x80\x80\x80").scrub) assert_equal("\uFFFDA", u("\xF4\x80\x80A").scrub) - assert_predicate(u("\x80\x80\x80").taint.scrub, :tainted?) - assert_predicate(u("\xF4\x80\x80A").taint.scrub, :tainted?) # examples in Unicode 6.1.0 D93b assert_equal("\x41\uFFFD\uFFFD\x41\uFFFD\x41", @@ -1636,14 +1629,8 @@ class TestM17N < Test::Unit::TestCase def test_scrub_replace_argument assert_equal("foo", u("foo").scrub("\u3013")) - assert_predicate(u("foo").taint.scrub("\u3013"), :tainted?) - assert_not_predicate(u("foo").scrub("\u3013".taint), :tainted?) assert_equal("\u3042\u3044", u("\xE3\x81\x82\xE3\x81\x84").scrub("\u3013")) - assert_predicate(u("\xE3\x81\x82\xE3\x81\x84").taint.scrub("\u3013"), :tainted?) - assert_not_predicate(u("\xE3\x81\x82\xE3\x81\x84").scrub("\u3013".taint), :tainted?) assert_equal("\u3042\u3013", u("\xE3\x81\x82\xE3\x81").scrub("\u3013")) - assert_predicate(u("\xE3\x81\x82\xE3\x81").taint.scrub("\u3013"), :tainted?) - assert_predicate(u("\xE3\x81\x82\xE3\x81").scrub("\u3013".taint), :tainted?) assert_raise(Encoding::CompatibilityError){ u("\xE3\x81\x82\xE3\x81").scrub(e("\xA4\xA2")) } assert_raise(TypeError){ u("\xE3\x81\x82\xE3\x81").scrub(1) } assert_raise(ArgumentError){ u("\xE3\x81\x82\xE3\x81\x82\xE3\x81").scrub(u("\x81")) } @@ -1652,8 +1639,6 @@ class TestM17N < Test::Unit::TestCase def test_scrub_replace_block assert_equal("\u3042", u("\xE3\x81\x82\xE3\x81").scrub{|x|'<'+x.unpack('H*')[0]+'>'}) - assert_predicate(u("\xE3\x81\x82\xE3\x81").taint.scrub{|x|'<'+x.unpack('H*')[0]+'>'}, :tainted?) - assert_predicate(u("\xE3\x81\x82\xE3\x81").scrub{|x|('<'+x.unpack('H*')[0]+'>').taint}, :tainted?) assert_raise(Encoding::CompatibilityError){ u("\xE3\x81\x82\xE3\x81").scrub{e("\xA4\xA2")} } assert_raise(TypeError){ u("\xE3\x81\x82\xE3\x81").scrub{1} } assert_raise(ArgumentError){ u("\xE3\x81\x82\xE3\x81\x82\xE3\x81").scrub{u("\x81")} } diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index f6d84d181a..f300710d2c 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -189,57 +189,6 @@ class TestMarshal < Test::Unit::TestCase end end - def test_taint - x = Object.new - x.taint - s = Marshal.dump(x) - assert_equal(true, s.tainted?) - y = Marshal.load(s) - assert_equal(true, y.tainted?) - end - - def test_taint_each_object - x = Object.new - obj = [[x]] - - # clean object causes crean stream - assert_equal(false, obj.tainted?) - assert_equal(false, obj.first.tainted?) - assert_equal(false, obj.first.first.tainted?) - s = Marshal.dump(obj) - assert_equal(false, s.tainted?) - - # tainted object causes tainted stream - x.taint - assert_equal(false, obj.tainted?) - assert_equal(false, obj.first.tainted?) - assert_equal(true, obj.first.first.tainted?) - t = Marshal.dump(obj) - assert_equal(true, t.tainted?) - - # clean stream causes clean objects - assert_equal(false, s.tainted?) - y = Marshal.load(s) - assert_equal(false, y.tainted?) - assert_equal(false, y.first.tainted?) - assert_equal(false, y.first.first.tainted?) - - # tainted stream causes tainted objects - assert_equal(true, t.tainted?) - y = Marshal.load(t) - assert_equal(true, y.tainted?) - assert_equal(true, y.first.tainted?) - assert_equal(true, y.first.first.tainted?) - - # same tests by different senario - s.taint - assert_equal(true, s.tainted?) - y = Marshal.load(s) - assert_equal(true, y.tainted?) - assert_equal(true, y.first.tainted?) - assert_equal(true, y.first.first.tainted?) - end - def test_symbol2 [:ruby, :"\u{7d05}\u{7389}"].each do |sym| assert_equal(sym, Marshal.load(Marshal.dump(sym)), '[ruby-core:24788]') @@ -499,16 +448,6 @@ class TestMarshal < Test::Unit::TestCase module TestModule end - def test_marshal_load_should_not_taint_classes - bug7325 = '[ruby-core:49198]' - for c in [TestClass, TestModule] - assert_not_predicate(c, :tainted?) - c2 = Marshal.load(Marshal.dump(c).taint) - assert_same(c, c2) - assert_not_predicate(c, :tainted?, bug7325) - end - end - class Bug7627 < Struct.new(:bar) attr_accessor :foo @@ -620,15 +559,6 @@ class TestMarshal < Test::Unit::TestCase assert_equal(Marshal.dump(bare), Marshal.dump(packed)) end - def test_untainted_numeric - bug8945 = '[ruby-core:57346] [Bug #8945] Numerics never be tainted' - b = RbConfig::LIMITS['FIXNUM_MAX'] + 1 - tainted = [0, 1.0, 1.72723e-77, b].select do |x| - Marshal.load(Marshal.dump(x).taint).tainted? - end - assert_empty(tainted.map {|x| [x, x.class]}, bug8945) - end - class Bug9523 attr_reader :cc def marshal_dump diff --git a/test/ruby/test_method.rb b/test/ruby/test_method.rb index afab7eb900..3942e047e8 100644 --- a/test/ruby/test_method.rb +++ b/test/ruby/test_method.rb @@ -456,9 +456,6 @@ class TestMethod < Test::Unit::TestCase c3.class_eval { alias bar foo } m3 = c3.new.method(:bar) assert_equal("#", m3.inspect, bug7806) - - m.taint - assert_predicate(m.inspect, :tainted?, "inspect result should be infected") end def test_callee_top_level diff --git a/test/ruby/test_object.rb b/test/ruby/test_object.rb index 013b3f01f5..add5b9fb15 100644 --- a/test/ruby/test_object.rb +++ b/test/ruby/test_object.rb @@ -96,17 +96,6 @@ class TestObject < Test::Unit::TestCase assert_raise(TypeError) { 1.kind_of?(1) } end - def test_taint_frozen_obj - o = Object.new - o.freeze - assert_raise(FrozenError) { o.taint } - - o = Object.new - o.taint - o.freeze - assert_raise(FrozenError) { o.untaint } - end - def test_freeze_immediate assert_equal(true, 1.frozen?) 1.freeze @@ -794,36 +783,7 @@ class TestObject < Test::Unit::TestCase end end - def test_untrusted - verbose = $VERBOSE - $VERBOSE = false - begin - obj = Object.new - assert_equal(false, obj.untrusted?) - assert_equal(false, obj.tainted?) - obj.untrust - assert_equal(true, obj.untrusted?) - assert_equal(true, obj.tainted?) - obj.trust - assert_equal(false, obj.untrusted?) - assert_equal(false, obj.tainted?) - obj.taint - assert_equal(true, obj.untrusted?) - assert_equal(true, obj.tainted?) - obj.untaint - assert_equal(false, obj.untrusted?) - assert_equal(false, obj.tainted?) - ensure - $VERBOSE = verbose - end - end - def test_to_s - x = Object.new - x.taint - s = x.to_s - assert_equal(true, s.tainted?) - x = eval(<<-EOS) class