ruby-changes:58071
From: usa <ko1@a...>
Date: Tue, 1 Oct 2019 20:43:23 +0900 (JST)
Subject: [ruby-changes:58071] 1a45b04482 (ruby_2_4): lib/shell/command-processor.rb (Shell#[]): prevent unknown command
https://git.ruby-lang.org/ruby.git/commit/?id=1a45b04482 From 1a45b0448224009a9bde9b28ae259d8674c792be Mon Sep 17 00:00:00 2001 From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Tue, 1 Oct 2019 11:06:17 +0000 Subject: lib/shell/command-processor.rb (Shell#[]): prevent unknown command `FileTest.send(command, ...)` allows to call not only FileTest-related methods but also any method that belongs to Kernel, Object, etc. patched by <mame@r...> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67820 b2dd03c8-39d4-4d8f-98ff-823fe69b080e diff --git a/lib/shell/command-processor.rb b/lib/shell/command-processor.rb index 2239ca9..b50f400 100644 --- a/lib/shell/command-processor.rb +++ b/lib/shell/command-processor.rb @@ -180,6 +180,9 @@ class Shell https://github.com/ruby/ruby/blob/trunk/lib/shell/command-processor.rb#L180 top_level_test(command, file1) end else + unless FileTest.methods(false).include?(command.to_sym) + raise "unsupported command: #{ command }" + end if file2 FileTest.send(command, file1, file2) else diff --git a/test/shell/test_command_processor.rb b/test/shell/test_command_processor.rb index 99fe1b2..6626bef 100644 --- a/test/shell/test_command_processor.rb +++ b/test/shell/test_command_processor.rb @@ -66,4 +66,22 @@ class TestShell::CommandProcessor < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/shell/test_command_processor.rb#L66 Process.waitall Dir.rmdir(path) end + + def test_test + name = "foo#{exeext}" + path = File.join(@tmpdir, name) + open(path, "w", 0644) {} + + assert_equal(true, @shell[?e, path]) + assert_equal(true, @shell[:e, path]) + assert_equal(true, @shell["e", path]) + assert_equal(true, @shell[:exist?, path]) + assert_equal(true, @shell["exist?", path]) + assert_raise_with_message(RuntimeError, /unsupported command/) do + assert_equal(true, @shell[:instance_eval, path]) + end + ensure + Process.waitall + File.unlink(path) + end end diff --git a/version.h b/version.h index 5652cc0..2b98ded 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1 #define RUBY_VERSION "2.4.8" #define RUBY_RELEASE_DATE "2019-10-01" -#define RUBY_PATCHLEVEL 360 +#define RUBY_PATCHLEVEL 361 #define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_MONTH 10 -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/