mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
401b64c4e8
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62656 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
19 lines
442 B
Ruby
19 lines
442 B
Ruby
require_relative '../spec_helper'
|
|
|
|
require 'json'
|
|
|
|
describe "String#to_f" do
|
|
|
|
it "resists CVE-2013-4164 by converting very long Strings to a Float" do
|
|
"1.#{'1'*1000000}".to_f.should be_close(1.1111111111111112, TOLERANCE)
|
|
end
|
|
|
|
end
|
|
|
|
describe "JSON.parse" do
|
|
|
|
it "resists CVE-2013-4164 by converting very long Strings to a Float" do
|
|
JSON.parse("[1.#{'1'*1000000}]").first.should be_close(1.1111111111111112, TOLERANCE)
|
|
end
|
|
|
|
end
|