diff options
| author | Jeremy Evans <[email protected]> | 2019-09-24 20:59:12 -0700 |
|---|---|---|
| committer | Jeremy Evans <[email protected]> | 2019-11-18 01:00:25 +0200 |
| commit | ffd0820ab317542f8780aac475da590a4bdbc7a8 (patch) | |
| tree | 6a5d774933c15fd2b9ea948bd3ae2fa587faaf82 /spec/ruby/security | |
| parent | c5c05460ac20abcbc0ed686eb4acf06da7a39a79 (diff) | |
Deprecate taint/trust and related methods, and make the methods no-ops
This removes the related tests, and puts the related specs behind
version guards. This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/2476
Diffstat (limited to 'spec/ruby/security')
| -rw-r--r-- | spec/ruby/security/cve_2018_16396_spec.rb | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/spec/ruby/security/cve_2018_16396_spec.rb b/spec/ruby/security/cve_2018_16396_spec.rb index e462e0022d..303c47a8c7 100644 --- a/spec/ruby/security/cve_2018_16396_spec.rb +++ b/spec/ruby/security/cve_2018_16396_spec.rb @@ -2,9 +2,11 @@ require_relative '../spec_helper' describe "Array#pack" do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMmPp".each_char do |f| - ["123456".taint].pack(f).tainted?.should be_true + ruby_version_is ''...'2.7' do + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMmPp".each_char do |f| + ["123456".taint].pack(f).tainted?.should be_true + end end end @@ -12,9 +14,11 @@ end describe "String#unpack" do - it "resists CVE-2018-16396 by tainting output based on input" do - "aAZBbHhuMm".each_char do |f| - "123456".taint.unpack(f).first.tainted?.should be_true + ruby_version_is ''...'2.7' do + it "resists CVE-2018-16396 by tainting output based on input" do + "aAZBbHhuMm".each_char do |f| + "123456".taint.unpack(f).first.tainted?.should be_true + end end end |