diff options
-rw-r--r-- | file.c | 2 | ||||
-rw-r--r-- | test/readline/test_readline.rb | 5 | ||||
-rw-r--r-- | test/ruby/test_file_exhaustive.rb | 16 |
3 files changed, 22 insertions, 1 deletions
@@ -475,7 +475,7 @@ rb_file_path(VALUE obj) rb_raise(rb_eIOError, "File is unnamed (TMPFILE?)"); } - return rb_obj_taint(rb_str_dup(fptr->pathv)); + return rb_str_dup(fptr->pathv); } static size_t diff --git a/test/readline/test_readline.rb b/test/readline/test_readline.rb index e040ac53c3..e71d329973 100644 --- a/test/readline/test_readline.rb +++ b/test/readline/test_readline.rb @@ -41,6 +41,11 @@ module BasetestReadline assert_equal("> ", stdout.read(2)) assert_equal(1, Readline::HISTORY.length) assert_equal("hello", Readline::HISTORY[0]) + + # Work around lack of SecurityError in Reline + # test mode with tainted prompt + return if kind_of?(TestRelineAsReadline) + Thread.start { $SAFE = 1 assert_raise(SecurityError) do diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index 98a894698d..a702ed55e7 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -187,6 +187,22 @@ class TestFileExhaustive < Test::Unit::TestCase end end + def test_path_taint + [regular_file, utf8_file].each do |file| + assert_equal(false, File.open(file) {|f| f.path}.tainted?) + assert_equal(true, File.open(file.dup.taint) {|f| f.path}.tainted?) + o = Object.new + class << o; self; end.class_eval do + define_method(:to_path) { file } + end + assert_equal(false, File.open(o) {|f| f.path}.tainted?) + class << o; self; end.class_eval do + define_method(:to_path) { file.dup.taint } + end + assert_equal(true, File.open(o) {|f| f.path}.tainted?) + end + end + def assert_integer(n) assert_kind_of(Integer, n) end |