Feature #14915 ยป 0001-Deprecate-String-crypt.patch
string.c | ||
---|---|---|
9205 | 9205 |
* salt string. While the format and the result are system and |
9206 | 9206 |
* implementation dependent, using a salt matching the regular |
9207 | 9207 |
* expression <code>\A[a-zA-Z0-9./]{2}</code> should be valid and |
9208 |
* safe on any platform, in which only the first two characters are |
|
9209 |
* significant. |
|
9208 |
* safe on most platforms, in which only the first two characters are |
|
9209 |
* significant. However, this uses DES-crypt, an insecure form of |
|
9210 |
* password hashing. |
|
9210 | 9211 |
* |
9211 | 9212 |
* This method is for use in system specific scripts, so if you want |
9212 | 9213 |
* a cross-platform hash function consider using Digest or OpenSSL |
9213 | 9214 |
* instead. |
9215 |
* |
|
9216 |
* This method is deprecated, install the string-crypt gem and |
|
9217 |
* require 'string/crypt' to continue using it. |
|
9214 | 9218 |
*/ |
9215 | 9219 | |
9216 | 9220 |
static VALUE |
9217 | 9221 |
rb_str_crypt(VALUE str, VALUE salt) |
9218 | 9222 |
{ |
9223 |
rb_warn("The String#crypt method is deprecated. " \ |
|
9224 |
"Install the string-crypt gem and require \"string/crypt\" " \ |
|
9225 |
"to continue using String#crypt."); |
|
9226 | ||
9219 | 9227 |
#ifdef HAVE_CRYPT_R |
9220 | 9228 |
VALUE databuf; |
9221 | 9229 |
struct crypt_data *data; |
test/ruby/test_m17n_comb.rb | ||
---|---|---|
771 | 771 |
end |
772 | 772 |
end |
773 | 773 | |
774 |
private def crypt_result(str, salt) |
|
775 |
assert_warn(/The String#crypt core method is deprecated/) do |
|
776 |
str.crypt(salt) |
|
777 |
end |
|
778 |
end |
|
779 | ||
774 | 780 |
private def confirm_crypt_result(str, salt) |
775 | 781 |
if b(salt).length < 2 |
776 |
assert_raise(ArgumentError) { str.crypt(salt) }
|
|
782 |
assert_raise(ArgumentError) { crypt_result(str, salt) }
|
|
777 | 783 |
return |
778 | 784 |
end |
779 |
t = str.crypt(salt)
|
|
780 |
assert_equal(b(str).crypt(b(salt)), t, "#{encdump(str)}.crypt(#{encdump(salt)})")
|
|
785 |
t = crypt_result(str, salt)
|
|
786 |
assert_equal(crypt_result(b(str), b(salt)), t, "#{encdump(str)}.crypt(#{encdump(salt)})")
|
|
781 | 787 |
assert_encoding('ASCII-8BIT', t.encoding) |
782 | 788 |
end |
783 | 789 |
test/ruby/test_string.rb | ||
---|---|---|
646 | 646 |
assert_raise(ArgumentError) { "foo".count } |
647 | 647 |
end |
648 | 648 | |
649 |
def crypt(str, salt) |
|
650 |
assert_warn(/The String#crypt core method is deprecated/) do |
|
651 |
str.crypt(salt) |
|
652 |
end |
|
653 |
end |
|
654 | ||
649 | 655 |
def test_crypt |
650 | 656 |
if RubyVM::MJIT.enabled? |
651 | 657 |
skip "This sometimes fails with -DMJIT_FORCE_ENABLE. This seems important to be fixed..." |
652 | 658 |
end |
653 | 659 | |
654 |
assert_equal(S('aaGUC/JkO9/Sc'), S("mypassword").crypt(S("aa")))
|
|
655 |
assert_not_equal(S('aaGUC/JkO9/Sc'), S("mypassword").crypt(S("ab")))
|
|
656 |
assert_raise(ArgumentError) {S("mypassword").crypt(S(""))}
|
|
657 |
assert_raise(ArgumentError) {S("mypassword").crypt(S("\0a"))}
|
|
658 |
assert_raise(ArgumentError) {S("mypassword").crypt(S("a\0"))}
|
|
659 |
assert_raise(ArgumentError) {S("poison\u0000null").crypt(S("aa"))}
|
|
660 |
assert_equal(S('aaGUC/JkO9/Sc'), crypt(S("mypassword"), S("aa")))
|
|
661 |
assert_not_equal(S('aaGUC/JkO9/Sc'), crypt(S("mypassword"), S("ab")))
|
|
662 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S(""))}
|
|
663 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S("\0a"))}
|
|
664 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S("a\0"))}
