[前][次][番号順一覧][スレッド一覧]

ruby-changes:10427

From: yugui <ko1@a...>
Date: Mon, 2 Feb 2009 20:33:16 +0900 (JST)
Subject: [ruby-changes:10427] Ruby:r21974 (trunk): adds a test case for r21955 and r21917.

yugui	2009-02-02 20:33:08 +0900 (Mon, 02 Feb 2009)

  New Revision: 21974

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=21974

  Log:
    adds a test case for r21955 and r21917.

  Modified files:
    trunk/test/ruby/test_require.rb

Index: test/ruby/test_require.rb
===================================================================
--- test/ruby/test_require.rb	(revision 21973)
+++ test/ruby/test_require.rb	(revision 21974)
@@ -195,4 +195,50 @@
 
     assert_raise(ArgumentError) { at_exit }
   end
+
+  def test_tainted_loadpath
+    t = Tempfile.new(["test_ruby_test_require", ".rb"])
+    abs_dir, file = File.dirname(t.path), File.basename(t.path)
+    abs_dir = File.expand_path(abs_dir).untaint
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir
+      require "#{ file }"
+      p :ok
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir.taint
+      require "#{ file }"
+      p :ok
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir.taint
+      $SAFE = 1
+      begin
+        require "#{ file }"
+      rescue SecurityError
+        p :ok
+      end
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir.taint
+      $SAFE = 1
+      require "#{ t.path }"
+      p :ok
+    INPUT
+
+    assert_in_out_err([], <<-INPUT, %w(:ok), [])
+      abs_dir = "#{ abs_dir }"
+      $: << abs_dir << 'elsewhere'.taint
+      require "#{ file }"
+      p :ok
+    INPUT
+  end
 end

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]