Ruby Issue Tracking System

03/20/2015

01:35 PM Ruby Bug #10988 (Closed): [PATCH] Raise ArgumentError when string passed to String#crypt contains null

Currently String#crypt assumes that it is called on a password typed
by the user, specifically, that it does not contain null character.
When it does:
"abc\0def".crypt("pass") == "abc".crypt("pass")
=> true
This may not ... jrusnack (Jan Rusnacko)

03/03/2014

09:09 AM Ruby Bug #9588 (Closed): program name variables tainted

I have noticed inconsistency in taint flag of program name:
```
[jrusnack@dhcp-31-42 ruby-safe]$ cat tainted.rb
#!/usr/bin/env ruby
puts "$0: #{$0}, tainted? #{$0.tainted?}"
puts "__FILE__: #{__FILE__}, tainted? #{... jrusnack (Jan Rusnacko)

02/25/2014

04:36 PM Ruby Bug #9564 (Rejected): Tainted string permitted in Kernel.trap in safe level 1

According to the existing documentation (I am referring to Programming Ruby: The
Pragmatic Programmer's Guide at http://ruby-doc.com/docs/ProgrammingRuby/ and
The Ruby Programming Language by Flanagan, Matsumoto) Kernel.trap should not... jrusnack (Jan Rusnacko)