diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2019-10-29 22:39:30 +0900 |
---|---|---|
committer | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2019-10-29 22:40:41 +0900 |
commit | fee5cde00be7342dc6c00d0b0a0276d09e5252e3 (patch) | |
tree | fd80f86afb77cfe29d90013adc6545d47c9518e2 /test | |
parent | ad4da86669454dee86844b3e0a3ecf9177084db3 (diff) | |
download | ruby-fee5cde00be7342dc6c00d0b0a0276d09e5252e3.tar.gz |
Fix tests for CVE-2018-6914
Since the current working directory is not involved in `Tempfile`
and `Dir.mktmpdir` (except for the last resort), it is incorrect
to derive the traversal path from it. Also, since the rubyspec
temporary directory is created under the build directory, this is
not involved in the target method. Fixed sporadic errors in
test-spec.
Diffstat (limited to 'test')
-rw-r--r-- | test/test_tempfile.rb | 64 | ||||
-rw-r--r-- | test/test_tmpdir.rb | 29 |
2 files changed, 45 insertions, 48 deletions
diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb index 8fcba3aea8..7c911a1bf7 100644 --- a/test/test_tempfile.rb +++ b/test/test_tempfile.rb @@ -374,53 +374,43 @@ puts Tempfile.new('foo').path assert_file.not_exist?(path) end - TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' - def test_open_traversal_dir - expect = Dir.glob(TRAVERSAL_PATH + '*').count - t = Tempfile.open([TRAVERSAL_PATH, 'foo']) - actual = Dir.glob(TRAVERSAL_PATH + '*').count - assert_equal expect, actual - rescue Errno::EINVAL - if /mswin|mingw/ =~ RUBY_PLATFORM - assert "ok" - else - raise $! + assert_mktmpdir_traversal do |traversal_path| + t = Tempfile.open([traversal_path, 'foo']) + t.path + ensure + t&.close! end - ensure - t&.close! end def test_new_traversal_dir - expect = Dir.glob(TRAVERSAL_PATH + '*').count - t = Tempfile.new(TRAVERSAL_PATH + 'foo') - actual = Dir.glob(TRAVERSAL_PATH + '*').count - assert_equal expect, actual - rescue Errno::EINVAL - if /mswin|mingw/ =~ RUBY_PLATFORM - assert "ok" - else - raise $! + assert_mktmpdir_traversal do |traversal_path| + t = Tempfile.new(traversal_path + 'foo') + t.path + ensure + t&.close! end - ensure - t&.close! end def test_create_traversal_dir - expect = Dir.glob(TRAVERSAL_PATH + '*').count - t = Tempfile.create(TRAVERSAL_PATH + 'foo') - actual = Dir.glob(TRAVERSAL_PATH + '*').count - assert_equal expect, actual - rescue Errno::EINVAL - if /mswin|mingw/ =~ RUBY_PLATFORM - assert "ok" - else - raise $! + assert_mktmpdir_traversal do |traversal_path| + t = Tempfile.create(traversal_path + 'foo') + t.path + ensure + if t + t.close + File.unlink(t.path) + end end - ensure - if t - t.close - File.unlink(t.path) + end + + def assert_mktmpdir_traversal + Dir.mktmpdir do |target| + target = target.chomp('/') + '/' + traversal_path = target.sub(/\A\w:/, '') # for DOSISH + traversal_path = Array.new(target.count('/')-2, '..').join('/') + traversal_path + actual = yield traversal_path + assert_not_send([File.absolute_path(actual), :start_with?, target]) end end end diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb index 1e633d233b..42bcbc00a8 100644 --- a/test/test_tmpdir.rb +++ b/test/test_tmpdir.rb @@ -65,22 +65,29 @@ class TestTmpdir < Test::Unit::TestCase } end - TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' - TRAVERSAL_PATH.delete!(':') if /mswin|mingw/ =~ RUBY_PLATFORM - def test_mktmpdir_traversal - expect = Dir.glob(TRAVERSAL_PATH + '*').count - Dir.mktmpdir(TRAVERSAL_PATH + 'foo') do - actual = Dir.glob(TRAVERSAL_PATH + '*').count - assert_equal expect, actual + assert_mktmpdir_traversal do |traversal_path| + Dir.mktmpdir(traversal_path + 'foo') do |actual| + actual + end end end def test_mktmpdir_traversal_array - expect = Dir.glob(TRAVERSAL_PATH + '*').count - Dir.mktmpdir([TRAVERSAL_PATH, 'foo']) do - actual = Dir.glob(TRAVERSAL_PATH + '*').count - assert_equal expect, actual + assert_mktmpdir_traversal do |traversal_path| + Dir.mktmpdir([traversal_path, 'foo']) do |actual| + actual + end + end + end + + def assert_mktmpdir_traversal + Dir.mktmpdir do |target| + target = target.chomp('/') + '/' + traversal_path = target.sub(/\A\w:/, '') # for DOSISH + traversal_path = Array.new(target.count('/')-2, '..').join('/') + traversal_path + actual = yield traversal_path + assert_not_send([File.absolute_path(actual), :start_with?, target]) end end end |