Strange problem with regular expressions and tainted values

H

Hadmut Danisch

Hi,

I have a ruby program which fetches some web pages, and for security
reasons I have set $SAFE to 1 or 2. Since then I am hunting a strange
problem with tainted values.

Within the program, I have a (definitely untainted) variable url
containing the URL to get. At a later point the interpreter complains
about using a tainted variable which was derived with a regular
expression. I have inserted some debugging code and it boils down to



puts "UUU #{url} #{url.tainted?}"

case url
when /(.)/
puts "AAA #{$1} #{$1.tainted?}"
end


which prints

UUU http://www.ruby-lang.org false
AAA h true



But when I put this code snippet into a separate file

#!/usr/bin/ruby

$SAFE=2

url="http://www.ruby-lang.org"
puts "UUU #{url} #{url.tainted?}"

case url
when /(.)/
puts "AAA #{$1} #{$1.tainted?}"
end


it prints

UUU http://www.danisch.de false
AAA h false


Why would the regular expression give a tainted result in the first
case, but not in the separate example, which appears to be the very same
code? Any side effect?

Hadmut
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top