ruby-changes:51857
From: nobu <ko1@a...>
Date: Fri, 27 Jul 2018 14:43:04 +0900 (JST)
Subject: [ruby-changes:51857] nobu:r64071 (trunk): ruby.c: taint ARGV on Windows
nobu 2018-07-27 14:42:56 +0900 (Fri, 27 Jul 2018) New Revision: 64071 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=64071 Log: ruby.c: taint ARGV on Windows * ruby.c (external_str_new_cstr): strings come from the external should be tainted. [ruby-dev:50596] [Bug #14941] Modified files: trunk/ruby.c trunk/test/ruby/test_rubyoptions.rb Index: ruby.c =================================================================== --- ruby.c (revision 64070) +++ ruby.c (revision 64071) @@ -2186,7 +2186,9 @@ external_str_new_cstr(const char *p) https://github.com/ruby/ruby/blob/trunk/ruby.c#L2186 { #if UTF8_PATH VALUE str = rb_utf8_str_new_cstr(p); - return str_conv_enc(str, NULL, rb_default_external_encoding()); + str = str_conv_enc(str, NULL, rb_default_external_encoding()); + OBJ_TAINT_RAW(str); + return str; #else return rb_external_str_new_cstr(p); #endif Index: test/ruby/test_rubyoptions.rb =================================================================== --- test/ruby/test_rubyoptions.rb (revision 64070) +++ test/ruby/test_rubyoptions.rb (revision 64071) @@ -1068,6 +1068,13 @@ class TestRubyOptions < Test::Unit::Test https://github.com/ruby/ruby/blob/trunk/test/ruby/test_rubyoptions.rb#L1068 assert_in_out_err([IO::NULL], success: true) end + def test_argv_tainted + assert_separately(%w[- arg], "#{<<~"begin;"}\n#{<<~'end;'}") + begin; + assert_predicate(ARGV[0], :tainted?, '[ruby-dev:50596] [Bug #14941]') + end; + end + private def mjit_force_enabled? -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/