ruby--ruby/spec/ruby/security/cve_2018_16396_spec.rb

require_relative '../spec_helper'

describe "Array#pack" do

  it "resists CVE-2018-16396 by tainting output based on input" do
    "aAZBbHhuMmPp".each_char do |f|
      ["123456".taint].pack(f).tainted?.should be_true
    end
  end

end

describe "String#unpack" do

  it "resists CVE-2018-16396 by tainting output based on input" do
    "aAZBbHhuMm".each_char do |f|
      "123456".taint.unpack(f).first.tainted?.should be_true
    end
  end

end
Update to ruby/spec@8b743a3 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-10-27 06:48:40 -04:00			`require_relative '../spec_helper'`

			`describe "Array#pack" do`

			`it "resists CVE-2018-16396 by tainting output based on input" do`
			`"aAZBbHhuMmPp".each_char do \|f\|`
			`["123456".taint].pack(f).tainted?.should be_true`
			`end`
			`end`

			`end`

			`describe "String#unpack" do`

			`it "resists CVE-2018-16396 by tainting output based on input" do`
			`"aAZBbHhuMm".each_char do \|f\|`
			`"123456".taint.unpack(f).first.tainted?.should be_true`
			`end`
			`end`

			`end`