* object.c (rb_obj_untrusted): new method Object#untrusted?.

(rb_obj_untrust): new method Object#untrust. (rb_obj_trust): new method Object#trust. * array.c, debug.c, time.c, include/ruby/ruby.h, re.c, variable.c, string.c, io.c, dir.c, vm_method.c, struct.c, class.c, hash.c, ruby.c, marshal.c: fixes for Object#untrusted?. * test/ruby/test_module.rb, test/ruby/test_array.rb, test/ruby/test_object.rb, test/ruby/test_string.rb, test/ruby/test_marshal.rb, test/ruby/test_hash.rb: added tests for Object#untrusted?. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@18568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-18 18:13:58 +02:00 · 2008-08-13 07:25:05 +00:00 · 2008-08-13 07:25:05 +00:00 · f433d710d0
commit f433d710d0
parent 55c141c624
23 changed files with 364 additions and 88 deletions
--- a/test/ruby/test_array.rb
+++ b/test/ruby/test_array.rb
@ -451,16 +451,20 @@ class TestArray < Test::Unit::TestCase

  def test_clone
    for taint in [ false, true ]
-      for frozen in [ false, true ]
-        a = @cls[*(0..99).to_a]
-        a.taint  if taint
-        a.freeze if frozen
-        b = a.clone
+      for untrust in [ false, true ]
+        for frozen in [ false, true ]
+          a = @cls[*(0..99).to_a]
+          a.taint  if taint
+          a.untrust  if untrust
+          a.freeze if frozen
+          b = a.clone

-        assert_equal(a, b)
-        assert(a.__id__ != b.__id__)
-        assert_equal(a.frozen?, b.frozen?)
-        assert_equal(a.tainted?, b.tainted?)
+          assert_equal(a, b)
+          assert(a.__id__ != b.__id__)
+          assert_equal(a.frozen?, b.frozen?)
+          assert_equal(a.untrusted?, b.untrusted?)
+          assert_equal(a.tainted?, b.tainted?)
+        end
      end
    end
  end
@ -708,6 +712,13 @@ class TestArray < Test::Unit::TestCase
                 @cls[@cls[@cls[@cls[],@cls[]],@cls[@cls[]],@cls[]],@cls[@cls[@cls[]]]].flatten)

    assert_raise(TypeError, "[ruby-dev:31197]") { [[]].flatten("") }
+
+    a6 = @cls[[1, 2], 3]
+    a6.taint
+    a6.untrust
+    a7 = a6.flatten
+    assert_equal(true, a7.tainted?)
+    assert_equal(true, a7.untrusted?)
  end

  def test_flatten!
@ -797,6 +808,12 @@ class TestArray < Test::Unit::TestCase
    assert_equal("1,2,3", a.join(','))

    $, = ""
+    a = @cls[1, 2, 3]
+    a.taint
+    a.untrust
+    s = a.join
+    assert_equal(true, s.tainted?)
+    assert_equal(true, s.untrusted?)
  end

  def test_last
@ -1574,4 +1591,13 @@ class TestArray < Test::Unit::TestCase
  def test_array_subclass
    assert_equal(Array2, Array2[1,2,3].uniq.class, "[ruby-dev:34581]")
  end
+
+  def test_inspect
+    a = @cls[1, 2, 3]
+    a.taint
+    a.untrust
+    s = a.inspect
+    assert_equal(true, s.tainted?)
+    assert_equal(true, s.untrusted?)
+  end
 end
--- a/test/ruby/test_hash.rb
+++ b/test/ruby/test_hash.rb
@ -206,16 +206,20 @@ class TestHash < Test::Unit::TestCase

  def test_clone
    for taint in [ false, true ]
-      for frozen in [ false, true ]
-        a = @h.clone
-        a.taint  if taint
-        a.freeze if frozen
-        b = a.clone
+      for untrust in [ false, true ]
+        for frozen in [ false, true ]
+          a = @h.clone
+          a.taint  if taint
+          a.untrust if untrust
+          a.freeze if frozen
+          b = a.clone

