9
49%
master: 63%

Ran 19 Aug 2016 04:07PM UTC

Files 2428

Run time 109min

Badge

Embed ▾

Committed 10 Aug 2016 09:25PM UTC coverage: 7.229%. Remained the same

Job # 2.2.5, TEST_SUITE=manageiq-providers-amazon

Build Type

push

travis-ci

Committed by root

Commit Message

Merge branch 'fix_expr_cve' into '5.6.z'

Filter input from custom searches

In custom built searches it's possible to submit unfiltered string values into fields that expect integers. These values make their way through `eval` allowing for arbitrary Ruby code execution.

Addresses CVE-2016-5383 and
https://bugzilla.redhat.com/show_bug.cgi?id=1353722

Discovered while investigating this BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1349429

Thanks to @twade (Tim Wade)

/cc @obarenbo @jfrey

See merge request !1024

Run Details

14745 of 203966 relevant lines covered (7.23%)

2.21 hits per line

ManageIQ / manageiq / 38676 / 9
49%
master: 63%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.9 (2.2.5, TEST_SUITE=manageiq-providers-amazon)

ManageIQ / manageiq / 38676 / 9 49% master: 63%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.9 (2.2.5, TEST_SUITE=manageiq-providers-amazon)

ManageIQ / manageiq / 38676 / 9
49%
master: 63%

README BADGES
x