summaryrefslogtreecommitdiff
path: root/spec/ruby/security/cve_2019_8321_spec.rb
blob: 84cd10ced1bc9a4245b6b658105209c9bb3aed2a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
require_relative '../spec_helper'

guard_not -> { platform_is :darwin and ENV['GITHUB_ACTIONS'] } do # frequent timeout/hang on macOS in GitHub Actions
  require 'rubygems'
  require 'rubygems/user_interaction'

  describe "CVE-2019-8321 is resisted by" do
    it "sanitising verbose messages" do
      ui = Class.new {
        include Gem::UserInteraction
      }.new
      ui.should_receive(:say).with(".]2;nyan.")
      verbose_before = Gem.configuration.verbose
      begin
        Gem.configuration.verbose = :really_verbose
        ui.verbose("\e]2;nyan\a")
      ensure
        Gem.configuration.verbose = verbose_before
      end
    end
  end
end