Update to ruby/spec@30e1c35

author: Benoit Daloze <[email protected]> 2023-06-26 15:55:11 +0200
committer: Benoit Daloze <[email protected]> 2023-06-26 15:55:11 +0200
commit: 515bd4214497b3af02f6eef51b496ad9a0cf6b3b (patch)
tree: 4554360d275a3bb9dc696f952b8f3d1bcd88f18a /spec/ruby/security
parent: f73fa299279ac322bd921691d1ba0e8bf2b39b5f (diff)
2 files changed, 0 insertions, 71 deletions
diff --git a/spec/ruby/security/cve_2014_8080_spec.rb b/spec/ruby/security/cve_2014_8080_spec.rb
deleted file mode 100644
index 23770f94b1..0000000000
--- a/spec/ruby/security/cve_2014_8080_spec.rb
+++ /dev/null
@@ -1,34 +0,0 @@
-require_relative '../spec_helper'
-
-ruby_version_is ''...'3.0' do
-  require 'rexml/document'
-
-  describe "REXML::Document.new" do
-
-    it "resists CVE-2014-8080 by raising an exception when entity expansion has grown too large" do
-      xml = <<XML
-      <?xml version="1.0" encoding="UTF-8" ?>
-        <!DOCTYPE x [
-          <!ENTITY % x0 "xxxxxxxxxx">
-          <!ENTITY % x1 "%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;">
-          <!ENTITY % x2 "%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;">
-          <!ENTITY % x3 "%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;">
-          <!ENTITY % x4 "%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;">
-          <!ENTITY % x5 "%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;">
-          <!ENTITY % x6 "%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;">
-          <!ENTITY % x7 "%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;">
-          <!ENTITY % x8 "%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;">
-          <!ENTITY % x9 "%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;">
-        ]>
-        <x>
-          %x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;
-        </x>
-XML
-
-      -> {
-        REXML::Document.new(xml).doctype.entities['x9'].value
-      }.should raise_error(REXML::ParseException, /entity expansion has grown too large/)
-    end
-
-  end
-end
diff --git a/spec/ruby/security/cve_2017_17742_spec.rb b/spec/ruby/security/cve_2017_17742_spec.rb
deleted file mode 100644
index b0d93e42b8..0000000000
--- a/spec/ruby/security/cve_2017_17742_spec.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-require_relative '../spec_helper'
-
-# webrick is no longer in stdlib in Ruby 3+
-ruby_version_is ""..."3.0" do
-  require "webrick"
-  require "stringio"
-  require "net/http"
-
-  describe "WEBrick" do
-    describe "resists CVE-2017-17742" do
-      it "for a response splitting headers" do
-        config = WEBrick::Config::HTTP
-        res = WEBrick::HTTPResponse.new config
-        res['X-header'] = "malicious\r\nCookie: hack"
-        io = StringIO.new
-        res.send_response io
-        io.rewind
-        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-        res.code.should == '500'
-        io.string.should_not =~ /hack/
-      end
-
-      it "for a response splitting cookie headers" do
-        user_input = "malicious\r\nCookie: hack"
-        config = WEBrick::Config::HTTP
-        res = WEBrick::HTTPResponse.new config
-        res.cookies << WEBrick::Cookie.new('author', user_input)
-        io = StringIO.new
-        res.send_response io
-        io.rewind
-        res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
-        res.code.should == '500'
-        io.string.should_not =~ /hack/
-      end
-    end
-  end
-end
author	Benoit Daloze <[email protected]>	2023-06-26 15:55:11 +0200
committer	Benoit Daloze <[email protected]>	2023-06-26 15:55:11 +0200
commit	515bd4214497b3af02f6eef51b496ad9a0cf6b3b (patch)
tree	4554360d275a3bb9dc696f952b8f3d1bcd88f18a /spec/ruby/security
parent	f73fa299279ac322bd921691d1ba0e8bf2b39b5f (diff)