archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-18 10:03:59 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

* lib/rubygems/package/old.rb: Disallow installation of old-format

Browse source 
gems when a security policy is active.
	* test/rubygems/test_gem_package_old.rb:  Test for above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39142 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
drbrain 2013-02-07 22:48:35 +00:00
parent 45bcf5d46f
commit a75922010f
3 changed files with 68 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
lib/rubygems/package/old.rb
View file

@ -32,6 +32,8 @@ class Gem::Package::Old < Gem::Package
# A list of file names contained in this gem
def contents
verify
return @contents if @contents
open @gem, 'rb' do |io|
@ -46,6 +48,8 @@ class Gem::Package::Old < Gem::Package
# Extracts the files in this package into +destination_dir+
def extract_files destination_dir
verify
errstr = "Error reading files from gem"
open @gem, 'rb' do |io|
@ -125,6 +129,8 @@ class Gem::Package::Old < Gem::Package
# The specification for this gem
def spec
verify
return @spec if @spec
yaml = ''
@ -143,5 +149,19 @@ class Gem::Package::Old < Gem::Package
raise Gem::Exception, "Failed to parse gem specification out of gem file"
end
##
# Raises an exception if a security policy that verifies data is active.
# Old format gems cannot be verified as signed.
def verify
return true unless @security_policy
raise Gem::Security::Exception,
'old format gems do not contain signatures and cannot be verified' if
@security_policy.verify_data
true
end
end