[ruby/rubygems] Validate executable names for invalid characters

https://github.com/ruby/rubygems/commit/95dabef672
author: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2026-01-20 18:46:00 +0900
committer: git <svn-admin@ruby-lang.org> 2026-01-23 00:24:03 +0000
commit: 13bb5599a45e15a19cd9e186bfa570fb39d68c73 (patch)
tree: e0c7554cb87e17015ca54ae878dd404069d8f12e /lib
parent: 459222a4e2481ddb579247fb0338b52f13ce6c4c (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/rubygems/specification_policy.rb b/lib/rubygems/specification_policy.rb
index e5008a24db..0fcb635394 100644
--- a/lib/rubygems/specification_policy.rb
+++ b/lib/rubygems/specification_policy.rb
@@ -436,6 +436,7 @@ or set it to nil if you don't want to specify a license.
     warning "deprecated autorequire specified" if @specification.autorequire
 
     @specification.executables.each do |executable|
+      validate_executable(executable)
       validate_shebang_line_in(executable)
     end
 
@@ -449,6 +450,13 @@ or set it to nil if you don't want to specify a license.
     warning("no #{attribute} specified") if value.nil? || value.empty?
   end
 
+  def validate_executable(executable)
+    separators = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR].compact.map {|sep| Regexp.escape(sep) }.join
+    return unless executable.match?(/[\s#{separators}]/)
+
+    error "executable \"#{executable}\" contains invalid characters"
+  end
+
   def validate_shebang_line_in(executable)
     executable_path = File.join(@specification.bindir, executable)
     return if File.read(executable_path, 2) == "#!"
author	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2026-01-20 18:46:00 +0900
committer	git <svn-admin@ruby-lang.org>	2026-01-23 00:24:03 +0000
commit	13bb5599a45e15a19cd9e186bfa570fb39d68c73 (patch)
tree	e0c7554cb87e17015ca54ae878dd404069d8f12e /lib
parent	459222a4e2481ddb579247fb0338b52f13ce6c4c (diff)