Project

General

Profile

Download (458 Bytes)

Backport #7325 ยป taint.rb

urielka (Uriel Katz), 11/10/2012 10:00 PM

 
class MyObject
def test
$SAFE
end
end
puts "Before marshal is tainted?: #{MyObject.new.method(:test).tainted?}"
File.write("/tmp/marshal_bug",Marshal.dump(MyObject))
Marshal.load(File.open("/tmp/marshal_bug"))
puts "After marshal is tainted?: #{MyObject.new.method(:test).tainted?}"

puts "Safe level when calling tainted method using call: #{MyObject.new.method(:test).call}"
puts "Safe level when calling tainted method directly: #{MyObject.new.test}"
    (1-1/1)