From 6fbf262995756d8a4b7ef2dd2d274356ed8aa4ad Mon Sep 17 00:00:00 2001 From: Jeremy Evans Date: Thu, 20 Jun 2019 11:50:22 -0700 Subject: [PATCH] Do not always taint the result of File#path The result should only be tainted if the path given to the method was tainted. The code to always taint the result was added in a4934a42cbb84b6679912226581c71b435671f55 (svn revision 4892) in 2003 by matz. However, the change wasn't mentioned in the commit message, and it may have been committed by accident. Fixes [Bug #14485] --- file.c | 2 +- test/ruby/test_file_exhaustive.rb | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/file.c b/file.c index 0dd35161be..1cf4ffd5bb 100644 --- a/file.c +++ b/file.c @@ -459,7 +459,7 @@ rb_file_path(VALUE obj) rb_raise(rb_eIOError, "File is unnamed (TMPFILE?)"); } - return rb_obj_taint(rb_str_dup(fptr->pathv)); + return rb_str_dup(fptr->pathv); } static size_t diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index 02890bb2a7..ef1d3c6417 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -187,6 +187,22 @@ class << o; self; end.class_eval do end end + def test_path_taint + [regular_file, utf8_file].each do |file| + assert_equal(false, File.open(file) {|f| f.path}.tainted?) + assert_equal(true, File.open(file.dup.taint) {|f| f.path}.tainted?) + o = Object.new + class << o; self; end.class_eval do + define_method(:to_path) { file } + end + assert_equal(false, File.open(o) {|f| f.path}.tainted?) + class << o; self; end.class_eval do + define_method(:to_path) { file.dup.taint } + end + assert_equal(true, File.open(o) {|f| f.path}.tainted?) + end + end + def assert_integer(n) assert_kind_of(Integer, n) end -- 2.21.0