Use convert path. Load file:// schema with File.read

voxpupuli · Nov 24, 2014 · 13eba8e · 13eba8e
1 parent 0bdc8d3
commit 13eba8e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 16 deletions.
diff --git a/lib/json-schema/validator.rb b/lib/json-schema/validator.rb
@@ -571,18 +571,18 @@ def initialize_data(data)
     end
 
     def custom_open(uri)
-      if uri.absolute?
+      if uri.absolute? && uri.scheme != 'file'
         open(uri.to_s).read
       else
-        File.read(uri.to_s)
+        File.read(uri.path)
       end
     end
 
     def normalized_uri(data)
       uri = Addressable::URI.parse(data)
       # Check for absolute path
       if uri.relative? && data[0,1] != '/'
-        uri = Addressable::URI.parse("#{Dir.pwd}/#{data}")
+        uri = Addressable::URI.convert_path("#{Dir.pwd}/#{data}")
       end
       uri
     end

diff --git a/test/test_bad_schema_ref.rb b/test/test_bad_schema_ref.rb
@@ -25,19 +25,6 @@ def test_bad_uri_ref
     end
   end
 
-  def test_malicious_ref
-    schema = {
-      "$schema" => "http://json-schema.org/draft-04/schema#",
-      "type" => "array",
-      "items" => { "$ref" => "../../../../../../../../../../../../etc/passwd"}
-    }
-
-    data = [1,2,3]
-    assert_raises(Errno::ENOENT) do
-      JSON::Validator.validate(schema,data)
-    end
-  end
-
   def test_bad_host_ref
     schema = {
       "$schema" => "http://json-schema.org/draft-04/schema#",