Always mark the string returned by File.realpath as tainted

This string can include elements that were not in either string passed to File.realpath, even if one of the strings is an absolute path, due to symlinks: ```ruby Dir.mkdir('b') unless File.directory?('b') File.write('b/a', '') unless File.file?('b/a') File.symlink('b', 'c') unless File.symlink?('c') path = File.realpath('c/a'.untaint, Dir.pwd.untaint) path # "/home/testr/ruby/b/a" path.tainted? # should be true, as 'b' comes from file system ``` [Bug #15803]
author: Jeremy Evans <code@jeremyevans.net> 2019-04-27 10:05:26 -0700
committer: Nobuyoshi Nakada <nobu@ruby-lang.org> 2019-04-28 10:47:51 +0900
commit: a15f7dd1fb1148c3d586238ee6907875f2e40379 (patch)
tree: 0822f66d932f09643a041fbd4c7504b1c8662750 /file.c
parent: d47cd75b4fead0cfc5fdb59c48d5d822ffe3382d (diff)
download: bundler-a15f7dd1fb1148c3d586238ee6907875f2e40379.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/file.c b/file.c
index 7ab2f2a026..a04fe538e5 100644
--- a/file.c
+++ b/file.c
@@ -4270,7 +4270,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode
 	}
     }
 
-    OBJ_INFECT(resolved, unresolved_path);
+    rb_obj_taint(resolved);
     RB_GC_GUARD(unresolved_path);
     RB_GC_GUARD(curdir);
     return resolved;
author	Jeremy Evans <code@jeremyevans.net>	2019-04-27 10:05:26 -0700
committer	Nobuyoshi Nakada <nobu@ruby-lang.org>	2019-04-28 10:47:51 +0900
commit	a15f7dd1fb1148c3d586238ee6907875f2e40379 (patch)
tree	0822f66d932f09643a041fbd4c7504b1c8662750 /file.c
parent	d47cd75b4fead0cfc5fdb59c48d5d822ffe3382d (diff)
download	bundler-a15f7dd1fb1148c3d586238ee6907875f2e40379.tar.gz