rubygems-update 3.4.21 → 3.5.0

data/test/rubygems/test_gem_security_signer.rb

@@ -1,218 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "helper"
-
-unless Gem::HAVE_OPENSSL
-  warn "Skipping Gem::Security::Signer tests.  openssl not found."
-end
-
-class TestGemSecuritySigner < Gem::TestCase
-  ALTERNATE_KEY  = load_key "alternate"
-  CHILD_KEY      = load_key "child"
-  GRANDCHILD_KEY = load_key "grandchild"
-
-  CHILD_CERT      = load_cert "child"
-  GRANDCHILD_CERT = load_cert "grandchild"
-  EXPIRED_CERT    = load_cert "expired"
-
-  def setup
-    super
-
-    @cert_file = PUBLIC_CERT
-  end
-
-  def test_initialize
-    signer = Gem::Security::Signer.new nil, nil
-
-    assert_nil signer.key
-    assert_nil signer.cert_chain
-  end
-
-  def test_initialize_cert_chain_empty
-    signer = Gem::Security::Signer.new PUBLIC_KEY, []
-
-    assert_empty signer.cert_chain
-  end
-
-  def test_initialize_cert_chain_mixed
-    signer = Gem::Security::Signer.new nil, [@cert_file, CHILD_CERT]
-
-    assert_equal [PUBLIC_CERT, CHILD_CERT].map {|c| c.to_pem },
-                 signer.cert_chain.map {|c| c.to_pem }
-  end
-
-  def test_initialize_cert_chain_invalid
-    assert_raise OpenSSL::X509::CertificateError do
-      Gem::Security::Signer.new nil, ["garbage"]
-    end
-  end
-
-  def test_initialize_cert_chain_path
-    signer = Gem::Security::Signer.new nil, [@cert_file]
-
-    assert_equal [PUBLIC_CERT].map {|c| c.to_pem },
-                 signer.cert_chain.map {|c| c.to_pem }
-  end
-
-  def test_initialize_default
-    FileUtils.mkdir_p File.join(Gem.user_home, ".gem")
-
-    private_key_path = File.join Gem.user_home, ".gem", "gem-private_key.pem"
-    Gem::Security.write PRIVATE_KEY, private_key_path
-
-    public_cert_path = File.join Gem.user_home, ".gem", "gem-public_cert.pem"
-    Gem::Security.write PUBLIC_CERT, public_cert_path
-
-    signer = Gem::Security::Signer.new nil, nil
-
-    assert_equal PRIVATE_KEY.to_pem, signer.key.to_pem
-    assert_equal [PUBLIC_CERT.to_pem], signer.cert_chain.map {|c| c.to_pem }
-  end
-
-  def test_initialize_key_path
-    key_file = PRIVATE_KEY_PATH
-
-    signer = Gem::Security::Signer.new key_file, nil
-
-    assert_equal PRIVATE_KEY.to_s, signer.key.to_s
-  end
-
-  def test_initialize_encrypted_key_path
-    key_file = ENCRYPTED_PRIVATE_KEY_PATH
-
-    signer = Gem::Security::Signer.new key_file, nil, PRIVATE_KEY_PASSPHRASE
-
-    assert_equal ENCRYPTED_PRIVATE_KEY.to_s, signer.key.to_s
-  end
-
-  def test_extract_name
-    signer = Gem::Security::Signer.new nil, nil
-
-    assert_equal "child@example", signer.extract_name(CHILD_CERT)
-  end
-
-  def test_load_cert_chain
-    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
-
-    signer = Gem::Security::Signer.new nil, []
-    signer.cert_chain.replace [CHILD_CERT]
-
-    signer.load_cert_chain
-
-    assert_equal [PUBLIC_CERT.to_pem, CHILD_CERT.to_pem],
-                 signer.cert_chain.map {|c| c.to_pem }
-  end
-
-  def test_load_cert_chain_broken
-    Gem::Security.trust_dir.trust_cert CHILD_CERT
-
-    signer = Gem::Security::Signer.new nil, []
-    signer.cert_chain.replace [GRANDCHILD_CERT]
-
-    signer.load_cert_chain
-
-    assert_equal [CHILD_CERT.to_pem, GRANDCHILD_CERT.to_pem],
-                 signer.cert_chain.map {|c| c.to_pem }
-  end
-
-  def test_sign
