cgi 0.34 or higher does not allow .example.com as domain
#35
Comments
|
It also reproduces with cgi 0.3.5. I intentionally uses ruby 3.1.2 to compare the result using older versions of CGI. % ruby -v
ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [arm64-darwin22]
% gem install cgi -v 0.3.5
Fetching cgi-0.3.5.gem
Building native extensions. This could take a while...
Successfully installed cgi-0.3.5
Parsing documentation for cgi-0.3.5
Installing ri documentation for cgi-0.3.5
Done installing documentation for cgi after 0 seconds
1 gem installed
% irb
irb(main):001:0> require 'cgi'
irb(main):002:0> CGI::Cookie.new('domain'=>'.example.com', 'name'=>'name1')
/Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/cgi-0.3.5/lib/cgi/cookie.rb:128:in `domain=': invalid domain: ".example.com" (ArgumentError)
from /Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/cgi-0.3.5/lib/cgi/cookie.rb:95:in `initialize'
from (irb):2:in `new'
from (irb):2:in `<main>'
from /Users/yahonda/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/irb-1.4.2/exe/irb:11:in `<top (required)>'
from /Users/yahonda/.rbenv/versions/3.1.2/bin/irb:25:in `load'
from /Users/yahonda/.rbenv/versions/3.1.2/bin/irb:25:in `<main>'
irb(main):003:0> quit |
|
It's duplicate of #29 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Rails CI using Ruby 3.2.0-dev fails https://buildkite.com/rails/rails/builds/91200#0184aae9-a971-4423-8bb6-60e7a14ec3fb/1048-1057
Investigated this failure and it is likely due to
cgibehavior change between 0.3.3 and 0.3.4 becausecgidefault gem version has bumped to 0.3.5 recently https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/Steps to reproduce
Expected behavior
It returns
[]Actual behavior
It raises
ArgumentErrorThe text was updated successfully, but these errors were encountered: