ruby-changes:19767
From: yugui <ko1@a...>
Date: Mon, 30 May 2011 13:44:07 +0900 (JST)
Subject: [ruby-changes:19767] yugui:r31812 (ruby_1_9_2): merges r31317 from trunk into ruby_1_9_2.
yugui 2011-05-30 13:43:55 +0900 (Mon, 30 May 2011) New Revision: 31812 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=31812 Log: merges r31317 from trunk into ruby_1_9_2. -- * ext/psych/parser.c (parse): strings from psych have proper taint markings. * test/psych/test_tainted.rb: test for string taint Added files: branches/ruby_1_9_2/test/psych/test_tainted.rb Modified files: branches/ruby_1_9_2/ChangeLog branches/ruby_1_9_2/ext/psych/parser.c branches/ruby_1_9_2/version.h Index: ruby_1_9_2/ChangeLog =================================================================== --- ruby_1_9_2/ChangeLog (revision 31811) +++ ruby_1_9_2/ChangeLog (revision 31812) @@ -1,3 +1,10 @@ +Fri Apr 22 04:16:14 2011 Aaron Patterson <aaron@t...> + + * ext/psych/parser.c (parse): strings from psych have proper taint + markings. + + * test/psych/test_tainted.rb: test for string taint + Thu Apr 21 01:01:28 2011 Masaya Tarui <tarui@r...> * win32/win32.c (CreateChild): maximum length of lpCommandLine is Index: ruby_1_9_2/ext/psych/parser.c =================================================================== --- ruby_1_9_2/ext/psych/parser.c (revision 31811) +++ ruby_1_9_2/ext/psych/parser.c (revision 31812) @@ -53,6 +53,7 @@ yaml_parser_t parser; yaml_event_t event; int done = 0; + int tainted = 0; #ifdef HAVE_RUBY_ENCODING_H int encoding = rb_enc_find_index("ASCII-8BIT"); rb_encoding * internal_enc; @@ -62,8 +63,11 @@ yaml_parser_initialize(&parser); + if (OBJ_TAINTED(yaml)) tainted = 1; + if(rb_respond_to(yaml, id_read)) { yaml_parser_set_input(&parser, io_reader, (void *)yaml); + if (RTEST(rb_obj_is_kind_of(yaml, rb_cIO))) tainted = 1; } else { StringValue(yaml); yaml_parser_set_input_string( @@ -131,6 +135,7 @@ VALUE prefix = Qnil; if(start->handle) { handle = rb_str_new2((const char *)start->handle); + if (tainted) OBJ_TAINT(handle); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(handle, encoding, internal_enc); #endif @@ -138,6 +143,7 @@ if(start->prefix) { prefix = rb_str_new2((const char *)start->prefix); + if (tainted) OBJ_TAINT(prefix); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(prefix, encoding, internal_enc); #endif @@ -162,6 +168,7 @@ VALUE alias = Qnil; if(event.data.alias.anchor) { alias = rb_str_new2((const char *)event.data.alias.anchor); + if (tainted) OBJ_TAINT(alias); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(alias, encoding, internal_enc); #endif @@ -179,6 +186,7 @@ (const char *)event.data.scalar.value, (long)event.data.scalar.length ); + if (tainted) OBJ_TAINT(val); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(val, encoding, internal_enc); @@ -186,6 +194,7 @@ if(event.data.scalar.anchor) { anchor = rb_str_new2((const char *)event.data.scalar.anchor); + if (tainted) OBJ_TAINT(anchor); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(anchor, encoding, internal_enc); #endif @@ -193,6 +202,7 @@ if(event.data.scalar.tag) { tag = rb_str_new2((const char *)event.data.scalar.tag); + if (tainted) OBJ_TAINT(tag); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(tag, encoding, internal_enc); #endif @@ -217,6 +227,7 @@ VALUE implicit, style; if(event.data.sequence_start.anchor) { anchor = rb_str_new2((const char *)event.data.sequence_start.anchor); + if (tainted) OBJ_TAINT(anchor); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(anchor, encoding, internal_enc); #endif @@ -225,6 +236,7 @@ tag = Qnil; if(event.data.sequence_start.tag) { tag = rb_str_new2((const char *)event.data.sequence_start.tag); + if (tainted) OBJ_TAINT(tag); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(tag, encoding, internal_enc); #endif @@ -249,6 +261,7 @@ VALUE implicit, style; if(event.data.mapping_start.anchor) { anchor = rb_str_new2((const char *)event.data.mapping_start.anchor); + if (tainted) OBJ_TAINT(anchor); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(anchor, encoding, internal_enc); #endif @@ -256,6 +269,7 @@ if(event.data.mapping_start.tag) { tag = rb_str_new2((const char *)event.data.mapping_start.tag); + if (tainted) OBJ_TAINT(tag); #ifdef HAVE_RUBY_ENCODING_H PSYCH_TRANSCODE(tag, encoding, internal_enc); #endif Index: ruby_1_9_2/version.h =================================================================== --- ruby_1_9_2/version.h (revision 31811) +++ ruby_1_9_2/version.h (revision 31812) @@ -1,5 +1,5 @@ #define RUBY_VERSION "1.9.2" -#define RUBY_PATCHLEVEL 236 +#define RUBY_PATCHLEVEL 237 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 9 #define RUBY_VERSION_TEENY 1 Index: ruby_1_9_2/test/psych/test_tainted.rb =================================================================== --- ruby_1_9_2/test/psych/test_tainted.rb (revision 0) +++ ruby_1_9_2/test/psych/test_tainted.rb (revision 31812) @@ -0,0 +1,128 @@ +require 'psych/helper' + +module Psych + class TestStringTainted < TestCase + class Tainted < Handler + attr_reader :tc + + def initialize tc + @tc = tc + end + + def start_document version, tags, implicit + tags.flatten.each do |tag| + assert_taintedness tag + end + end + + def alias name + assert_taintedness name + end + + def scalar value, anchor, tag, plain, quoted, style + assert_taintedness value + assert_taintedness tag if tag + assert_taintedness anchor if anchor + end + + def start_sequence anchor, tag, implicit, style + assert_taintedness tag if tag + assert_taintedness anchor if anchor + end + + def start_mapping anchor, tag, implicit, style + assert_taintedness tag if tag + assert_taintedness anchor if anchor + end + + def assert_taintedness thing, message = "'#{thing}' should be tainted" + tc.assert thing.tainted?, message + end + end + + class Untainted < Tainted + def assert_taintedness thing, message = "'#{thing}' should not be tainted" + tc.assert !thing.tainted?, message + end + end + + + def setup + handler = Tainted.new self + @parser = Psych::Parser.new handler + end + + def test_tags_are_tainted + assert_taintedness "%TAG !yaml! tag:yaml.org,2002:\n---\n!yaml!str \"foo\"" + end + + def test_alias + assert_taintedness "--- &ponies\n- foo\n- *ponies" + end + + def test_scalar + assert_taintedness "--- ponies" + end + + def test_anchor + assert_taintedness "--- &hi ponies" + end + + def test_scalar_tag + assert_taintedness "--- !str ponies" + end + + def test_seq_start_tag + assert_taintedness "--- !!seq [ a ]" + end + + def test_seq_start_anchor + assert_taintedness "--- &zomg [ a ]" + end + + def test_seq_mapping_tag + assert_taintedness "--- !!map { a: b }" + end + + def test_seq_mapping_anchor + assert_taintedness "--- &himom { a: b }" + end + + def assert_taintedness string + @parser.parse string.taint + end + end + + class TestStringUntainted < TestStringTainted + def setup + handler = Untainted.new self + @parser = Psych::Parser.new handler + end + + def assert_taintedness string + @parser.parse string + end + end + + class TestStringIOUntainted < TestStringTainted + def setup + handler = Untainted.new self + @parser = Psych::Parser.new handler + end + + def assert_taintedness string + @parser.parse StringIO.new(string) + end + end + + class TestIOTainted < TestStringTainted + def assert_taintedness string + t = Tempfile.new(['something', 'yml']) + t.binmode + t.write string + t.close + File.open(t.path) { |f| @parser.parse f } + t.close(true) + end + end +end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/