ruby-changes:10427
From: yugui <ko1@a...>
Date: Mon, 2 Feb 2009 20:33:16 +0900 (JST)
Subject: [ruby-changes:10427] Ruby:r21974 (trunk): adds a test case for r21955 and r21917.
yugui 2009-02-02 20:33:08 +0900 (Mon, 02 Feb 2009) New Revision: 21974 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=21974 Log: adds a test case for r21955 and r21917. Modified files: trunk/test/ruby/test_require.rb Index: test/ruby/test_require.rb =================================================================== --- test/ruby/test_require.rb (revision 21973) +++ test/ruby/test_require.rb (revision 21974) @@ -195,4 +195,50 @@ assert_raise(ArgumentError) { at_exit } end + + def test_tainted_loadpath + t = Tempfile.new(["test_ruby_test_require", ".rb"]) + abs_dir, file = File.dirname(t.path), File.basename(t.path) + abs_dir = File.expand_path(abs_dir).untaint + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir + require "#{ file }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + require "#{ file }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + $SAFE = 1 + begin + require "#{ file }" + rescue SecurityError + p :ok + end + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir.taint + $SAFE = 1 + require "#{ t.path }" + p :ok + INPUT + + assert_in_out_err([], <<-INPUT, %w(:ok), []) + abs_dir = "#{ abs_dir }" + $: << abs_dir << 'elsewhere'.taint + require "#{ file }" + p :ok + INPUT + end end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/