packages/rubygem-dalli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rubygem-dalli/CVE-2022-4064-2.patch
liyuxiang b36737f40e CVE-2022-4064
2022-12-15 01:24:42 +08:00

229 lines
10 KiB
Diff
Raw Permalink Blame History

diff --git a/test/integration/test_network.rb b/test/integration/test_network.rb
index e0ea862c..bf20baae 100644
--- a/test/integration/test_network.rb
+++ b/test/integration/test_network.rb
@@ -7,8 +7,8 @@
describe "using the #{p} protocol" do
describe 'assuming a bad network' do
it 'handle no server available' do
+ dc = Dalli::Client.new 'localhost:19333'
assert_raises Dalli::RingError, message: 'No server available' do
- dc = Dalli::Client.new 'localhost:19333'
dc.get 'foo'
end
end
@@ -16,8 +16,8 @@
describe 'with a fake server' do
it 'handle connection reset' do
memcached_mock(->(sock) { sock.close }) do
+ dc = Dalli::Client.new('localhost:19123')
assert_raises Dalli::RingError, message: 'No server available' do
- dc = Dalli::Client.new('localhost:19123')
dc.get('abc')
end
end
@@ -26,8 +26,8 @@
it 'handle connection reset with unix socket' do
socket_path = MemcachedMock::UNIX_SOCKET_PATH
memcached_mock(->(sock) { sock.close }, :start_unix, socket_path) do
+ dc = Dalli::Client.new(socket_path)
assert_raises Dalli::RingError, message: 'No server available' do
- dc = Dalli::Client.new(socket_path)
dc.get('abc')
end
end
@@ -35,8 +35,8 @@
it 'handle malformed response' do
memcached_mock(->(sock) { sock.write('123') }) do
+ dc = Dalli::Client.new('localhost:19123')
assert_raises Dalli::RingError, message: 'No server available' do
- dc = Dalli::Client.new('localhost:19123')
dc.get('abc')
end
end
@@ -47,8 +47,8 @@
sleep(0.6)
sock.close
}, :delayed_start) do
+ dc = Dalli::Client.new('localhost:19123')
assert_raises Dalli::RingError, message: 'No server available' do
- dc = Dalli::Client.new('localhost:19123')
dc.get('abc')
end
end
@@ -59,8 +59,8 @@
sleep(0.6)
sock.write('giraffe')
}) do
+ dc = Dalli::Client.new('localhost:19123')
assert_raises Dalli::RingError, message: 'No server available' do
- dc = Dalli::Client.new('localhost:19123')
dc.get('abc')
end
end
diff --git a/test/protocol/meta/test_request_formatter.rb b/test/protocol/meta/test_request_formatter.rb
index 1eef499b..755e7305 100644
--- a/test/protocol/meta/test_request_formatter.rb
+++ b/test/protocol/meta/test_request_formatter.rb
@@ -77,11 +77,28 @@
Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags, cas: cas)
end
+ it 'excludes CAS if set to 0' do
+ assert_equal "ms #{key} #{val.bytesize} c F#{bitflags} MS\r\n#{val}\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags, cas: 0)
+ end
+
+ it 'excludes non-numeric CAS values' do
+ assert_equal "ms #{key} #{val.bytesize} c F#{bitflags} MS\r\n#{val}\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags,
+ cas: "\nset importantkey 1 1000 8\ninjected")
+ end
+
it 'sets the quiet mode if configured' do
assert_equal "ms #{key} #{val.bytesize} c F#{bitflags} MS q\r\n#{val}\r\n",
Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags,
quiet: true)
end
+
+ it 'sets the base64 mode if configured' do
+ assert_equal "ms #{key} #{val.bytesize} c b F#{bitflags} MS\r\n#{val}\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_set(key: key, value: val, bitflags: bitflags,
+ base64: true)
+ end
end
describe 'meta_delete' do
@@ -93,7 +110,7 @@
Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key)
end
- it 'returns incorporates CAS when passed cas' do
+ it 'incorporates CAS when passed cas' do
assert_equal "md #{key} C#{cas}\r\n",
Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, cas: cas)
end
@@ -102,6 +119,87 @@
assert_equal "md #{key} q\r\n",
Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, quiet: true)
end
+
+ it 'excludes CAS when set to 0' do
+ assert_equal "md #{key}\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, cas: 0)
