From: Yukihiro Matsumoto <matz@...>
Date: 2012-01-17T22:57:36+09:00
Subject: [ruby-core:42163] [ruby-trunk - Bug #5902] Array#join with an unused, infected separator may or may not infect the result


Issue #5902 has been updated by Yukihiro Matsumoto.


In this case, tainted/untrusted string info is never used in the result.  Why should it be tainted?

Matz.
----------------------------------------
Bug #5902: Array#join with an unused, infected separator may or may not infect the result
https://bugs.ruby-lang.org/issues/5902

Author: John Firebaugh
Status: Assigned
Priority: Normal
Assignee: Yukihiro Matsumoto
Category: core
Target version: 
ruby -v: ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-darwin10.8.0]


=begin
It's infected if the separator is unused because there is only one element, but not if there are zero elements. Is this intended behavior?

  s = [].join(",".taint.untrust)
  s.tainted? #=> false
  s.untrusted? #=> false

  s = [1].join(",".taint.untrust)
  s.tainted? #=> true
  s.untrusted? #=> true
=end



-- 
http://bugs.ruby-lang.org/