Feature #14915 ยป 0001-Deprecate-String-crypt.patch
| string.c | ||
|---|---|---|
| 9205 | 9205 |
* salt string. While the format and the result are system and |
| 9206 | 9206 |
* implementation dependent, using a salt matching the regular |
| 9207 | 9207 |
* expression <code>\A[a-zA-Z0-9./]{2}</code> should be valid and
|
| 9208 |
* safe on any platform, in which only the first two characters are |
|
| 9209 |
* significant. |
|
| 9208 |
* safe on most platforms, in which only the first two characters are |
|
| 9209 |
* significant. However, this uses DES-crypt, an insecure form of |
|
| 9210 |
* password hashing. |
|
| 9210 | 9211 |
* |
| 9211 | 9212 |
* This method is for use in system specific scripts, so if you want |
| 9212 | 9213 |
* a cross-platform hash function consider using Digest or OpenSSL |
| 9213 | 9214 |
* instead. |
| 9215 |
* |
|
| 9216 |
* This method is deprecated, install the string-crypt gem and |
|
| 9217 |
* require 'string/crypt' to continue using it. |
|
| 9214 | 9218 |
*/ |
| 9215 | 9219 | |
| 9216 | 9220 |
static VALUE |
| 9217 | 9221 |
rb_str_crypt(VALUE str, VALUE salt) |
| 9218 | 9222 |
{
|
| 9223 |
rb_warn("The String#crypt method is deprecated. " \
|
|
| 9224 |
"Install the string-crypt gem and require \"string/crypt\" " \ |
|
| 9225 |
"to continue using String#crypt."); |
|
| 9226 | ||
| 9219 | 9227 |
#ifdef HAVE_CRYPT_R |
| 9220 | 9228 |
VALUE databuf; |
| 9221 | 9229 |
struct crypt_data *data; |
| test/ruby/test_m17n_comb.rb | ||
|---|---|---|
| 771 | 771 |
end |
| 772 | 772 |
end |
| 773 | 773 | |
| 774 |
private def crypt_result(str, salt) |
|
| 775 |
assert_warn(/The String#crypt core method is deprecated/) do |
|
| 776 |
str.crypt(salt) |
|
| 777 |
end |
|
| 778 |
end |
|
| 779 | ||
| 774 | 780 |
private def confirm_crypt_result(str, salt) |
| 775 | 781 |
if b(salt).length < 2 |
| 776 |
assert_raise(ArgumentError) { str.crypt(salt) }
|
|
| 782 |
assert_raise(ArgumentError) { crypt_result(str, salt) }
|
|
| 777 | 783 |
return |
| 778 | 784 |
end |
| 779 |
t = str.crypt(salt)
|
|
| 780 |
assert_equal(b(str).crypt(b(salt)), t, "#{encdump(str)}.crypt(#{encdump(salt)})")
|
|
| 785 |
t = crypt_result(str, salt)
|
|
| 786 |
assert_equal(crypt_result(b(str), b(salt)), t, "#{encdump(str)}.crypt(#{encdump(salt)})")
|
|
| 781 | 787 |
assert_encoding('ASCII-8BIT', t.encoding)
|
| 782 | 788 |
end |
| 783 | 789 | |
| test/ruby/test_string.rb | ||
|---|---|---|
| 646 | 646 |
assert_raise(ArgumentError) { "foo".count }
|
| 647 | 647 |
end |
| 648 | 648 | |
| 649 |
def crypt(str, salt) |
|
| 650 |
assert_warn(/The String#crypt core method is deprecated/) do |
|
| 651 |
str.crypt(salt) |
|
| 652 |
end |
|
| 653 |
end |
|
| 654 | ||
| 649 | 655 |
def test_crypt |
| 650 | 656 |
if RubyVM::MJIT.enabled? |
| 651 | 657 |
skip "This sometimes fails with -DMJIT_FORCE_ENABLE. This seems important to be fixed..." |
| 652 | 658 |
end |
| 653 | 659 | |
| 654 |
assert_equal(S('aaGUC/JkO9/Sc'), S("mypassword").crypt(S("aa")))
|
|
| 655 |
assert_not_equal(S('aaGUC/JkO9/Sc'), S("mypassword").crypt(S("ab")))
|
|
| 656 |
assert_raise(ArgumentError) {S("mypassword").crypt(S(""))}
|
|
| 657 |
assert_raise(ArgumentError) {S("mypassword").crypt(S("\0a"))}
|
|
| 658 |
assert_raise(ArgumentError) {S("mypassword").crypt(S("a\0"))}
|
|
| 659 |
assert_raise(ArgumentError) {S("poison\u0000null").crypt(S("aa"))}
|
|
| 660 |
assert_equal(S('aaGUC/JkO9/Sc'), crypt(S("mypassword"), S("aa")))
|
|
| 661 |
assert_not_equal(S('aaGUC/JkO9/Sc'), crypt(S("mypassword"), S("ab")))
|
|
| 662 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S(""))}
|
|
| 663 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S("\0a"))}
|
|
