diff options
Diffstat (limited to 'lib/rubygems/source.rb')
| -rw-r--r-- | lib/rubygems/source.rb | 183 |
1 files changed, 99 insertions, 84 deletions
diff --git a/lib/rubygems/source.rb b/lib/rubygems/source.rb index bd84c217a7..86717e3e71 100644 --- a/lib/rubygems/source.rb +++ b/lib/rubygems/source.rb @@ -1,22 +1,21 @@ # frozen_string_literal: true -autoload :FileUtils, 'fileutils' -autoload :URI, 'uri' +require_relative "text" ## # A Source knows how to list and fetch gems from a RubyGems marshal index. # # There are other Source subclasses for installed gems, local gems, the -# bundler dependency API and so-forth. +# Compact Index API and so-forth. class Gem::Source - include Comparable + include Gem::Text FILES = { # :nodoc: - :released => 'specs', - :latest => 'latest_specs', - :prerelease => 'prerelease_specs', - } + released: "specs", + latest: "latest_specs", + prerelease: "prerelease_specs", + }.freeze ## # The URI this source will fetch gems from. @@ -27,24 +26,9 @@ class Gem::Source # Creates a new Source which will use the index located at +uri+. def initialize(uri) - begin - unless uri.kind_of? URI - uri = URI.parse(uri.to_s) - end - rescue URI::InvalidURIError - raise if Gem::Source == self.class - end - - @uri = uri - @api_uri = nil - end - - ## - # Use an SRV record on the host to look up the true endpoint for the index. - - def api_uri # :nodoc: - require 'rubygems/remote_fetcher' - @api_uri ||= Gem::RemoteFetcher.fetcher.api_endpoint uri + require_relative "uri" + @uri = Gem::Uri.parse!(uri) + @update_cache = nil end ## @@ -60,49 +44,34 @@ class Gem::Source Gem::Source::Vendor then -1 when Gem::Source then - if !@uri + unless @uri return 0 unless other.uri return 1 end - return -1 if !other.uri + return -1 unless other.uri # Returning 1 here ensures that when sorting a list of sources, the # original ordering of sources supplied by the user is preserved. return 1 unless @uri.to_s == other.uri.to_s 0 - else - nil end end - def == other # :nodoc: - self.class === other and @uri == other.uri + def ==(other) # :nodoc: + self.class === other && @uri == other.uri end alias_method :eql?, :== # :nodoc: ## # Returns a Set that can fetch specifications from this source. - - def dependency_resolver_set # :nodoc: - return Gem::Resolver::IndexSet.new self if 'file' == api_uri.scheme - - bundler_api_uri = api_uri + './api/v1/dependencies' - - begin - fetcher = Gem::RemoteFetcher.fetcher - response = fetcher.fetch_path bundler_api_uri, nil, true - rescue Gem::RemoteFetcher::FetchError - Gem::Resolver::IndexSet.new self - else - if response.respond_to? :uri then - Gem::Resolver::APISet.new response.uri - else - Gem::Resolver::APISet.new bundler_api_uri - end - end + # + # The set will optionally fetch prereleases if requested. + # + def dependency_resolver_set(prerelease = false) + new_dependency_resolver_set.tap {|set| set.prerelease = prerelease } end def hash # :nodoc: @@ -114,8 +83,7 @@ class Gem::Source def cache_dir(uri) # Correct for windows paths - escaped_path = uri.path.sub(/^\/([a-z]):\//i, '/\\1-/') - escaped_path.untaint + escaped_path = uri.path.sub(%r{^/([a-z]):/}i, '/\\1-/') File.join Gem.spec_cache_dir, "#{uri.host}%#{uri.port}", File.dirname(escaped_path) end @@ -124,7 +92,8 @@ class Gem::Source # Returns true when it is possible and safe to update the cache directory. def update_cache? - @update_cache ||= + return @update_cache unless @update_cache.nil? + @update_cache = begin File.stat(Gem.user_home).uid == Process.uid rescue Errno::ENOENT @@ -133,40 +102,47 @@ class Gem::Source end ## - # Fetches a specification for the given +name_tuple+. + # Fetches a specification for the given Gem::NameTuple. - def fetch_spec name_tuple + def fetch_spec(name_tuple) fetcher = Gem::RemoteFetcher.fetcher