diff options
| author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-06-02 03:54:19 +0000 |
|---|---|---|
| committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-06-02 03:54:19 +0000 |
| commit | 1e1964b8f2edeba4dabab2d20b2b56e93a2e0257 (patch) | |
| tree | 6de1e58581d6b725cf18c4bb20c12d88439538e5 | |
| parent | 321300d4e078bf723fcd7388a701a9805ce8af9d (diff) | |
| download | ruby-1e1964b8f2edeba4dabab2d20b2b56e93a2e0257.tar.gz | |
file.c: preserve encoding
* file.c (rb_find_file_safe): preserve encoding of path in
SecurityError messages.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | file.c | 6 | ||||
| -rw-r--r-- | test/ruby/test_require.rb | 22 |
2 files changed, 25 insertions, 3 deletions
@@ -5840,7 +5840,7 @@ rb_find_file_safe(VALUE path, int safe_level) if (f[0] == '~') { tmp = file_expand_path_1(path); if (safe_level >= 1 && OBJ_TAINTED(tmp)) { - rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); + rb_raise(rb_eSecurityError, "loading from unsafe file %"PRIsVALUE, tmp); } path = copy_path_class(tmp, path); f = RSTRING_PTR(path); @@ -5849,7 +5849,7 @@ rb_find_file_safe(VALUE path, int safe_level) if (expanded || rb_is_absolute_path(f) || is_explicit_relative(f)) { if (safe_level >= 1 && !fpath_check(path)) { - rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); + rb_raise(rb_eSecurityError, "loading from unsafe path %"PRIsVALUE, path); } if (!rb_file_load_ok(f)) return 0; if (!expanded) @@ -5881,7 +5881,7 @@ rb_find_file_safe(VALUE path, int safe_level) found: if (safe_level >= 1 && !fpath_check(tmp)) { - rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); + rb_raise(rb_eSecurityError, "loading from unsafe file %"PRIsVALUE, tmp); } return copy_path_class(tmp, path); diff --git a/test/ruby/test_require.rb b/test/ruby/test_require.rb index 8dacd1ea12..dad7630e50 100644 --- a/test/ruby/test_require.rb +++ b/test/ruby/test_require.rb @@ -87,6 +87,17 @@ class TestRequire < Test::Unit::TestCase end end + SECURITY_WARNING = + if /mswin|mingw/ =~ RUBY_PLATFORM + nil + else + proc do |require_path| + File.chmod(0777, File.dirname(require_path)) + $SAFE = 1 + require(require_path) + end + end + def assert_require_nonascii_path(encoding, bug) Dir.mktmpdir {|tmp| dir = "\u3042" * 5 @@ -109,6 +120,17 @@ class TestRequire < Test::Unit::TestCase assert_equal(self.class.ospath_encoding(require_path), $:.last.encoding, '[Bug #8753]') assert(!require(require_path), bug) } + $:.replace(load_path) + $".replace(features) + if SECURITY_WARNING + require_path.untaint + ospath = require_path.encode(self.class.ospath_encoding(require_path)) + assert_warn(/Insecure world writable dir/) do + assert_raise_with_message(SecurityError, "loading from unsafe path #{ospath}") do + SECURITY_WARNING.call(require_path) + end + end + end ensure $:.replace(load_path) $".replace(features) |