From a18013e8e99864e0c944b225bc7bc9a92faca64f Mon Sep 17 00:00:00 2001
From: Andrew Konchin <andrii.konchyn@oracle.com>
Date: Wed, 15 Jan 2025 19:09:06 +0200
Subject: [PATCH] Add specs for Regexp used in REXML that was affected by ReDoS
 vulnerability

---
 security/cve_2024_49761_spec.rb | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 security/cve_2024_49761_spec.rb

diff --git a/security/cve_2024_49761_spec.rb b/security/cve_2024_49761_spec.rb
new file mode 100644
index 000000000..54ede3903
--- /dev/null
+++ b/security/cve_2024_49761_spec.rb
@@ -0,0 +1,9 @@
+require_relative '../spec_helper'
+
+ruby_version_is "3.2" do
+  describe "CVE-2024-49761 is resisted by" do
+    it "the Regexp implementation handling that regular expression in linear time" do
+      Regexp.linear_time?(/&#0*((?:\d+)|(?:x[a-fA-F0-9]+));/).should == true
+    end
+  end
+end