ToS\u{3042} new.to_s @@ -832,14 +792,10 @@ class TestObject < Test::Unit::TestCase assert_match(/\bToS\u{3042}:/, x) name = "X".freeze - x = Object.new.taint + x = Object.new class<$/, proc {}.to_s) assert_match(/^#$/, lambda {}.to_s) assert_match(/^#$/, method(:p).to_proc.to_s) - x = proc {} - x.taint - assert_predicate(x.to_s, :tainted?) name = "Proc\u{1f37b}" assert_include(EnvUtil.labeled_class(name, Proc).new {}.to_s, name) end diff --git a/test/ruby/test_range.rb b/test/ruby/test_range.rb index 0dee88e7f9..4df14539a9 100644 --- a/test/ruby/test_range.rb +++ b/test/ruby/test_range.rb @@ -499,11 +499,6 @@ class TestRange < Test::Unit::TestCase assert_equal("0...1", (0...1).to_s) assert_equal("0..", (0..nil).to_s) assert_equal("0...", (0...nil).to_s) - - bug11767 = '[ruby-core:71811] [Bug #11767]' - assert_predicate(("0".taint.."1").to_s, :tainted?, bug11767) - assert_predicate(("0".."1".taint).to_s, :tainted?, bug11767) - assert_predicate(("0".."1").taint.to_s, :tainted?, bug11767) end def test_inspect @@ -515,11 +510,6 @@ class TestRange < Test::Unit::TestCase assert_equal("...1", (nil...1).inspect) assert_equal("nil..nil", (nil..nil).inspect) assert_equal("nil...nil", (nil...nil).inspect) - - bug11767 = '[ruby-core:71811] [Bug #11767]' - assert_predicate(("0".taint.."1").inspect, :tainted?, bug11767) - assert_predicate(("0".."1".taint).inspect, :tainted?, bug11767) - assert_predicate(("0".."1").taint.inspect, :tainted?, bug11767) end def test_eqq diff --git a/test/ruby/test_refinement.rb b/test/ruby/test_refinement.rb index 34451de482..9d8bb92648 100644 --- a/test/ruby/test_refinement.rb +++ b/test/ruby/test_refinement.rb @@ -2064,7 +2064,6 @@ class TestRefinement < Test::Unit::TestCase def test_tostring assert_equal("ok", ToString.new.string) - assert_predicate(ToString.new.taint.string, :tainted?) end class ToSymbol diff --git a/test/ruby/test_require.rb b/test/ruby/test_require.rb index e21ed88e47..e310ac7c70 100644 --- a/test/ruby/test_require.rb +++ b/test/ruby/test_require.rb @@ -379,31 +379,6 @@ class TestRequire < Test::Unit::TestCase end end - def test_tainted_loadpath - Tempfile.create(["test_ruby_test_require", ".rb"]) {|t| - abs_dir, file = File.split(t.path) - abs_dir = File.expand_path(abs_dir).untaint - - assert_separately([], <<-INPUT) - abs_dir = "#{ abs_dir }" - $: << abs_dir - assert_nothing_raised {require "#{ file }"} - INPUT - - assert_separately([], <<-INPUT) - abs_dir = "#{ abs_dir }" - $: << abs_dir.taint - assert_nothing_raised {require "#{ file }"} - INPUT - - assert_separately([], <<-INPUT) - abs_dir = "#{ abs_dir }" - $: << abs_dir << 'elsewhere'.taint - assert_nothing_raised {require "#{ file }"} - INPUT - } - end - def test_relative load_path = $:.dup $:.delete(".") diff --git a/test/ruby/test_rubyoptions.rb b/test/ruby/test_rubyoptions.rb index 27a9434a5c..10d54550c1 100644 --- a/test/ruby/test_rubyoptions.rb +++ b/test/ruby/test_rubyoptions.rb @@ -1043,13 +1043,6 @@ class TestRubyOptions < Test::Unit::TestCase assert_in_out_err([IO::NULL], success: true) end - def test_argv_tainted - assert_separately(%w[- arg], "#{<<~"begin;"}\n#{<<~'end;'}") - begin; - assert_predicate(ARGV[0], :tainted?, '[ruby-dev:50596] [Bug #14941]') - end; - end - private def mjit_force_enabled? diff --git a/test/ruby/test_signal.rb b/test/ruby/test_signal.rb index 48cb60cb77..a62537d59d 100644 --- a/test/ruby/test_signal.rb +++ b/test/ruby/test_signal.rb @@ -137,11 +137,6 @@ class TestSignal < Test::Unit::TestCase assert_raise(ArgumentError) { Signal.trap } - assert_raise(SecurityError) do - s = proc {}.taint - Signal.trap(:INT, s) - end - # FIXME! Signal.trap(:INT, nil) Signal.trap(:INT, "") diff --git a/test/ruby/test_string.rb b/test/ruby/test_string.rb index 41d4871379..a86e26c774 100644 --- a/test/ruby/test_string.rb +++ b/test/ruby/test_string.rb @@ -607,18 +607,14 @@ CODE end def test_clone - for taint in [ false, true ] - for frozen in [ false, true ] - a = S("Cool") - a.taint if taint - a.freeze if frozen - b = a.clone - - assert_equal(a, b) - assert_not_same(a, b) - assert_equal(a.frozen?, b.frozen?) - assert_equal(a.tainted?, b.tainted?) - end + for frozen in [ false, true ] + a = S("Cool") + a.freeze if frozen + b = a.clone + + assert_equal(a, b) + assert_not_same(a, b) + assert_equal(a.frozen?, b.frozen?) end assert_equal("", File.read(IO::NULL).clone, '[ruby-dev:32819] reported by Kazuhiro NISHIYAMA') @@ -851,18 +847,14 @@ CODE end def test_dup - for taint in [ false, true ] - for frozen in [ false, true ] - a = S("hello") - a.taint if taint - a.freeze if frozen - b = a.dup - - assert_equal(a, b) - assert_not_same(a, b) - assert_not_predicate(b, :frozen?) - assert_equal(a.tainted?, b.tainted?) - end + for frozen in [ false, true ] + a = S("hello") + a.freeze if frozen + b = a.dup + + assert_equal(a, b) + assert_not_same(a, b) + assert_not_predicate(b, :frozen?) end end @@ -1005,7 +997,6 @@ CODE ].each do |g| assert_equal [g], g.each_grapheme_cluster.to_a assert_equal 1, g.each_grapheme_cluster.size - assert_predicate g.dup.taint.each_grapheme_cluster.to_a[0], :tainted? end [ @@ -1015,9 +1006,6 @@ CODE ].each do |str, grapheme_clusters| assert_equal grapheme_clusters, str.each_grapheme_cluster.to_a assert_equal grapheme_clusters.size, str.each_grapheme_cluster.size - str.dup.taint.each_grapheme_cluster do |g| - assert_predicate g, :tainted? - end end s = ("x"+"\u{10ABCD}"*250000) @@ -1039,7 +1027,6 @@ CODE ].product([Encoding::UTF_8, *WIDE_ENCODINGS]) do |g, enc| g = g.encode(enc) assert_equal [g], g.grapheme_clusters - assert_predicate g.taint.grapheme_clusters[0], :tainted? end [ @@ -1057,14 +1044,13 @@ CODE assert_equal ["A", "B", "C"], "ABC".grapheme_clusters {} } else - s = "ABC".b.taint + s = "ABC".b res = [] assert_same s, s.grapheme_clusters {|x| res << x } assert_equal(3, res.size) assert_equal("A", res[0]) assert_equal("B", res[1]) assert_equal("C", res[2]) - res.each {|g| assert_predicate(g, :tainted?)} end end @@ -1213,10 +1199,6 @@ CODE S("hello").gsub(/(hell)(.)