diff options
| -rw-r--r-- | lib/bundler/cli/doctor.rb | 5 | ||||
| -rw-r--r-- | spec/bundler/commands/doctor_spec.rb | 10 |
2 files changed, 13 insertions, 2 deletions
diff --git a/lib/bundler/cli/doctor.rb b/lib/bundler/cli/doctor.rb index c28997bc7d..43f1ca92e2 100644 --- a/lib/bundler/cli/doctor.rb +++ b/lib/bundler/cli/doctor.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true require "rbconfig" +require "shellwords" module Bundler class CLI::Doctor @@ -22,14 +23,14 @@ module Bundler end def dylibs_darwin(path) - output = `/usr/bin/otool -L "#{path}"`.chomp + output = `/usr/bin/otool -L #{path.shellescape}`.chomp dylibs = output.split("\n")[1..-1].map {|l| l.match(DARWIN_REGEX).captures[0] }.uniq # ignore @rpath and friends dylibs.reject {|dylib| dylib.start_with? "@" } end def dylibs_ldd(path) - output = `/usr/bin/ldd "#{path}"`.chomp + output = `/usr/bin/ldd #{path.shellescape}`.chomp output.split("\n").map do |l| match = l.match(LDD_REGEX) next if match.nil? diff --git a/spec/bundler/commands/doctor_spec.rb b/spec/bundler/commands/doctor_spec.rb index d62d83cc51..860b638f06 100644 --- a/spec/bundler/commands/doctor_spec.rb +++ b/spec/bundler/commands/doctor_spec.rb @@ -133,4 +133,14 @@ RSpec.describe "bundle doctor" do end end end + + context "when home contains filesname with special characters" do + it "escape filename before command execute" do + doctor = Bundler::CLI::Doctor.new({}) + expect(doctor).to receive(:`).with("/usr/bin/otool -L \\$\\(date\\)\\ \\\"\\'\\\\.bundle").and_return("dummy string") + doctor.dylibs_darwin('$(date) "\'\.bundle') + expect(doctor).to receive(:`).with("/usr/bin/ldd \\$\\(date\\)\\ \\\"\\'\\\\.bundle").and_return("dummy string") + doctor.dylibs_ldd('$(date) "\'\.bundle') + end + end end |