RubyGems - cocoapods-downloader - Versions diffs - 1.5.1 → 1.6.2 - Mend

cocoapods-downloader 1.5.1 → 1.6.2

This version of cocoapods-downloader might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62d6e0b714faaaf66ca8228f636b34e61976252749672e04a3a6aa0445b18709
-  data.tar.gz: f585de6e9a7e972a89c87c98d73619798e66340d814fff06231992dfbce62e33
+  metadata.gz: 20f16f6bb4e3cc9aa727c6a112b18667e583292c3b2acc931597809f7ff1b26b
+  data.tar.gz: b58a2541b4a8210e8357b92cf9f532a061f39585a619484efa8ea6c83a39585a
 SHA512:
-  metadata.gz: 87552efe2b4e7332c9b5cfe88ea19ad1e404d4eee94ea3187f60d26e40dcd910b049f05e7246dd8a7cb210ce96658cc7703a3f9095e6ed0c49151ae9019a80a7
-  data.tar.gz: 8b44845a7e0da71748ff781fd15de6eb17bbca24f8fa72b76029bc65341805436d2460b6df38b092322006a5e7b2075b40a04eaad06c63cd9dcef87a69fcdfa0
+  metadata.gz: 976e976c7c981b75242914f8be32f8c2be30e30e23d2a4c61bd7a1ea10d41cdee46c74768f1af849515a6743d5d3020dec90597ffe196eea0e48d5b2fd6c425e
+  data.tar.gz: 147b35462c7f4c988635de9e37a0a787e0a3709c410f83788121c303ddeac0eabc34643fe4eae0fdcb72c483bc3245399c9714e7dac6284c92a2a6eb9d4b394b

data/README.markdown CHANGED Viewed

@@ -4,8 +4,7 @@ A small library for downloading files from remotes in a folder.
 [![Build Status](https://img.shields.io/github/workflow/status/CocoaPods/CocoaPods-Downloader/Spec)](https://github.com/CocoaPods/cocoapods-downloader/actions)
 [![Gem Version](https://img.shields.io/gem/v/cocoapods-downloader)](https://rubygems.org/gems/cocoapods-downloader)
-[![Maintainability](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/maintainability)](https://codeclimate.com/github/CocoaPods/cocoapods-downloader/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/a99a88d28ad37a79dbf6/test_coverage)](https://codeclimate.com/github/CocoaPods/cocoapods-downloader/test_coverage)
+[![Maintainability](https://api.codeclimate.com/v1/badges/2253ffb0c2c98e4d1c71/maintainability)](https://codeclimate.com/github/CocoaPods/cocoapods-downloader/maintainability)
 ## Install
@@ -73,6 +72,10 @@ All CocoaPods development happens on GitHub, there is a repository for [CocoaPod
 Follow [@CocoaPods](http://twitter.com/CocoaPods) to get up to date information about what's going on in the CocoaPods world.
+## Development
+You need to have `svn`, `bzr`, `hg` and `git` installed to run the specs. There are some specs which require `hdiutil` which will only run on macOS.
 ## License
 This gem and CocoaPods are available under the MIT license.

data/lib/cocoapods-downloader/base.rb CHANGED Viewed

@@ -77,6 +77,7 @@ module Pod
       # @return [void]
       #
       def download
+        validate_input
         ui_action("#{name} download") do
           target_path.mkpath
           download!
@@ -121,6 +122,14 @@ module Pod
         raise 'Abstract method'
       end
+      # Provides a before-download check for safety of the options in the
+      # concrete downloader.
+      #
+      # @return [void]
+      #
+      def validate_input
+      end
       # Returns a User-Agent string that itentifies http network requests as
       # originating from CocoaPods.
       # Contains version numbers from the CocoaPods Gem and the cocoapods-downloader Gem.

data/lib/cocoapods-downloader/gem_version.rb CHANGED Viewed

@@ -3,6 +3,6 @@ module Pod
     # @return [String] Downloader’s version, following
     #         [semver](http://semver.org).
     #
-    VERSION = '1.5.1'.freeze
+    VERSION = '1.6.2'.freeze
   end
 end

data/lib/cocoapods-downloader/git.rb CHANGED Viewed

@@ -153,6 +153,12 @@ module Pod
       def target_git(*args)
         git!(['-C', target_path] + args)
       end
+      def validate_input
+        input = [url, options[:branch], options[:commit], options[:tag]].map(&:to_s)
+        invalid = input.compact.any? { |value| value.start_with?('--') || value.include?(' --') }
+        raise DownloaderError, "Provided unsafe input for git #{options}." if invalid
+      end
     end
   end
 end

data/lib/cocoapods-downloader/mercurial.rb CHANGED Viewed

@@ -49,6 +49,12 @@ module Pod
       def download_branch!
         hg! 'clone', url, '--updaterev', options[:branch], @target_path
       end
+      def validate_input
+        input = [url, options[:revision], options[:branch], options[:tag]].map(&:to_s)
+        invalid = input.compact.any? { |value| value.start_with?('--') || value.include?(' --') }
+        raise DownloaderError, "Provided unsafe input for hg #{options}." if invalid
+      end
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cocoapods-downloader
 version: !ruby/object:Gem::Version
-  version: 1.5.1
+  version: 1.6.2
 platform: ruby
 authors:
 - Eloy Duran
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-07 00:00:00.000000000 Z
+date: 2022-03-28 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -52,7 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 3
 summary: A small library for downloading files from remotes in a folder.