summaryrefslogtreecommitdiff
path: root/spec/ruby/security/cve_2018_6914_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/ruby/security/cve_2018_6914_spec.rb')
-rw-r--r--spec/ruby/security/cve_2018_6914_spec.rb43
1 files changed, 19 insertions, 24 deletions
diff --git a/spec/ruby/security/cve_2018_6914_spec.rb b/spec/ruby/security/cve_2018_6914_spec.rb
index 1eab3b84cc..dc2f2cd095 100644
--- a/spec/ruby/security/cve_2018_6914_spec.rb
+++ b/spec/ruby/security/cve_2018_6914_spec.rb
@@ -5,56 +5,51 @@ require 'tmpdir'
describe "CVE-2018-6914 is resisted by" do
before :each do
+ @tmpdir = ENV['TMPDIR']
@dir = tmp("CVE-2018-6914")
Dir.mkdir(@dir)
- touch "#{@dir}/bar"
-
- @traversal_path = Array.new(@dir.count('/'), '..').join('/') + @dir + '/'
- @traversal_path.delete!(':') if platform_is(:windows)
+ ENV['TMPDIR'] = @dir
+ @dir << '/'
@tempfile = nil
end
after :each do
+ ENV['TMPDIR'] = @tmpdir
@tempfile.close! if @tempfile
rm_r @dir
end
it "Tempfile.open by deleting separators" do
- expect = Dir.glob(@traversal_path + '*').size
- @tempfile = Tempfile.open([@traversal_path, 'foo'])
- actual = Dir.glob(@traversal_path + '*').size
- actual.should == expect
+ @tempfile = Tempfile.open(['../', 'foo'])
+ actual = @tempfile.path
+ File.absolute_path(actual).should.start_with?(@dir)
end
it "Tempfile.new by deleting separators" do
- expect = Dir.glob(@traversal_path + '*').size
- @tempfile = Tempfile.new(@traversal_path + 'foo')
- actual = Dir.glob(@traversal_path + '*').size
- actual.should == expect
+ @tempfile = Tempfile.new('../foo')
+ actual = @tempfile.path
+ File.absolute_path(actual).should.start_with?(@dir)
end
it "Tempfile.create by deleting separators" do
- expect = Dir.glob(@traversal_path + '*').size
- Tempfile.create(@traversal_path + 'foo') do
- actual = Dir.glob(@traversal_path + '*').size
- actual.should == expect
+ actual = Tempfile.create('../foo') do |t|
+ t.path
end
+ File.absolute_path(actual).should.start_with?(@dir)
end
it "Dir.mktmpdir by deleting separators" do
- expect = Dir.glob(@traversal_path + '*').size
- Dir.mktmpdir(@traversal_path + 'foo') do
- actual = Dir.glob(@traversal_path + '*').size
- actual.should == expect
+ actual = Dir.mktmpdir('../foo') do |path|
+ path
end
+ File.absolute_path(actual).should.start_with?(@dir)
end
it "Dir.mktmpdir with an array by deleting separators" do
- expect = Dir.glob(@traversal_path + '*').size
- Dir.mktmpdir([@traversal_path, 'foo']) do
- actual = Dir.glob(@traversal_path + '*').size
- actual.should == expect
+ actual = Dir.mktmpdir(['../', 'foo']) do |path|
+ path
end
+ File.absolute_path(actual).should.start_with?(@dir)
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 21:41:28 +0000