/) { |s| $1.upcase + S('-') + $2 }) assert_equal(S("<>h<>e<>l<>l<>o<>"), S("hello").gsub(S(''), S('<\0>'))) - a = S("hello") - a.taint - assert_predicate(a.gsub(/./, S('X')), :tainted?) - assert_equal("z", "abc".gsub(/./, "a" => "z"), "moved from btest/knownbug") assert_raise(ArgumentError) { "foo".gsub } @@ -1261,11 +1243,6 @@ CODE a.gsub!(/(hell)(.)/) { |s| $1.upcase + S('-') + $2 } assert_equal(S("HELL-o"), a) - r = S('X') - r.taint - a.gsub!(/./, r) - assert_predicate(a, :tainted?) - a = S("hello") assert_nil(a.sub!(S('X'), S('Y'))) end @@ -1457,10 +1434,8 @@ CODE assert_equal(S("foobar"), a.replace(S("foobar"))) a = S("foo") - a.taint b = a.replace(S("xyz")) assert_equal(S("xyz"), b) - assert_predicate(b, :tainted?) s = "foo" * 100 s2 = ("bar" * 100).dup @@ -1555,12 +1530,6 @@ CODE a.scan(/(...)/) { |w| res << w } assert_equal([[S("cru")], [S("el ")], [S("wor")]],res) - a = S("hello") - a.taint - res = [] - a.scan(/./) { |w| res << w } - assert_predicate(res[0], :tainted?, '[ruby-core:33338] #4087') - /h/ =~ a a.scan(/x/) assert_nil($~) @@ -1569,8 +1538,6 @@ CODE a.scan('x') assert_nil($~) - assert_equal(3, S("hello hello hello").scan("hello".taint).count(&:tainted?)) - assert_equal(%w[1 2 3], S("a1 a2 a3").scan(/a\K./)) end @@ -1954,11 +1921,6 @@ CODE assert_equal(S("a\\&aba"), S("ababa").sub(/b/, '\\\\&')) assert_equal(S("a\\baba"), S("ababa").sub(/b/, '\\\\\&')) - a = S("hello") - a.taint - x = a.sub(/./, S('X')) - assert_predicate(x, :tainted?) - o = Object.new def o.to_str; "bar"; end assert_equal("fooBARbaz", "foobarbaz".sub(o, "BAR")) @@ -2006,11 +1968,6 @@ CODE a=S("hello") assert_nil(a.sub!(/X/, S('Y'))) - r = S('X') - r.taint - a.sub!(/./, r) - assert_predicate(a, :tainted?) - bug16105 = '[Bug #16105] heap-use-after-free' a = S("ABCDEFGHIJKLMNOPQRSTUVWXYZ012345678") b = a.dup @@ -3201,10 +3158,8 @@ CODE assert_equal(1, str.instance_variable_get(:@iv)) str = @cls.new("foo") - str.taint assert_instance_of(@cls, -str) assert_equal(false, str.frozen?) - assert_predicate(str, :tainted?) end def test_ord diff --git a/test/ruby/test_symbol.rb b/test/ruby/test_symbol.rb index d657f1aae6..c47cadf4bb 100644 --- a/test/ruby/test_symbol.rb +++ b/test/ruby/test_symbol.rb @@ -538,14 +538,6 @@ class TestSymbol < Test::Unit::TestCase end; end - def test_not_freeze - bug11721 = '[ruby-core:71611] [Bug #11721]' - str = "\u{1f363}".taint - assert_not_predicate(str, :frozen?) - assert_equal str, str.to_sym.to_s - assert_not_predicate(str, :frozen?, bug11721) - end - def test_hash_nondeterministic ruby = EnvUtil.rubybin assert_not_equal :foo.hash, `#{ruby} -e 'puts :foo.hash'`.to_i, diff --git a/test/ruby/test_trace.rb b/test/ruby/test_trace.rb index 77be94e9be..5842f11aee 100644 --- a/test/ruby/test_trace.rb +++ b/test/ruby/test_trace.rb @@ -20,17 +20,6 @@ class TestTrace < Test::Unit::TestCase untrace_var :$x end - def test_trace_tainted_proc - $x = 1234 - s = proc { $y = :foo } - trace_var :$x, s - s.taint - $x = 42 - assert_equal(:foo, $y) - ensure - untrace_var :$x - end - def test_trace_proc_that_raises_exception $x = 1234 trace_var :$x, proc { raise } diff --git a/test/strscan/test_stringscanner.rb b/test/strscan/test_stringscanner.rb