Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent OS command injection #548

Merged
merged 7 commits into from Feb 1, 2021
Merged

Prevent OS command injection #548

merged 7 commits into from Feb 1, 2021

Commits on Jan 30, 2021

  1. fix(security): prevent command injection in CookieJar 

    Related to GHSA-qrqm-fpv6-6r8g
    @kyoshidajp @flavorjones
    kyoshidajp authored and flavorjones committed Jan 30, 2021
    Copy the full SHA
    aae0b13 View commit details
    Browse the repository at this point in the history

  2. fix(security): prevent command injection in Mechanize#download 

    Related to GHSA-qrqm-fpv6-6r8g
    @flavorjones
    flavorjones committed Jan 30, 2021
    Copy the full SHA
    2ac906b View commit details
    Browse the repository at this point in the history

  3. fix(security): prevent command injection in Download#save! 

    Related to GHSA-qrqm-fpv6-6r8g
    @flavorjones
    flavorjones committed Jan 30, 2021
    Copy the full SHA
    f43a395 View commit details
    Browse the repository at this point in the history

  4. fix(security): prevent command injection in Mechanize::File#save! 

    Related to GHSA-qrqm-fpv6-6r8g
    @flavorjones
    flavorjones committed Jan 30, 2021
    Copy the full SHA
    b48b12f View commit details
    Browse the repository at this point in the history

  5. fix(security): prevent command injection in FileResponse#read_body 

    Also add general test coverage for FileResponse#read_body

Related to GHSA-qrqm-fpv6-6r8g
    @flavorjones
    flavorjones committed Jan 30, 2021
    Copy the full SHA
    63f8779 View commit details
    Browse the repository at this point in the history

  6. test: remove rubocop security warnings from TestCase 

    - change implicit Kernel.open to ::File.open
- replace `eval` with `define_method`
    @flavorjones
    flavorjones committed Jan 30, 2021
    Copy the full SHA
    5b30aed View commit details
    Browse the repository at this point in the history

  7. changelog: note the patched command injection vulnerabilities

    @flavorjones
    flavorjones committed Jan 30, 2021
    Copy the full SHA
    e238b07 View commit details
    Browse the repository at this point in the history