ruby-changes:68356
From: David <ko1@a...>
Date: Sun, 10 Oct 2021 23:12:25 +0900 (JST)
Subject: [ruby-changes:68356] 48e4dea4cd (master): [ruby/rubygems] Refactor symlink attack specs
https://git.ruby-lang.org/ruby.git/commit/?id=48e4dea4cd From 48e4dea4cdeeb6e1ba79287399b0b0288df2d720 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= <deivid.rodriguez@r...> Date: Thu, 30 Sep 2021 15:06:22 +0200 Subject: [ruby/rubygems] Refactor symlink attack specs https://github.com/rubygems/rubygems/commit/9180b390aa --- test/rubygems/test_gem_package.rb | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb index 3fa2c1911c..4e588d02e4 100644 --- a/test/rubygems/test_gem_package.rb +++ b/test/rubygems/test_gem_package.rb @@ -574,18 +574,16 @@ class TestGemPackage < Gem::Package::TarTestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_package.rb#L574 destination_subdir = File.join @destination, 'subdir' FileUtils.mkdir_p destination_subdir - e = assert_raise(Gem::Package::PathError, Errno::EACCES) do + expected_exceptions = win_platform? ? [Gem::Package::PathError, Errno::EACCES] : [Gem::Package::PathError] + + e = assert_raise(*expected_exceptions) do package.extract_tar_gz tgz_io, destination_subdir end - if Gem::Package::PathError === e - assert_equal("installing into parent path lib/link/outside.txt of " + - "#{destination_subdir} is not allowed", e.message) - elsif win_platform? - pend "symlink - must be admin with no UAC on Windows" - else - raise e - end + pend "symlink - must be admin with no UAC on Windows" if Errno::EACCES === e + + assert_equal("installing into parent path lib/link/outside.txt of " + + "#{destination_subdir} is not allowed", e.message) end def test_extract_symlink_parent_doesnt_delete_user_dir @@ -608,20 +606,18 @@ class TestGemPackage < Gem::Package::TarTestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_package.rb#L606 tar.add_symlink 'link/dir', '.', 16877 end - e = assert_raise(Gem::Package::PathError, Errno::EACCES) do + expected_exceptions = win_platform? ? [Gem::Package::PathError, Errno::EACCES] : [Gem::Package::PathError] + + e = assert_raise(*expected_exceptions) do package.extract_tar_gz tgz_io, destination_subdir end - assert_path_exist destination_user_subdir + pend "symlink - must be admin with no UAC on Windows" if Errno::EACCES === e - if Gem::Package::PathError === e - assert_equal("installing into parent path #{destination_user_subdir} of " + - "#{destination_subdir} is not allowed", e.message) - elsif win_platform? - pend "symlink - must be admin with no UAC on Windows" - else - raise e - end + assert_equal("installing into parent path #{destination_user_subdir} of " + + "#{destination_subdir} is not allowed", e.message) + + assert_path_exist destination_user_subdir end def test_extract_tar_gz_directory -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/