-
nagachika authored
Always mark the string returned by File.realpath as tainted This string can include elements that were not in either string passed to File.realpath, even if one of the strings is an absolute path, due to symlinks: ```ruby Dir.mkdir('b') unless File.directory?('b') File.write('b/a', '') unless File.file?('b/a') File.symlink('b', 'c') unless File.symlink?('c') path = File.realpath('c/a'.untaint, Dir.pwd.untaint) path # "/home/testr/ruby/b/a" path.tainted? # should be true, as 'b' comes from file system ``` [Bug #15803] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67713 b2dd03c8-39d4-4d8f-98ff-823fe69b080enagachika authoredAlways mark the string returned by File.realpath as tainted This string can include elements that were not in either string passed to File.realpath, even if one of the strings is an absolute path, due to symlinks: ```ruby Dir.mkdir('b') unless File.directory?('b') File.write('b/a', '') unless File.file?('b/a') File.symlink('b', 'c') unless File.symlink?('c') path = File.realpath('c/a'.untaint, Dir.pwd.untaint) path # "/home/testr/ruby/b/a" path.tainted? # should be true, as 'b' comes from file system ``` [Bug #15803] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67713 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Loading