1 files changed, 24 insertions, 0 deletions

diff --git a/spec/ruby/security/cve_2019_8322_spec.rb b/spec/ruby/security/cve_2019_8322_spec.rb
new file mode 100644
index 0000000000..dbc273f313
--- /dev/null
+++ b/spec/ruby/security/cve_2019_8322_spec.rb
@@ -0,0 +1,24 @@
+require_relative '../spec_helper'
+
+ruby_version_is ""..."4.0" do
+
+  require 'yaml'
+  require 'rubygems'
+  require 'rubygems/safe_yaml'
+  require 'rubygems/commands/owner_command'
+
+  describe "CVE-2019-8322 is resisted by" do
+    it "sanitising owner names" do
+      command = Gem::Commands::OwnerCommand.new
+      def command.rubygems_api_request(*args)
+        Struct.new(:body).new("---\n- email: \"\e]2;nyan\a\"\n  handle: handle\n  id: id\n")
+      end
+      def command.with_response(response)
+        yield response
+      end
+      command.should_receive(:say).with("Owners for gem: name")
+      command.should_receive(:say).with("- .]2;nyan.")
+      command.show_owners "name"
+    end
+  end
+end