rubygems-update 3.0.2 → 3.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bundler/lib/bundler/build_metadata.rb +1 -1
- data/bundler/man/bundle-add.1 +58 -0
- data/bundler/man/bundle-binstubs.1 +40 -0
- data/bundler/man/bundle-check.1 +31 -0
- data/bundler/man/bundle-clean.1 +24 -0
- data/bundler/man/bundle-config.1 +497 -0
- data/bundler/man/bundle-doctor.1 +44 -0
- data/bundler/man/bundle-exec.1 +165 -0
- data/bundler/man/bundle-gem.1 +80 -0
- data/bundler/man/bundle-info.1 +20 -0
- data/bundler/man/bundle-init.1 +25 -0
- data/bundler/man/bundle-inject.1 +33 -0
- data/bundler/man/bundle-install.1 +308 -0
- data/bundler/man/bundle-list.1 +50 -0
- data/bundler/man/bundle-lock.1 +84 -0
- data/bundler/man/bundle-open.1 +32 -0
- data/bundler/man/bundle-outdated.1 +155 -0
- data/bundler/man/bundle-package.1 +55 -0
- data/bundler/man/bundle-platform.1 +61 -0
- data/bundler/man/bundle-pristine.1 +34 -0
- data/bundler/man/bundle-remove.1 +31 -0
- data/bundler/man/bundle-show.1 +23 -0
- data/bundler/man/bundle-update.1 +394 -0
- data/bundler/man/bundle-viz.1 +39 -0
- data/bundler/man/bundle.1 +136 -0
- data/lib/rubygems.rb +1 -1
- data/lib/rubygems/command_manager.rb +6 -4
- data/lib/rubygems/commands/owner_command.rb +4 -1
- data/lib/rubygems/gemcutter_utilities.rb +5 -2
- data/lib/rubygems/installer.rb +24 -5
- data/lib/rubygems/package.rb +10 -0
- data/lib/rubygems/user_interaction.rb +4 -1
- data/rubygems-update.gemspec +1 -1
- data/test/rubygems/test_gem_installer.rb +106 -0
- data/test/rubygems/test_gem_package.rb +34 -0
- data/test/rubygems/test_gem_text.rb +5 -0
- metadata +51 -3
@@ -0,0 +1,136 @@
|
|
1
|
+
.\" generated with Ronn/v0.7.3
|
2
|
+
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
|
+
.
|
4
|
+
.TH "BUNDLE" "1" "January 2019" "" ""
|
5
|
+
.
|
6
|
+
.SH "NAME"
|
7
|
+
\fBbundle\fR \- Ruby Dependency Management
|
8
|
+
.
|
9
|
+
.SH "SYNOPSIS"
|
10
|
+
\fBbundle\fR COMMAND [\-\-no\-color] [\-\-verbose] [ARGS]
|
11
|
+
.
|
12
|
+
.SH "DESCRIPTION"
|
13
|
+
Bundler manages an \fBapplication\'s dependencies\fR through its entire life across many machines systematically and repeatably\.
|
14
|
+
.
|
15
|
+
.P
|
16
|
+
See the bundler website \fIhttp://bundler\.io\fR for information on getting started, and Gemfile(5) for more information on the \fBGemfile\fR format\.
|
17
|
+
.
|
18
|
+
.SH "OPTIONS"
|
19
|
+
.
|
20
|
+
.TP
|
21
|
+
\fB\-\-no\-color\fR
|
22
|
+
Print all output without color
|
23
|
+
.
|
24
|
+
.TP
|
25
|
+
\fB\-\-retry\fR, \fB\-r\fR
|
26
|
+
Specify the number of times you wish to attempt network commands
|
27
|
+
.
|
28
|
+
.TP
|
29
|
+
\fB\-\-verbose\fR, \fB\-V\fR
|
30
|
+
Print out additional logging information
|
31
|
+
.
|
32
|
+
.SH "BUNDLE COMMANDS"
|
33
|
+
We divide \fBbundle\fR subcommands into primary commands and utilities:
|
34
|
+
.
|
35
|
+
.SH "PRIMARY COMMANDS"
|
36
|
+
.
