* lib/rubygems/package/old.rb: Disallow installation of old-format

	  gems when a security policy is active.
	* test/rubygems/test_gem_package_old.rb:  Test for above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39142 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 68 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 62238fd6a7..4d869bc735 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Fri Feb  8 07:47:56 2013  Eric Hodel  <drbrain@segment7.net>
+
+	* lib/rubygems/package/old.rb:  Disallow installation of old-format
+	  gems when a security policy is active.
+	* test/rubygems/test_gem_package_old.rb:  Test for above.
+
 Fri Feb  8 07:34:00 2013  Zachary Scott  <zachary@zacharyscott.net>
 
 	* lib/net/http.rb (HTTP.post_form): Fix module scope in documentation
diff --git a/lib/rubygems/package/old.rb b/lib/rubygems/package/old.rb
index 552a5f3591..6bf9ea0fe3 100644
--- a/lib/rubygems/package/old.rb
+++ b/lib/rubygems/package/old.rb
@@ -32,6 +32,8 @@ class Gem::Package::Old < Gem::Package
   # A list of file names contained in this gem
 
   def contents
+    verify
+
     return @contents if @contents
 
     open @gem, 'rb' do |io|
@@ -46,6 +48,8 @@ class Gem::Package::Old < Gem::Package
   # Extracts the files in this package into +destination_dir+
 
   def extract_files destination_dir
+    verify
+
     errstr = "Error reading files from gem"
 
     open @gem, 'rb' do |io|
@@ -125,6 +129,8 @@ class Gem::Package::Old < Gem::Package
   # The specification for this gem
 
   def spec
+    verify
+
     return @spec if @spec
 
     yaml = ''
@@ -143,5 +149,19 @@ class Gem::Package::Old < Gem::Package
     raise Gem::Exception, "Failed to parse gem specification out of gem file"
   end
 
+  ##
+  # Raises an exception if a security policy that verifies data is active.
+  # Old format gems cannot be verified as signed.
+
+  def verify
+    return true unless @security_policy
+
+    raise Gem::Security::Exception,
+          'old format gems do not contain signatures and cannot be verified' if
+      @security_policy.verify_data
+
+    true
+  end
+
 end
 
diff --git a/test/rubygems/test_gem_package_old.rb b/test/rubygems/test_gem_package_old.rb
index 20d9837a83..e0884348e5 100644
--- a/test/rubygems/test_gem_package_old.rb
+++ b/test/rubygems/test_gem_package_old.rb
@@ -18,6 +18,14 @@ class TestGemPackageOld < Gem::TestCase
     assert_equal %w[lib/foo.rb lib/test.rb lib/test/wow.rb], @package.contents
   end
 
+  def test_contents_security_policy
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    assert_raises Gem::Security::Exception do
+      @package.contents
+    end
+  end
+
   def test_extract_files
     @package.extract_files @destination
 
@@ -29,9 +37,43 @@ class TestGemPackageOld < Gem::TestCase
     assert_equal mask, File.stat(extracted).mode unless win_platform?
   end
 
+  def test_extract_files_security_policy
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    assert_raises Gem::Security::Exception do
+      @package.extract_files @destination
+    end
+  end
+
   def test_spec
     assert_equal 'testing', @package.spec.name
   end
 
+  def test_spec_security_policy
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    assert_raises Gem::Security::Exception do
+      @package.spec
+    end
+  end
+
+  def test_verify
+    assert @package.verify
+
+    @package.security_policy = Gem::Security::NoSecurity
+
+    assert @package.verify
+
+    @package.security_policy = Gem::Security::AlmostNoSecurity
+
+    e = assert_raises Gem::Security::Exception do
+      @package.verify
+    end
+
+    assert_equal 'old format gems do not contain signatures ' +
+                 'and cannot be verified',
+                 e.message
+  end
+
 end