[PATCH] merge revision(s) a7f5d6ab88 c9ab8fe2 [Backport#17877]

author NAKAMURA Usaku <usa@ruby-lang.org>

Mon, 31 May 2021 14:44:23 +0000 (23:44 +0900)

committer Utkarsh Gupta <utkarsh@debian.org>

Sun, 19 Sep 2021 03:40:46 +0000 (04:40 +0100)
author NAKAMURA Usaku <usa@ruby-lang.org>
Mon, 31 May 2021 14:44:23 +0000 (23:44 +0900)
committer Utkarsh Gupta <utkarsh@debian.org>
Sun, 19 Sep 2021 03:40:46 +0000 (04:40 +0100)
diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb

index 4b746464452ec95dbfed4277e57ec67c7d558fee..2549b205ebd206b6741ca14626df882fd81c23a0 100644 (file)
--- a/lib/rdoc/rdoc.rb
+++ b/lib/rdoc/rdoc.rb
@@ -439,7 +439,7 @@ The internal error was:
      files.reject do |file|
        file =~ /\.(?:class|eps|erb|scpt\.txt|ttf|yml)$/i or
          (file =~ /tags$/i and
-         open(file, 'rb') { |io|
+         File.open(file, 'rb') { |io|
             io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
           })
      end
diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb

index 793580de86cbf61887dbe2a095e1a1cf7ad74a73..775ba6599ec4ea884c171de65d8493bb0a7f747c 100644 (file)
--- a/test/rdoc/test_rdoc_rdoc.rb
+++ b/test/rdoc/test_rdoc_rdoc.rb
@@ -335,6 +335,19 @@ class TestRDocRDoc < RDoc::TestCase
      end
    end
  
+  def test_remove_unparseable_CVE_2021_31799
+    omit 'for Un*x platforms' if Gem.win_platform?
+    temp_dir do
+      file_list = ['| touch evil.txt && echo tags']
+      file_list.each do |f|
+        FileUtils.touch f
+      end
+
+      assert_equal file_list, @rdoc.remove_unparseable(file_list)
+      assert_equal file_list, Dir.glob('*')
+    end
+  end
+
    def test_setup_output_dir
      Dir.mktmpdir {|d|
        path = File.join d, 'testdir'
author	NAKAMURA Usaku <usa@ruby-lang.org>
	Mon, 31 May 2021 14:44:23 +0000 (23:44 +0900)
committer	Utkarsh Gupta <utkarsh@debian.org>
	Sun, 19 Sep 2021 03:40:46 +0000 (04:40 +0100)
lib/rdoc/rdoc.rb		patch \| blob \| history
test/rdoc/test_rdoc_rdoc.rb		patch \| blob \| history