More fixes for $SAFE/taint post merging
This commit is contained in:
Jeremy Evans
parent
ffd0820ab3
commit
ab42e5a486
Notes:
git
2019-11-18 08:01:14 +09:00
@ -11469,8 +11469,6 @@ ibf_load_setup_bytes(struct ibf_load *load, VALUE loader_obj, const char *bytes,
|
|||||||
static void
|
static void
|
||||||
ibf_load_setup(struct ibf_load *load, VALUE loader_obj, VALUE str)
|
ibf_load_setup(struct ibf_load *load, VALUE loader_obj, VALUE str)
|
||||||
{
|
{
|
||||||
rb_check_safe_obj(str);
|
|
||||||
|
|
||||||
if (RSTRING_LENINT(str) < (int)sizeof(struct ibf_header)) {
|
if (RSTRING_LENINT(str) < (int)sizeof(struct ibf_header)) {
|
||||||
rb_raise(rb_eRuntimeError, "broken binary format");
|
rb_raise(rb_eRuntimeError, "broken binary format");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -155,13 +155,15 @@ class TestBigDecimal < Test::Unit::TestCase
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_BigDecimal_with_tainted_string
|
if RUBY_VERSION < '2.7'
|
||||||
Thread.new {
|
def test_BigDecimal_with_tainted_string
|
||||||
$SAFE = 1
|
Thread.new {
|
||||||
BigDecimal('1'.taint)
|
$SAFE = 1
|
||||||
}.join
|
BigDecimal('1'.taint)
|
||||||
ensure
|
}.join
|
||||||
$SAFE = 0
|
ensure
|
||||||
|
$SAFE = 0
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_BigDecimal_with_exception_keyword
|
def test_BigDecimal_with_exception_keyword
|
||||||
|
|||||||
@ -11,18 +11,6 @@ module Fiddle
|
|||||||
assert_nil f.call(10)
|
assert_nil f.call(10)
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_syscall_with_tainted_string
|
|
||||||
f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
|
|
||||||
Thread.new {
|
|
||||||
$SAFE = 1
|
|
||||||
assert_raise(SecurityError) do
|
|
||||||
f.call("uname -rs".dup.taint)
|
|
||||||
end
|
|
||||||
}.join
|
|
||||||
ensure
|
|
||||||
$SAFE = 0
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_sinf
|
def test_sinf
|
||||||
begin
|
begin
|
||||||
f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)
|
f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)
|
||||||
|
|||||||
@ -8,29 +8,6 @@ module Fiddle
|
|||||||
class TestHandle < TestCase
|
class TestHandle < TestCase
|
||||||
include Fiddle
|
include Fiddle
|
||||||
|
|
||||||
def test_safe_handle_open
|
|
||||||
Thread.new do
|
|
||||||
$SAFE = 1
|
|
||||||
assert_raise(SecurityError) {
|
|
||||||
Fiddle::Handle.new(LIBC_SO.dup.taint)
|
|
||||||
}
|
|
||||||
end.join
|
|
||||||
ensure
|
|
||||||
$SAFE = 0
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_safe_function_lookup
|
|
||||||
Thread.new do
|
|
||||||
h = Fiddle::Handle.new(LIBC_SO)
|
|
||||||
$SAFE = 1
|
|
||||||
assert_raise(SecurityError) {
|
|
||||||
h["qsort".dup.taint]
|
|
||||||
}
|
|
||||||
end.join
|
|
||||||
ensure
|
|
||||||
$SAFE = 0
|
|
||||||
end
|
|
||||||
|
|
||||||
def test_to_i
|
def test_to_i
|
||||||
handle = Fiddle::Handle.new(LIBC_SO)
|
handle = Fiddle::Handle.new(LIBC_SO)
|
||||||
assert_kind_of Integer, handle.to_i
|
assert_kind_of Integer, handle.to_i
|
||||||
|
|||||||
@ -43,19 +43,22 @@ module BasetestReadline
|
|||||||
assert_equal("hello", Readline::HISTORY[0])
|
assert_equal("hello", Readline::HISTORY[0])
|
||||||
|
|
||||||
# Work around lack of SecurityError in Reline
|
# Work around lack of SecurityError in Reline
|
||||||
# test mode with tainted prompt
|
# test mode with tainted prompt.
|
||||||
return if kind_of?(TestRelineAsReadline)
|
# Also skip test on Ruby 2.7+, where $SAFE/taint is deprecated.
|
||||||
|
if RUBY_VERSION < '2.7' && !kind_of?(TestRelineAsReadline)
|
||||||
Thread.start {
|
begin
|
||||||
$SAFE = 1
|
Thread.start {
|
||||||
assert_raise(SecurityError) do
|
$SAFE = 1
|
||||||
replace_stdio(stdin.path, stdout.path) do
|
assert_raise(SecurityError) do
|
||||||
Readline.readline("> ".taint)
|
replace_stdio(stdin.path, stdout.path) do
|
||||||
end
|
Readline.readline("> ".taint)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
}.join
|
||||||
|
ensure
|
||||||
|
$SAFE = 0
|
||||||
end
|
end
|
||||||
}.join
|
end
|
||||||
ensure
|
|
||||||
$SAFE = 0
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -96,7 +99,8 @@ module BasetestReadline
|
|||||||
assert_equal(12, actual_point)
|
assert_equal(12, actual_point)
|
||||||
assert_equal("first complete finish", Readline.line_buffer)
|
assert_equal("first complete finish", Readline.line_buffer)
|
||||||
assert_equal(Encoding.find("locale"), Readline.line_buffer.encoding)
|
assert_equal(Encoding.find("locale"), Readline.line_buffer.encoding)
|
||||||
assert_equal(true, Readline.line_buffer.tainted?)
|
assert_equal(true, Readline.line_buffer.tainted?) if RUBY_VERSION < '2.7'
|
||||||
|
|
||||||
assert_equal(22, Readline.point)
|
assert_equal(22, Readline.point)
|
||||||
|
|
||||||
stdin.rewind
|
stdin.rewind
|
||||||
@ -113,7 +117,8 @@ module BasetestReadline
|
|||||||
assert_equal(12, actual_point)
|
assert_equal(12, actual_point)
|
||||||
assert_equal("first complete finish", Readline.line_buffer)
|
assert_equal("first complete finish", Readline.line_buffer)
|
||||||
assert_equal(Encoding.find("locale"), Readline.line_buffer.encoding)
|
assert_equal(Encoding.find("locale"), Readline.line_buffer.encoding)
|
||||||
assert_equal(true, Readline.line_buffer.tainted?)
|
assert_equal(true, Readline.line_buffer.tainted?) if RUBY_VERSION < '2.7'
|
||||||
|
|
||||||
assert_equal(21, Readline.point)
|
assert_equal(21, Readline.point)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -526,7 +531,7 @@ module BasetestReadline
|
|||||||
end
|
end
|
||||||
|
|
||||||
assert_equal('second\\ third', passed_text)
|
assert_equal('second\\ third', passed_text)
|
||||||
assert_equal('first completion', line)
|
assert_equal('first completion', line.chomp(' '))
|
||||||
ensure
|
ensure
|
||||||
Readline.completer_quote_characters = saved_completer_quote_characters
|
Readline.completer_quote_characters = saved_completer_quote_characters
|
||||||
Readline.completer_word_break_characters = saved_completer_word_break_characters
|
Readline.completer_word_break_characters = saved_completer_word_break_characters
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user