Branch: refs/heads/master Home: https://github.com/MacRuby/MacRuby Commit: c5a2b55c2112f95e2a64a92019e5cdab88859829 https://github.com/MacRuby/MacRuby/commit/c5a2b55c2112f95e2a64a92019e5cdab88... Author: Watson <watson1978@gmail.com> Date: 2011-05-05 (Thu, 05 May 2011) Changed paths: M io.c Log Message: ----------- IO#read and command execution with backquote will return tainted string. Test Script: {{{ require 'test/unit/assertions.rb' include Test::Unit::Assertions require 'tempfile' def make_tempfile t = Tempfile.new("foo") t.binmode t.puts "foo" t.puts "bar" t.puts "baz" t.close t end t = make_tempfile File.open(t.path) { |f| assert(f.read(2).tainted?) } puts :ok }}} {{{ require 'test/unit/assertions.rb' include Test::Unit::Assertions str = `date` assert(str.tainted?) puts :ok }}}