Skip to content

Commit 2ab42c7

Browse files
kornykorny
committed
prevent Symbol attack in Debug scanner
1 parent 6ef7fa4 commit 2ab42c7

File tree

2 files changed

+28
-23
lines changed

2 files changed

+28
-23
lines changed

lib/coderay/scanners/debug.rb

Lines changed: 22 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
require 'set'
2+
13
module CodeRay
24
module Scanners
35

@@ -11,6 +13,11 @@ class Debug < Scanner
1113

1214
protected
1315

16+
def setup
17+
super
18+
@known_token_kinds = TokenKinds.keys.map(&:to_s).to_set
19+
end
20+
1421
def scan_tokens encoder, options
1522

1623
opened_tokens = []
@@ -21,26 +28,24 @@ def scan_tokens encoder, options
2128
encoder.text_token match, :space
2229

2330
elsif match = scan(/ (\w+) \( ( [^\)\\]* ( \\. [^\)\\]* )* ) \)? /x)
24-
# FIXME: cache attack
25-
kind = self[1].to_sym
26-
match = self[2].gsub(/\\(.)/m, '\1')
27-
unless TokenKinds.has_key? kind
28-
kind = :error
29-
match = matched
31+
if @known_token_kinds.include? self[1]
32+
encoder.text_token self[2].gsub(/\\(.)/m, '\1'), self[1].to_sym
33+
else
34+
encoder.text_token matched, :error
3035
end
31-
encoder.text_token match, kind
3236

3337
elsif match = scan(/ (\w+) ([<\[]) /x)
34-
# FIXME: cache attack
35-
kind = self[1].to_sym
36-
opened_tokens << kind
37-
case self[2]
38-
when '<'
39-
encoder.begin_group kind
40-
when '['
41-
encoder.begin_line kind
42-
else
43-
raise 'CodeRay bug: This case should not be reached.'
38+
if @known_token_kinds.include? self[1]
39+
kind = self[1].to_sym
40+
opened_tokens << kind
41+
case self[2]
42+
when '<'
43+
encoder.begin_group kind
44+
when '['
45+
encoder.begin_line kind
46+
else
47+
raise 'CodeRay bug: This case should not be reached.'
48+
end
4449
end
4550

4651
elsif !opened_tokens.empty? && match = scan(/ > /x)

test/unit/debug.rb

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,15 +18,15 @@ def test_creation
1818
[:begin_group, :string],
1919
['test', :content],
2020
[:end_group, :string],
21-
[:begin_line, :test],
21+
[:begin_line, :head],
2222
["\n", :space],
2323
["\n \t", :space],
2424
[" \n", :space],
2525
["[]", :method],
26-
[:end_line, :test],
26+
[:end_line, :head],
2727
].flatten
2828
TEST_OUTPUT = <<-'DEBUG'.chomp
29-
integer(10)operator((\\\))string<content(test)>test[
29+
integer(10)operator((\\\))string<content(test)>head[
3030
3131
3232
method([])]
@@ -51,7 +51,7 @@ def test_creation
5151
end
5252

5353
TEST_INPUT = <<-'DEBUG'.chomp
54-
integer(10)operator((\\\))string<content(test)>test[
54+
integer(10)operator((\\\))string<content(test)>head[
5555
5656
5757
method([])]
@@ -62,10 +62,10 @@ def test_creation
6262
[:begin_group, :string],
6363
['test', :content],
6464
[:end_group, :string],
65-
[:begin_line, :test],
65+
[:begin_line, :head],
6666
["\n\n \t \n", :space],
6767
["[]", :method],
68-
[:end_line, :test],
68+
[:end_line, :head],
6969
].flatten
7070

7171
def test_filtering_text_tokens

0 commit comments

Comments
 (0)