Merge pull request #8 from nobu/h1-1131465

Make usable chars more strict
ruby · Apr 5, 2021 · 93798c0 · 93798c0
2 parents 759a7c9 + adf294b
commit 93798c0
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb
@@ -115,7 +115,7 @@ def tmpdir
       Dir.tmpdir
     end
 
-    UNUSABLE_CHARS = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR, ":"].uniq.join("").freeze
+    UNUSABLE_CHARS = "^,-.0-9A-Z_a-z~"
 
     class << (RANDOM = Random.new)
       MAX = 36**6 # < 0x100000000

diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb
@@ -97,8 +97,10 @@ def assert_mktmpdir_traversal
       target = target.chomp('/') + '/'
       traversal_path = target.sub(/\A\w:/, '') # for DOSISH
       traversal_path = Array.new(target.count('/')-2, '..').join('/') + traversal_path
-      actual = yield traversal_path
-      assert_not_send([File.absolute_path(actual), :start_with?, target])
+      [File::SEPARATOR, File::ALT_SEPARATOR].compact.each do |separator|
+        actual = yield traversal_path.tr('/', separator)
+        assert_not_send([File.absolute_path(actual), :start_with?, target])
+      end
     end
   end
 end