Allow CodeRay to be run when $SAFE=1

[rubys]

Test case:

require 'coderay'
$SAFE=1
puts CodeRay.scan("a=1", :ruby).div

[korny]

Mmh, interesting. I guess Ruby's telling us that File operations on dynamic paths are insecure? If so, is it wise to just use untaint here? I'm just not sure if this is the correct fix, or circumventing good security…

[rubys]

Ruby considers operations involving __FILE__ to be insecure. The "right" fix is to eliminate such usages. This advice is routinely ignored.

The patch I provided is limited to three specific usages of __FILE__. Usages that are combined with other strings and the result passed to File.exist? in load_plugin_map and require in make_plugin_hash.

An alternate approach that I discovered after I posted this patch is to untaint only CodeRay::CODERAY_PATH, and change the three usages of File.dirname(__FILE__) to use this value instead.

[ghost]

require 'foo/bar' works for me all the time - I always install into my ruby SITE_DIR

Do you think your solution using File.dirname(FILE).untaint is ok to use?

[rubys]

At the moment, I'm using an even more constrained approach:

https://github.com/rubys/wunderbar/blob/e9e4f295c529461f5518591db08628609515fa56/lib/wunderbar/coderay.rb#L4

[korny]

Ruby now has a __DIR__ token. Maybe we can use this?

[korny]

The problem doesn't seem to exist anymore! I'm not sure why.

[korny]

I'll close this one. If anybody can come up with a way to reproduce it, please comment here.