kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

More fixes for $SAFE/taint post merging

Browse source
This commit is contained in:
Jeremy Evans 2019-11-14 18:54:13 -08:00
parent ffd0820ab3
commit ab42e5a486
Notes: git 2019-11-18 08:01:14 +09:00 
Merged: https://github.com/ruby/ruby/pull/2476
5 changed files with 29 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
compile.c
View file

@ -11469,8 +11469,6 @@ ibf_load_setup_bytes(struct ibf_load *load, VALUE loader_obj, const char *bytes,
static void
ibf_load_setup(struct ibf_load *load, VALUE loader_obj, VALUE str)
{
rb_check_safe_obj(str);
if (RSTRING_LENINT(str) < (int)sizeof(struct ibf_header)) {
rb_raise(rb_eRuntimeError, "broken binary format");
}

16
test/bigdecimal/test_bigdecimal.rb
View file

@ -155,13 +155,15 @@ class TestBigDecimal < Test::Unit::TestCase
end
end
def test_BigDecimal_with_tainted_string
Thread.new {
$SAFE = 1
BigDecimal('1'.taint)
}.join
ensure
$SAFE = 0
if RUBY_VERSION < '2.7'
def test_BigDecimal_with_tainted_string
Thread.new {
$SAFE = 1
BigDecimal('1'.taint)
}.join
ensure
$SAFE = 0
end
end
def test_BigDecimal_with_exception_keyword

12
test/fiddle/test_func.rb
View file

@ -11,18 +11,6 @@ module Fiddle
assert_nil f.call(10)
end
def test_syscall_with_tainted_string
f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
Thread.new {
$SAFE = 1
assert_raise(SecurityError) do
f.call("uname -rs".dup.taint)
end
}.join
ensure
$SAFE = 0
end
def test_sinf
begin
f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)

23
test/fiddle/test_handle.rb
View file

@ -8,29 +8,6 @@ module Fiddle
class TestHandle < TestCase
include Fiddle
def test_safe_handle_open
Thread.new do
$SAFE = 1
assert_raise(SecurityError) {
Fiddle::Handle.new(LIBC_SO.dup.taint)
}
end.join
ensure
$SAFE = 0
end
def test_safe_function_lookup
Thread.new do
h = Fiddle::Handle.new(LIBC_SO)
$SAFE = 1
assert_raise(SecurityError) {
h["qsort".dup.taint]
}
end.join
ensure
$SAFE = 0
end
def test_to_i
handle = Fiddle::Handle.new(LIBC_SO)
assert_kind_of Integer, handle.to_i

35
test/readline/test_readline.rb
View file

@ -43,19 +43,22 @@ module BasetestReadline
assert_equal("hello", Readline::HISTORY[0])
# Work around lack of SecurityError in Reline
# test mode with tainted prompt
return if kind_of?(TestRelineAsReadline)
Thread.start {
$SAFE = 1
assert_raise(SecurityError) do
replace_stdio(stdin.path, stdout.path) do
Readline.readline("> ".taint)
end
# test mode with tainted prompt.
# Also skip test on Ruby 2.7+, where $SAFE/taint is deprecated.
if RUBY_VERSION < '2.7' && !kind_of?(TestRelineAsReadline)
begin
Thread.start {
$SAFE = 1
assert_raise(SecurityError) do
replace_stdio(stdin.path, stdout.path) do
Readline.readline("> ".taint)
end
end
}.join
ensure
$SAFE = 0
end
}.join
ensure
$SAFE = 0
end
end
end
@ -96,7 +99,8 @@ module BasetestReadline
assert_equal(12, actual_point)
assert_equal("first complete finish", Readline.line_buffer)
assert_equal(Encoding.find("locale"), Readline.line_buffer.encoding)
assert_equal(true, Readline.line_buffer.tainted?)
assert_equal(true, Readline.line_buffer.tainted?) if RUBY_VERSION < '2.7'
assert_equal(22, Readline.point)
stdin.rewind
@ -113,7 +117,8 @@ module BasetestReadline
assert_equal(12, actual_point)
assert_equal("first complete finish", Readline.line_buffer)
assert_equal(Encoding.find("locale"), Readline.line_buffer.encoding)
assert_equal(true, Readline.line_buffer.tainted?)
assert_equal(true, Readline.line_buffer.tainted?) if RUBY_VERSION < '2.7'
assert_equal(21, Readline.point)
end
end
@ -526,7 +531,7 @@ module BasetestReadline
end
assert_equal('second\\ third', passed_text)
assert_equal('first completion', line)
assert_equal('first completion', line.chomp(' '))
ensure
Readline.completer_quote_characters = saved_completer_quote_characters
Readline.completer_word_break_characters = saved_completer_word_break_characters