lib/rubygems: fix several vulnerabilities in RubyGems; bump to version 2.6.13.

[Backport #13842] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59814 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-09-10 05:23:13 +0000
committer: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-09-10 05:23:13 +0000
commit: 8ae151e7ab6f85185416b53528347f0cca55a10e (patch)
tree: c0e8a6247b8ed1b3d80f0b98229a78cbcc8363d1 /test/rubygems/test_gem_installer.rb
parent: fd41a38470e1ba2ee1857eae08fe909ef34b9b2d (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb
index 882981d344..dd049214fb 100644
--- a/test/rubygems/test_gem_installer.rb
+++ b/test/rubygems/test_gem_installer.rb
@@ -1448,6 +1448,26 @@ gem 'other', version
     end
   end
 
+  def test_pre_install_checks_malicious_name
+    spec = util_spec '../malicious', '1'
+    def spec.full_name # so the spec is buildable
+      "malicious-1"
+    end
+    def spec.validate; end
+
+    util_build_gem spec
+
+    gem = File.join(@gemhome, 'cache', spec.file_name)
+
+    use_ui @ui do
+      @installer = Gem::Installer.at gem
+      e = assert_raises Gem::InstallError do
+        @installer.pre_install_checks
+      end
+      assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message
+    end
+  end
+
   def test_shebang
     util_make_exec @spec, "#!/usr/bin/ruby"
author	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-09-10 05:23:13 +0000
committer	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-09-10 05:23:13 +0000
commit	8ae151e7ab6f85185416b53528347f0cca55a10e (patch)
tree	c0e8a6247b8ed1b3d80f0b98229a78cbcc8363d1 /test/rubygems/test_gem_installer.rb
parent	fd41a38470e1ba2ee1857eae08fe909ef34b9b2d (diff)