Vertical-bar is disallowed in path names on Windows

No risk of remote code execution, when the file cannot be created. https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58 ``` Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch' D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799' 460: temp_dir do 461: file_list = ['| touch evil.txt && echo tags'] 462: file_list.each do |f| => 463: FileUtils.touch f 464: end 465: 466: assert_equal file_list, @rdoc.remove_unparseable(file_list) ```
ruby · Nov 11, 2021 · 61414e4 · 61414e4
1 parent 3653bbc
commit 61414e4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
@@ -460,7 +460,7 @@ def test_remove_unparseable_CVE_2021_31799
     temp_dir do
       file_list = ['| touch evil.txt && echo tags']
       file_list.each do |f|
-        FileUtils.touch f
+        FileUtils.touch f rescue omit
       end
 
       assert_equal file_list, @rdoc.remove_unparseable(file_list)