-    signer = Gem::Security::Signer.new PRIVATE_KEY, [PUBLIC_CERT]
-
-    signature = signer.sign "hello"
-
-    expected = <<-EXPECTED
-FmrCYxEXW3dgYYNMxPdS16VrdXT+d5nyXTVlRm64ZHSgMxMAaPtQJsVYv73m
-DWHTzNnLhhINSpgBMLh5a4atM52yxVdkPUTgqIH+LeIPBXn8xaP5JLmfDcmI
-tBpc/9DhS3v9iKCX40igAArFu7Gg3swbgQ61SP+U22LvG5nDQZQz3sudtsw3
-qKPykFVaYjrRwzvBdSdJ1PwlAsanSwcwS/GKPtmE/ykZ6X5XOx7wvCDL/zGy
-B8khkB8hDKC6moCzebmUxCBmTmXD0Wjzon+bf4MOriVE3a0ySGRvpr1mKR2+
-9EaVo7pDJLEM487+xg1CAZHRhwshd6II00XEzG/jBQ==
-    EXPECTED
-
-    assert_equal expected, [signature].pack("m")
-  end
-
-  def test_sign_expired
-    signer = Gem::Security::Signer.new PRIVATE_KEY, [EXPIRED_CERT]
-
-    e = assert_raise Gem::Security::Exception do
-      signer.sign "hello"
-    end
-
-    assert_match "certificate /CN=nobody/DC=example not valid after 1970-01-01 00:00:00 UTC", e.message
-  end
-
-  def test_sign_expired_auto_update
-    pend if Gem.java_platform?
-    FileUtils.mkdir_p File.join(Gem.user_home, ".gem"), :mode => 0o700
-
-    private_key_path = File.join(Gem.user_home, ".gem", "gem-private_key.pem")
-    Gem::Security.write PRIVATE_KEY, private_key_path
-
-    cert_path = File.join Gem.user_home, ".gem", "gem-public_cert.pem"
-    Gem::Security.write EXPIRED_CERT, cert_path
-
-    signer = Gem::Security::Signer.new PRIVATE_KEY, [EXPIRED_CERT]
-
-    signer.sign "hello"
-
-    cert = OpenSSL::X509::Certificate.new File.read cert_path
-
-    refute_equal EXPIRED_CERT.to_pem, cert.to_pem
-    assert_in_delta Time.now,         cert.not_before, 10
-
-    expiry = EXPIRED_CERT.not_after.strftime "%Y%m%d%H%M%S"
-
-    expired_path =
-      File.join Gem.user_home, ".gem", "gem-public_cert.pem.expired.#{expiry}"
-
-    assert_path_exist expired_path
-    assert_equal EXPIRED_CERT.to_pem, File.read(expired_path)
-  end
-
-  def test_sign_expired_auto_update_exists
-    FileUtils.mkdir_p File.join(Gem.user_home, ".gem"), :mode => 0o700
-
-    expiry = EXPIRED_CERT.not_after.strftime "%Y%m%d%H%M%S"
-    expired_path =
-      File.join Gem.user_home, "gem-public_cert.pem.expired.#{expiry}"
-
-    Gem::Security.write EXPIRED_CERT, expired_path
-
-    private_key_path = File.join(Gem.user_home, "gem-private_key.pem")
-    Gem::Security.write PRIVATE_KEY, private_key_path
-
-    cert_path = File.join Gem.user_home, "gem-public_cert.pem"
-    Gem::Security.write EXPIRED_CERT, cert_path
-
-    signer = Gem::Security::Signer.new PRIVATE_KEY, [EXPIRED_CERT]
-
-    e = assert_raise Gem::Security::Exception do
-      signer.sign "hello"
-    end
-
-    assert_match %r{certificate /CN=nobody/DC=example not valid}, e.message
-  end
-
-  def test_sign_no_key
-    signer = Gem::Security::Signer.new nil, nil
-
-    assert_nil signer.sign "stuff"
-  end
-
-  def test_sign_wrong_key
-    signer = Gem::Security::Signer.new ALTERNATE_KEY, [PUBLIC_CERT]
-
-    assert_raise Gem::Security::Exception do
-      signer.sign "hello"
-    end
-  end
-
-  def test_sign_no_certs
-    signer = Gem::Security::Signer.new ALTERNATE_KEY, []
-
-    assert_raise Gem::Security::Exception do
-      signer.sign "hello"
-    end
-  end
-end if Gem::HAVE_OPENSSL

data/test/rubygems/test_gem_security_trust_dir.rb

@@ -1,99 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "helper"
-
-unless Gem::HAVE_OPENSSL
-  warn "Skipping Gem::Security::TrustDir tests.  openssl not found."