|
|
665 |
assert_raise(ArgumentError) {crypt(S("poison\u0000null"), S("aa"))}
|
|
660 | 666 |
[Encoding::UTF_16BE, Encoding::UTF_16LE, |
661 | 667 |
Encoding::UTF_32BE, Encoding::UTF_32LE].each do |enc| |
662 |
assert_raise(ArgumentError) {S("mypassword").crypt(S("aa".encode(enc)))}
|
|
663 |
assert_raise(ArgumentError) {S("mypassword".encode(enc)).crypt(S("aa"))}
|
|
668 |
assert_raise(ArgumentError) {crypt(S("mypassword"), S("aa".encode(enc)))}
|
|
669 |
assert_raise(ArgumentError) {crypt(S("mypassword".encode(enc)), S("aa"))}
|
|
664 | 670 |
end |
665 | 671 | |
666 | 672 |
@cls == String and |
667 | 673 |
assert_no_memory_leak([], 's = ""', "#{<<~"begin;"}\n#{<<~'end;'}") |
668 | 674 |
begin; |
669 |
1000.times { s.crypt(-"..").clear }
|
|
675 |
1000.times { crypt(s, -"..").clear }
|
|
670 | 676 |
end; |
671 | 677 |
end |
672 | 678 |
test/webrick/test_httpauth.rb | ||
---|---|---|
69 | 69 |
next |
70 | 70 |
end |
71 | 71 | |
72 |
if hash_algo == :bcrypt |
|
73 |
warning = /\A\z/ |
|
74 |
else |
|
75 |
warning = /The String#crypt core method is deprecated/ |
|
76 |
end |
|
77 | ||
72 | 78 |
define_method(:"test_basic_auth_htpasswd_#{hash_algo}") do |
73 | 79 |
log_tester = lambda {|log, access_log| |
74 | 80 |
log.reject! {|line| /\A\s*\z/ =~ line } |
... | ... | |
89 | 95 |
Tempfile.create("test_webrick_auth") {|tmpfile| |
90 | 96 |
tmpfile.close |
91 | 97 |
tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
92 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
93 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
98 |
assert_warn(warning) do |
|
99 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
100 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
101 |
end |
|
94 | 102 |
tmp_pass.flush |
95 | 103 | |
96 | 104 |
htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
... | ... | |
110 | 118 |
} |
111 | 119 |
http = Net::HTTP.new(addr, port) |
112 | 120 |
g = Net::HTTP::Get.new(path) |
113 |
g.basic_auth("webrick", "supersecretpassword") |
|
114 |
http.request(g){|res| assert_equal("hoge", res.body, log.call)} |
|
115 |
g.basic_auth("webrick", "not super") |
|
116 |
http.request(g){|res| assert_not_equal("hoge", res.body, log.call)} |
|
121 |
assert_warn(warning) do |
|
122 |
g.basic_auth("webrick", "supersecretpassword") |
|
123 |
http.request(g){|res| assert_equal("hoge", res.body, log.call)} |
|
124 |
g.basic_auth("webrick", "not super") |
|
125 |
http.request(g){|res| assert_not_equal("hoge", res.body, log.call)} |
|
126 |
end |
|
117 | 127 |
} |
118 | 128 |
} |
119 | 129 |
end |
... | ... | |
131 | 141 |
Tempfile.create("test_webrick_auth") {|tmpfile| |
132 | 142 |
tmpfile.close |
133 | 143 |
tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
134 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
135 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
144 |
assert_warn(warning) do |
|
145 |
tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") |
|
146 |
tmp_pass.set_passwd(realm, "foo", "supersecretpassword") |
|
147 |
end |
|
136 | 148 |
tmp_pass.flush |
137 | 149 | |
138 | 150 |
htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path, password_hash: hash_algo) |
... | ... | |
148 | 160 |
} |
149 | 161 |
http = Net::HTTP.new(addr, port) |
150 | 162 |
g = Net::HTTP::Get.new(path) |
151 |
g.basic_auth("foo\ebar", "passwd") |
|
163 |
assert_warn(warning) do |
|
164 |
g.basic_auth("foo\ebar", "passwd") |
|
165 |
end |
|
152 | 166 |
http.request(g){|res| assert_not_equal("hoge", res.body, log.call) } |
153 | 167 |
} |
154 | 168 |
} |