cocoapods-downloader 1.4.0 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 128f7eaefbd34c1b7f9c66c06a45dd5e3d186322938a8346fc5283df450617d0
-  data.tar.gz: 60a084074452df93b41cfda6248c2fc455b8111c109fc471075e96ca7085e5b9
+  metadata.gz: c97d257d2ddac34f6116fd99c16d44d77f2db914d87ab4e9a3b60c4460281fc8
+  data.tar.gz: fead38dd215fc932fe50deb288ddc5db9e9a38077b6185017043ac878dd9b992
 SHA512:
-  metadata.gz: 2fd8b780dc60807be9317865fea329ecf608f18ce1e81bca8653c23b548589d9b7c3099d4e82ff7c7097e75f256e856ff788d2691f34312798e61f13f13154f3
-  data.tar.gz: 8435a98df7285ea8753b443656e306d1467dc8bfa28551c70d018630c03ad8820dc564576bd70a90d51d848cdad184a8e8b00ab59d05950740af4548d0971ae0
+  metadata.gz: a4b95d247caec0895f112376d34a9815eea2ed3e3ecddf469074bfd952dd0b18fad8d49d6f2699c03c84cbde525c1e007d2ff5c1233dd20e113018ce6e20d98e
+  data.tar.gz: 35ea901675d445329421332622fd1093e96aa7e0ce8a322ff3cc40ffa936cf899439a5ddc128c55c1e91ca66ae2de7c8aaf64c75fe68d7657f9a8813b4bb9e9f

data/README.markdown

@@ -2,9 +2,9 @@
 
 A small library for downloading files from remotes in a folder.
 
-[![Build Status](https://img.shields.io/travis/CocoaPods/cocoapods-downloader/master.svg?style=flat)](https://travis-ci.org/CocoaPods/cocoapods-downloader)
-[![Coverage](https://img.shields.io/codeclimate/coverage/github/CocoaPods/cocoapods-downloader.svg?style=flat)](https://codeclimate.com/github/CocoaPods/cocoapods-downloader)
-[![Code Climate](https://img.shields.io/codeclimate/github/CocoaPods/cocoapods-downloader.svg?style=flat)](https://codeclimate.com/github/CocoaPods/cocoapods-downloader)
+[![Build Status](https://img.shields.io/github/workflow/status/CocoaPods/CocoaPods-Downloader/Spec)](https://github.com/CocoaPods/cocoapods-downloader/actions)
+[![Gem Version](https://img.shields.io/gem/v/cocoapods-downloader)](https://rubygems.org/gems/cocoapods-downloader)
+[![Maintainability](https://api.codeclimate.com/v1/badges/2253ffb0c2c98e4d1c71/maintainability)](https://codeclimate.com/github/CocoaPods/cocoapods-downloader/maintainability)
 
 ## Install
 
@@ -72,6 +72,10 @@ All CocoaPods development happens on GitHub, there is a repository for [CocoaPod
 
 Follow [@CocoaPods](http://twitter.com/CocoaPods) to get up to date information about what's going on in the CocoaPods world.
 
+## Development
+
+You need to have `svn`, `bzr`, `hg` and `git` installed to run the specs. There are some specs which require `hdiutil` which will only run on macOS.
+
 ## License
 
 This gem and CocoaPods are available under the MIT license.

data/lib/cocoapods-downloader/gem_version.rb

@@ -3,6 +3,6 @@ module Pod
     # @return [String] Downloader’s version, following
     #         [semver](http://semver.org).
     #
-    VERSION = '1.4.0'.freeze
+    VERSION = '1.6.0'.freeze
   end
 end

data/lib/cocoapods-downloader/git.rb

@@ -21,6 +21,7 @@ module Pod
       end
 
       def self.preprocess_options(options)
+        validate_input options
         return options unless options[:branch]
 
         command = ['ls-remote',
@@ -52,11 +53,18 @@ module Pod
       #
       def self.commit_from_ls_remote(output, branch_name)
         return nil if branch_name.nil?
-        match = %r{([a-z0-9]*)\trefs\/(heads|tags)\/#{Regexp.quote(branch_name)}}.match(output)
+        encoded_branch_name = branch_name.dup.force_encoding(Encoding::ASCII_8BIT)
+        match = %r{([a-z0-9]*)\trefs\/(heads|tags)\/#{Regexp.quote(encoded_branch_name)}}.match(output)
         match[1] unless match.nil?
       end
 
-      private_class_method :commit_from_ls_remote
+      def self.validate_input(options)
+        input = [options[:git], options[:branch], options[:commit], options[:tag]]
+        invalid = input.compact.any? { |value| value.start_with?('--') || value.include?(' --') }
+        raise DownloaderError, "Provided unsafe input for git #{options}." if invalid
+      end
+
+      private_class_method :commit_from_ls_remote, :validate_input
 
       private
 

data/lib/cocoapods-downloader/mercurial.rb

@@ -18,6 +18,19 @@ module Pod
         end
       end
 
+      def self.preprocess_options(options)
+        validate_input options
+        options
+      end
+
+      def self.validate_input(options)
+        input = [options[:hg], options[:revision], options[:branch], options[:tag]].map(&:to_s)
+        invalid = input.compact.any? { |value| value.start_with?('--') || value.include?(' --') }
+        raise DownloaderError, "Provided unsafe input for hg #{options}." if invalid
+      end
+
+      private_class_method :validate_input
+
       private
 
       executable :hg

data/lib/cocoapods-downloader/remote_file.rb

@@ -93,13 +93,7 @@ module Pod
         case type
         when :zip
           unzip! unpack_from, '-d', unpack_to
-        when :tgz
-          tar! 'xfz', unpack_from, '-C', unpack_to
-        when :tar
-          tar! 'xf', unpack_from, '-C', unpack_to
-        when :tbz
-          tar! 'xfj', unpack_from, '-C', unpack_to
-        when :txz
+        when :tar, :tgz, :tbz, :txz
           tar! 'xf', unpack_from, '-C', unpack_to
         when :dmg
           extract_dmg(unpack_from, unpack_to)

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: cocoapods-downloader
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.6.0
 platform: ruby
 authors:
 - Eloy Duran
 - Fabio Pelosin
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-17 00:00:00.000000000 Z
+date: 2022-03-22 00:00:00.000000000 Z
 dependencies: []
-description: 
+description:
 email:
 - eloy.de.enige@gmail.com
 - fabiopelosin@gmail.com
@@ -37,7 +37,7 @@ homepage: https://github.com/CocoaPods/cocoapods-downloader
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -52,8 +52,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 3
 summary: A small library for downloading files from remotes in a folder.
 test_files: []