RubyGems - obfs - Versions diffs - 0.0.2 → 0.0.3 - Mend

obfs 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62ca2bff9fda087f834b3823adac6a193fd419c78e3dd72bdbf37b4b104c0e00
-  data.tar.gz: 07a819a4eb162a7bcbc43d3310f1a68ed4c6dd35b7cc1a333b69b57d536fc8bd
+  metadata.gz: 25399ce3e5a530c99396f3fdf5208f33f32d65e043a4a78a9f1775c403db0718
+  data.tar.gz: 4c4eba2a6208251e709c6b650263e9a73dacb63f7bfdd324e5a978de0393606c
 SHA512:
-  metadata.gz: df53e0a7fed4b2f6e2b78fabe11ac0e40acc055128eff51119b9f615a25fe5bfe61becbac770043422c958d6ecc43fbb11b091fcfca68d91a5adf836d3320675
-  data.tar.gz: 45765a1f45e9b0969c8597003ca1f4b8e56fcc8bdba79bc5c6a326653b2cd2d682837d3e1d7e928226a40f2d32bef3426c2ccb7569bf2bfc3378907843c346af
+  metadata.gz: e3f53fe3231e3ad87617989b23eca24e9834024903276486b775e7afbaffae3ee01e7b0dd9e6b725ab51c2b40ba939fef3638e976a0eb83399b098a4a270256b
+  data.tar.gz: 14d216f77c45e53708432307856e578492ff1d667f86fe7c1ebb80a387433afa1ef694f0842b7f10f0b1c26219c30da51893febc0b2122d3eda752c62aeed95e

data/lib/obfs.rb CHANGED

@@ -19,6 +19,9 @@ class OBFS
             dataA = args[0]
             dataB = args[1]
+            # prevent traversing out of dir
+            raise "traversal through . and .. not allowed" if ['.', '..'].include? method_name
             # setter call
             if  method_name.end_with?('=')
@@ -33,6 +36,9 @@ class OBFS
                     method_name = m.to_s.gsub('=','')
                     data = args[0]
                 end
+                # prevent traversing out of dir
+                raise "traversal through . and .. not allowed" if ['.', '..'].include? method_name
                 # write data
                 if data == nil
@@ -47,6 +53,10 @@ class OBFS
             elsif method_name == "[]"
                 method_name = dataA.to_s.gsub(/\["/,'').gsub(/"\]/,'')
+                # prevent traversing out of dir
+                raise "traversal through . and .. not allowed" if ['.', '..'].include? method_name
                 if (!File.directory? File.join(@path, method_name)) && (File.exist? File.join(@path, method_name))
                     read(@path, method_name)
                 else
@@ -55,6 +65,9 @@ class OBFS
             # recurse or read
             else
+                # prevent traversing out of dir
+                raise "traversal through . and .. not allowed" if ['.', '..'].include? method_name
                 if (!File.directory? File.join(@path, method_name)) && (File.exist? File.join(@path, method_name))
                     read(@path, method_name)

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: obfs
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Jensel Gatchalian