File: cve_2013_4164_spec.rb

package info (click to toggle)
ruby3.4 3.4.5-1~exp1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 154,784 kB
  • sloc: ruby: 1,259,653; ansic: 829,955; yacc: 28,233; pascal: 7,359; sh: 3,864; python: 1,799; cpp: 1,158; asm: 808; makefile: 801; javascript: 414; lisp: 109; perl: 62; awk: 36; sed: 4; xml: 4
file content (15 lines) | stat: -rw-r--r-- 438 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
require_relative '../spec_helper'

require 'json'

describe "String#to_f" do
  it "resists CVE-2013-4164 by converting very long Strings to a Float" do
    "1.#{'1'*1000000}".to_f.should be_close(1.1111111111111112, TOLERANCE)
  end
end

describe "JSON.parse" do
  it "resists CVE-2013-4164 by converting very long Strings to a Float" do
    JSON.parse("[1.#{'1'*1000000}]").first.should be_close(1.1111111111111112, TOLERANCE)
  end
end