diff options
author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-05-10 15:02:29 +0900 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2023-05-10 15:02:29 +0900 |
commit | 0ef6e718d9774484cd66cad5447d61ee985d8680 (patch) | |
tree | 2d6045f5e387c75676e436dc206408c68ab68c61 | |
parent | 9ed189e9aa4e1b1852b18ad01def9c738238299b (diff) | |
download | ruby-0ef6e718d9774484cd66cad5447d61ee985d8680.tar.gz |
Merge https://github.com/rubygems/rubygems/pull/6655 manually.
-rw-r--r-- | lib/bundler.rb | 13 | ||||
-rw-r--r-- | lib/bundler/safe_marshal.rb | 31 | ||||
-rw-r--r-- | spec/bundler/bundler/bundler_spec.rb | 42 |
3 files changed, 68 insertions, 18 deletions
diff --git a/lib/bundler.rb b/lib/bundler.rb index 9e6a91c188..69370e81a7 100644 --- a/lib/bundler.rb +++ b/lib/bundler.rb @@ -39,16 +39,6 @@ module Bundler environment_preserver.replace_with_backup SUDO_MUTEX = Thread::Mutex.new - SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash, Gem::Version, Gem::Specification].freeze - SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed." - SAFE_MARSHAL_PROC = proc do |object| - object.tap do - unless SAFE_MARSHAL_CLASSES.include?(object.class) - raise TypeError, format(SAFE_MARSHAL_ERROR, object.class, SAFE_MARSHAL_CLASSES.join(", ")) - end - end - end - autoload :Definition, File.expand_path("bundler/definition", __dir__) autoload :Dependency, File.expand_path("bundler/dependency", __dir__) autoload :Deprecate, File.expand_path("bundler/deprecate", __dir__) @@ -86,6 +76,7 @@ module Bundler autoload :UI, File.expand_path("bundler/ui", __dir__) autoload :URICredentialsFilter, File.expand_path("bundler/uri_credentials_filter", __dir__) autoload :URINormalizer, File.expand_path("bundler/uri_normalizer", __dir__) + autoload :SafeMarshal, File.expand_path("bundler/safe_marshal", __dir__) class << self def configure @@ -523,7 +514,7 @@ EOF end def safe_load_marshal(data) - load_marshal(data, :marshal_proc => SAFE_MARSHAL_PROC) + load_marshal(data, :marshal_proc => SafeMarshal.proc) end def load_gemspec(file, validate = false) diff --git a/lib/bundler/safe_marshal.rb b/lib/bundler/safe_marshal.rb new file mode 100644 index 0000000000..50aa0f60a6 --- /dev/null +++ b/lib/bundler/safe_marshal.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Bundler + module SafeMarshal + ALLOWED_CLASSES = [ + Array, + FalseClass, + Gem::Specification, + Gem::Version, + Hash, + String, + Symbol, + Time, + TrueClass, + ].freeze + + ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed." + + PROC = proc do |object| + object.tap do + unless ALLOWED_CLASSES.include?(object.class) + raise TypeError, format(ERROR, object.class, ALLOWED_CLASSES.join(", ")) + end + end + end + + def self.proc + PROC + end + end +end diff --git a/spec/bundler/bundler/bundler_spec.rb b/spec/bundler/bundler/bundler_spec.rb index cf60971240..54c12dbf3d 100644 --- a/spec/bundler/bundler/bundler_spec.rb +++ b/spec/bundler/bundler/bundler_spec.rb @@ -28,14 +28,42 @@ RSpec.describe Bundler do expect(Bundler.safe_load_marshal(data)).to eq(simple_structure) end - it "loads Gem::Version" do - gem_version = Gem::Version.new("3.7.2") - data = Marshal.dump(gem_version) - expect(Bundler.safe_load_marshal(data)).to eq(gem_version) - end - it "loads Gem::Specification" do - gem_spec = Gem::Specification.new("name", "3.7.2") + gem_spec = Gem::Specification.new do |s| + s.name = "bundler" + s.version = Gem::Version.new("2.4.7") + s.installed_by_version = Gem::Version.new("0") + s.authors = ["André Arko", + "Samuel Giddins", + "Colby Swandale", + "Hiroshi Shibata", + "David Rodríguez", + "Grey Baker", + "Stephanie Morillo", + "Chris Morris", + "James Wen", + "Tim Moore", + "André Medeiros", + "Jessica Lynn Suttles", + "Terence Lee", + "Carl Lerche", + "Yehuda Katz"] + s.date = Time.utc(2023, 2, 15) + s.description = "Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably" + s.email = ["team@bundler.io"] + s.homepage = "https://bundler.io" + s.metadata = { "bug_tracker_uri" => "https://github.com/rubygems/rubygems/issues?q=is%3Aopen+is%3Aissue+label%3ABundler", + "changelog_uri" => "https://github.com/rubygems/rubygems/blob/master/bundler/CHANGELOG.md", + "homepage_uri" => "https://bundler.io/", + "source_code_uri" => "https://github.com/rubygems/rubygems/tree/master/bundler" } + s.require_paths = ["lib"] + s.required_ruby_version = Gem::Requirement.new([">= 2.6.0"]) + s.required_rubygems_version = Gem::Requirement.new([">= 3.0.1"]) + s.rubygems_version = "3.4.7" + s.specification_version = 4 + s.summary = "The best way to manage your application's dependencies" + s.license = false + end data = Marshal.dump(gem_spec) expect(Bundler.safe_load_marshal(data)).to eq(gem_spec) end |