Closed h3xx closed 1 month ago
Hey, thanks for the report.
I'm not clear how this is an exploitable fault on SimpleCov's side. For this to be an exploitable vulnerability someone would already need to have enough access to your system to create a symlink in a directory. SimpleCov also isn't run in production, but in development or on a CI server.
If someone had write access to files on a computer where SimpleCov is running they could rewrite/append to any given ruby file and modify it to instead arbitrary code execution.
What am I missing?
If an existing symbolic link exists inside the
coverage
directory, it can overwrite arbitrary files elsewhere on the system.This is also true for hard-linked files.
This library MUST remove the files in the
coverage
before attempting to overwrite them in order to fix this security issue.Steps to repro:
This is only an example, but imagine if you were running tests as root.
Related issue: #133 -- when this one is fixed, that one will also likely be fixed.