Bug #4087: String#scan(arg) taints results if arg is a Regexp but not if arg is a String
http://redmine.ruby-lang.org/issues/show/4087

Author: Brian Ford
Status: Open, Priority: Normal
Category: core, Target version: 1.9.2
ruby -v: ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin9.8.0]

Is this intended? If so, would you please explain the rationale.

$ ruby -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }' 
ruby 1.8.6 (2009-06-08 patchlevel 369) [universal-darwin9.0]
true
true
true

$ ruby1.8.7 -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.8.7 (2010-08-16 patchlevel 302) [i686-darwin9.8.0]
true
true
true

$ ruby1.9.2 -v -e '"hello hello hello".scan(/hello/.taint).each { |m| p m.tainted? }'
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin9.8.0]
true
true
true

$ ruby -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.8.6 (2009-06-08 patchlevel 369) [universal-darwin9.0]
false
false
false

$ ruby1.8.7 -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.8.7 (2010-08-16 patchlevel 302) [i686-darwin9.8.0]
false
false
false

$ ruby1.9.2 -v -e '"hello hello hello".scan("hello".taint).each { |m| p m.tainted? }'
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-darwin9.8.0]
false
false
false

Thanks,
Brian


----------------------------------------
http://redmine.ruby-lang.org