spec/ruby/security/cve_2019_8323_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

require_relative '../spec_helper'

require 'optparse'

require 'rubygems'
require 'rubygems/gemcutter_utilities'

describe "CVE-2019-8323 is resisted by" do
  describe "sanitising the body" do
    it "for success codes" do
      cutter = Class.new {
        include Gem::GemcutterUtilities
      }.new
      klass = if defined?(Gem::Net::HTTPSuccess)
                Gem::Net::HTTPSuccess
              else
                Net::HTTPSuccess
              end
      response = klass.new(nil, nil, nil)
      def response.body
        "\e]2;nyan\a"
      end
      cutter.should_receive(:say).with(".]2;nyan.")
      cutter.with_response response
    end

    it "for error codes" do
      cutter = Class.new {
        include Gem::GemcutterUtilities
      }.new
      def cutter.terminate_interaction(n)
      end
      klass = if defined?(Gem::Net::HTTPNotFound)
                Gem::Net::HTTPNotFound
              else
                Net::HTTPNotFound
              end
      response = klass.new(nil, nil, nil)
      def response.body
        "\e]2;nyan\a"
      end
      cutter.should_receive(:say).with(".]2;nyan.")
      cutter.with_response response
    end
  end
end