Contents

# frozen_string_literal: true

module TaintedLove
  module Replacer
    class ReplaceMarshal < Base
      def replace!
        mod = Module.new do
          def load(source, proc = nil)
            TaintedLove.report(:ReplaceMarshal, source, [:rce], 'Marshal.load using tainted input') if source.tainted?

            super(source, proc)
          end
        end

        Marshal.singleton_class.prepend(mod)
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version	Path
tainted_love-0.4.1	lib/tainted_love/replacer/replace_marshal.rb
tainted_love-0.4.0	lib/tainted_love/replacer/replace_marshal.rb
tainted_love-0.1.5	lib/tainted_love/replacer/replace_marshal.rb
tainted_love-0.1.4	lib/tainted_love/replacer/replace_marshal.rb
tainted_love-0.1.3	lib/tainted_love/replacer/replace_marshal.rb