diff options
author | Andre Arko <andre@arko.net> | 2015-05-05 13:47:57 -0700 |
---|---|---|
committer | Samuel E. Giddins <segiddins@segiddins.me> | 2015-07-16 08:26:37 -0700 |
commit | 7a9d981baf88c3578f6afcb2a391641d5b5f3d8b (patch) | |
tree | f1e983df41f08f56d5d588c661d3f36ac1a5cd42 | |
parent | 69bc4eef93142b68703de4fca07d864a74e1a959 (diff) | |
download | bundler-7a9d981baf88c3578f6afcb2a391641d5b5f3d8b.tar.gz |
add config git.allow_insecure and tests for #3453
-rw-r--r-- | lib/bundler/source_list.rb | 18 | ||||
-rw-r--r-- | spec/bundler/source_list_spec.rb | 25 |
2 files changed, 37 insertions, 6 deletions
diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb index 31f92d410c..ba2778c1f4 100644 --- a/lib/bundler/source_list.rb +++ b/lib/bundler/source_list.rb @@ -15,11 +15,8 @@ module Bundler end def add_git_source(options = {}) - source = add_source_to_list Source::Git.new(options), git_sources - if source.uri =~ %r{^git:} - Bundler.ui.warn "The git source `#{source.uri}` uses the `git` protocol, " \ - "please consider changing it to `https`, which is more secure." - end + source = add_source_to_list(Source::Git.new(options), git_sources) + warn_on_git_protocol(source) source end @@ -102,5 +99,16 @@ module Bundler def combine_rubygems_sources Source::Rubygems.new("remotes" => rubygems_remotes) end + + def warn_on_git_protocol(source) + return if Bundler.settings["git.allow_insecure"] + + if source.uri =~ %r{^git\:} + Bundler.ui.warn "The git source `#{source.uri}` uses the `git` protocol, " \ + "which transmits data without encryption. Disable this warning with " \ + "`bundle config git.allow_insecure true`, or switch to the `https` " \ + "protocol to keep your data secure." + end + end end end diff --git a/spec/bundler/source_list_spec.rb b/spec/bundler/source_list_spec.rb index 3beac46f41..9fe9a13382 100644 --- a/spec/bundler/source_list_spec.rb +++ b/spec/bundler/source_list_spec.rb @@ -2,7 +2,7 @@ require "spec_helper" describe Bundler::SourceList do before do - allow(Bundler).to receive(:root) { Pathname.new "/" } + allow(Bundler).to receive(:root) { Pathname.new "./tmp/bundled_app" } end subject(:source_list) { Bundler::SourceList.new } @@ -50,16 +50,39 @@ describe Bundler::SourceList do end it "passes the provided options to the new source" do + @new_source = source_list.add_git_source("uri" => "git://host/path.git") expect(@new_source.options).to eq("uri" => "git://host/path.git") end it "adds the source to the beginning of git_sources" do + @new_source = source_list.add_git_source("uri" => "git://host/path.git") expect(source_list.git_sources.first).to equal(@new_source) end it "removes existing duplicates" do + @duplicate = source_list.add_git_source("uri" => "git://host/path.git") + @new_source = source_list.add_git_source("uri" => "git://host/path.git") expect(source_list.git_sources).not_to include equal(@duplicate) end + + context "with the git: protocol" do + let(:msg) { "The git source `git://existing-git.org/path.git` " \ + "uses the `git` protocol, which transmits data without encryption. " \ + "Disable this warning with `bundle config git.allow_insecure true`, " \ + "or switch to the `https` protocol to keep your data secure." + } + + it "warns about git protocols" do + expect(Bundler.ui).to receive(:warn).with(msg) + source_list.add_git_source("uri" => "git://existing-git.org/path.git") + end + + it "ignores git protocols on request" do + Bundler.settings["git.allow_insecure"] = true + expect(Bundler.ui).to_not receive(:warn).with(msg) + source_list.add_git_source("uri" => "git://existing-git.org/path.git") + end + end end describe "#add_rubygems_source" do |