summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKornelius Kalnbach <murphy@rubychan.de>2013-07-21 20:41:55 +0200
committerKornelius Kalnbach <murphy@rubychan.de>2013-07-21 20:41:55 +0200
commit65983f38eaed758a9901adf9e4e8c4be3e3a6123 (patch)
treedc25594478036a0613e751a5f44a97fd62852932 /lib
parentc3c70e0b3497939dbfb1958a0764f4fd18c05a48 (diff)
downloadcoderay-65983f38eaed758a9901adf9e4e8c4be3e3a6123.tar.gz
avoid cache attack in Ruby scanner
(eg. using Unicode-delimited Fancy Strings)
Diffstat (limited to 'lib')
-rw-r--r--lib/coderay/scanners/ruby/string_state.rb14
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/coderay/scanners/ruby/string_state.rb b/lib/coderay/scanners/ruby/string_state.rb
index bcc0507..28ddd6c 100644
--- a/lib/coderay/scanners/ruby/string_state.rb
+++ b/lib/coderay/scanners/ruby/string_state.rb
@@ -14,7 +14,6 @@ module Scanners
{ }
] ].each { |k,v| k.freeze; v.freeze } # debug, if I try to change it with <<
- # FIXME: cache attack
STRING_PATTERN = Hash.new do |h, k|
delim, interpreted = *k
delim_pattern = Regexp.escape(delim)
@@ -29,12 +28,13 @@ module Scanners
# '| [|?*+(){}\[\].^$]'
# end
- h[k] =
- if interpreted && delim != '#'
- / (?= [#{delim_pattern}] | \# [{$@] ) /mx
- else
- / (?= [#{delim_pattern}] ) /mx
- end
+ if interpreted && delim != '#'
+ / (?= [#{delim_pattern}] | \# [{$@] ) /mx
+ else
+ / (?= [#{delim_pattern}] ) /mx
+ end.tap do |pattern|
+ h[k] = pattern if (delim.respond_to?(:ord) ? delim.ord : delim[0]) < 256
+ end
end
def initialize kind, interpreted, delim, heredoc = false