diff options
author | Bundlerbot <bot@bundler.io> | 2019-11-07 09:12:08 +0000 |
---|---|---|
committer | David RodrÃguez <deivid.rodriguez@riseup.net> | 2019-11-07 16:41:45 +0100 |
commit | b30656929da791c58afcdc50cfde24cff3b1ebee (patch) | |
tree | b3f5e1f2424be40543f9260aa60e1d23d4afc475 | |
parent | 4ae6dd3dd086485e8829709125cf8b7d934c2568 (diff) | |
download | bundler-b30656929da791c58afcdc50cfde24cff3b1ebee.tar.gz |
Merge #7416
7416: Don't use insecure temporary directory as home directory r=deivid-rodriguez a=fatkodima
Closes #6501
Co-authored-by: fatkodima <fatkodima123@gmail.com>
(cherry picked from commit ac758c84847a9850ae18226bfd5291e73e637ca3)
-rw-r--r-- | lib/bundler.rb | 29 | ||||
-rw-r--r-- | spec/bundler/bundler_spec.rb | 38 | ||||
-rw-r--r-- | spec/bundler/settings_spec.rb | 2 |
3 files changed, 22 insertions, 47 deletions
diff --git a/lib/bundler.rb b/lib/bundler.rb index 809771a168..3b494a6cdf 100644 --- a/lib/bundler.rb +++ b/lib/bundler.rb @@ -231,8 +231,7 @@ module Bundler end if warning - Kernel.send(:require, "etc") - user_home = tmp_home_path(Etc.getlogin, warning) + user_home = tmp_home_path(warning) Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n" user_home else @@ -241,21 +240,6 @@ module Bundler end end - def tmp_home_path(login, warning) - login ||= "unknown" - Kernel.send(:require, "tmpdir") - path = Pathname.new(Dir.tmpdir).join("bundler", "home") - SharedHelpers.filesystem_access(path) do |tmp_home_path| - unless tmp_home_path.exist? - tmp_home_path.mkpath - tmp_home_path.chmod(0o777) - end - tmp_home_path.join(login).tap(&:mkpath) - end - rescue RuntimeError => e - raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}") - end - def user_bundle_path(dir = "home") env_var, fallback = case dir when "home" @@ -676,6 +660,17 @@ EOF Bundler.rubygems.clear_paths end + def tmp_home_path(warning) + Kernel.send(:require, "tmpdir") + SharedHelpers.filesystem_access(Dir.tmpdir) do + path = Bundler.tmp + at_exit { Bundler.rm_rf(path) } + path + end + rescue RuntimeError => e + raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}") + end + # @param env [Hash] def with_env(env) backup = ENV.to_hash diff --git a/spec/bundler/bundler_spec.rb b/spec/bundler/bundler_spec.rb index 74cf7ae05d..247838600b 100644 --- a/spec/bundler/bundler_spec.rb +++ b/spec/bundler/bundler_spec.rb @@ -232,16 +232,13 @@ EOF path = "/home/oggy" allow(Bundler.rubygems).to receive(:user_home).and_return(path) allow(File).to receive(:directory?).with(path).and_return false - allow(Etc).to receive(:getlogin).and_return("USER") - allow(Dir).to receive(:tmpdir).and_return("/TMP") - allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true) - expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER") + allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom")) message = <<EOF `/home/oggy` is not a directory. -Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily. +Bundler will use `/tmp/trulyrandom' as your home directory temporarily. EOF expect(Bundler.ui).to receive(:warn).with(message) - expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER")) + expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom")) end end @@ -254,16 +251,13 @@ EOF allow(File).to receive(:directory?).with(path).and_return true allow(File).to receive(:writable?).with(path).and_return false allow(File).to receive(:directory?).with(dotbundle).and_return false - allow(Etc).to receive(:getlogin).and_return("USER") - allow(Dir).to receive(:tmpdir).and_return("/TMP") - allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true) - expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER") + allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom")) message = <<EOF `/home/oggy` is not writable. -Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily. +Bundler will use `/tmp/trulyrandom' as your home directory temporarily. EOF expect(Bundler.ui).to receive(:warn).with(message) - expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER")) + expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom")) end context ".bundle exists and have correct permissions" do @@ -282,31 +276,17 @@ EOF context "home directory is not set" do it "should issue warning and return a temporary user home" do allow(Bundler.rubygems).to receive(:user_home).and_return(nil) - allow(Etc).to receive(:getlogin).and_return("USER") - allow(Dir).to receive(:tmpdir).and_return("/TMP") - allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true) - expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER") + allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom")) message = <<EOF Your home directory is not set. -Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily. +Bundler will use `/tmp/trulyrandom' as your home directory temporarily. EOF expect(Bundler.ui).to receive(:warn).with(message) - expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER")) + expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom")) end end end - describe "#tmp_home_path" do - it "should create temporary user home" do - allow(Dir).to receive(:tmpdir).and_return("/TMP") - allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(false) - expect(FileUtils).to receive(:mkpath).once.ordered.with("/TMP/bundler/home") - expect(FileUtils).to receive(:mkpath).once.ordered.with("/TMP/bundler/home/USER") - expect(File).to receive(:chmod).with(0o777, "/TMP/bundler/home") - expect(Bundler.tmp_home_path("USER", "")).to eq(Pathname("/TMP/bundler/home/USER")) - end - end - describe "#requires_sudo?" do let!(:tmpdir) { Dir.mktmpdir } let(:bundle_path) { Pathname("#{tmpdir}/bundle") } diff --git a/spec/bundler/settings_spec.rb b/spec/bundler/settings_spec.rb index 7e1dadded7..2a285fdcf3 100644 --- a/spec/bundler/settings_spec.rb +++ b/spec/bundler/settings_spec.rb @@ -67,7 +67,7 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow context "when $TMPDIR is not writable" do it "does not raise" do expect(Bundler.rubygems).to receive(:user_home).twice.and_return(nil) - expect(FileUtils).to receive(:mkpath).twice.with(File.join(Dir.tmpdir, "bundler", "home")).and_raise(Errno::EROFS, "Read-only file system @ dir_s_mkdir - /tmp/bundler") + expect(Bundler).to receive(:tmp).twice.and_raise(Errno::EROFS, "Read-only file system @ dir_s_mkdir - /tmp/bundler") expect(subject.send(:global_config_file)).to be_nil end |