|
37
|
+
.TP
|
38
|
+
\fBbundle install(1)\fR \fIbundle\-install\.1\.html\fR
|
39
|
+
Install the gems specified by the \fBGemfile\fR or \fBGemfile\.lock\fR
|
40
|
+
.
|
41
|
+
.TP
|
42
|
+
\fBbundle update(1)\fR \fIbundle\-update\.1\.html\fR
|
43
|
+
Update dependencies to their latest versions
|
44
|
+
.
|
45
|
+
.TP
|
46
|
+
\fBbundle package(1)\fR \fIbundle\-package\.1\.html\fR
|
47
|
+
Package the \.gem files required by your application into the \fBvendor/cache\fR directory
|
48
|
+
.
|
49
|
+
.TP
|
50
|
+
\fBbundle exec(1)\fR \fIbundle\-exec\.1\.html\fR
|
51
|
+
Execute a script in the current bundle
|
52
|
+
.
|
53
|
+
.TP
|
54
|
+
\fBbundle config(1)\fR \fIbundle\-config\.1\.html\fR
|
55
|
+
Specify and read configuration options for Bundler
|
56
|
+
.
|
57
|
+
.TP
|
58
|
+
\fBbundle help(1)\fR
|
59
|
+
Display detailed help for each subcommand
|
60
|
+
.
|
61
|
+
.SH "UTILITIES"
|
62
|
+
.
|
63
|
+
.TP
|
64
|
+
\fBbundle add(1)\fR \fIbundle\-add\.1\.html\fR
|
65
|
+
Add the named gem to the Gemfile and run \fBbundle install\fR
|
66
|
+
.
|
67
|
+
.TP
|
68
|
+
\fBbundle binstubs(1)\fR \fIbundle\-binstubs\.1\.html\fR
|
69
|
+
Generate binstubs for executables in a gem
|
70
|
+
.
|
71
|
+
.TP
|
72
|
+
\fBbundle check(1)\fR \fIbundle\-check\.1\.html\fR
|
73
|
+
Determine whether the requirements for your application are installed and available to Bundler
|
74
|
+
.
|
75
|
+
.TP
|
76
|
+
\fBbundle show(1)\fR \fIbundle\-show\.1\.html\fR
|
77
|
+
Show the source location of a particular gem in the bundle
|
78
|
+
.
|
79
|
+
.TP
|
80
|
+
\fBbundle outdated(1)\fR \fIbundle\-outdated\.1\.html\fR
|
81
|
+
Show all of the outdated gems in the current bundle
|
82
|
+
.
|
83
|
+
.TP
|
84
|
+
\fBbundle console(1)\fR
|
85
|
+
Start an IRB session in the current bundle
|
86
|
+
.
|
87
|
+
.TP
|
88
|
+
\fBbundle open(1)\fR \fIbundle\-open\.1\.html\fR
|
89
|
+
Open an installed gem in the editor
|
90
|
+
.
|
91
|
+
.TP
|
92
|
+
\fBbundle lock(1)\fR \fIbundle\-lock\.1\.hmtl\fR
|
93
|
+
Generate a lockfile for your dependencies
|
94
|
+
.
|
95
|
+
.TP
|
96
|
+
\fBbundle viz(1)\fR \fIbundle\-viz\.1\.html\fR
|
97
|
+
Generate a visual representation of your dependencies
|
98
|
+
.
|
99
|
+
.TP
|
100
|
+
\fBbundle init(1)\fR \fIbundle\-init\.1\.html\fR
|
101
|
+
Generate a simple \fBGemfile\fR, placed in the current directory
|
102
|
+
.
|
103
|
+
.TP
|
104
|
+
\fBbundle gem(1)\fR \fIbundle\-gem\.1\.html\fR
|
105
|
+
Create a simple gem, suitable for development with Bundler
|
106
|
+
.
|
107
|
+
.TP
|
108
|
+
\fBbundle platform(1)\fR \fIbundle\-platform\.1\.html\fR
|
109
|
+
Display platform compatibility information
|
110
|
+
.
