From 15ed9c68c3392036135c6390e36aef071b10d7e7 Mon Sep 17 00:00:00 2001 From: Sam Ruby Date: Sun, 8 Feb 2015 11:53:02 -0500 Subject: [PATCH] replace create_tempfile with a safer alternative --- lib/execjs/external_runtime.rb | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/lib/execjs/external_runtime.rb b/lib/execjs/external_runtime.rb index bd51eae..7d9d610 100644 --- a/lib/execjs/external_runtime.rb +++ b/lib/execjs/external_runtime.rb @@ -1,4 +1,4 @@ -require "tmpdir" +require "tempfile" require "execjs/runtime" module ExecJS @@ -31,7 +31,7 @@ def exec(source, options = {}) begin extract_result(@runtime.exec_runtime(tmpfile.path)) ensure - File.unlink(tmpfile) + tmpfile.unlink end end @@ -40,18 +40,8 @@ def call(identifier, *args) end protected - # See Tempfile.create on Ruby 2.1 - def create_tempfile(basename) - tmpfile = nil - Dir::Tmpname.create(basename) do |tmpname| - mode = File::WRONLY | File::CREAT | File::EXCL - tmpfile = File.open(tmpname, mode, 0600) - end - tmpfile - end - def write_to_tempfile(contents) - tmpfile = create_tempfile(['execjs', 'js']) + tmpfile = Tempfile.new(['execjs', 'js']) tmpfile.write(contents) tmpfile.close tmpfile @@ -146,13 +136,14 @@ def encode_unicode_codepoints(str) if ExecJS.windows? def exec_runtime(filename) - path = Dir::Tmpname.create(['execjs', 'json']) {} + tmpfile = TempFile.new(['execjs', 'json']) + path = tmpfile.path begin command = binary.split(" ") << filename `#{shell_escape(*command)} 2>&1 > #{path}` output = File.open(path, 'rb', @popen_options) { |f| f.read } ensure - File.unlink(path) if path + tmpfile.unlink end if $?.success?