Bug #5902
closed
Array#join with an unused, infected separator may or may not infect the result
Description
=begin
It's infected if the separator is unused because there is only one element, but not if there are zero elements. Is this intended behavior?
s = [].join(",".taint.untrust)
s.tainted? #=> false
s.untrusted? #=> false
s = [1].join(",".taint.untrust)
s.tainted? #=> true
s.untrusted? #=> true
=end
Files
Updated by john_firebaugh (John Firebaugh) over 12 years ago
To clarify, I would expect the result of the 1-element case to be untainted and trusted, since the separator was unused.
Updated by nobu (Nobuyoshi Nakada) over 12 years ago
- File bug-5902.diff bug-5902.diff added
- Category set to core
- Status changed from Open to Assigned
- Assignee set to matz (Yukihiro Matsumoto)
Sounds reasonable.
Updated by matz (Yukihiro Matsumoto) over 12 years ago
In this case, tainted/untrusted string info is never used in the result. Why should it be tainted?
Matz.
Updated by duerst (Martin Dürst) about 12 years ago
Hi Matz,
On 2012/01/17 22:57, Yukihiro Matsumoto wrote:
Issue #5902 has been updated by Yukihiro Matsumoto.
In this case, tainted/untrusted string info is never used in the result. Why should it be tainted?
As far as I understand, the case of
s = [].join(",".taint.untrust)
s.tainted? #=> false
s.untrusted? #=> false
is fine, as you say. What's being called out as a bug is
s = [1].join(",".taint.untrust)
s.tainted? #=> true
s.untrusted? #=> true
In this case, as in the above case, the tainted/untrusted "," isn't used
at all, but still the resulting string is tainted and untrusted. That's
what's called out as a potential bug. What do you think?
I have had a quick look at the code and will add a potential patch to
the bug.
Regards, Martin.
Matz.¶
Bug #5902: Array#join with an unused, infected separator may or may not infect the result
https://bugs.ruby-lang.org/issues/5902Author: John Firebaugh
Status: Assigned
Priority: Normal
Assignee: Yukihiro Matsumoto
Category: core
Target version:
ruby -v: ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-darwin10.8.0]=begin
It's infected if the separator is unused because there is only one element, but not if there are zero elements. Is this intended behavior?s = [].join(",".taint.untrust)
s.tainted? #=> false
s.untrusted? #=> falses = [1].join(",".taint.untrust)
s.tainted? #=> true
s.untrusted? #=> true
=end
Updated by duerst (Martin Dürst) about 12 years ago
A potential patch to address this problem is attached. CAUTION: This patch isn't tested yet! (I'm not in a place where I can update my ruby checkout to the latest version, sorry.)
Updated by nobu (Nobuyoshi Nakada) about 12 years ago
The tests are included in my previous patch.
Updated by ko1 (Koichi Sasada) almost 12 years ago
- Assignee changed from matz (Yukihiro Matsumoto) to nobu (Nobuyoshi Nakada)
Updated by nobu (Nobuyoshi Nakada) almost 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r36381.
John, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
array.c: no infection by unused separator
- array.c (rb_ary_join): should not infected by separator if it is not
used. [ruby-core:42161][Bug #5902]