Commit a7df7dc
committed
Vertical-bar is disallowed in path names on Windows
No risk of remote code execution, when the file cannot be created.
https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58
```
Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch'
D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799'
460: temp_dir do
461: file_list = ['| touch evil.txt && echo tags']
462: file_list.each do |f|
=> 463: FileUtils.touch f
464: end
465:
466: assert_equal file_list, @rdoc.remove_unparseable(file_list)
```1 parent 5a4a64d commit a7df7dc
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
460 | 460 | | |
461 | 461 | | |
462 | 462 | | |
463 | | - | |
| 463 | + | |
464 | 464 | | |
465 | 465 | | |
466 | 466 | | |
| |||
0 commit comments