|
111
|
+
.TP
|
112
|
+
\fBbundle clean(1)\fR \fIbundle\-clean\.1\.html\fR
|
113
|
+
Clean up unused gems in your Bundler directory
|
114
|
+
.
|
115
|
+
.TP
|
116
|
+
\fBbundle doctor(1)\fR \fIbundle\-doctor\.1\.html\fR
|
117
|
+
Display warnings about common problems
|
118
|
+
.
|
119
|
+
.TP
|
120
|
+
\fBbundle remove(1)\fR \fIbundle\-remove\.1\.html\fR
|
121
|
+
Removes gems from the Gemfile
|
122
|
+
.
|
123
|
+
.SH "PLUGINS"
|
124
|
+
When running a command that isn\'t listed in PRIMARY COMMANDS or UTILITIES, Bundler will try to find an executable on your path named \fBbundler\-<command>\fR and execute it, passing down any extra arguments to it\.
|
125
|
+
.
|
126
|
+
.SH "OBSOLETE"
|
127
|
+
These commands are obsolete and should no longer be used:
|
128
|
+
.
|
129
|
+
.IP "\(bu" 4
|
130
|
+
\fBbundle cache(1)\fR
|
131
|
+
.
|
132
|
+
.IP "\(bu" 4
|
133
|
+
\fBbundle show(1)\fR
|
134
|
+
.
|
135
|
+
.IP "" 0
|
136
|
+
|
data/lib/rubygems.rb
CHANGED
@@ -7,6 +7,7 @@
|
|
7
7
|
|
8
8
|
require 'rubygems/command'
|
9
9
|
require 'rubygems/user_interaction'
|
10
|
+
require 'rubygems/text'
|
10
11
|
|
11
12
|
##
|
12
13
|
# The command manager registers and installs all the individual sub-commands
|
@@ -32,6 +33,7 @@ require 'rubygems/user_interaction'
|
|
32
33
|
|
33
34
|
class Gem::CommandManager
|
34
35
|
|
36
|
+
include Gem::Text
|
35
37
|
include Gem::UserInteraction
|
36
38
|
|
37
39
|
BUILTIN_COMMANDS = [ # :nodoc:
|
@@ -145,12 +147,12 @@ class Gem::CommandManager
|
|
145
147
|
def run(args, build_args=nil)
|
146
148
|
process_args(args, build_args)
|
147
149
|
rescue StandardError, Timeout::Error => ex
|
148
|
-
alert_error "While executing gem ... (#{ex.class})\n #{ex}"
|
150
|
+
alert_error clean_text("While executing gem ... (#{ex.class})\n #{ex}")
|
149
151
|
ui.backtrace ex
|
150
152
|
|
151
153
|
terminate_interaction(1)
|
152
154
|
rescue Interrupt
|
153
|
-
alert_error "Interrupted"
|
155
|
+
alert_error clean_text("Interrupted")
|
154
156
|
terminate_interaction(1)
|
155
157
|
end
|
156
158
|
|
@@ -168,7 +170,7 @@ class Gem::CommandManager
|
|
168
170
|
say Gem::VERSION
|
169
171
|
terminate_interaction 0
|
170
172
|
when /^-/ then
|
171
|
-
alert_error "Invalid option: #{args.first}. See 'gem --help'."
|
173
|
+
alert_error clean_text("Invalid option: #{args.first}. See 'gem --help'.")
|
172
174
|
terminate_interaction 1
|
173
175
|
else
|
174
176
|
cmd_name = args.shift.downcase
|
@@ -224,7 +226,7 @@ class Gem::CommandManager
|
|
224
226
|
rescue Exception => e
|
225
227
|
e = load_error if load_error
|
226
228
|
|
227
|
-
alert_error "Loading command: #{command_name} (#{e.class})\n\t#{e}"
|
229
|
+
alert_error clean_text("Loading command: #{command_name} (#{e.class})\n\t#{e}")
|
228
230
|
ui.backtrace e
|
229
231
|
end
|
230
232
|
end
|
@@ -2,8 +2,11 @@
|
|
2
2
|
require 'rubygems/command'
|
3
3
|
require 'rubygems/local_remote_options'
|
4
4
|
require 'rubygems/gemcutter_utilities'
|
5
|
+
require 'rubygems/text'
|
5
6
|
|
6
7
|
class Gem::Commands::OwnerCommand < Gem::Command
|
8
|
+
|
9
|
+
include Gem::Text
|
7
10
|
include Gem::LocalRemoteOptions
|
8
11
|
include Gem::GemcutterUtilities
|
9
12
|
|
@@ -65,7 +68,7 @@ permission to.
