diff options
Diffstat (limited to 'lib/bundler/errors.rb')
-rw-r--r-- | lib/bundler/errors.rb | 70 |
1 files changed, 59 insertions, 11 deletions
diff --git a/lib/bundler/errors.rb b/lib/bundler/errors.rb index f10b6cc68f..b6a11cc721 100644 --- a/lib/bundler/errors.rb +++ b/lib/bundler/errors.rb @@ -21,16 +21,7 @@ module Bundler class InstallError < BundlerError; status_code(5); end # Internal error, should be rescued - class VersionConflict < BundlerError - attr_reader :conflicts - - def initialize(conflicts, msg = nil) - super(msg) - @conflicts = conflicts - end - - status_code(6) - end + class SolveFailure < BundlerError; status_code(6); end class GemNotFound < BundlerError; status_code(7); end class InstallHookError < BundlerError; status_code(8); end @@ -55,13 +46,55 @@ module Bundler class CyclicDependencyError < BundlerError; status_code(21); end class GemfileLockNotFound < BundlerError; status_code(22); end class PluginError < BundlerError; status_code(29); end - class SudoNotPermittedError < BundlerError; status_code(30); end class ThreadCreationError < BundlerError; status_code(33); end class APIResponseMismatchError < BundlerError; status_code(34); end class APIResponseInvalidDependenciesError < BundlerError; status_code(35); end class GemfileEvalError < GemfileError; end class MarshalError < StandardError; end + class ChecksumMismatchError < SecurityError + def initialize(lock_name, existing, checksum) + @lock_name = lock_name + @existing = existing + @checksum = checksum + end + + def message + <<~MESSAGE + Bundler found mismatched checksums. This is a potential security risk. + #{@lock_name} #{@existing.to_lock} + from #{@existing.sources.join("\n and ")} + #{@lock_name} #{@checksum.to_lock} + from #{@checksum.sources.join("\n and ")} + + #{mismatch_resolution_instructions} + To ignore checksum security warnings, disable checksum validation with + `bundle config set --local disable_checksum_validation true` + MESSAGE + end + + def mismatch_resolution_instructions + removable, remote = [@existing, @checksum].partition(&:removable?) + case removable.size + when 0 + msg = +"Mismatched checksums each have an authoritative source:\n" + msg << " 1. #{@existing.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n" + msg << " 2. #{@checksum.sources.reject(&:removable?).map(&:to_s).join(" and ")}\n" + msg << "You may need to alter your Gemfile sources to resolve this issue.\n" + when 1 + msg = +"If you trust #{remote.first.sources.first}, to resolve this issue you can:\n" + msg << removable.first.removal_instructions + when 2 + msg = +"To resolve this issue you can either:\n" + msg << @checksum.removal_instructions + msg << "or if you are sure that the new checksum from #{@checksum.sources.first} is correct:\n" + msg << @existing.removal_instructions + end + end + + status_code(37) + end + class PermissionError < BundlerError def initialize(path, permission_type = :write) @path = path @@ -182,4 +215,19 @@ module Bundler status_code(36) end + + class InsecureInstallPathError < BundlerError + def initialize(path) + @path = path + end + + def message + "The installation path is insecure. Bundler cannot continue.\n" \ + "#{@path} is world-writable (without sticky bit).\n" \ + "Bundler cannot safely replace gems in world-writeable directories due to potential vulnerabilities.\n" \ + "Please change the permissions of this directory or choose a different install path." + end + + status_code(38) + end end |