-        assert_equal(a, b)
-        assert(a.__id__ != b.__id__)
-        assert_equal(a.frozen?, b.frozen?)
-        assert_equal(a.tainted?, b.tainted?)
+          assert_equal(a, b)
+          assert(a.__id__ != b.__id__)
+          assert_equal(a.frozen?, b.frozen?)
+          assert_equal(a.untrusted?, b.untrusted?)
+          assert_equal(a.tainted?, b.tainted?)
+        end
      end
    end
  end
@ -288,16 +292,19 @@ class TestHash < Test::Unit::TestCase

  def test_dup
    for taint in [ false, true ]
-      for frozen in [ false, true ]
-        a = @h.dup
-        a.taint  if taint
-        a.freeze if frozen
-        b = a.dup
+      for untrust in [ false, true ]
+        for frozen in [ false, true ]
+          a = @h.dup
+          a.taint  if taint
+          a.freeze if frozen
+          b = a.dup

-        assert_equal(a, b)
-        assert(a.__id__ != b.__id__)
-        assert_equal(false, b.frozen?)
-        assert_equal(a.tainted?, b.tainted?)
+          assert_equal(a, b)
+          assert(a.__id__ != b.__id__)
+          assert_equal(false, b.frozen?)
+          assert_equal(a.tainted?, b.tainted?)
+          assert_equal(a.untrusted?, b.untrusted?)
+        end
      end
    end
  end
@ -599,6 +606,13 @@ class TestHash < Test::Unit::TestCase
    assert_equal([3,4], a.delete([3,4]))
    assert_equal([5,6], a.delete([5,6]))
    assert_equal(0, a.length)
+
+    h = @cls[ 1=>2, 3=>4, 5=>6 ]
+    h.taint
+    h.untrust
+    a = h.to_a
+    assert_equal(true, a.tainted?)
+    assert_equal(true, a.untrusted?)
  end

  def test_to_hash
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@ -179,4 +179,16 @@ class TestMarshal < Test::Unit::TestCase
      Marshal.dump((0..1000).map {|x| C4.new(x % 50 == 25) })
    end
  end
+
+  def test_taint_and_untrust
+    x = Object.new
+    x.taint
+    x.untrust
+    s = Marshal.dump(x)
+    assert_equal(true, s.tainted?)
+    assert_equal(true, s.untrusted?)
+    y = Marshal.load(s)
+    assert_equal(true, y.tainted?)
+    assert_equal(true, y.untrusted?)
+  end
 end
--- a/test/ruby/test_module.rb
+++ b/test/ruby/test_module.rb
@ -699,4 +699,22 @@ class TestModule < Test::Unit::TestCase
    assert_equal(true, c2.include?(m))
    assert_equal(false, m.include?(m))
  end
+
+  def test_include_under_safe4
+    m = Module.new
+    c1 = Class.new
+    assert_raise(SecurityError) do
+      lambda {
+        $SAFE = 4
+        c1.instance_eval { include(m) }
+      }.call
+    end
+    assert_nothing_raised do
+      lambda {
+        $SAFE = 4
+        c2 = Class.new
+        c2.instance_eval { include(m) }
+      }.call
+    end
+  end
 end
--- a/test/ruby/test_object.rb
+++ b/test/ruby/test_object.rb
@ -320,4 +320,82 @@ class TestObject < Test::Unit::TestCase
      1.extend
    end
  end
+
+  def test_untrusted
+    obj = lambda {
+      $SAFE = 4
+      x = Object.new
+      x.instance_eval { @foo = 1 }
+      x
+    }.call
+    assert_equal(true, obj.untrusted?)
+    assert_equal(true, obj.tainted?)
+
+    x = Object.new
+    assert_equal(false, x.untrusted?)
+    assert_raise(SecurityError) do
+      lambda {
+        $SAFE = 4
+        x.instance_eval { @foo = 1 }
+      }.call
+    end
+
+    x = Object.new
+    x.taint
+    assert_raise(SecurityError) do
+      lambda {
+        $SAFE = 4
+        x.instance_eval { @foo = 1 }
+      }.call
+    end
+
+    x.untrust
+    assert_equal(true, x.untrusted?)
+    assert_nothing_raised do
+      lambda {
+        $SAFE = 4
+        x.instance_eval { @foo = 1 }
+      }.call
+    end
+
+    x.trust
+    assert_equal(false, x.untrusted?)
+    assert_raise(SecurityError) do
+      lambda {
+        $SAFE = 4
+        x.instance_eval { @foo = 1 }
+      }.call
+    end
+
+    a = Object.new
+    a.untrust
+    assert_equal(true, a.untrusted?)
+    b = a.dup
+    assert_equal(true, b.untrusted?)
+    c = a.clone
+    assert_equal(true, c.untrusted?)
+
+    a = Object.new
+    b = lambda {
+      $SAFE = 4
+      a.dup
+    }.call
+    assert_equal(true, b.untrusted?)
+
+    a = Object.new
+    b = lambda {
+      $SAFE = 4
+      a.clone
+    }.call
+    assert_equal(true, b.untrusted?)
+  end
+
+  def test_to_s
+    x = Object.new
+    x.taint
+    x.untrust
+    s = x.to_s
+    assert_equal(true, s.untrusted?)
+    assert_equal(true, s.tainted?)
+  end
 end
--- a/test/ruby/test_string.rb
+++ b/test/ruby/test_string.rb
@ -427,16 +427,20 @@ class TestString < Test::Unit::TestCase