|
|
65
68
|
end
|
66
69
|
|
67
70
|
with_response response do |resp|
|
68
|
-
owners = Gem::SafeYAML.load resp.body
|
71
|
+
owners = Gem::SafeYAML.load clean_text(resp.body)
|
69
72
|
|
70
73
|
say "Owners for gem: #{name}"
|
71
74
|
owners.each do |owner|
|
@@ -1,11 +1,14 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
require 'rubygems/remote_fetcher'
|
3
|
+
require 'rubygems/text'
|
3
4
|
|
4
5
|
##
|
5
6
|
# Utility methods for using the RubyGems API.
|
6
7
|
|
7
8
|
module Gem::GemcutterUtilities
|
8
9
|
|
10
|
+
include Gem::Text
|
11
|
+
|
9
12
|
# TODO: move to Gem::Command
|
10
13
|
OptionParser.accept Symbol do |value|
|
11
14
|
value.to_sym
|
@@ -162,13 +165,13 @@ module Gem::GemcutterUtilities
|
|
162
165
|
if block_given?
|
163
166
|
yield response
|
164
167
|
else
|
165
|
-
say response.body
|
168
|
+
say clean_text(response.body)
|
166
169
|
end
|
167
170
|
else
|
168
171
|
message = response.body
|
169
172
|
message = "#{error_prefix}: #{message}" if error_prefix
|
170
173
|
|
171
|
-
say message
|
174
|
+
say clean_text(message)
|
172
175
|
terminate_interaction 1 # TODO: question this
|
173
176
|
end
|
174
177
|
end
|
data/lib/rubygems/installer.rb
CHANGED
@@ -725,9 +725,26 @@ class Gem::Installer
|
|
725
725
|
unpack or File.writable?(gem_home)
|
726
726
|
end
|
727
727
|
|
728
|
-
def
|
729
|
-
|
730
|
-
|
728
|
+
def verify_spec
|
729
|
+
unless spec.name =~ Gem::Specification::VALID_NAME_PATTERN
|
730
|
+
raise Gem::InstallError, "#{spec} has an invalid name"
|
731
|
+
end
|
732
|
+
|
733
|
+
if spec.raw_require_paths.any?{|path| path =~ /\R/ }
|
734
|
+
raise Gem::InstallError, "#{spec} has an invalid require_paths"
|
735
|
+
end
|
736
|
+
|
737
|
+
if spec.extensions.any?{|ext| ext =~ /\R/ }
|
738
|
+
raise Gem::InstallError, "#{spec} has an invalid extensions"
|
739
|
+
end
|
740
|
+
|
741
|
+
unless spec.specification_version.to_s =~ /\A\d+\z/
|
742
|
+
raise Gem::InstallError, "#{spec} has an invalid specification_version"
|
743
|
+
end
|
744
|
+
|
745
|
+
if spec.dependencies.any? {|dep| dep.type =~ /\R/ || dep.name =~ /\R/ }
|
746
|
+
raise Gem::InstallError, "#{spec} has an invalid dependencies"
|
747
|
+
end
|
731
748
|
end
|
732
749
|
|
733
750
|
##
|
@@ -876,9 +893,11 @@ TEXT
|
|
876
893
|
def pre_install_checks
|
877
894
|
verify_gem_home options[:unpack]
|
878
895
|
|
879
|
-
|
896
|
+
# The name and require_paths must be verified first, since it could contain
|
897
|
+
# ruby code that would be eval'ed in #ensure_loadable_spec
|
898
|
+
verify_spec
|
880
899
|
|
881
|
-
|
900
|
+
ensure_loadable_spec
|
882
901
|
|
883
902
|
if options[:install_as_default]
|
884
903
|
Gem.ensure_default_gem_subdirectories gem_home
|
data/lib/rubygems/package.rb
CHANGED
@@ -456,6 +456,16 @@ EOM
|
|
456
456
|
raise Gem::Package::PathError.new(destination, destination_dir) unless
|
457
457
|
