file.c · c55db6aa271df4a689dc8eb0039c929bf6ed43ff · ruby / ruby-deleted-200

Apr 27, 2019

Always mark the string returned by File.realpath as tainted · a15f7dd1

Jeremy Evans authored Apr 27, 2019

This string can include elements that were not in either string
passed to File.realpath, even if one of the strings is an
absolute path, due to symlinks:

```ruby
Dir.mkdir('b') unless File.directory?('b')
File.write('b/a', '') unless File.file?('b/a')
File.symlink('b', 'c') unless File.symlink?('c')
path = File.realpath('c/a'.untaint, Dir.pwd.untaint)
path # "/home/testr/ruby/b/a"
path.tainted? # should be true, as 'b' comes from file system
```

[Bug #15803]

a15f7dd1

Always mark the string returned by File.realpath as tainted

Jeremy Evans authored Apr 27, 2019

This string can include elements that were not in either string
passed to File.realpath, even if one of the strings is an
absolute path, due to symlinks:

```ruby
Dir.mkdir('b') unless File.directory?('b')
File.write('b/a', '') unless File.file?('b/a')
File.symlink('b', 'c') unless File.symlink?('c')
path = File.realpath('c/a'.untaint, Dir.pwd.untaint)
path # "/home/testr/ruby/b/a"
path.tainted? # should be true, as 'b' comes from file system
```

[Bug #15803]