  def test_clone
    for taint in [ false, true ]
-      for frozen in [ false, true ]
-        a = S("Cool")
-        a.taint  if taint
-        a.freeze if frozen
-        b = a.clone
+      for untrust in [ false, true ]
+        for frozen in [ false, true ]
+          a = S("Cool")
+          a.taint  if taint
+          a.untrust  if untrust
+          a.freeze if frozen
+          b = a.clone

-        assert_equal(a, b)
-        assert(a.__id__ != b.__id__)
-        assert_equal(a.frozen?, b.frozen?)
-        assert_equal(a.tainted?, b.tainted?)
+          assert_equal(a, b)
+          assert(a.__id__ != b.__id__)
+          assert_equal(a.frozen?, b.frozen?)
+          assert_equal(a.untrusted?, b.untrusted?)
+          assert_equal(a.tainted?, b.tainted?)
+        end
      end
    end

@ -532,16 +536,20 @@ class TestString < Test::Unit::TestCase

  def test_dup
    for taint in [ false, true ]
-      for frozen in [ false, true ]
-        a = S("hello")
-        a.taint  if taint
-        a.freeze if frozen
-        b = a.dup 
+      for untrust in [ false, true ]
+        for frozen in [ false, true ]
+          a = S("hello")
+          a.taint  if taint
+          a.untrust  if untrust
+          a.freeze if frozen
+          b = a.dup 

-        assert_equal(a, b)
-        assert(a.__id__ != b.__id__)
-        assert(!b.frozen?)
-        assert_equal(a.tainted?, b.tainted?)
+          assert_equal(a, b)
+          assert(a.__id__ != b.__id__)
+          assert(!b.frozen?)
+          assert_equal(a.tainted?, b.tainted?)
+          assert_equal(a.untrusted?, b.untrusted?)
+        end
      end
    end     
  end
@ -623,7 +631,9 @@ class TestString < Test::Unit::TestCase

    a = S("hello")
    a.taint
+    a.untrust
    assert(a.gsub(/./, S('X')).tainted?)
+    assert(a.gsub(/./, S('X')).untrusted?)

    assert_equal("z", "abc".gsub(/./, "a" => "z"), "moved from btest/knownbug")

@ -651,8 +661,10 @@ class TestString < Test::Unit::TestCase

    r = S('X')
    r.taint
+    r.untrust
    a.gsub!(/./, r)
    assert(a.tainted?) 
+    assert(a.untrusted?) 

    a = S("hello")
    assert_nil(a.sub!(S('X'), S('Y')))
@ -823,9 +835,11 @@ class TestString < Test::Unit::TestCase

    a = S("foo")
    a.taint
+    a.untrust
    b = a.replace(S("xyz"))
    assert_equal(S("xyz"), b)
    assert(b.tainted?)
+    assert(b.untrusted?)

    s = "foo" * 100
    s2 = ("bar" * 100).dup
@ -1170,7 +1184,10 @@ class TestString < Test::Unit::TestCase

    a = S("hello")
    a.taint
-    assert(a.sub(/./, S('X')).tainted?)
+    a.untrust
+    x = a.sub(/./, S('X'))
+    assert(x.tainted?)
+    assert(x.untrusted?)

    o = Object.new
    def o.to_str; "bar"; end
@ -1211,8 +1228,10 @@ class TestString < Test::Unit::TestCase

    r = S('X')
    r.taint
+    r.untrust
    a.sub!(/./, r)
    assert(a.tainted?) 
+    assert(a.untrusted?) 
  end

  def test_succ