-end
-
-class TestGemSecurityTrustDir < Gem::TestCase
-  CHILD_CERT = load_cert "child"
-
-  def setup
-    super
-
-    @dest_dir = File.join @tempdir, "trust"
-
-    @trust_dir = Gem::Security::TrustDir.new @dest_dir
-  end
-
-  def test_cert_path
-    digest = OpenSSL::Digest.hexdigest Gem::Security::DIGEST_NAME, PUBLIC_CERT.subject.to_s
-
-    expected = File.join @dest_dir, "cert-#{digest}.pem"
-
-    assert_equal expected, @trust_dir.cert_path(PUBLIC_CERT)
-  end
-
-  def test_issuer_of
-    assert_nil @trust_dir.issuer_of(CHILD_CERT)
-
-    @trust_dir.trust_cert PUBLIC_CERT
-
-    assert_equal PUBLIC_CERT.to_pem, @trust_dir.issuer_of(CHILD_CERT).to_pem
-  end
-
-  def test_load_certificate
-    @trust_dir.trust_cert PUBLIC_CERT
-
-    path = @trust_dir.cert_path PUBLIC_CERT
-
-    assert_equal PUBLIC_CERT.to_pem, @trust_dir.load_certificate(path).to_pem
-  end
-
-  def test_name_path
-    digest = OpenSSL::Digest.hexdigest Gem::Security::DIGEST_NAME, PUBLIC_CERT.subject.to_s
-
-    expected = File.join @dest_dir, "cert-#{digest}.pem"
-
-    assert_equal expected, @trust_dir.name_path(PUBLIC_CERT.subject)
-  end
-
-  def test_trust_cert
-    @trust_dir.trust_cert PUBLIC_CERT
-
-    trusted = @trust_dir.cert_path PUBLIC_CERT
-
-    assert_path_exist trusted
-
-    mask = 0o100600 & (~File.umask)
-
-    assert_equal mask, File.stat(trusted).mode unless win_platform?
-
-    assert_equal PUBLIC_CERT.to_pem, File.read(trusted)
-  end
-
-  def test_verify
-    assert_path_not_exist @dest_dir
-
-    @trust_dir.verify
-
-    assert_path_exist @dest_dir
-
-    mask = 0o40700 & (~File.umask)
-    mask |= 0o200000 if RUBY_PLATFORM.include?("aix")
-
-    assert_equal mask, File.stat(@dest_dir).mode unless win_platform?
-  end
-
-  def test_verify_file
-    FileUtils.touch @dest_dir
-
-    e = assert_raise Gem::Security::Exception do
-      @trust_dir.verify
-    end
-
-    assert_equal "trust directory #{@dest_dir} is not a directory", e.message
-  end
-
-  def test_verify_wrong_permissions
-    FileUtils.mkdir_p @dest_dir, :mode => 0o777
-
-    @trust_dir.verify
-
-    mask = 0o40700 & (~File.umask)
-    mask |= 0o200000 if RUBY_PLATFORM.include?("aix")
-
-    assert_equal mask, File.stat(@dest_dir).mode unless win_platform?
-  end
-end if Gem::HAVE_OPENSSL

data/test/rubygems/test_gem_silent_ui.rb

@@ -1,123 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "helper"
-require "rubygems/user_interaction"
-require "timeout"
-
-class TestGemSilentUI < Gem::TestCase
-  def setup
-    super
-    @sui = Gem::SilentUI.new
-  end
-
-  def teardown
-    @sui.close
-    super
-  end
-
-  def test_ask
-    value = nil
-    out, err = capture_output do
-      use_ui @sui do
-        value = @sui.ask "Problem?"
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-
-    assert_nil value, "No value"
-  end
-
-  def test_ask_for_password
-    value = nil
-    out, err = capture_output do
-      use_ui @sui do
-        value = @sui.ask_for_password "Problem?"
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-
-    assert_nil value, "No value"
-  end
-
-  def test_ask_yes_no
-    value = nil
-    out, err = capture_output do
-      use_ui @sui do
-        assert_raise(Gem::OperationNotSupportedError) do
-          @sui.ask_yes_no "Problem?"
-        end
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-
-    out, err = capture_output do
-      use_ui @sui do
-        value = @sui.ask_yes_no "Problem?", true
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-
-    assert value, "Value is true"
-
-    out, err = capture_output do
-      use_ui @sui do
-        value = @sui.ask_yes_no "Problem?", false
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-
-    assert_equal value, false, "Value is false"
-  end
-
-  def test_choose_from_list
-    value = nil
-    out, err = capture_output do
-      use_ui @sui do
-        value = @sui.choose_from_list "Problem?", %w[yes no]
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-
-    assert_equal [nil, nil], value, "Value is nil!"
-  end
-
-  def test_progress_reporter
-    out, err = capture_output do
-      use_ui @sui do
-        @sui.progress_reporter 10, "hi"
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-  end
-
-  def test_download_reporter
-    out, err = capture_output do
-      use_ui @sui do
-        @sui.download_reporter.fetch "a.gem", 1024
-      end
-    end
-
-    assert_empty out, "No output"
-    assert_empty err, "No output"
-  end
-
-  def test_new_without_dev_null
-    File.stub(:open, ->(path, mode) { raise Errno::ENOTCAPABLE if path == IO::NULL }) do
-      Gem::SilentUI.new
-    end
-  end
-end

data/test/rubygems/test_gem_source.rb

@@ -1,254 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "helper"
-require "rubygems/source"
-require "rubygems/indexer"
-
-class TestGemSource < Gem::TestCase
-  def tuple(*args)
-    Gem::NameTuple.new(*args)
-  end
-
-  def setup
-    super
-
-    @specs = spec_fetcher do |fetcher|
-      fetcher.spec "a", "1.a"
-      fetcher.gem  "a", 1
-      fetcher.spec "a", 2
-      fetcher.spec "b", 2
-    end
-
-    @source = Gem::Source.new(@gem_repo)
-  end
-
-  def test_initialize_invalid_uri
-    assert_raise URI::InvalidURIError do
-      Gem::Source.new "git@example:a.git"
-    end
-  end
-
-  def test_initialize_git
-    repository = "git@example:a.git"
-
-    source = Gem::Source::Git.new "a", repository, nil, false
-
-    assert_equal repository, source.uri
-  end
-
-  def test_cache_dir_escapes_windows_paths
-    uri = URI.parse("file:///C:/WINDOWS/Temp/gem_repo")
-    root = Gem.spec_cache_dir
