Skip to content

Commit a7df7dc

Browse files
nobunobu
committed
Vertical-bar is disallowed in path names on Windows
No risk of remote code execution, when the file cannot be created. https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58 ``` Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch' D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799' 460: temp_dir do 461: file_list = ['| touch evil.txt && echo tags'] 462: file_list.each do |f| => 463: FileUtils.touch f 464: end 465: 466: assert_equal file_list, @rdoc.remove_unparseable(file_list) ```
1 parent 5a4a64d commit a7df7dc

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

test/rdoc/test_rdoc_rdoc.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -460,7 +460,7 @@ def test_remove_unparseable_CVE_2021_31799
460460
temp_dir do
461461
file_list = ['| touch evil.txt && echo tags']
462462
file_list.each do |f|
463-
FileUtils.touch f
463+
FileUtils.touch f rescue omit
464464
end
465465

466466
assert_equal file_list, @rdoc.remove_unparseable(file_list)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy