ruby-changes:58726
From: Yusuke <ko1@a...>
Date: Tue, 12 Nov 2019 08:42:27 +0900 (JST)
Subject: [ruby-changes:58726] 9594f57f3d (master): test/ruby/test_require.rb: Remove the tests of require with $SAFE
https://git.ruby-lang.org/ruby.git/commit/?id=9594f57f3d From 9594f57f3df6c2538f96f018fa5f9a775ac7dde1 Mon Sep 17 00:00:00 2001 From: Yusuke Endoh <mame@r...> Date: Tue, 12 Nov 2019 08:31:13 +0900 Subject: test/ruby/test_require.rb: Remove the tests of require with $SAFE The taint mechanism is decided to be removed at 2.7. [Feature #16131] So, this change removes the tests that expects a SecurityError when requiring a file under $SAFE >= 1. The reason why they should be removed in advance is because the upstream of rubygems has already removed a call to "untaint" method, which makes the tests fail. diff --git a/test/ruby/test_require.rb b/test/ruby/test_require.rb index f96155a..560ce3f 100644 --- a/test/ruby/test_require.rb +++ b/test/ruby/test_require.rb @@ -62,12 +62,6 @@ class TestRequire < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_require.rb#L62 assert_require_nonascii_path(encoding, bug8165) end - def test_require_insecure_path - assert_require_insecure_path("foo") - encoding = 'filesystem' - assert_require_insecure_path(nil, encoding) - end - def test_require_nonascii_path_utf8 bug8676 = '[ruby-core:56136] [Bug #8676]' encoding = Encoding::UTF_8 @@ -75,12 +69,6 @@ class TestRequire < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_require.rb#L69 assert_require_nonascii_path(encoding, bug8676) end - def test_require_insecure_path_utf8 - encoding = Encoding::UTF_8 - return if Encoding.find('filesystem') == encoding - assert_require_insecure_path(nil, encoding) - end - def test_require_nonascii_path_shift_jis bug8676 = '[ruby-core:56136] [Bug #8676]' encoding = Encoding::Shift_JIS @@ -88,12 +76,6 @@ class TestRequire < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_require.rb#L76 assert_require_nonascii_path(encoding, bug8676) end - def test_require_insecure_path_shift_jis - encoding = Encoding::Shift_JIS - return if Encoding.find('filesystem') == encoding - assert_require_insecure_path(nil, encoding) - end - case RUBY_PLATFORM when /cygwin/, /mswin/, /mingw/, /darwin/ def self.ospath_encoding(path) @@ -105,18 +87,6 @@ class TestRequire < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_require.rb#L87 end end - SECURITY_WARNING = - if /mswin|mingw/ =~ RUBY_PLATFORM - nil - else - proc do |require_path| - $SAFE = 1 - require(require_path) - ensure - $SAFE = 0 - end - end - def prepare_require_path(dir, encoding) Dir.mktmpdir {|tmp| begin @@ -153,31 +123,6 @@ class TestRequire < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_require.rb#L123 } end - def assert_require_insecure_path(dirname, encoding = nil) - return unless SECURITY_WARNING - dirname ||= "\u3042" * 5 - encoding ||= dirname.encoding - prepare_require_path(dirname, encoding) {|require_path| - require_path.untaint - require(require_path) - $".pop - File.chmod(0777, File.dirname(require_path)) - require_path.encode('filesystem') rescue - require_path.encode(self.class.ospath_encoding(require_path)) - e = nil - stderr = EnvUtil.verbose_warning do - e = assert_raise(SecurityError) do - SECURITY_WARNING.call(require_path) - end - end - assert_include(e.message, "loading from unsafe path") - assert_include(stderr, "Insecure world writable dir") - require_path = require_path.encode(self.class.ospath_encoding(require_path)) - assert_include(e.message, require_path) - assert_include(stderr, File.dirname(require_path)) - } - end - def test_require_path_home_1 env_rubypath, env_home = ENV["RUBYPATH"], ENV["HOME"] pathname_too_long = /pathname too long \(ignored\).*\(LoadError\)/m -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/