[jruby-dev] [jira] Created: (JRUBY-5286) taint failure in File.join and File#path

Daniel Berger (JIRA) Thu, 30 Dec 2010 13:44:24 -0800

taint failure in File.join and File#path
----------------------------------------


                 Key: JRUBY-5286
                 URL: http://jira.codehaus.org/browse/JRUBY-5286
             Project: JRuby
          Issue Type: Bug
          Components: Core Classes/Modules
    Affects Versions: JRuby 1.5.6
         Environment: jruby 1.5.6 (ruby 1.8.7 patchlevel 249) (2010-12-03 
9cf97c3) (Java HotSpot(TM) 64-Bit Server VM 1.6.0_22) [x86_64-java]
            Reporter: Daniel Berger


Both File.join and File#path are tainted if any of their arguments were 
tainted. Here's a sample program that demonstrates it.

{code}
file = File.join(Dir.pwd, 'test_file.txt')
p file.tainted? # => should be true (Dir.pwd returns a tainted string)
fh = File.open(file, 'w')
p fh.path.tainted? # => should be true (file is tainted)
{code}

MRI returns true for both, JRuby returns false for both.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

[jruby-dev] [jira] Created: (JRUBY-5286) taint failure in File.join and File#path

Reply via email to