index 5e798028b7..4b001b317e 100644 --- a/test/strscan/test_stringscanner.rb +++ b/test/strscan/test_stringscanner.rb @@ -16,20 +16,12 @@ class TestStringScanner < Test::Unit::TestCase s = create_string_scanner('test string') assert_instance_of StringScanner, s assert_equal false, s.eos? - assert_equal false, s.tainted? str = 'test string'.dup - str.taint s = create_string_scanner(str, false) assert_instance_of StringScanner, s assert_equal false, s.eos? assert_same str, s.string - assert_equal true, s.string.tainted? - - str = 'test string'.dup - str.taint - s = create_string_scanner(str) - assert_equal true, s.string.tainted? end UNINIT_ERROR = ArgumentError @@ -101,14 +93,12 @@ class TestStringScanner < Test::Unit::TestCase def test_inspect str = 'test string'.dup - str.taint s = create_string_scanner(str, false) assert_instance_of String, s.inspect assert_equal s.inspect, s.inspect assert_equal '#', s.inspect.sub(/StringScanner_C/, 'StringScanner') s.get_byte assert_equal '#', s.inspect.sub(/StringScanner_C/, 'StringScanner') - assert_equal true, s.inspect.tainted? s = create_string_scanner("\n") assert_equal '#', s.inspect @@ -233,40 +223,33 @@ class TestStringScanner < Test::Unit::TestCase s = create_string_scanner('stra strb strc', true) tmp = s.scan(/\w+/) assert_equal 'stra', tmp - assert_equal false, tmp.tainted? tmp = s.scan(/\s+/) assert_equal ' ', tmp - assert_equal false, tmp.tainted? assert_equal 'strb', s.scan(/\w+/) assert_equal ' ', s.scan(/\s+/) tmp = s.scan(/\w+/) assert_equal 'strc', tmp - assert_equal false, tmp.tainted? assert_nil s.scan(/\w+/) assert_nil s.scan(/\w+/) str = 'stra strb strc'.dup - str.taint s = create_string_scanner(str, false) tmp = s.scan(/\w+/) assert_equal 'stra', tmp - assert_equal true, tmp.tainted? tmp = s.scan(/\s+/) assert_equal ' ', tmp - assert_equal true, tmp.tainted? assert_equal 'strb', s.scan(/\w+/) assert_equal ' ', s.scan(/\s+/) tmp = s.scan(/\w+/) assert_equal 'strc', tmp - assert_equal true, tmp.tainted? assert_nil s.scan(/\w+/) assert_nil s.scan(/\w+/) @@ -291,15 +274,12 @@ class TestStringScanner < Test::Unit::TestCase assert_equal 'str', s.scan('str') assert_equal 'str', s[0] assert_equal 3, s.pos - assert_equal false, s.tainted? assert_equal 'a ', s.scan('a ') str = 'stra strb strc'.dup - str.taint s = create_string_scanner(str, false) matched = s.scan('str') assert_equal 'str', matched - assert_equal true, matched.tainted? end def test_skip @@ -346,14 +326,6 @@ class TestStringScanner < Test::Unit::TestCase assert_equal 'e', s.getch assert_nil s.getch - str = 'abc'.dup - str.taint - s = create_string_scanner(str) - assert_equal true, s.getch.tainted? - assert_equal true, s.getch.tainted? - assert_equal true, s.getch.tainted? - assert_nil s.getch - s = create_string_scanner("\244\242".dup.force_encoding("euc-jp")) assert_equal "\244\242".dup.force_encoding("euc-jp"), s.getch assert_nil s.getch @@ -374,14 +346,6 @@ class TestStringScanner < Test::Unit::TestCase assert_nil s.get_byte assert_nil s.get_byte - str = 'abc'.dup - str.taint - s = create_string_scanner(str) - assert_equal true, s.get_byte.tainted? - assert_equal true, s.get_byte.tainted? - assert_equal true, s.get_byte.tainted? - assert_nil s.get_byte - s = create_string_scanner("\244\242".dup.force_encoding("euc-jp")) assert_equal "\244".dup.force_encoding("euc-jp"), s.get_byte assert_equal "\242".dup.force_encoding("euc-jp"), s.get_byte @@ -397,7 +361,6 @@ class TestStringScanner < Test::Unit::TestCase s = create_string_scanner('stra strb strc') s.scan(/\w+/) assert_equal 'stra', s.matched - assert_equal false, s.matched.tainted? s.scan(/\s+/) assert_equal ' ', s.matched s.scan('st') @@ -416,18 +379,9 @@ class TestStringScanner < Test::Unit::TestCase s = create_string_scanner('stra strb strc') s.getch assert_equal 's', s.matched - assert_equal false, s.matched.tainted? s.get_byte assert_equal 't', s.matched assert_equal 't', s.matched - assert_equal false, s.matched.tainted? - - str = 'test'.dup - str.taint - s = create_string_scanner(str) - s.scan(/\w+/) - assert_equal true, s.matched.tainted? - assert_equal true, s.matched.tainted? end def test_AREF @@ -441,9 +395,6 @@ class TestStringScanner < Test::Unit::TestCase assert_raise(IndexError) { s[:c] } assert_raise(IndexError) { s['c'] } - assert_equal false, s[-1].tainted? - assert_equal false, s[0].tainted? - s.skip(/\s+/) assert_nil s[-2] assert_equal ' ', s[-1] @@ -486,16 +437,6 @@ class TestStringScanner < Test::Unit::TestCase s.getch assert_equal "\244\242".dup.force_encoding("euc-jp"), s[0] - str = 'test'.dup - str.taint - s = create_string_scanner(str) - s.scan(/(t)(e)(s)(t)/) - assert_equal true, s[0].tainted? - assert_equal true, s[1].tainted? - assert_equal true, s[2].tainted? - assert_equal true, s[3].tainted? - assert_equal true, s[4].tainted? - s = create_string_scanner("foo bar baz") s.scan(/(?\w+) (?\w+) (\w+)/) assert_equal 'foo', s[1] @@ -514,10 +455,8 @@ class TestStringScanner < Test::Unit::TestCase s = create_string_scanner('a b c d e') s.scan(/\w/) assert_equal '', s.pre_match - assert_equal false, s.pre_match.tainted? s.skip(/\s/) assert_equal 'a', s.pre_match - assert_equal false, s.pre_match.tainted? s.scan('b') assert_equal 'a ', s.pre_match s.scan_until(/c/) @@ -530,16 +469,6 @@ class TestStringScanner < Test::Unit::TestCase assert_equal 'a b c d', s.pre_match s.scan(/never match/) assert_nil s.pre_match - - str = 'test string'.dup - str.taint - s = create_string_scanner(str) - s.scan(/\w+/) - assert_equal true, s.pre_match.tainted? - s.scan(/\s+/) - assert_equal true, s.pre_match.tainted? - s.scan(/\w+/) - assert_equal true, s.pre_match.tainted? end def test_post_match @@ -564,16 +493,6 @@ class TestStringScanner < Test::Unit::TestCase assert_equal '', s.post_match s.scan(/./) assert_nil s.post_match - - str = 'test string'.dup - str.taint - s = create_string_scanner(str) - s.scan(/\w+/) - assert_equal true, s.post_match.tainted? - s.scan(/\s+/) - assert_equal true, s.post_match.tainted? - s.scan(/\w+/) - assert_equal true, s.post_match.tainted? end def test_terminate diff --git a/test/test_set.rb b/test/test_set.rb