diff options
Diffstat (limited to 'spec/ruby/security')
| -rw-r--r-- | spec/ruby/security/cve_2018_6914_spec.rb | 43 |
1 files changed, 19 insertions, 24 deletions
diff --git a/spec/ruby/security/cve_2018_6914_spec.rb b/spec/ruby/security/cve_2018_6914_spec.rb index 1eab3b84cc..dc2f2cd095 100644 --- a/spec/ruby/security/cve_2018_6914_spec.rb +++ b/spec/ruby/security/cve_2018_6914_spec.rb @@ -5,56 +5,51 @@ require 'tmpdir' describe "CVE-2018-6914 is resisted by" do before :each do + @tmpdir = ENV['TMPDIR'] @dir = tmp("CVE-2018-6914") Dir.mkdir(@dir) - touch "#{@dir}/bar" - - @traversal_path = Array.new(@dir.count('/'), '..').join('/') + @dir + '/' - @traversal_path.delete!(':') if platform_is(:windows) + ENV['TMPDIR'] = @dir + @dir << '/' @tempfile = nil end after :each do + ENV['TMPDIR'] = @tmpdir @tempfile.close! if @tempfile rm_r @dir end it "Tempfile.open by deleting separators" do - expect = Dir.glob(@traversal_path + '*').size - @tempfile = Tempfile.open([@traversal_path, 'foo']) - actual = Dir.glob(@traversal_path + '*').size - actual.should == expect + @tempfile = Tempfile.open(['../', 'foo']) + actual = @tempfile.path + File.absolute_path(actual).should.start_with?(@dir) end it "Tempfile.new by deleting separators" do - expect = Dir.glob(@traversal_path + '*').size - @tempfile = Tempfile.new(@traversal_path + 'foo') - actual = Dir.glob(@traversal_path + '*').size - actual.should == expect + @tempfile = Tempfile.new('../foo') + actual = @tempfile.path + File.absolute_path(actual).should.start_with?(@dir) end it "Tempfile.create by deleting separators" do - expect = Dir.glob(@traversal_path + '*').size - Tempfile.create(@traversal_path + 'foo') do - actual = Dir.glob(@traversal_path + '*').size - actual.should == expect + actual = Tempfile.create('../foo') do |t| + t.path end + File.absolute_path(actual).should.start_with?(@dir) end it "Dir.mktmpdir by deleting separators" do - expect = Dir.glob(@traversal_path + '*').size - Dir.mktmpdir(@traversal_path + 'foo') do - actual = Dir.glob(@traversal_path + '*').size - actual.should == expect + actual = Dir.mktmpdir('../foo') do |path| + path end + File.absolute_path(actual).should.start_with?(@dir) end it "Dir.mktmpdir with an array by deleting separators" do - expect = Dir.glob(@traversal_path + '*').size - Dir.mktmpdir([@traversal_path, 'foo']) do - actual = Dir.glob(@traversal_path + '*').size - actual.should == expect + actual = Dir.mktmpdir(['../', 'foo']) do |path| + path end + File.absolute_path(actual).should.start_with?(@dir) end end |