-    cache_dir = @source.cache_dir(uri).gsub(root, "")
-    assert cache_dir !~ /:/, "#{cache_dir} should not contain a :"
-  end
-
-  def test_dependency_resolver_set_bundler_api
-    response = Net::HTTPResponse.new "1.1", 200, "OK"
-    response.uri = URI("http://example")
-
-    @fetcher.data[@gem_repo] = response
-
-    set = @source.dependency_resolver_set
-
-    assert_kind_of Gem::Resolver::APISet, set
-  end
-
-  def test_dependency_resolver_set_file_uri
-    Gem::Indexer.new(@tempdir).generate_index
-
-    source = Gem::Source.new "file://#{@tempdir}/"
-
-    set = source.dependency_resolver_set
-
-    assert_kind_of Gem::Resolver::IndexSet, set
-  end
-
-  def test_dependency_resolver_set_marshal_api
-    set = @source.dependency_resolver_set
-
-    assert_kind_of Gem::Resolver::IndexSet, set
-  end
-
-  def test_fetch_spec
-    a1 = @specs["a-1"]
-
-    spec_uri = "#{@gem_repo}#{Gem::MARSHAL_SPEC_DIR}#{a1.spec_name}"
-
-    spec = @source.fetch_spec tuple("a", Gem::Version.new(1), "ruby")
-    assert_equal a1.full_name, spec.full_name
-
-    cache_dir = @source.cache_dir URI.parse(spec_uri)
-
-    cache_file = File.join cache_dir, a1.spec_name
-
-    assert File.exist?(cache_file)
-  end
-
-  def test_fetch_spec_cached
-    a1 = @specs["a-1"]
-
-    spec_uri = "#{@gem_repo}/#{Gem::MARSHAL_SPEC_DIR}#{a1.spec_name}"
-    @fetcher.data["#{spec_uri}.rz"] = nil
-
-    cache_dir = @source.cache_dir URI.parse(spec_uri)
-    FileUtils.mkdir_p cache_dir
-
-    cache_file = File.join cache_dir, a1.spec_name
-
-    File.open cache_file, "wb" do |io|
-      Marshal.dump a1, io
-    end
-
-    spec = @source.fetch_spec tuple("a", Gem::Version.new(1), "ruby")
-    assert_equal a1.full_name, spec.full_name
-  end
-
-  def test_fetch_spec_platform
-    specs = spec_fetcher do |fetcher|
-      fetcher.legacy_platform
-    end
-
-    spec = @source.fetch_spec tuple("pl", Gem::Version.new(1), "i386-linux")
-
-    assert_equal specs["pl-1-x86-linux"].full_name, spec.full_name
-  end
-
-  def test_fetch_spec_platform_ruby
-    spec = @source.fetch_spec tuple("a", Gem::Version.new(1), nil)
-    assert_equal @specs["a-1"].full_name, spec.full_name
-
-    spec = @source.fetch_spec tuple("a", Gem::Version.new(1), "")
-    assert_equal @specs["a-1"].full_name, spec.full_name
-  end
-
-  def test_load_specs
-    released = @source.load_specs(:released).map {|spec| spec.full_name }
-    assert_equal %W[a-2 a-1 b-2], released
-
-    cache_dir = File.join Gem.spec_cache_dir, "gems.example.com%80"
-    assert File.exist?(cache_dir), "#{cache_dir} does not exist"
-
-    cache_file = File.join cache_dir, "specs.#{Gem.marshal_version}"
-    assert File.exist?(cache_file)
-  end
-
-  def test_load_specs_cached
-    latest_specs = @source.load_specs :latest
-
-    # Make sure the cached version is actually different:
-    latest_specs << Gem::NameTuple.new("cached", Gem::Version.new("1.0.0"), "ruby")
-
-    @fetcher.data["#{@gem_repo}latest_specs.#{Gem.marshal_version}.gz"] = nil
-    @fetcher.data["#{@gem_repo}latest_specs.#{Gem.marshal_version}"] =
-      " " * Marshal.dump(latest_specs).length
-
-    cache_dir = File.join Gem.spec_cache_dir, "gems.example.com%80"
-
-    FileUtils.mkdir_p cache_dir
-
-    cache_file = File.join cache_dir, "latest_specs.#{Gem.marshal_version}"
-
