diff options
| author | David RodrÃguez <deivid.rodriguez@riseup.net> | 2021-11-13 11:18:54 +0100 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2021-12-07 23:27:59 +0900 |
| commit | 26303c31f0939d093f88f609c846590ad538114f (patch) | |
| tree | 2ce7b69f77509de139069f7a349a1fa53a32ccd4 /lib/bundler/source/git | |
| parent | bb3f17bd98a652f28b7cccadf08213840e267ad1 (diff) | |
| download | ruby-26303c31f0939d093f88f609c846590ad538114f.tar.gz | |
[rubygems/rubygems] Pass "--" to git commands to separate positional and optional args
To make sure git uri's specified in Gemfile are never misinterpreted as
optional arguments, potentially allowing for local code execution.
https://github.com/rubygems/rubygems/commit/90b1ed8b9f
Diffstat (limited to 'lib/bundler/source/git')
| -rw-r--r-- | lib/bundler/source/git/git_proxy.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/bundler/source/git/git_proxy.rb b/lib/bundler/source/git/git_proxy.rb index e37ff8724a..745a7fe118 100644 --- a/lib/bundler/source/git/git_proxy.rb +++ b/lib/bundler/source/git/git_proxy.rb @@ -95,12 +95,12 @@ module Bundler SharedHelpers.filesystem_access(path.dirname) do |p| FileUtils.mkdir_p(p) end - git_retry "clone", configured_uri, path.to_s, "--bare", "--no-hardlinks", "--quiet" + git_retry "clone", "--bare", "--no-hardlinks", "--quiet", "--", configured_uri, path.to_s return unless extra_ref end with_path do - git_retry(*["fetch", "--force", "--quiet", "--tags", configured_uri, "refs/heads/*:refs/heads/*", extra_ref].compact, :dir => path) + git_retry(*["fetch", "--force", "--quiet", "--tags", "--", configured_uri, "refs/heads/*:refs/heads/*", extra_ref].compact, :dir => path) end end |