You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
% gem install cgi -v 0.3.3Fetching cgi-0.3.3.gemBuilding native extensions. This could take a while...Successfully installed cgi-0.3.3Parsing documentation for cgi-0.3.3Installing ri documentation for cgi-0.3.3Done installing documentation for cgi after 0 seconds1 gem installed% irbirb(main):001:0> require 'cgi'irb(main):002:0> CGI::Cookie.new('domain'=>'.example.com', 'name'=>'name1')=> []irb(main):003:0>
Actual behavior
It raises ArgumentError
% gem install cgi -v 0.3.4Fetching cgi-0.3.4.gemBuilding native extensions. This could take a while...Successfully installed cgi-0.3.4Parsing documentation for cgi-0.3.4Installing ri documentation for cgi-0.3.4Done installing documentation for cgi after 0 seconds1 gem installed% irbirb(main):001:0> require 'cgi'irb(main):002:0> CGI::Cookie.new('domain'=>'.example.com', 'name'=>'name1')/Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/cgi-0.3.4/lib/cgi/cookie.rb:128:in `domain=': invalid domain: ".example.com" (ArgumentError) from /Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/cgi-0.3.4/lib/cgi/cookie.rb:95:in `initialize' from (irb):2:in `new' from (irb):2:in `<main>' from /Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/irb-1.4.2/exe/irb:11:in `<top (required)>' from /Users/yahonda/.rbenv/versions/3.1.2/bin/irb:25:in `load' from /Users/yahonda/.rbenv/versions/3.1.2/bin/irb:25:in `<main>'irb(main):003:0>
The text was updated successfully, but these errors were encountered:
It also reproduces with cgi 0.3.5. I intentionally uses ruby 3.1.2 to compare the result using older versions of CGI.
% ruby -vruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [arm64-darwin22]% gem install cgi -v 0.3.5Fetching cgi-0.3.5.gemBuilding native extensions. This could take a while...Successfully installed cgi-0.3.5Parsing documentation for cgi-0.3.5Installing ri documentation for cgi-0.3.5Done installing documentation for cgi after 0 seconds1 gem installed% irbirb(main):001:0> require 'cgi'irb(main):002:0> CGI::Cookie.new('domain'=>'.example.com', 'name'=>'name1')/Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/cgi-0.3.5/lib/cgi/cookie.rb:128:in `domain=': invalid domain: ".example.com" (ArgumentError) from /Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/cgi-0.3.5/lib/cgi/cookie.rb:95:in `initialize' from (irb):2:in `new' from (irb):2:in `<main>' from /Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/irb-1.4.2/exe/irb:11:in `<top (required)>' from /Users/yahonda/.rbenv/versions/3.1.2/bin/irb:25:in `load' from /Users/yahonda/.rbenv/versions/3.1.2/bin/irb:25:in `<main>'irb(main):003:0> quit
Rails CI using Ruby 3.2.0-dev fails https://buildkite.com/rails/rails/builds/91200#0184aae9-a971-4423-8bb6-60e7a14ec3fb/1048-1057
Investigated this failure and it is likely due to
cgi
behavior change between 0.3.3 and 0.3.4 becausecgi
default gem version has bumped to 0.3.5 recently https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/Steps to reproduce
Expected behavior
It returns
[]
Actual behavior
It raises
ArgumentError
The text was updated successfully, but these errors were encountered: