From b88702b926ad51e4250fddd537ce120b57228370 Mon Sep 17 00:00:00 2001
From: Lamont Granquist <lamont@scriptkiddie.org>
Date: Tue, 28 Nov 2017 17:06:05 -0800
Subject: add check for yajl-ruby vulnerability

it looks like this code is not vulnerable

Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
---
 spec/ffi_yajl/parser_spec.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'spec')

diff --git a/spec/ffi_yajl/parser_spec.rb b/spec/ffi_yajl/parser_spec.rb
index be392c8..239ae26 100644
--- a/spec/ffi_yajl/parser_spec.rb
+++ b/spec/ffi_yajl/parser_spec.rb
@@ -1,6 +1,6 @@
 # encoding: UTF-8
 # Copyright (c) 2015 Lamont Granquist
-# Copyright (c) 2015 Chef Software, Inc.
+# Copyright (c) 2015-2017, Chef Software Inc.
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -505,6 +505,13 @@ describe "FFI_Yajl::Parser" do
         expect { parser }.to raise_error(FFI_Yajl::ParseError)
       end
     end
+
+    context "should not blow up with bad surrogate trailer" do
+      let(:json) { "{\"e\":{\"\\uD800\\\\DC00\":\"a\"}}" }
+      it "should not explode" do
+        expect { parser }.not_to raise_error
+      end
+    end
   end
 
   context "when options are set to empty hash" do
-- 
cgit v1.2.1