ruby-changes:48485
From: nobu <ko1@a...>
Date: Wed, 1 Nov 2017 11:22:14 +0900 (JST)
Subject: [ruby-changes:48485] nobu:r60599 (trunk): file.c: infect from arguments
nobu 2017-11-01 11:22:10 +0900 (Wed, 01 Nov 2017) New Revision: 60599 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=60599 Log: file.c: infect from arguments * file.c (rb_check_realpath_internal): infetct the result with arguments, no taint if none are tainted and cwd is not used. [ruby-core:83583] [Bug #14060] Modified files: trunk/file.c trunk/test/ruby/test_file.rb Index: file.c =================================================================== --- file.c (revision 60598) +++ file.c (revision 60599) @@ -4086,7 +4086,7 @@ rb_check_realpath_internal(VALUE basedir https://github.com/ruby/ruby/blob/trunk/file.c#L4086 } } - OBJ_TAINT(resolved); + OBJ_INFECT(resolved, unresolved_path); RB_GC_GUARD(unresolved_path); RB_GC_GUARD(curdir); return resolved; Index: test/ruby/test_file.rb =================================================================== --- test/ruby/test_file.rb (revision 60598) +++ test/ruby/test_file.rb (revision 60599) @@ -283,6 +283,26 @@ class TestFile < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_file.rb#L283 } end + def test_realpath_taintedness + Dir.mktmpdir('rubytest-realpath') {|tmpdir| + dir = File.realpath(tmpdir).untaint + File.write(File.join(dir, base = "test.file"), '') + base.taint + dir.taint + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + dir.taint + assert_predicate(File.realpath(base, dir), :tainted?) + base.taint + dir.untaint + assert_predicate(File.realpath(base, dir), :tainted?) + base.untaint + dir.untaint + assert_not_predicate(File.realpath(base, dir), :tainted?) + assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?) + } + end + def test_realdirpath Dir.mktmpdir('rubytest-realdirpath') {|tmpdir| realdir = File.realpath(tmpdir) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/