diff options
author | Kornelius Kalnbach <murphy@rubychan.de> | 2013-07-21 20:41:55 +0200 |
---|---|---|
committer | Kornelius Kalnbach <murphy@rubychan.de> | 2013-07-21 20:41:55 +0200 |
commit | 65983f38eaed758a9901adf9e4e8c4be3e3a6123 (patch) | |
tree | dc25594478036a0613e751a5f44a97fd62852932 /lib | |
parent | c3c70e0b3497939dbfb1958a0764f4fd18c05a48 (diff) | |
download | coderay-65983f38eaed758a9901adf9e4e8c4be3e3a6123.tar.gz |
avoid cache attack in Ruby scanner
(eg. using Unicode-delimited Fancy Strings)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/coderay/scanners/ruby/string_state.rb | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/coderay/scanners/ruby/string_state.rb b/lib/coderay/scanners/ruby/string_state.rb index bcc0507..28ddd6c 100644 --- a/lib/coderay/scanners/ruby/string_state.rb +++ b/lib/coderay/scanners/ruby/string_state.rb @@ -14,7 +14,6 @@ module Scanners { } ] ].each { |k,v| k.freeze; v.freeze } # debug, if I try to change it with << - # FIXME: cache attack STRING_PATTERN = Hash.new do |h, k| delim, interpreted = *k delim_pattern = Regexp.escape(delim) @@ -29,12 +28,13 @@ module Scanners # '| [|?*+(){}\[\].^$]' # end - h[k] = - if interpreted && delim != '#' - / (?= [#{delim_pattern}] | \# [{$@] ) /mx - else - / (?= [#{delim_pattern}] ) /mx - end + if interpreted && delim != '#' + / (?= [#{delim_pattern}] | \# [{$@] ) /mx + else + / (?= [#{delim_pattern}] ) /mx + end.tap do |pattern| + h[k] = pattern if (delim.respond_to?(:ord) ? delim.ord : delim[0]) < 256 + end end def initialize kind, interpreted, delim, heredoc = false |