1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

[ruby/rdoc] Vertical-bar is disallowed in path names on Windows

No risk of remote code execution, when the file cannot be created.

https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58
```
Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch'
D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799'
     460:     temp_dir do
     461:       file_list = ['| touch evil.txt && echo tags']
     462:       file_list.each do |f|
  => 463:         FileUtils.touch f
     464:       end
     465:
     466:       assert_equal file_list, @rdoc.remove_unparseable(file_list)
```

https://github.com/ruby/rdoc/commit/a7df7dc8fa
This commit is contained in:
Nobuyoshi Nakada 2021-05-15 01:26:51 +09:00
parent a298bdf860
commit 10e63f3f56
No known key found for this signature in database
GPG key ID: 7CD2805BFA3770C6

View file

@ -460,7 +460,7 @@ class TestRDocRDoc < RDoc::TestCase
temp_dir do
file_list = ['| touch evil.txt && echo tags']
file_list.each do |f|
FileUtils.touch f
FileUtils.touch f rescue omit
end
assert_equal file_list, @rdoc.remove_unparseable(file_list)