diff options
Diffstat (limited to 'spec/ruby/security/cve_2013_4164_spec.rb')
-rw-r--r-- | spec/ruby/security/cve_2013_4164_spec.rb | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/spec/ruby/security/cve_2013_4164_spec.rb b/spec/ruby/security/cve_2013_4164_spec.rb new file mode 100644 index 0000000000..06b2bb0306 --- /dev/null +++ b/spec/ruby/security/cve_2013_4164_spec.rb @@ -0,0 +1,19 @@ +require File.expand_path('../../spec_helper', __FILE__) + +require 'json' + +describe "String#to_f" do + + it "resists CVE-2013-4164 by converting very long Strings to a Float" do + "1.#{'1'*1000000}".to_f.should be_close(1.1111111111111112, TOLERANCE) + end + +end + +describe "JSON.parse" do + + it "resists CVE-2013-4164 by converting very long Strings to a Float" do + JSON.parse("[1.#{'1'*1000000}]").first.should be_close(1.1111111111111112, TOLERANCE) + end + +end |