Always mark the string returned by File.realpath as tainted

This string can include elements that were not in either string passed to File.realpath, even if one of the strings is an absolute path, due to symlinks: ```ruby Dir.mkdir('b') unless File.directory?('b') File.write('b/a', '') unless File.file?('b/a') File.symlink('b', 'c') unless File.symlink?('c') path = File.realpath('c/a'.untaint, Dir.pwd.untaint) path # "/home/testr/ruby/b/a" path.tainted? # should be true, as 'b' comes from file system ``` [Bug #15803]
author: Jeremy Evans <code@jeremyevans.net> 2019-04-27 10:05:26 -0700
committer: Nobuyoshi Nakada <nobu@ruby-lang.org> 2019-04-28 10:47:51 +0900
commit: a15f7dd1fb1148c3d586238ee6907875f2e40379 (patch)
tree: 0822f66d932f09643a041fbd4c7504b1c8662750 /test
parent: d47cd75b4fead0cfc5fdb59c48d5d822ffe3382d (diff)
download: ruby-a15f7dd1fb1148c3d586238ee6907875f2e40379.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb
index 5e9574cf32..36c154d36c 100644
--- a/test/ruby/test_file.rb
+++ b/test/ruby/test_file.rb
@@ -298,7 +298,7 @@ class TestFile < Test::Unit::TestCase
       assert_predicate(File.realpath(base, dir), :tainted?)
       base.untaint
       dir.untaint
-      assert_not_predicate(File.realpath(base, dir), :tainted?)
+      assert_predicate(File.realpath(base, dir), :tainted?)
       assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?)
     }
   end
author	Jeremy Evans <code@jeremyevans.net>	2019-04-27 10:05:26 -0700
committer	Nobuyoshi Nakada <nobu@ruby-lang.org>	2019-04-28 10:47:51 +0900
commit	a15f7dd1fb1148c3d586238ee6907875f2e40379 (patch)
tree	0822f66d932f09643a041fbd4c7504b1c8662750 /test
parent	d47cd75b4fead0cfc5fdb59c48d5d822ffe3382d (diff)
download	ruby-a15f7dd1fb1148c3d586238ee6907875f2e40379.tar.gz