From 1a45b0448224009a9bde9b28ae259d8674c792be Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 1 Oct 2019 11:06:17 +0000
Subject: lib/shell/command-processor.rb (Shell#[]): prevent unknown command

`FileTest.send(command, ...)` allows to call not only FileTest-related
methods but also any method that belongs to Kernel, Object, etc.
patched by <mame@ruby-lang.org>


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67820 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/shell/command-processor.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/shell/command-processor.rb')

diff --git a/lib/shell/command-processor.rb b/lib/shell/command-processor.rb
index 2239ca98f6..b50f4003a7 100644
--- a/lib/shell/command-processor.rb
+++ b/lib/shell/command-processor.rb
@@ -180,6 +180,9 @@ class Shell
             top_level_test(command, file1)
           end
         else
+          unless FileTest.methods(false).include?(command.to_sym)
+            raise "unsupported command: #{ command }"
+          end
           if file2
             FileTest.send(command, file1, file2)
           else
-- 
cgit v1.2.3