From: "Martin J. Dürst" <duerst@...>
Date: 2012-01-18T15:51:59+09:00
Subject: [ruby-core:42167] Re: [ruby-trunk - Bug #5902] Array#join with an unused, infected separator may or may not infect the result

Hi Matz,

On 2012/01/17 22:57, Yukihiro Matsumoto wrote:
>
> Issue #5902 has been updated by Yukihiro Matsumoto.
>
>
> In this case, tainted/untrusted string info is never used in the result.  Why should it be tainted?

As far as I understand, the case of

 >    s = [].join(",".taint.untrust)
 >    s.tainted? #=>  false
 >    s.untrusted? #=>  false

is fine, as you say. What's being called out as a bug is

 >    s = [1].join(",".taint.untrust)
 >    s.tainted? #=>  true
 >    s.untrusted? #=>  true

In this case, as in the above case, the tainted/untrusted "," isn't used 
at all, but still the resulting string is tainted and untrusted. That's 
what's called out as a potential bug. What do you think?

I have had a quick look at the code and will add a potential patch to 
the bug.

Regards,   Martin.

> Matz.
> ----------------------------------------
> Bug #5902: Array#join with an unused, infected separator may or may not infect the result
> https://bugs.ruby-lang.org/issues/5902
>
> Author: John Firebaugh
> Status: Assigned
> Priority: Normal
> Assignee: Yukihiro Matsumoto
> Category: core
> Target version:
> ruby -v: ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-darwin10.8.0]
>
>
> =begin
> It's infected if the separator is unused because there is only one element, but not if there are zero elements. Is this intended behavior?
>
>    s = [].join(",".taint.untrust)
>    s.tainted? #=>  false
>    s.untrusted? #=>  false
>
>    s = [1].join(",".taint.untrust)
>    s.tainted? #=>  true
>    s.untrusted? #=>  true
> =end
>
>
>