diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2017-11-28 17:06:05 -0800 |
---|---|---|
committer | Lamont Granquist <lamont@scriptkiddie.org> | 2017-11-28 17:06:05 -0800 |
commit | b88702b926ad51e4250fddd537ce120b57228370 (patch) | |
tree | 13dff87089f7b6308691a82cd5a91a105909c366 | |
parent | 4c6803267bf274287b6289f8ccb26beaff517904 (diff) | |
download | ffi-yajl-b88702b926ad51e4250fddd537ce120b57228370.tar.gz |
add check for yajl-ruby vulnerability
it looks like this code is not vulnerable
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
-rw-r--r-- | spec/ffi_yajl/parser_spec.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/spec/ffi_yajl/parser_spec.rb b/spec/ffi_yajl/parser_spec.rb index be392c8..239ae26 100644 --- a/spec/ffi_yajl/parser_spec.rb +++ b/spec/ffi_yajl/parser_spec.rb @@ -1,6 +1,6 @@ # encoding: UTF-8 # Copyright (c) 2015 Lamont Granquist -# Copyright (c) 2015 Chef Software, Inc. +# Copyright (c) 2015-2017, Chef Software Inc. # # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the @@ -505,6 +505,13 @@ describe "FFI_Yajl::Parser" do expect { parser }.to raise_error(FFI_Yajl::ParseError) end end + + context "should not blow up with bad surrogate trailer" do + let(:json) { "{\"e\":{\"\\uD800\\\\DC00\":\"a\"}}" } + it "should not explode" do + expect { parser }.not_to raise_error + end + end end context "when options are set to empty hash" do |