diff options
author | Takuya Noguchi <takninnovationresearch@gmail.com> | 2022-07-17 08:08:51 +0000 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2022-07-22 12:07:23 +0900 |
commit | d7ffd3fea402239b16833cc434404a7af82d44f3 (patch) | |
tree | 9794942135111c36e6b6bce69e070ca556b89028 /lib/rubygems/security | |
parent | 388c4e1076ac5a58d5008abc8e0a8d017698875a (diff) |
RubyGems: Enable Style/StringLiterals cop
Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
Diffstat (limited to 'lib/rubygems/security')
-rw-r--r-- | lib/rubygems/security/policies.rb | 22 | ||||
-rw-r--r-- | lib/rubygems/security/policy.rb | 24 | ||||
-rw-r--r-- | lib/rubygems/security/signer.rb | 8 | ||||
-rw-r--r-- | lib/rubygems/security/trust_dir.rb | 6 |
4 files changed, 30 insertions, 30 deletions
diff --git a/lib/rubygems/security/policies.rb b/lib/rubygems/security/policies.rb index 8f6ad99316..b3f9070394 100644 --- a/lib/rubygems/security/policies.rb +++ b/lib/rubygems/security/policies.rb @@ -5,7 +5,7 @@ module Gem::Security # No security policy: all package signature checks are disabled. NoSecurity = Policy.new( - 'No Security', + "No Security", :verify_data => false, :verify_signer => false, :verify_chain => false, @@ -23,7 +23,7 @@ module Gem::Security # easily spoofed, and is not recommended. AlmostNoSecurity = Policy.new( - 'Almost No Security', + "Almost No Security", :verify_data => true, :verify_signer => false, :verify_chain => false, @@ -40,7 +40,7 @@ module Gem::Security # is not recommended. LowSecurity = Policy.new( - 'Low Security', + "Low Security", :verify_data => true, :verify_signer => true, :verify_chain => false, @@ -59,7 +59,7 @@ module Gem::Security # gem off as unsigned. MediumSecurity = Policy.new( - 'Medium Security', + "Medium Security", :verify_data => true, :verify_signer => true, :verify_chain => true, @@ -78,7 +78,7 @@ module Gem::Security # a reasonable guarantee that the contents of the gem have not been altered. HighSecurity = Policy.new( - 'High Security', + "High Security", :verify_data => true, :verify_signer => true, :verify_chain => true, @@ -91,7 +91,7 @@ module Gem::Security # Policy used to verify a certificate and key when signing a gem SigningPolicy = Policy.new( - 'Signing Policy', + "Signing Policy", :verify_data => false, :verify_signer => true, :verify_chain => true, @@ -104,11 +104,11 @@ module Gem::Security # Hash of configured security policies Policies = { - 'NoSecurity' => NoSecurity, - 'AlmostNoSecurity' => AlmostNoSecurity, - 'LowSecurity' => LowSecurity, - 'MediumSecurity' => MediumSecurity, - 'HighSecurity' => HighSecurity, + "NoSecurity" => NoSecurity, + "AlmostNoSecurity" => AlmostNoSecurity, + "LowSecurity" => LowSecurity, + "MediumSecurity" => MediumSecurity, + "HighSecurity" => HighSecurity, # SigningPolicy is not intended for use by `gem -P` so do not list it }.freeze diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index 06eae073f4..43588fd7f1 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true -require_relative '../user_interaction' +require_relative "../user_interaction" ## # A Gem::Security::Policy object encapsulates the settings for verifying @@ -53,8 +53,8 @@ class Gem::Security::Policy # and is valid for the given +time+. def check_chain(chain, time) - raise Gem::Security::Exception, 'missing signing chain' unless chain - raise Gem::Security::Exception, 'empty signing chain' if chain.empty? + raise Gem::Security::Exception, "missing signing chain" unless chain + raise Gem::Security::Exception, "empty signing chain" if chain.empty? begin chain.each_cons 2 do |issuer, cert| @@ -83,7 +83,7 @@ class Gem::Security::Policy # If the +issuer+ is +nil+ no verification is performed. def check_cert(signer, issuer, time) - raise Gem::Security::Exception, 'missing signing certificate' unless + raise Gem::Security::Exception, "missing signing certificate" unless signer message = "certificate #{signer.subject}" @@ -112,7 +112,7 @@ class Gem::Security::Policy unless signer and key return true unless @only_signed - raise Gem::Security::Exception, 'missing key or signature' + raise Gem::Security::Exception, "missing key or signature" end raise Gem::Security::Exception, @@ -127,11 +127,11 @@ class Gem::Security::Policy # +time+. def check_root(chain, time) - raise Gem::Security::Exception, 