update immutable API blacklist and whitelist

adds the whitelist so that when we update to new ruby versions it forces
us to audit the new Array and Hash methods and figure out if they are
mutators or not.

this change closes the Hash#store loophole that was being abused by
some cookbook consumers to directly modify merged ImmutableHashes
(producing inherently undefined behavior that we 'broke' at one
point).

Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>

1 files changed, 11 insertions, 1 deletions

diff --git a/spec/unit/node/immutable_collections_spec.rb b/spec/unit/node/immutable_collections_spec.rb
index 96adedddcb..29ae8799e9 100644
--- a/spec/unit/node/immutable_collections_spec.rb
+++ b/spec/unit/node/immutable_collections_spec.rb
@@ -1,6 +1,6 @@
 #
 # Author:: Daniel DeLeo (<dan@chef.io>)
-# Copyright:: Copyright 2012-2017, Chef Software Inc.
+# Copyright:: Copyright 2012-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,6 +34,11 @@ describe Chef::Node::ImmutableMash do
     @immutable_mash = @node["key"]
   end
 
+  it "does not have any unaudited methods" do
+    unaudited_methods = Hash.instance_methods - Object.instance_methods - Chef::Node::Mixin::ImmutablizeHash::DISALLOWED_MUTATOR_METHODS - Chef::Node::Mixin::ImmutablizeHash::ALLOWED_METHODS
+    expect(unaudited_methods).to be_empty
+  end
+
   it "element references like regular hash" do
     expect(@immutable_mash[:top][:second_level]).to eq("some value")
   end
@@ -228,6 +233,11 @@ describe Chef::Node::ImmutableArray do
     end
   end
 
+  it "does not have any unaudited methods" do
+    unaudited_methods = Array.instance_methods - Object.instance_methods - Chef::Node::Mixin::ImmutablizeArray::DISALLOWED_MUTATOR_METHODS - Chef::Node::Mixin::ImmutablizeArray::ALLOWED_METHODS
+    expect(unaudited_methods).to be_empty
+  end
+
   it "can be duped even if some elements can't" do
     @immutable_array.dup
   end