-    File.open cache_file, "wb" do |io|
-      Marshal.dump latest_specs, io
-    end
-
-    cached_specs = @source.load_specs :latest
-
-    assert_equal latest_specs, cached_specs
-  end
-
-  def test_load_specs_cached_empty
-    latest_specs = @source.load_specs :latest
-
-    # Make sure the cached version is actually different:
-    latest_specs << Gem::NameTuple.new("fixed", Gem::Version.new("1.0.0"), "ruby")
-    # Setup valid data on the 'remote'
-    @fetcher.data["#{@gem_repo}latest_specs.#{Gem.marshal_version}.gz"] =
-          util_gzip(Marshal.dump(latest_specs))
-
-    cache_dir = File.join Gem.spec_cache_dir, "gems.example.com%80"
-
-    FileUtils.mkdir_p cache_dir
-
-    cache_file = File.join cache_dir, "latest_specs.#{Gem.marshal_version}"
-
-    File.open cache_file, "wb" do |io|
-      # Setup invalid data in the cache:
-      io.write Marshal.dump(latest_specs)[0, 10]
-    end
-
-    fixed_specs = @source.load_specs :latest
-
-    assert_equal latest_specs, fixed_specs
-  end
-
-  def test_load_specs_from_unavailable_uri
-    src = Gem::Source.new("http://not-there.nothing")
-
-    assert_raise Gem::RemoteFetcher::FetchError do
-      src.load_specs :latest
-    end
-  end
-
-  def test_spaceship
-    remote    = @source
-    specific  = Gem::Source::SpecificFile.new @specs["a-1"].cache_file
-    installed = Gem::Source::Installed.new
-    local     = Gem::Source::Local.new
-
-    assert_equal(0, remote.<=>(remote), "remote <=> remote")
-
-    assert_equal(-1, remote.<=>(specific), "remote <=> specific")
-    assert_equal(1, specific.<=>(remote), "specific <=> remote")
-
-    assert_equal(-1, remote.<=>(local), "remote <=> local")
-    assert_equal(1, local.<=>(remote), "local <=> remote")
-
-    assert_equal(-1, remote.<=>(installed), "remote <=> installed")
-    assert_equal(1, installed.<=>(remote), "installed <=> remote")
-
-    no_uri = @source.dup
-    no_uri.instance_variable_set :@uri, nil
-
-    assert_equal(-1, remote.<=>(no_uri), "remote <=> no_uri")
-  end
-
-  def test_spaceship_order_is_preserved_when_uri_differs
-    sourceA = Gem::Source.new "http://example.com/a"
-    sourceB = Gem::Source.new "http://example.com/b"
-
-    assert_equal(0, sourceA.<=>(sourceA), "sourceA <=> sourceA")
-    assert_equal(1, sourceA.<=>(sourceB), "sourceA <=> sourceB")
-    assert_equal(1, sourceB.<=>(sourceA), "sourceB <=> sourceA")
-  end
-
-  def test_update_cache_eh
-    assert @source.update_cache?
-  end
-
-  def test_update_cache_eh_home_nonexistent
-    FileUtils.rmdir Gem.user_home
-
-    refute @source.update_cache?
-  end
-
-  def test_typo_squatting
-    rubygems_source = Gem::Source.new("https://rubgems.org")
-    assert rubygems_source.typo_squatting?("rubygems.org")
-    assert rubygems_source.typo_squatting?("rubyagems.org")
-    assert rubygems_source.typo_squatting?("rubyasgems.org")
-    refute rubygems_source.typo_squatting?("rubysertgems.org")
-  end
-
-  def test_typo_squatting_false_positive
-    rubygems_source = Gem::Source.new("https://rubygems.org")
-    refute rubygems_source.typo_squatting?("rubygems.org")
-  end
-
-  def test_typo_squatting_custom_distance_threshold
-    rubygems_source = Gem::Source.new("https://rubgems.org")
-    distance_threshold = 5
-    assert rubygems_source.typo_squatting?("rubysertgems.org", distance_threshold)
-  end
-end