'missing signing chain' unless chain + raise Gem::Security::Exception, "missing signing chain" unless chain root = chain.first - raise Gem::Security::Exception, 'missing root certificate' unless root + raise Gem::Security::Exception, "missing root certificate" unless root raise Gem::Security::Exception, "root certificate #{root.subject} is not self-signed " + @@ -146,11 +146,11 @@ class Gem::Security::Policy # the digests of the two certificates match according to +digester+ def check_trust(chain, digester, trust_dir) - raise Gem::Security::Exception, 'missing signing chain' unless chain + raise Gem::Security::Exception, "missing signing chain" unless chain root = chain.first - raise Gem::Security::Exception, 'missing root certificate' unless root + raise Gem::Security::Exception, "missing root certificate" unless root path = Gem::Security.trust_dir.cert_path root @@ -182,7 +182,7 @@ class Gem::Security::Policy def subject(certificate) # :nodoc: certificate.extensions.each do |extension| - next unless extension.oid == 'subjectAltName' + next unless extension.oid == "subjectAltName" return extension.value end @@ -206,7 +206,7 @@ class Gem::Security::Policy # If +key+ is given it is used to validate the signing certificate. def verify(chain, key = nil, digests = {}, signatures = {}, - full_name = '(unknown)') + full_name = "(unknown)") if signatures.empty? if @only_signed raise Gem::Security::Exception, @@ -230,7 +230,7 @@ class Gem::Security::Policy end if @verify_data - raise Gem::Security::Exception, 'no digests provided (probable bug)' if + raise Gem::Security::Exception, "no digests provided (probable bug)" if signer_digests.nil? or signer_digests.empty? else signer_digests = {} diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb index 968cf88973..b1308c4e42 100644 --- a/lib/rubygems/security/signer.rb +++ b/lib/rubygems/security/signer.rb @@ -42,7 +42,7 @@ class Gem::Security::Signer def self.re_sign_cert(expired_cert, expired_cert_path, private_key) return unless expired_cert.not_after < Time.now - expiry = expired_cert.not_after.strftime('%Y%m%d%H%M%S') + expiry = expired_cert.not_after.strftime("%Y%m%d%H%M%S") expired_cert_file = "#{File.basename(expired_cert_path)}.expired.#{expiry}" new_expired_cert_path = File.join(Gem.user_home, ".gem", expired_cert_file) @@ -105,7 +105,7 @@ class Gem::Security::Signer # this value is preferred, otherwise the subject is used. def extract_name(cert) # :nodoc: - subject_alt_name = cert.extensions.find {|e| 'subjectAltName' == e.oid } + subject_alt_name = cert.extensions.find {|e| "subjectAltName" == e.oid } if subject_alt_name /\Aemail:/ =~ subject_alt_name.value # rubocop:disable Performance/StartWith @@ -139,7 +139,7 @@ class Gem::Security::Signer def sign(data) return unless @key - raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty? + raise Gem::Security::Exception, "no certs provided" if @cert_chain.empty? if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now alert("Your certificate has expired, trying to re-sign it...") @@ -182,7 +182,7 @@ class Gem::Security::Signer return unless disk_key if disk_key.to_pem == @key.to_pem && disk_cert == old_cert.to_pem - expiry = old_cert.not_after.strftime('%Y%m%d%H%M%S') + expiry = old_cert.not_after.strftime("%Y%m%d%H%M%S") old_cert_file = "gem-public_cert.pem.expired.#{expiry}" old_cert_path = File.join(Gem.user_home, ".gem", old_cert_file) diff --git a/lib/rubygems/security/trust_dir.rb b/lib/rubygems/security/trust_dir.rb index 456947274c..a6882c66e7 100644 --- a/lib/rubygems/security/trust_dir.rb +++ b/lib/rubygems/security/trust_dir.rb @@ -41,7 +41,7 @@ class Gem::Security::TrustDir def each_certificate return enum_for __method__ unless block_given? - glob = File.join @dir, '*.pem' + glob = File.join @dir, "*.pem" Dir[glob].each do |certificate_file| begin @@ -92,7 +92,7 @@ class Gem::Security::TrustDir destination = cert_path certificate - File.open destination, 'wb', 0600 do |io| + File.open destination, "wb", 0600 do |io| io.write certificate.to_pem io.chmod(@permissions[:trusted_cert]) end @@ -104,7 +104,7 @@ class Gem::Security::TrustDir # permissions. def verify - require 'fileutils' + require "fileutils" if File.exist? @dir raise Gem::Security::Exception, "trust directory #{@dir} is not a directory" unless |