зеркало из https://github.com/github/ruby.git
* lib/pp.rb (guard_inspect_key): untrust internal hash to prevent
unexpected SecurityError. * test/ruby/test_object.rb: add a test for [ruby-dev:38982]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@24396 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
mame
Родитель
5ea7e7f60b
Коммит
528574c2e2
|
|
@ -1,3 +1,10 @@
|
|||
Wed Aug 5 01:38:27 2009 Yusuke Endoh <mame@tsg.ne.jp>
|
||||
|
||||
* lib/pp.rb (guard_inspect_key): untrust internal hash to prevent
|
||||
unexpected SecurityError.
|
||||
|
||||
* test/ruby/test_object.rb: add a test for [ruby-dev:38982].
|
||||
|
||||
Wed Aug 5 00:33:05 2009 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||
|
||||
* lib/rdoc/parser/c.rb: fixed a small error in the documentation.
|
||||
|
|
|
|||
|
|
@ -107,17 +107,17 @@ class PP < PrettyPrint
|
|||
module PPMethods
|
||||
def guard_inspect_key
|
||||
if Thread.current[:__recursive_key__] == nil
|
||||
Thread.current[:__recursive_key__] = {}
|
||||
Thread.current[:__recursive_key__] = {}.untrust
|
||||
end
|
||||
|
||||
if Thread.current[:__recursive_key__][:inspect] == nil
|
||||
Thread.current[:__recursive_key__][:inspect] = {}
|
||||
Thread.current[:__recursive_key__][:inspect] = {}.untrust
|
||||
end
|
||||
|
||||
save = Thread.current[:__recursive_key__][:inspect]
|
||||
|
||||
begin
|
||||
Thread.current[:__recursive_key__][:inspect] = {}
|
||||
Thread.current[:__recursive_key__][:inspect] = {}.untrust
|
||||
yield
|
||||
ensure
|
||||
Thread.current[:__recursive_key__][:inspect] = save
|
||||
|
|
|
|||
|
|
@ -413,4 +413,40 @@ class TestObject < Test::Unit::TestCase
|
|||
assert_equal(true, s.untrusted?)
|
||||
assert_equal(true, s.tainted?)
|
||||
end
|
||||
|
||||
def test_exec_recursive
|
||||
Thread.current[:__recursive_key__] = nil
|
||||
a = [[]]
|
||||
a.inspect
|
||||
|
||||
assert_nothing_raised do
|
||||
-> do
|
||||
$SAFE = 4
|
||||
begin
|
||||
a.hash
|
||||
rescue ArgumentError
|
||||
end
|
||||
end.call
|
||||
end
|
||||
|
||||
-> do
|
||||
assert_nothing_raised do
|
||||
$SAFE = 4
|
||||
a.inspect
|
||||
end
|
||||
end.call
|
||||
|
||||
-> do
|
||||
o = Object.new
|
||||
def o.to_ary(x); end
|
||||
def o.==(x); $SAFE = 4; false; end
|
||||
a = [[o]]
|
||||
b = []
|
||||
b << b
|
||||
|
||||
assert_nothing_raised do
|
||||
b == a
|
||||
end
|
||||
end.call
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче