From: satoko.itse@...
Date: 2017-12-04T11:44:51+00:00
Subject: [ruby-core:84086] [Ruby trunk Bug#14075] File.dirname("path without dir".taint) returns untainted string

Issue #14075 has been updated by hkdnet (Ko Sato).


I found that File.split also returns untainted string with a tainted argument.

~~~
$ ruby -e 'p File.split("foo/bar".taint).map(&:tainted?); p File.split("hoge".taint).map(&:tainted?)'
[true, true]
[false, true]
~~~


----------------------------------------
Bug #14075: File.dirname("path without dir".taint) returns untainted string
https://bugs.ruby-lang.org/issues/14075#change-68186

* Author: znz (Kazuhiro NISHIYAMA)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN
----------------------------------------
Is this intentional?

```
% ruby -e 'p [File.dirname("foo/bar".taint).tainted?, File.dirname("hoge".taint).tainted?]'
[true, false]
```



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>