kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity
ruby--ruby/spec/ruby/security/cve_2018_16396_spec.rb

26 lines
545 B
Ruby
Raw Normal View History

Update to ruby/spec@8b743a3 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-10-27 06:48:40 -04:00
require_relative '../spec_helper'
describe "Array#pack" do
Deprecate taint/trust and related methods, and make the methods no-ops This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby.
2019-09-24 23:59:12 -04:00
ruby_version_is ''...'2.7' do
it "resists CVE-2018-16396 by tainting output based on input" do
"aAZBbHhuMmPp".each_char do |f|
["123456".taint].pack(f).tainted?.should be_true
end
Update to ruby/spec@8b743a3 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-10-27 06:48:40 -04:00
end
end
end
describe "String#unpack" do
Deprecate taint/trust and related methods, and make the methods no-ops This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby.
2019-09-24 23:59:12 -04:00
ruby_version_is ''...'2.7' do
it "resists CVE-2018-16396 by tainting output based on input" do
"aAZBbHhuMm".each_char do |f|
"123456".taint.unpack(f).first.tainted?.should be_true
end
Update to ruby/spec@8b743a3 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-10-27 06:48:40 -04:00
end
end
end
Copy permalink