diff options
author | Josef Šimánek <josef.simanek@gmail.com> | 2022-12-17 08:47:52 +0100 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2022-12-20 13:15:02 +0900 |
commit | f270aa3eda535f3eb3f77912cf4a7a80f240b89e (patch) | |
tree | 2bc0ad2c9f96a8820d19aaf9421f988ef951d24c /spec | |
parent | efd103f3e58fcf3aeb6c4a0d3dd9233448698231 (diff) |
[rubygems/rubygems] Use safe Marshal deserialization for dependency API response. - adds Bundler#safe_load_marshal and Bundler::SAFE_MARSHAL_CLASSES listing safe classes to deserialize
https://github.com/rubygems/rubygems/commit/e947c608cc
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/6966
Diffstat (limited to 'spec')
-rw-r--r-- | spec/bundler/bundler/bundler_spec.rb | 20 | ||||
-rw-r--r-- | spec/bundler/bundler/fetcher/dependency_spec.rb | 2 |
2 files changed, 21 insertions, 1 deletions
diff --git a/spec/bundler/bundler/bundler_spec.rb b/spec/bundler/bundler/bundler_spec.rb index 764c55a91f..5894b4aa12 100644 --- a/spec/bundler/bundler/bundler_spec.rb +++ b/spec/bundler/bundler/bundler_spec.rb @@ -4,6 +4,26 @@ require "bundler" require "tmpdir" RSpec.describe Bundler do + describe "#load_marshal" do + it "loads any data" do + data = Marshal.dump(Bundler) + expect(Bundler.load_marshal(data)).to eq(Bundler) + end + end + + describe "#safe_load_marshal" do + it "fails on unexpected class" do + data = Marshal.dump(Bundler) + expect { Bundler.safe_load_marshal(data) }.to raise_error(Bundler::MarshalError) + end + + it "loads simple structure" do + simple_structure = { "name" => [:abc] } + data = Marshal.dump(simple_structure) + expect(Bundler.safe_load_marshal(data)).to eq(simple_structure) + end + end + describe "#load_gemspec_uncached" do let(:app_gemspec_path) { tmp("test.gemspec") } subject { Bundler.load_gemspec_uncached(app_gemspec_path) } diff --git a/spec/bundler/bundler/fetcher/dependency_spec.rb b/spec/bundler/bundler/fetcher/dependency_spec.rb index 53249116cd..7cfc86ef76 100644 --- a/spec/bundler/bundler/fetcher/dependency_spec.rb +++ b/spec/bundler/bundler/fetcher/dependency_spec.rb @@ -222,7 +222,7 @@ RSpec.describe Bundler::Fetcher::Dependency do it "should fetch dependencies from RubyGems and unmarshal them" do expect(gem_names).to receive(:each_slice).with(rubygems_limit).and_call_original expect(downloader).to receive(:fetch).with(dep_api_uri).and_return(fetch_response) - expect(Bundler).to receive(:load_marshal).with(fetch_response.body).and_return([unmarshalled_gems]) + expect(Bundler).to receive(:safe_load_marshal).with(fetch_response.body).and_return([unmarshalled_gems]) expect(subject.unmarshalled_dep_gems(gem_names)).to eq([unmarshalled_gems]) end end |