lib/shell/command-processor.rb (Shell#[]): prevent unknown command

Origin: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-16255

`FileTest.send(command, ...)` allows to call not only FileTest-related
methods but also any method that belongs to Kernel, Object, etc.
patched by <mame@ruby-lang.org>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67814 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[Salvatore Bonaccorso: Backport to 2.3.3:
 - Context changes in test/shell/test_command_processor.rb
]

Gbp-Pq: Name lib-shell-command-processor.rb-Shell-prevent-unknown.patch

diff --git a/lib/shell/command-processor.rb b/lib/shell/command-processor.rb
index 2239ca98f63d889dbd58ab0fed112e681cf540ed..b50f4003a79462625bfe55a7e8e3bb3802e3aa98 100644 (file)
--- a/lib/shell/command-processor.rb
+++ b/lib/shell/command-processor.rb
@@ -180,6 +180,9 @@ class Shell
             top_level_test(command, file1)
           end
         else
+          unless FileTest.methods(false).include?(command.to_sym)
+            raise "unsupported command: #{ command }"
+          end
           if file2
             FileTest.send(command, file1, file2)
           else

diff --git a/test/shell/test_command_processor.rb b/test/shell/test_command_processor.rb
index 99fe1b222a82bff934a24671e145f9d29fc88b1a..6626befb79f03db4247e01d55b317e945aa3ddc7 100644 (file)
--- a/test/shell/test_command_processor.rb
+++ b/test/shell/test_command_processor.rb
@@ -66,4 +66,22 @@ class TestShell::CommandProcessor < Test::Unit::TestCase
     Process.waitall
     Dir.rmdir(path)
   end
+
+  def test_test
+    name = "foo#{exeext}"
+    path = File.join(@tmpdir, name)
+    open(path, "w", 0644) {}
+
+    assert_equal(true, @shell[?e, path])
+    assert_equal(true, @shell[:e, path])
+    assert_equal(true, @shell["e", path])
+    assert_equal(true, @shell[:exist?, path])
+    assert_equal(true, @shell["exist?", path])
+    assert_raise_with_message(RuntimeError, /unsupported command/) do
+      assert_equal(true, @shell[:instance_eval, path])
+    end
+  ensure
+    Process.waitall
+    File.unlink(path)
+  end
 end