File tree Expand file tree Collapse file tree 4 files changed +25
-0
lines changed
Expand file tree Collapse file tree 4 files changed +25
-0
lines changed Original file line number Diff line number Diff line change @@ -538,6 +538,7 @@ test/rubygems/invalidchild_cert.pem
538538test/rubygems/invalidchild_cert_32.pem
539539test/rubygems/invalidchild_key.pem
540540test/rubygems/packages/ascii_binder-0.1.10.1.gem
541+ test/rubygems/packages/ill-formatted-platform-1.0.0.10.gem
541542test/rubygems/plugin/exception/rubygems_plugin.rb
542543test/rubygems/plugin/load/rubygems_plugin.rb
543544test/rubygems/plugin/standarderror/rubygems_plugin.rb
Original file line number Diff line number Diff line change @@ -728,6 +728,10 @@ def verify_spec
728728 raise Gem ::InstallError , "#{ spec }
729729 end
730730
731+ if spec . platform . to_s =~ /\R /
732+ raise Gem ::InstallError , "#{ spec . platform }
733+ end
734+
731735 unless spec . specification_version . to_s =~ /\A \d +\z /
732736 raise Gem ::InstallError , "#{ spec }
733737 end
Original file line number Diff line number Diff line change @@ -1776,6 +1776,26 @@ def spec.validate(*args); end
17761776 end
17771777 end
17781778
1779+ def test_pre_install_checks_malicious_platform_before_eval
1780+ gem_with_ill_formated_platform = File . expand_path ( "packages/ill-formatted-platform-1.0.0.10.gem" , __dir__ )
1781+
1782+ installer = Gem ::Installer . at (
1783+ gem_with_ill_formated_platform ,
1784+ :install_dir => @gem_home ,
1785+ :user_install => false ,
1786+ :force => true
1787+ )
1788+
1789+ use_ui @ui do
1790+ e = assert_raise Gem ::InstallError do
1791+ installer . pre_install_checks
1792+ end
1793+
1794+ assert_equal "x86-mswin32\n system('id > /tmp/nyangawa')# is an invalid platform" , e . message
1795+ assert_empty @ui . output
1796+ end
1797+ end
1798+
17791799 def test_shebang
17801800 installer = setup_base_installer
17811801
You can’t perform that action at this time.
0 commit comments