1
49%
master: 63%

Ran 19 Aug 2016 04:49PM UTC

Files 2482

Run time 98min

Badge

Embed ▾

Committed 10 Aug 2016 09:25PM UTC coverage: 57.332% (+0.006%) from 57.326%

Job # 2.2.5, TEST_SUITE=vmdb

Build Type

push

travis-ci

Committed by root

Commit Message

Merge branch 'fix_expr_cve' into '5.6.z'

Filter input from custom searches

In custom built searches it's possible to submit unfiltered string values into fields that expect integers. These values make their way through `eval` allowing for arbitrary Ruby code execution.

Addresses CVE-2016-5383 and
https://bugzilla.redhat.com/show_bug.cgi?id=1353722

Discovered while investigating this BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1349429

Thanks to @twade (Tim Wade)

/cc @obarenbo @jfrey

See merge request !1024

Run Details

73781 of 128691 relevant lines covered (57.33%)

244.54 hits per line

ManageIQ / manageiq / 38676 / 1
49%
master: 63%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.1 (2.2.5, TEST_SUITE=vmdb)

ManageIQ / manageiq / 38676 / 1 49% master: 63%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 38676.1 (2.2.5, TEST_SUITE=vmdb)

ManageIQ / manageiq / 38676 / 1
49%
master: 63%

README BADGES
x