destination.start_with? destination_dir + '/'
|
458
458
|
|
459
|
+
begin
|
460
|
+
real_destination = File.expand_path(File.realpath(destination))
|
461
|
+
rescue
|
462
|
+
# it's fine if the destination doesn't exist, because rm -rf'ing it can't cause any damage
|
463
|
+
nil
|
464
|
+
else
|
465
|
+
raise Gem::Package::PathError.new(real_destination, destination_dir) unless
|
466
|
+
real_destination.start_with? destination_dir + '/'
|
467
|
+
end
|
468
|
+
|
459
469
|
destination.untaint
|
460
470
|
destination
|
461
471
|
end
|
@@ -7,6 +7,7 @@
|
|
7
7
|
|
8
8
|
require 'rubygems/util'
|
9
9
|
require 'rubygems/deprecate'
|
10
|
+
require 'rubygems/text'
|
10
11
|
|
11
12
|
##
|
12
13
|
# Module that defines the default UserInteraction. Any class including this
|
@@ -14,6 +15,8 @@ require 'rubygems/deprecate'
|
|
14
15
|
|
15
16
|
module Gem::DefaultUserInteraction
|
16
17
|
|
18
|
+
include Gem::Text
|
19
|
+
|
17
20
|
##
|
18
21
|
# The default UI is a class variable of the singleton class for this
|
19
22
|
# module.
|
@@ -162,7 +165,7 @@ module Gem::UserInteraction
|
|
162
165
|
# is true.
|
163
166
|
|
164
167
|
def verbose(msg = nil)
|
165
|
-
say(msg || yield) if Gem.configuration.really_verbose
|
168
|
+
say(clean_text(msg || yield)) if Gem.configuration.really_verbose
|
166
169
|
end
|
167
170
|
end
|
168
171
|
|
data/rubygems-update.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "rubygems-update"
|
5
|
-
s.version = "3.0.
|
5
|
+
s.version = "3.0.3"
|
6
6
|
s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
|
7
7
|
s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
|
8
8
|
|
@@ -1446,6 +1446,112 @@ gem 'other', version
|
|
1446
1446
|
end
|
1447
1447
|
end
|
1448
1448
|
|
1449
|
+
def test_pre_install_checks_malicious_name_before_eval
|
1450
|
+
spec = util_spec "malicious\n::Object.const_set(:FROM_EVAL, true)#", '1'
|
1451
|
+
def spec.full_name # so the spec is buildable
|
1452
|
+
"malicious-1"
|
1453
|
+
end
|
1454
|
+
def spec.validate(*args); end
|
1455
|
+
|
1456
|
+
util_build_gem spec
|
1457
|
+
|
1458
|
+
gem = File.join(@gemhome, 'cache', spec.file_name)
|
1459
|
+
|
1460
|
+
use_ui @ui do
|
1461
|
+
@installer = Gem::Installer.at gem
|
1462
|
+
e = assert_raises Gem::InstallError do
|
1463
|
+
@installer.pre_install_checks
|
1464
|
+
end
|
1465
|
+
assert_equal "#<Gem::Specification name=malicious\n::Object.const_set(:FROM_EVAL, true)# version=1> has an invalid name", e.message
|
1466
|
+
end
|
1467
|
+
refute defined?(::Object::FROM_EVAL)
|
1468
|
+
end
|
1469
|
+
|
1470
|
+
def test_pre_install_checks_malicious_require_paths_before_eval
|
1471
|
+
spec = util_spec "malicious", '1'
|
1472
|
+
def spec.full_name # so the spec is buildable
|
1473
|
+
"malicious-1"
|
1474
|
+
end
|
1475
|
+
def spec.validate(*args); end
|
1476
|
+
spec.require_paths = ["malicious\n``"]
|
1477
|
+
|
1478
|
+