| 664 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S("a\0"))}
|
|
| 665 |
assert_raise(ArgumentError) {crypt(S("poison\u0000null"), S("aa"))}
|
|
| 660 | 666 |
[Encoding::UTF_16BE, Encoding::UTF_16LE, |
| 661 | 667 |
Encoding::UTF_32BE, Encoding::UTF_32LE].each do |enc| |
| 662 |
assert_raise(ArgumentError) {S("mypassword").crypt(S("aa".encode(enc)))}
|
|
| 663 |
assert_raise(ArgumentError) {S("mypassword".encode(enc)).crypt(S("aa"))}
|
|
| 668 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S("aa".encode(enc)))}
|
|
| 669 |
assert_raise(ArgumentError) {crypt(S("mypassword".encode(enc)), S("aa"))}
|
|
| 664 | 670 |
end |
| 665 | 671 | |
| 666 | 672 |
@cls == String and |
| 667 | 673 |
assert_no_memory_leak([], 's = ""', "#{<<~"begin;"}\n#{<<~'end;'}")
|
| 668 | 674 |
begin; |
| 669 |
1000.times { s.crypt(-"..").clear }
|
|
| 675 |
1000.times { crypt(s, -"..").clear }
|
|
| 670 | 676 |
end; |
| 671 | 677 |
end |
| 672 | 678 | |
| test/webrick/test_httpauth.rb | ||
|---|---|---|
| 69 | 69 |
next |
| 70 | 70 |
end |
| 71 | 71 | |
| 72 |
if hash_algo == :bcrypt |
|
| 73 |
warning = /\A\z/ |
|
| 74 |
else |
|
| 75 |
warning = /The String#crypt core method is deprecated/ |
|
| 76 |
end |
|
| 77 | ||
| 72 | 78 |
define_method(:"test_basic_auth_htpasswd_#{hash_algo}") do
|
| 73 | 79 |
log_tester = lambda {|log, access_log|
|
| 74 | 80 |
log.reject! {|line| /\A\s*\z/ =~ line }
|
| ... | ... | |
| 89 | 95 |
Tempfile.create("test_webrick_auth") {|tmpfile|
|
| 90 | 96 |
tmpfile.close |
| 91 | 97 |
tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
| 92 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
| 93 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
| 98 |
assert_warn(warning) do |
|
| 99 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
| 100 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
| 101 |
end |
|
| 94 | 102 |
tmp_pass.flush |
| 95 | 103 | |
| 96 | 104 |
htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
| ... | ... | |
| 110 | 118 |
} |
| 111 | 119 |
http = Net::HTTP.new(addr, port) |
| 112 | 120 |
g = Net::HTTP::Get.new(path) |
| 113 |
g.basic_auth("webrick", "supersecretpassword")
|
|
| 114 |
http.request(g){|res| assert_equal("hoge", res.body, log.call)}
|
|
| 115 |
g.basic_auth("webrick", "not super")
|
|
| 116 |
http.request(g){|res| assert_not_equal("hoge", res.body, log.call)}
|
|
| 121 |
assert_warn(warning) do |
|
| 122 |
g.basic_auth("webrick", "supersecretpassword")
|
|
| 123 |
http.request(g){|res| assert_equal("hoge", res.body, log.call)}
|
|
| 124 |
g.basic_auth("webrick", "not super")
|
|
| 125 |
http.request(g){|res| assert_not_equal("hoge", res.body, log.call)}
|
|
| 126 |
end |
|
| 117 | 127 |
} |
| 118 | 128 |
} |
| 119 | 129 |
end |
| ... | ... | |
| 131 | 141 |
Tempfile.create("test_webrick_auth") {|tmpfile|
|
| 132 | 142 |
tmpfile.close |
| 133 | 143 |
tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
| 134 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
| 135 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
| 144 |
assert_warn(warning) do |
|
| 145 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
| 146 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
| 147 |
end |
|
| 136 | 148 |
tmp_pass.flush |
| 137 | 149 | |
| 138 | 150 |
htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
| ... | ... | |
| 148 | 160 |
} |
| 149 | 161 |
http = Net::HTTP.new(addr, port) |
| 150 | 162 |
g = Net::HTTP::Get.new(path) |
| 151 |
g.basic_auth("foo\ebar", "passwd")
|
|
| 163 |
assert_warn(warning) do |
|
| 164 |
g.basic_auth("foo\ebar", "passwd")
|
|
| 165 |
end |
|
| 152 | 166 |
http.request(g){|res| assert_not_equal("hoge", res.body, log.call) }
|
| 153 | 167 |
} |
| 154 | 168 |
} |