Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a7df7dc

Browse files
nobunobu
committed
Vertical-bar is disallowed in path names on Windows
No risk of remote code execution, when the file cannot be created. https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58 ``` Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch' D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799' 460: temp_dir do 461: file_list = ['| touch evil.txt && echo tags'] 462: file_list.each do |f| => 463: FileUtils.touch f 464: end 465: 466: assert_equal file_list, @rdoc.remove_unparseable(file_list) ```
1 parent 5a4a64d commit a7df7dc

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

test/rdoc/test_rdoc_rdoc.rb

+1-1
Original file line numberDiff line numberDiff line change
@@ -460,7 +460,7 @@ def test_remove_unparseable_CVE_2021_31799
460460
temp_dir do
461461
file_list = ['| touch evil.txt && echo tags']
462462
file_list.each do |f|
463-
FileUtils.touch f
463+
FileUtils.touch f rescue omit
464464
end
465465

466466
assert_equal file_list, @rdoc.remove_unparseable(file_list)

0 commit comments

Comments
 (0)