3
49%
master: 63%

Ran 19 Aug 2016 04:09PM UTC

Files 2288

Run time 106min

Badge

Embed ▾

Committed 10 Aug 2016 09:25PM UTC coverage: 2.095%. Remained the same

Job # 2.2.5, TEST_SUITE=migrations

Build Type

push

travis-ci

Committed by root

Commit Message

Merge branch 'fix_expr_cve' into '5.6.z'

Filter input from custom searches

In custom built searches it's possible to submit unfiltered string values into fields that expect integers. These values make their way through `eval` allowing for arbitrary Ruby code execution.

Addresses CVE-2016-5383 and
https://bugzilla.redhat.com/show_bug.cgi?id=1353722

Discovered while investigating this BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1349429

Thanks to @twade (Tim Wade)

/cc @obarenbo @jfrey

See merge request !1024

Run Details

4345 of 207415 relevant lines covered (2.09%)

1.05 hits per line

ManageIQ / manageiq / 38676 / 3
49%
master: 63%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.3 (2.2.5, TEST_SUITE=migrations)

ManageIQ / manageiq / 38676 / 3 49% master: 63%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.3 (2.2.5, TEST_SUITE=migrations)

ManageIQ / manageiq / 38676 / 3
49%
master: 63%

README BADGES
x