rubygem-activerecord/CVE-2021-22880-2.patch

From 13b0efd97b9ec1b755d011ea2d0eceee70c5ae37 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Tue, 16 Mar 2021 10:46:45 +0800
Subject: [PATCH] test CVE-2021-22880

---
 .../test/cases/adapters/postgresql/money_test.rb          | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb b/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb
index 61e75e7..cb31413 100644
--- a/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb
+++ b/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb
@@ -58,6 +58,14 @@ def test_money_type_cast
     assert_equal(-2.25, type.cast("($2.25)".dup))
   end
 
+  def test_money_regex_backtracking
+    type = PostgresqlMoney.type_for_attribute("wealth")
+    Timeout.timeout(0.1) do
+      assert_equal(0.0, type.cast("$" + "," * 100000 + ".11!"))
+      assert_equal(0.0, type.cast("$" + "." * 100000 + ",11!"))
+    end
+  end
+
   def test_schema_dumping
     output = dump_table_schema("postgresql_moneys")
     assert_match %r{t\.money\s+"wealth",\s+scale: 2$}, output
-- 
2.23.0