diff options
-rw-r--r-- | lib/tmpdir.rb | 2 | ||||
-rw-r--r-- | test/test_tempfile.rb | 28 | ||||
-rw-r--r-- | test/test_tmpdir.rb | 17 |
3 files changed, 46 insertions, 1 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index e30004c0bb..7c0ce3a7f0 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -116,8 +116,10 @@ class Dir prefix, suffix = basename prefix = (String.try_convert(prefix) or raise ArgumentError, "unexpected prefix: #{prefix.inspect}") + prefix = prefix.delete("#{File::SEPARATOR}#{File::ALT_SEPARATOR}") suffix &&= (String.try_convert(suffix) or raise ArgumentError, "unexpected suffix: #{suffix.inspect}") + suffix &&= suffix.delete("#{File::SEPARATOR}#{File::ALT_SEPARATOR}") begin t = Time.now.strftime("%Y%m%d") path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"\ diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb index 63f5468638..ef035e358b 100644 --- a/test/test_tempfile.rb +++ b/test/test_tempfile.rb @@ -373,5 +373,31 @@ puts Tempfile.new('foo').path } assert_file.not_exist?(path) end -end + TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' + + def test_open_traversal_dir + expect = Dir.glob(TRAVERSAL_PATH + '*').count + t = Tempfile.open([TRAVERSAL_PATH, 'foo']) + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + ensure + t.close! + end + + def test_new_traversal_dir + expect = Dir.glob(TRAVERSAL_PATH + '*').count + t = Tempfile.new(TRAVERSAL_PATH + 'foo') + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + ensure + t.close! + end + + def test_create_traversal_dir + expect = Dir.glob(TRAVERSAL_PATH + '*').count + Tempfile.create(TRAVERSAL_PATH + 'foo') + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + end +end diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb index 07c7ddc736..202098cefa 100644 --- a/test/test_tmpdir.rb +++ b/test/test_tmpdir.rb @@ -58,4 +58,21 @@ class TestTmpdir < Test::Unit::TestCase assert_kind_of(String, d) } end + + TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' + TRAVERSAL_PATH.delete!(':') if /mswin|mingw/ =~ RUBY_PLATFORM + + def test_mktmpdir_traversal + expect = Dir.glob(TRAVERSAL_PATH + '*').count + Dir.mktmpdir(TRAVERSAL_PATH + 'foo') + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + end + + def test_mktmpdir_traversal_array + expect = Dir.glob(TRAVERSAL_PATH + '*').count + Dir.mktmpdir([TRAVERSAL_PATH, 'foo']) + actual = Dir.glob(TRAVERSAL_PATH + '*').count + assert_equal expect, actual + end end |