|
gem-aliyun-sdk-0.8.0-alt1.1.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/object.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/object.rb end # 上传一个文件 # 断点续传请参考:examples/resumable_upload.rb demo "Put object from local file" do File.open('/tmp/x', 'w'){ |f| f.write("hello world\n") } bucket.put_object('files/world', :file => '/tmp/x') puts "Put object: files/world" end # 创建一个Appendable object demo "Create appendable object" do puts "Total size: #{total_size}" end # 下载一个object:下载到文件中 demo "Get object to local file" do bucket.get_object('files/hello', :file => '/tmp/hello') puts "Get object: files/hello => /tmp/hello" end # 删除一个object demo "Delete object" do bucket.delete_object('files/world') -- :metas => {'year' => '2015', 'people' => 'mary'} ) do |content| content << 'hello world.' end o = bucket.get_object('files/hello', :file => '/tmp/x') puts "Object metas: #{o.metas}" end # 修改Object metas demo "Update object metas" do Found error in /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/resumable_download.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/aliyun-sdk-0.8.0/examples/aliyun/oss/resumable_download.rb puts end demo "Resumable download" do # 下载一个100M的文件 cpt_file = '/tmp/y.cpt' File.delete(cpt_file) if File.exist?(cpt_file) start = Time.now puts "Start download: resumable => /tmp/y" bucket.resumable_download( 'resumable', '/tmp/y', :cpt_file => cpt_file) do |progress| puts "Progress: #{(progress usr 100).round(2)} %" end puts "Download complete. Cost: #{Time.now - start} seconds." # 测试方法: |