ruby-changes:69976
From: ooooooo-q <ko1@a...>
Date: Tue, 30 Nov 2021 01:29:47 +0900 (JST)
Subject: [ruby-changes:69976] af59d35570 (master): [rubygems/rubygems] Fix escape of filenames in `bundle doctor`
https://git.ruby-lang.org/ruby.git/commit/?id=af59d35570 From af59d35570d398bd590bebd11602bcb039454c0d Mon Sep 17 00:00:00 2001 From: ooooooo-q <ooooooo-q@u...> Date: Sat, 27 Nov 2021 15:17:48 +0900 Subject: [rubygems/rubygems] Fix escape of filenames in `bundle doctor` https://github.com/rubygems/rubygems/commit/3ede1435ea --- lib/bundler/cli/doctor.rb | 5 +++-- spec/bundler/commands/doctor_spec.rb | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/bundler/cli/doctor.rb b/lib/bundler/cli/doctor.rb index c28997bc7dd..43f1ca92e2d 100644 --- a/lib/bundler/cli/doctor.rb +++ b/lib/bundler/cli/doctor.rb @@ -1,6 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/lib/bundler/cli/doctor.rb#L1 # frozen_string_literal: true require "rbconfig" +require "shellwords" module Bundler class CLI::Doctor @@ -22,14 +23,14 @@ module Bundler https://github.com/ruby/ruby/blob/trunk/lib/bundler/cli/doctor.rb#L23 end def dylibs_darwin(path) - output = `/usr/bin/otool -L "#{path}"`.chomp + output = `/usr/bin/otool -L #{path.shellescape}`.chomp dylibs = output.split("\n")[1..-1].map {|l| l.match(DARWIN_REGEX).captures[0] }.uniq # ignore @rpath and friends dylibs.reject {|dylib| dylib.start_with? "@" } end def dylibs_ldd(path) - output = `/usr/bin/ldd "#{path}"`.chomp + output = `/usr/bin/ldd #{path.shellescape}`.chomp output.split("\n").map do |l| match = l.match(LDD_REGEX) next if match.nil? diff --git a/spec/bundler/commands/doctor_spec.rb b/spec/bundler/commands/doctor_spec.rb index d62d83cc51c..860b638f06e 100644 --- a/spec/bundler/commands/doctor_spec.rb +++ b/spec/bundler/commands/doctor_spec.rb @@ -133,4 +133,14 @@ RSpec.describe "bundle doctor" do https://github.com/ruby/ruby/blob/trunk/spec/bundler/commands/doctor_spec.rb#L133 end end end + + context "when home contains filesname with special characters" do + it "escape filename before command execute" do + doctor = Bundler::CLI::Doctor.new({}) + expect(doctor).to receive(:`).with("/usr/bin/otool -L \\$\\(date\\)\\ \\\"\\'\\\\.bundle").and_return("dummy string") + doctor.dylibs_darwin('$(date) "\'\.bundle') + expect(doctor).to receive(:`).with("/usr/bin/ldd \\$\\(date\\)\\ \\\"\\'\\\\.bundle").and_return("dummy string") + doctor.dylibs_ldd('$(date) "\'\.bundle') + end + end end -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/