mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
[ruby/rdoc] Vertical-bar is disallowed in path names on Windows
No risk of remote code execution, when the file cannot be created. https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58 ``` Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch' D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799' 460: temp_dir do 461: file_list = ['| touch evil.txt && echo tags'] 462: file_list.each do |f| => 463: FileUtils.touch f 464: end 465: 466: assert_equal file_list, @rdoc.remove_unparseable(file_list) ``` https://github.com/ruby/rdoc/commit/a7df7dc8fa
This commit is contained in:
parent
a298bdf860
commit
10e63f3f56
1 changed files with 1 additions and 1 deletions
|
@ -460,7 +460,7 @@ class TestRDocRDoc < RDoc::TestCase
|
|||
temp_dir do
|
||||
file_list = ['| touch evil.txt && echo tags']
|
||||
file_list.each do |f|
|
||||
FileUtils.touch f
|
||||
FileUtils.touch f rescue omit
|
||||
end
|
||||
|
||||
assert_equal file_list, @rdoc.remove_unparseable(file_list)
|
||||
|
|
Loading…
Reference in a new issue