spec_file_name = name_tuple.spec_name - uri = api_uri + "#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}" + source_uri = enforce_trailing_slash(uri) + "#{Gem::MARSHAL_SPEC_DIR}#{spec_file_name}" - cache_dir = cache_dir uri + cache_dir = cache_dir source_uri local_spec = File.join cache_dir, spec_file_name - if File.exist? local_spec then + if File.exist? local_spec spec = Gem.read_binary local_spec - spec = Marshal.load(spec) rescue nil + Gem.load_safe_marshal + spec = begin + Gem::SafeMarshal.safe_load(spec) + rescue StandardError + nil + end return spec if spec end - uri.path << '.rz' + source_uri.path << ".rz" - spec = fetcher.fetch_path uri - spec = Gem.inflate spec + spec = fetcher.fetch_path source_uri + spec = Gem::Util.inflate spec - if update_cache? then + if update_cache? + require "fileutils" FileUtils.mkdir_p cache_dir - open local_spec, 'wb' do |io| + File.open local_spec, "wb" do |io| io.write spec end end + Gem.load_safe_marshal # TODO: Investigate setting Gem::Specification#loaded_from to a URI - Marshal.load spec + Gem::SafeMarshal.safe_load spec end ## @@ -184,17 +160,21 @@ class Gem::Source file = FILES[type] fetcher = Gem::RemoteFetcher.fetcher file_name = "#{file}.#{Gem.marshal_version}" - spec_path = api_uri + "#{file_name}.gz" + spec_path = enforce_trailing_slash(uri) + "#{file_name}.gz" cache_dir = cache_dir spec_path local_file = File.join(cache_dir, file_name) retried = false - FileUtils.mkdir_p cache_dir if update_cache? + if update_cache? + require "fileutils" + FileUtils.mkdir_p cache_dir + end spec_dump = fetcher.cache_update_path spec_path, local_file, update_cache? + Gem.load_safe_marshal begin - Gem::NameTuple.from_list Marshal.load(spec_dump) + Gem::NameTuple.from_list Gem::SafeMarshal.safe_load(spec_dump) rescue ArgumentError if update_cache? && !retried FileUtils.rm local_file @@ -210,29 +190,64 @@ class Gem::Source # Downloads +spec+ and writes it to +dir+. See also # Gem::RemoteFetcher#download. - def download(spec, dir=Dir.pwd) + def download(spec, dir = Dir.pwd) fetcher = Gem::RemoteFetcher.fetcher - fetcher.download spec, api_uri.to_s, dir + fetcher.download spec, uri.to_s, dir end - def pretty_print q # :nodoc: - q.group 2, '[Remote:', ']' do - q.breakable - q.text @uri.to_s - - if api = api_uri + def pretty_print(q) # :nodoc: + q.object_group(self) do + q.group 2, "[Remote:", "]" do q.breakable - q.text 'API URI: ' - q.text api.to_s + q.text @uri.to_s + + if api = uri + q.breakable + q.text "API URI: " + q.text api.to_s + end end end end + def typo_squatting?(host, distance_threshold = 4) + return if @uri.host.nil? + levenshtein_distance(@uri.host, host).between? 1, distance_threshold + end + + private + + def new_dependency_resolver_set + return Gem::Resolver::IndexSet.new self if uri.scheme == "file" + + fetch_uri = if uri.host == "rubygems.org" + index_uri = uri.dup + index_uri.host = "index.rubygems.org" + index_uri + else + uri + end + + bundler_api_uri = enforce_trailing_slash(fetch_uri) + "versions" + + begin + fetcher = Gem::RemoteFetcher.fetcher + response = fetcher.fetch_path bundler_api_uri, nil, true + rescue Gem::RemoteFetcher::FetchError + Gem::Resolver::IndexSet.new self + else + Gem::Resolver::APISet.new response.uri + "./info/" + end + end + + def enforce_trailing_slash(uri) + uri.merge(uri.path.gsub(%r{/+$}, "") + "/") + end end -require 'rubygems/source/git' -require 'rubygems/source/installed' -require 'rubygems/source/specific_file' -require 'rubygems/source/local' -require 'rubygems/source/lock' -require 'rubygems/source/vendor' +require_relative "source/git" +require_relative "source/installed" +require_relative "source/specific_file" +require_relative "source/local" +require_relative "source/lock" +require_relative "source/vendor" |