[jruby-dev] [jira] Created: (JRUBY-4414) Marshal.dump and Marshal.load do not respect object's taintedness and untrustedness

Mon, 04 Jan 2010 16:57:01 -0800 

Marshal.dump and Marshal.load do not respect object's taintedness and 
untrustedness
-----------------------------------------------------------------------------------

                 Key: JRUBY-4414
                 URL: http://jira.codehaus.org/browse/JRUBY-4414
             Project: JRuby
          Issue Type: Bug
          Components: Core Classes/Modules, RubySpec
    Affects Versions: JRuby 1.4
         Environment: github trunk, Java 6, Mac OS X 10.6.2
            Reporter: Hiro Asari
             Fix For: JRuby 1.5


I pushed new specs (see 
http://github.com/rubyspec/rubyspec/commit/9baa5e7b99dff5be0b574dfa0d1f8db4f3bd9c94)
 to rubyspec.

The rev introduces a few new failures in JRuby (in addition to ones mentioned 
in JRUBY-4334 and JRUBY-4335):
{noformat}

1)
Marshal.dump returns a tainted string if object is tainted FAILED
Expected false to be true
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/dump_spec.rb:286
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/dump_spec.rb:12
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/dump_spec.rb:55:in 
`load'

2)
Marshal.dump returns a tainted string if object is tainted deep in nested 
structure FAILED
Expected false to be true
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/dump_spec.rb:296
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/dump_spec.rb:12
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/dump_spec.rb:55:in 
`load'

5)
Marshal::load returns a tainted object if source is tainted FAILED
Expected false to be true
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/load_spec.rb:331
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/load_spec.rb:4
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/load_spec.rb:55:in 
`load'

6)
Marshal::load preserves taintedness of nested structure FAILED
Expected false to be true
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/load_spec.rb:347
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/load_spec.rb:4
/Users/asari/Development/src/jruby/spec/ruby/core/marshal/load_spec.rb:55:in 
`load'

{noformat}

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

Reply via email to