+ end
+
+ it 'excludes non-numeric CAS values' do
+ assert_equal "md #{key}\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key,
+ cas: "\nset importantkey 1 1000 8\ninjected")
+ end
+
+ it 'sets the base64 mode if configured' do
+ assert_equal "md #{key} b\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_delete(key: key, base64: true)
+ end
+ end
+
+ describe 'meta_arithmetic' do
+ let(:key) { SecureRandom.hex(4) }
+ let(:delta) { rand(500..999) }
+ let(:initial) { rand(500..999) }
+ let(:cas) { rand(500..999) }
+ let(:ttl) { rand(500..999) }
+
+ it 'returns the expected string with the default N flag when passed non-nil key, delta, and initial' do
+ assert_equal "ma #{key} v D#{delta} J#{initial} N0 MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial)
+ end
+
+ it 'excludes the J and N flags when initial is nil and ttl is not set' do
+ assert_equal "ma #{key} v D#{delta} MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: nil)
+ end
+
+ it 'omits the D flag is delta is nil' do
+ assert_equal "ma #{key} v J#{initial} N0 MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: nil, initial: initial)
+ end
+
+ it 'uses ttl for the N flag when ttl passed explicitly along with an initial value' do
+ assert_equal "ma #{key} v D#{delta} J#{initial} N#{ttl} MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial,
+ ttl: ttl)
+ end
+
+ it 'incorporates CAS when passed cas' do
+ assert_equal "ma #{key} v D#{delta} J#{initial} N0 C#{cas} MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial,
+ cas: cas)
+ end
+
+ it 'excludes CAS when CAS is set to 0' do
+ assert_equal "ma #{key} v D#{delta} J#{initial} N0 MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial,
+ cas: 0)
+ end
+
+ it 'includes the N flag when ttl passed explicitly with a nil initial value' do
+ assert_equal "ma #{key} v D#{delta} N#{ttl} MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: nil,
+ ttl: ttl)
+ end
+
+ it 'swaps from MI to MD when the incr value is explicitly false' do
+ assert_equal "ma #{key} v D#{delta} J#{initial} N0 MD\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial,
+ incr: false)
+ end
+
+ it 'includes the quiet flag when specified' do
+ assert_equal "ma #{key} v D#{delta} J#{initial} N0 q MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial,
+ quiet: true)
+ end
+
+ it 'sets the base64 mode if configured' do
+ assert_equal "ma #{key} v b D#{delta} J#{initial} N0 MI\r\n",
+ Dalli::Protocol::Meta::RequestFormatter.meta_arithmetic(key: key, delta: delta, initial: initial,
+ base64: true)
+ end
end
describe 'meta_noop' do
@@ -130,6 +228,11 @@
assert_equal "flush_all #{delay}\r\n", Dalli::Protocol::Meta::RequestFormatter.flush(delay: delay)
end
+ it 'santizes the delay argument' do
+ delay = "\nset importantkey 1 1000 8\ninjected"
+ assert_equal "flush_all 0\r\n", Dalli::Protocol::Meta::RequestFormatter.flush(delay: delay)
+ end
+
it 'adds noreply with a delay and quiet argument' do
delay = rand(1000..1999)
assert_equal "flush_all #{delay} noreply\r\n",
diff --git a/test/test_rack_session.rb b/test/test_rack_session.rb
index e56a098e..93860345 100644
--- a/test/test_rack_session.rb
+++ b/test/test_rack_session.rb
@@ -54,15 +54,15 @@
let(:incrementor) { Rack::Lint.new(incrementor_proc) }
it 'faults on no connection' do
+ rsd = Rack::Session::Dalli.new(incrementor, memcache_server: 'nosuchserver')
assert_raises Dalli::RingError do
- rsd = Rack::Session::Dalli.new(incrementor, memcache_server: 'nosuchserver')
rsd.data.with { |c| c.set('ping', '') }
end
end
it 'connects to existing server' do
+ rsd = Rack::Session::Dalli.new(incrementor, namespace: 'test:rack:session')
assert_silent do
- rsd = Rack::Session::Dalli.new(incrementor, namespace: 'test:rack:session')
rsd.data.with { |c| c.set('ping', '') }
end
end
Reference in New Issue View Git Blame Copy Permalink