public
Created

  • Download Gist
CVE-2013-0262 harness.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
require 'pp'
 
SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
 
def inspectPath(path_info)
parts = path_info.split SEPS
parts.inject(0) do |depth, part|
case part
when '', '.'
depth
when '..'
throw 'climb-out detected' if depth - 1 < 0
depth - 1
else
depth + 1
end
end
parts
end
 
pp inspectPath('./..')

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.