2015-12-16 00:07:31 -05:00
|
|
|
# frozen_string_literal: false
|
2013-03-26 10:55:04 -04:00
|
|
|
require_relative 'helper'
|
2011-04-21 15:17:46 -04:00
|
|
|
|
|
|
|
module Psych
|
|
|
|
class TestStringTainted < TestCase
|
|
|
|
class Tainted < Handler
|
|
|
|
attr_reader :tc
|
|
|
|
|
|
|
|
def initialize tc
|
|
|
|
@tc = tc
|
|
|
|
end
|
|
|
|
|
|
|
|
def start_document version, tags, implicit
|
|
|
|
tags.flatten.each do |tag|
|
|
|
|
assert_taintedness tag
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def alias name
|
|
|
|
assert_taintedness name
|
|
|
|
end
|
|
|
|
|
|
|
|
def scalar value, anchor, tag, plain, quoted, style
|
|
|
|
assert_taintedness value
|
|
|
|
assert_taintedness tag if tag
|
|
|
|
assert_taintedness anchor if anchor
|
|
|
|
end
|
|
|
|
|
|
|
|
def start_sequence anchor, tag, implicit, style
|
|
|
|
assert_taintedness tag if tag
|
|
|
|
assert_taintedness anchor if anchor
|
|
|
|
end
|
|
|
|
|
|
|
|
def start_mapping anchor, tag, implicit, style
|
|
|
|
assert_taintedness tag if tag
|
|
|
|
assert_taintedness anchor if anchor
|
|
|
|
end
|
|
|
|
|
|
|
|
def assert_taintedness thing, message = "'#{thing}' should be tainted"
|
|
|
|
tc.assert thing.tainted?, message
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class Untainted < Tainted
|
|
|
|
def assert_taintedness thing, message = "'#{thing}' should not be tainted"
|
|
|
|
tc.assert !thing.tainted?, message
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def setup
|
|
|
|
handler = Tainted.new self
|
|
|
|
@parser = Psych::Parser.new handler
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_tags_are_tainted
|
|
|
|
assert_taintedness "%TAG !yaml! tag:yaml.org,2002:\n---\n!yaml!str \"foo\""
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_alias
|
|
|
|
assert_taintedness "--- &ponies\n- foo\n- *ponies"
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_scalar
|
|
|
|
assert_taintedness "--- ponies"
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_anchor
|
|
|
|
assert_taintedness "--- &hi ponies"
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_scalar_tag
|
|
|
|
assert_taintedness "--- !str ponies"
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_seq_start_tag
|
|
|
|
assert_taintedness "--- !!seq [ a ]"
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_seq_start_anchor
|
|
|
|
assert_taintedness "--- &zomg [ a ]"
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_seq_mapping_tag
|
|
|
|
assert_taintedness "--- !!map { a: b }"
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_seq_mapping_anchor
|
|
|
|
assert_taintedness "--- &himom { a: b }"
|
|
|
|
end
|
|
|
|
|
|
|
|
def assert_taintedness string
|
|
|
|
@parser.parse string.taint
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class TestStringUntainted < TestStringTainted
|
|
|
|
def setup
|
|
|
|
handler = Untainted.new self
|
|
|
|
@parser = Psych::Parser.new handler
|
|
|
|
end
|
|
|
|
|
|
|
|
def assert_taintedness string
|
|
|
|
@parser.parse string
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class TestStringIOUntainted < TestStringTainted
|
|
|
|
def setup
|
|
|
|
handler = Untainted.new self
|
|
|
|
@parser = Psych::Parser.new handler
|
|
|
|
end
|
|
|
|
|
|
|
|
def assert_taintedness string
|
|
|
|
@parser.parse StringIO.new(string)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
class TestIOTainted < TestStringTainted
|
|
|
|
def assert_taintedness string
|
* test/csv/test_features.rb, test/logger/test_logger.rb
test/mkmf/test_have_macro.rb, test/net/http/test_http.rb,
test/openssl/test_config.rb, test/psych/test_encoding.rb,
test/psych/test_exception.rb, test/psych/test_psych.rb,
test/psych/test_tainted.rb, test/readline/test_readline.rb,
test/rexml/test_contrib.rb, test/ruby/test_autoload.rb,
test/ruby/test_beginendblock.rb, test/ruby/test_exception.rb,
test/ruby/test_file.rb, test/ruby/test_io.rb,
test/ruby/test_marshal.rb, test/ruby/test_process.rb,
test/ruby/test_require.rb, test/ruby/test_rubyoptions.rb,
test/syslog/test_syslog_logger.rb, test/webrick/test_httpauth.rb,
test/zlib/test_zlib.rb: Use Tempfile.create.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-04-20 19:03:52 -04:00
|
|
|
Tempfile.create(['something', 'yml']) {|t|
|
|
|
|
t.binmode
|
|
|
|
t.write string
|
|
|
|
t.close
|
|
|
|
File.open(t.path, 'r:bom|utf-8') { |f|
|
|
|
|
@parser.parse f
|
|
|
|
}
|
2012-02-23 18:12:57 -05:00
|
|
|
}
|
2011-04-21 15:17:46 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|