diff options
| author | Mo Morsi <mmorsi@redhat.com> | 2011-06-16 19:14:34 -0400 |
|---|---|---|
| committer | Mo Morsi <mmorsi@redhat.com> | 2011-06-16 19:14:34 -0400 |
| commit | eb050168148a6623ae04ec6a9005cf052d38d48a (patch) | |
| tree | 7c78111b26b3afbf390bc3b9016429a44bf4f208 | |
| parent | 7be4bd260f38639bce000f59f486258925fbc37f (diff) | |
fix for cve-2011-2197
http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
| -rw-r--r-- | cve-2011-2197-fix.patch | 48 | ||||
| -rw-r--r-- | rubygem-activesupport.spec | 8 |
2 files changed, 55 insertions, 1 deletions
diff --git a/cve-2011-2197-fix.patch b/cve-2011-2197-fix.patch new file mode 100644 index 0000000..0f36f0e --- /dev/null +++ b/cve-2011-2197-fix.patch @@ -0,0 +1,48 @@ +--- lib/active_support/core_ext/string/output_safety.rb ++++ lib/active_support/core_ext/string/output_safety.rb +@@ -73,6 +73,7 @@ end + + module ActiveSupport #:nodoc: + class SafeBuffer < String ++ UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze + alias safe_concat concat + + def concat(value) +@@ -103,6 +104,18 @@ module ActiveSupport #:nodoc: + def to_yaml(*args) + to_str.to_yaml(*args) + end ++ ++ for unsafe_method in UNSAFE_STRING_METHODS ++ class_eval <<-EOT, __FILE__, __LINE__ ++ def #{unsafe_method}(*args) ++ super.to_str ++ end ++ ++ def #{unsafe_method}!(*args) ++ raise TypeError, "Cannot modify SafeBuffer in place" ++ end ++ EOT ++ end + end + end + +--- test/safe_buffer_test.rb ++++ test/safe_buffer_test.rb +@@ -38,4 +38,16 @@ class SafeBufferTest < ActiveSupport::TestCase + new_buffer = @buffer.to_s + assert_equal ActiveSupport::SafeBuffer, new_buffer.class + end ++ ++ test "Should not return safe buffer from gsub" do ++ altered_buffer = @buffer.gsub('', 'asdf') ++ assert_equal 'asdf', altered_buffer ++ assert !altered_buffer.html_safe? ++ end ++ ++ test "Should not allow gsub! on safe buffers" do ++ assert_raise TypeError do ++ @buffer.gsub!('', 'asdf') ++ end ++ end + end diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec index b499bd7..e69b3aa 100644 --- a/rubygem-activesupport.spec +++ b/rubygem-activesupport.spec @@ -31,6 +31,11 @@ Patch1: activesupport-tests-fix.patch # is in Fedora http://bugzilla.redhat.com/show_bug.cgi?id=668822 Patch2: activesupport-remove-memcache-build-dep.patch +# CVE-2011-2197 +# http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications +# FIX: https://gist.github.com/b2ceb626fc2bcdfe497f +Patch3: cve-2011-2197-fix.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: rubygems Requires: ruby(abi) = %{rubyabi} @@ -53,7 +58,7 @@ goodies from the Rails framework %setup -q -c -T mkdir -p .%{gemdir} gem install --local --install-dir .%{gemdir} \ - --force -V --rdoc %{SOURCE0} + --force -V --no-ri --no-rdoc %{SOURCE0} # move the tests into place tar xzvf %{SOURCE2} -C .%{geminstdir} @@ -62,6 +67,7 @@ tar xzvf %{SOURCE2} -C .%{geminstdir} pushd .%{geminstdir} %patch1 -p0 %patch2 -p0 +%patch3 -p0 %build |