Bug
QueueEntry uses \t (tab) as the delimiter between test_id and file_path in queue entries:
DELIMITER = "\t"
def self.format(test_id, file_path)
"#{test_id}#{DELIMITER}#{file_path}"
end
def self.parse(entry)
test_id, file_path = entry.split(DELIMITER, 2)
...
endWhen a test name contains a literal tab character, parse splits on the wrong tab and produces a garbage file path. The LazyEntryResolver then tries to require that path, causing a FileLoadError.
Reproduction
A test that dynamically defines methods from XSS payloads could contain a literal tab:
%(<IMG SRC="jav\tascript:alert('XSS');">)
# produces method: test_should_not_fall_for_xss_image_hack_<IMG SRC="jav[TAB]ascript:alert('XSS');">The queue entry becomes:
TestClass#test_..._"jav[TAB]ascript:alert('XSS');">[TAB]test/unit/.../file.rb
parse splits on the first tab (inside the test name), so:
test_id = TestClass#test_..._"jav (truncated)file_path = ascript:alert('XSS');">[TAB]test/unit/.../file.rb (garbage)
Error:
CI::Queue::FileLoadError: Failed to load ascript:alert('XSS');"> /app/.../safe_list_sanitizer_test.rb
Introduced in #375.
Bug
QueueEntryuses\t(tab) as the delimiter between test_id and file_path in queue entries:When a test name contains a literal tab character,
parsesplits on the wrong tab and produces a garbage file path. TheLazyEntryResolverthen tries torequirethat path, causing aFileLoadError.Reproduction
A test that dynamically defines methods from XSS payloads could contain a literal tab:
The queue entry becomes:
parsesplits on the first tab (inside the test name), so:test_id=TestClass#test_..._"jav(truncated)file_path=ascript:alert('XSS');">[TAB]test/unit/.../file.rb(garbage)Error:
Introduced in #375.