6
49%
master: 63%

Ran 19 Aug 2016 04:07PM UTC

Files 438

Run time 53s

Badge

Embed ▾

Committed 10 Aug 2016 09:25PM UTC coverage: 59.333%. Remained the same

Job # 2.2.5, GEM=pending

Build Type

push

travis-ci

Committed by root

Commit Message

Merge branch 'fix_expr_cve' into '5.6.z'

Filter input from custom searches

In custom built searches it's possible to submit unfiltered string values into fields that expect integers. These values make their way through `eval` allowing for arbitrary Ruby code execution.

Addresses CVE-2016-5383 and
https://bugzilla.redhat.com/show_bug.cgi?id=1353722

Discovered while investigating this BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1349429

Thanks to @twade (Tim Wade)

/cc @obarenbo @jfrey

See merge request !1024

Run Details

12518 of 21098 relevant lines covered (59.33%)

175.74 hits per line

ManageIQ / manageiq / 38676 / 6
49%
master: 63%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.6 (2.2.5, GEM=pending)

ManageIQ / manageiq / 38676 / 6 49% master: 63%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.6 (2.2.5, GEM=pending)

ManageIQ / manageiq / 38676 / 6
49%
master: 63%

README BADGES
x