Merge pull request #93 from chef/lcg/yajl-ruby-vuln

add check for yajl-ruby vulnerability

2 files changed, 8 insertions, 2 deletions

diff --git a/appveyor.yml b/appveyor.yml
index 268e8db..acaceed 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -21,7 +21,6 @@ install:
   - ruby --version
   - gem update --system || gem update --system || gem update --system
   - gem --version
-  - gem install bundler --quiet --no-ri --no-rdoc || gem install bundler --quiet --no-ri --no-rdoc || gem install bundler --quiet --no-ri --no-rdoc
   - bundler --version
 
 build_script:
diff --git a/spec/ffi_yajl/parser_spec.rb b/spec/ffi_yajl/parser_spec.rb
index be392c8..239ae26 100644
--- a/spec/ffi_yajl/parser_spec.rb
+++ b/spec/ffi_yajl/parser_spec.rb
@@ -1,6 +1,6 @@
 # encoding: UTF-8
 # Copyright (c) 2015 Lamont Granquist
-# Copyright (c) 2015 Chef Software, Inc.
+# Copyright (c) 2015-2017, Chef Software Inc.
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -505,6 +505,13 @@ describe "FFI_Yajl::Parser" do
         expect { parser }.to raise_error(FFI_Yajl::ParseError)
       end
     end
+
+    context "should not blow up with bad surrogate trailer" do
+      let(:json) { "{\"e\":{\"\\uD800\\\\DC00\":\"a\"}}" }
+      it "should not explode" do
+        expect { parser }.not_to raise_error
+      end
+    end
   end
 
   context "when options are set to empty hash" do