index b20920e63e..b0f669ce86 100644 --- a/test/test_set.rb +++ b/test/test_set.rb @@ -696,15 +696,6 @@ class TC_Set < Test::Unit::TestCase assert_equal(set, ret.flatten) end - def test_taintness - orig = set = Set[1,2,3] - assert_equal false, set.tainted? - assert_same orig, set.taint - assert_equal true, set.tainted? - assert_same orig, set.untaint - assert_equal false, set.tainted? - end - def test_freeze orig = set = Set[1,2,3] assert_equal false, set.frozen? diff --git a/thread.c b/thread.c index 52d89a01a9..9bc2a1882b 100644 --- a/thread.c +++ b/thread.c @@ -3185,7 +3185,6 @@ rb_thread_to_s(VALUE thread) rb_gc_force_recycle(loc); } rb_str_catf(str, " %s>", status); - OBJ_INFECT(str, thread); return str; } diff --git a/time.c b/time.c index 8a573c0d67..41588483ab 100644 --- a/time.c +++ b/time.c @@ -1818,7 +1818,6 @@ static void time_modify(VALUE time) { rb_check_frozen(time); - rb_check_trusted(time); } static wideval_t diff --git a/transcode.c b/transcode.c index 8a6c53595f..aeab90f9e6 100644 --- a/transcode.c +++ b/transcode.c @@ -373,7 +373,6 @@ load_transcoder_entry(transcoder_entry_t *entry) memcpy(path, transcoder_lib_prefix, sizeof(transcoder_lib_prefix) - 1); memcpy(path + sizeof(transcoder_lib_prefix) - 1, lib, len); rb_str_set_len(fn, total_len); - FL_UNSET(fn, FL_TAINT); OBJ_FREEZE(fn); rb_require_string(fn); } @@ -1841,7 +1840,6 @@ rb_econv_substr_append(rb_econv_t *ec, VALUE src, long off, long len, VALUE dst, src = rb_str_new_frozen(src); dst = rb_econv_append(ec, RSTRING_PTR(src) + off, len, dst, flags); RB_GC_GUARD(src); - OBJ_INFECT_RAW(dst, src); return dst; } @@ -3780,7 +3778,6 @@ econv_primitive_convert(int argc, VALUE *argv, VALUE self) res = rb_econv_convert(ec, &ip, is, &op, os, flags); rb_str_set_len(output, op-(unsigned char *)RSTRING_PTR(output)); if (!NIL_P(input)) { - OBJ_INFECT_RAW(output, input); rb_str_drop_bytes(input, ip - (unsigned char *)RSTRING_PTR(input)); } diff --git a/variable.c b/variable.c index 825f2d6271..4b3b172833 100644 --- a/variable.c +++ b/variable.c @@ -543,9 +543,6 @@ rb_f_trace_var(int argc, const VALUE *argv) return rb_f_untrace_var(argc, argv); } entry = rb_global_entry(rb_to_id(var)); - if (OBJ_TAINTED(cmd)) { - rb_raise(rb_eSecurityError, "Insecure: tainted variable trace"); - } trace = ALLOC(struct trace_var); trace->next = entry->var->trace; trace->func = rb_trace_eval; @@ -1968,10 +1965,6 @@ rb_autoload_str(VALUE mod, ID id, VALUE file) DATA_PTR(av) = tbl = st_init_numtable(); } - if (OBJ_TAINTED(file)) { - file = rb_str_dup(file); - FL_UNSET(file, FL_TAINT); - } file = rb_fstring(file); if (!autoload_featuremap) { autoload_featuremap = rb_ident_hash_new(); diff --git a/vm.c b/vm.c index 29745143b7..75c3e078cf 100644 --- a/vm.c +++ b/vm.c @@ -2290,7 +2290,6 @@ rb_vm_register_special_exception_str(enum ruby_special_exceptions sp, VALUE cls, { rb_vm_t *vm = GET_VM(); VALUE exc = rb_exc_new3(cls, rb_obj_freeze(mesg)); - OBJ_TAINT(exc); OBJ_FREEZE(exc); ((VALUE *)vm->special_exceptions)[sp] = exc; rb_gc_register_mark_object(exc); -- cgit v1.2.3