file.c: infect from arguments

* file.c (rb_check_realpath_internal): infetct the result with arguments, no taint if none are tainted and cwd is not used. [ruby-core:83583] [Bug #14060] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60596 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2017-11-01 01:51:57 +00:00 · 2017-11-01 01:51:57 +00:00 · 42727ceb19
commit 42727ceb19
parent f5f6232399
2 changed files with 18 additions and 1 deletions
--- a/file.c
+++ b/file.c
@ -4086,7 +4086,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode
 	}
    }

-    OBJ_TAINT(resolved);
+    OBJ_INFECT(resolved, unresolved_path);
    RB_GC_GUARD(unresolved_path);
    RB_GC_GUARD(curdir);
    return resolved;
--- a/test/ruby/test_file.rb
+++ b/test/ruby/test_file.rb
@ -283,6 +283,23 @@ class TestFile < Test::Unit::TestCase
    }
  end

+  def test_realpath_taintedness
+    Dir.mktmpdir('rubytest-realpath') {|tmpdir|
+      realdir = File.realpath(tmpdir)
+      assert_predicate(realdir, :tainted?)
+      dir, base = File.split(realdir)
+      assert_predicate(File.realpath(base, dir), :tainted?)
+      base.untaint
+      assert_predicate(File.realpath(base, dir), :tainted?)
+      base.taint
+      dir.untaint
+      assert_predicate(File.realpath(base, dir), :tainted?)
+      base.untaint
+      assert_not_predicate(File.realpath(base, dir), :tainted?)
+      assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?)
+    }
+  end
+
  def test_realdirpath
    Dir.mktmpdir('rubytest-realdirpath') {|tmpdir|
      realdir = File.realpath(tmpdir)