util_build_gem spec
|
1479
|
+
|
1480
|
+
gem = File.join(@gemhome, 'cache', spec.file_name)
|
1481
|
+
|
1482
|
+
use_ui @ui do
|
1483
|
+
@installer = Gem::Installer.at gem
|
1484
|
+
e = assert_raises Gem::InstallError do
|
1485
|
+
@installer.pre_install_checks
|
1486
|
+
end
|
1487
|
+
assert_equal "#<Gem::Specification name=malicious version=1> has an invalid require_paths", e.message
|
1488
|
+
end
|
1489
|
+
end
|
1490
|
+
|
1491
|
+
def test_pre_install_checks_malicious_extensions_before_eval
|
1492
|
+
spec = util_spec "malicious", '1'
|
1493
|
+
def spec.full_name # so the spec is buildable
|
1494
|
+
"malicious-1"
|
1495
|
+
end
|
1496
|
+
def spec.validate(*args); end
|
1497
|
+
spec.extensions = ["malicious\n``"]
|
1498
|
+
|
1499
|
+
util_build_gem spec
|
1500
|
+
|
1501
|
+
gem = File.join(@gemhome, 'cache', spec.file_name)
|
1502
|
+
|
1503
|
+
use_ui @ui do
|
1504
|
+
@installer = Gem::Installer.at gem
|
1505
|
+
e = assert_raises Gem::InstallError do
|
1506
|
+
@installer.pre_install_checks
|
1507
|
+
end
|
1508
|
+
assert_equal "#<Gem::Specification name=malicious version=1> has an invalid extensions", e.message
|
1509
|
+
end
|
1510
|
+
end
|
1511
|
+
|
1512
|
+
def test_pre_install_checks_malicious_specification_version_before_eval
|
1513
|
+
spec = util_spec "malicious", '1'
|
1514
|
+
def spec.full_name # so the spec is buildable
|
1515
|
+
"malicious-1"
|
1516
|
+
end
|
1517
|
+
def spec.validate(*args); end
|
1518
|
+
spec.specification_version = "malicious\n``"
|
1519
|
+
|
1520
|
+
util_build_gem spec
|
1521
|
+
|
1522
|
+
gem = File.join(@gemhome, 'cache', spec.file_name)
|
1523
|
+
|
1524
|
+
use_ui @ui do
|
1525
|
+
@installer = Gem::Installer.at gem
|
1526
|
+
e = assert_raises Gem::InstallError do
|
1527
|
+
@installer.pre_install_checks
|
1528
|
+
end
|
1529
|
+
assert_equal "#<Gem::Specification name=malicious version=1> has an invalid specification_version", e.message
|
1530
|
+
end
|
1531
|
+
end
|
1532
|
+
|
1533
|
+
def test_pre_install_checks_malicious_dependencies_before_eval
|
1534
|
+
spec = util_spec "malicious", '1'
|
1535
|
+
def spec.full_name # so the spec is buildable
|
1536
|
+
"malicious-1"
|
1537
|
+
end
|
1538
|
+
def spec.validate(*args); end
|
1539
|
+
spec.add_dependency "b\nfoo", '> 5'
|
1540
|
+
|
1541
|
+
util_build_gem spec
|
1542
|
+
|
1543
|
+
gem = File.join(@gemhome, 'cache', spec.file_name)
|
1544
|
+
|
1545
|
+
use_ui @ui do
|
1546
|
+
@installer = Gem::Installer.at gem
|
1547
|
+
@installer.ignore_dependencies = true
|
1548
|
+
e = assert_raises Gem::InstallError do
|
1549
|
+
@installer.pre_install_checks
|
1550
|
+
end
|
1551
|
+
assert_equal "#<Gem::Specification name=malicious version=1> has an invalid dependencies", e.message
|
1552
|
+
end
|
1553
|
+
end
|
1554
|
+
|
1449
1555
|
def test_shebang
|
1450
1556
|
util_make_exec @spec, "#!/usr/bin/ruby"
|
1451
1557
|
|