File: cve_2018_16396_spec.rb

package info (click to toggle)
ruby2.7 2.7.4-1%2Bdeb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 112,576 kB
  • sloc: ruby: 849,454; ansic: 697,834; yacc: 45,100; xml: 25,367; pascal: 10,051; javascript: 6,575; sh: 3,848; makefile: 759; cpp: 713; asm: 333; python: 295; lisp: 97; sed: 94; perl: 62; awk: 36
file content (25 lines) | stat: -rw-r--r-- 545 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
require_relative '../spec_helper'

describe "Array#pack" do

  ruby_version_is ''...'2.7' do
    it "resists CVE-2018-16396 by tainting output based on input" do
      "aAZBbHhuMmPp".each_char do |f|
        ["123456".taint].pack(f).tainted?.should be_true
      end
    end
  end

end

describe "String#unpack" do

  ruby_version_is ''...'2.7' do
    it "resists CVE-2018-16396 by tainting output based on input" do
      "aAZBbHhuMm".each_char do |f|
        "123456".taint.unpack(f).first.tainted?.should be_true
      end
    end
  end

end