diff options
| author | David Rodríguez <[email protected]> | 2023-03-13 14:11:25 +0100 |
|---|---|---|
| committer | git <[email protected]> | 2024-11-04 10:18:55 +0000 |
| commit | e7518a7859afdb8bb0745d084e59a82cb1dba4a5 (patch) | |
| tree | d8ad501379fc5e4aaf505ba29360c196ab9062c0 | |
| parent | 9ce1b5e11f807541ba9e3f7800fe4f64dfd1a906 (diff) | |
Validate user input encoding
If the user has the encoding of her system messed up, she may end up
sending us incorrectly encoding input, causing "invalid byte sequence in
UTF-8" errors at random places.
These errors can be forced on a system without encoding issues with
something like:
```
$ gem install$(echo -e "\xFF") foo
/Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:534:in `block in set_config_file_name': invalid byte sequence in UTF-8 (ArgumentError)
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:530:in `each'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:530:in `set_config_file_name'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/config_file.rb:177:in `initialize'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:71:in `new'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:71:in `do_configuration'
from /Users/deivid/.asdf/installs/ruby/3.2.1/lib/ruby/site_ruby/3.2.0/rubygems/gem_runner.rb:33:in `run'
from /Users/deivid/.asdf/installs/ruby/3.2.1/bin/gem:10:in `<main>'
```
This commit makes RubyGems print a better error in this case:
```
$ ruby -Ilib bin/gem install$(echo -e "\xFF") foo
/Users/deivid/Code/rubygems/rubygems/lib/rubygems/gem_runner.rb:75:in `validate_encoding': invalid argument: 'install�' has invalid encoding (Gem::OptionParser::InvalidArgument)
from /Users/deivid/Code/rubygems/rubygems/lib/rubygems/gem_runner.rb:31:in `run'
from bin/gem:10:in `<main>'
```
| -rw-r--r-- | lib/rubygems/gem_runner.rb | 9 | ||||
| -rw-r--r-- | test/rubygems/test_gem_gem_runner.rb | 6 |
2 files changed, 15 insertions, 0 deletions
diff --git a/lib/rubygems/gem_runner.rb b/lib/rubygems/gem_runner.rb index 8335a0ad03..4cb924677f 100644 --- a/lib/rubygems/gem_runner.rb +++ b/lib/rubygems/gem_runner.rb @@ -29,6 +29,7 @@ class Gem::GemRunner # Run the gem command with the following arguments. def run(args) + validate_encoding args build_args = extract_build_args args do_configuration args @@ -72,6 +73,14 @@ class Gem::GemRunner private + def validate_encoding(args) + invalid_arg = args.find {|arg| !arg.valid_encoding? } + + if invalid_arg + raise Gem::OptionParser::InvalidArgument.new("'#{invalid_arg.scrub}' has invalid encoding") + end + end + def do_configuration(args) Gem.configuration = @config_file_class.new(args) Gem.use_paths Gem.configuration[:gemhome], Gem.configuration[:gempath] diff --git a/test/rubygems/test_gem_gem_runner.rb b/test/rubygems/test_gem_gem_runner.rb index c05e74c991..4fb205040c 100644 --- a/test/rubygems/test_gem_gem_runner.rb +++ b/test/rubygems/test_gem_gem_runner.rb @@ -54,6 +54,12 @@ class TestGemGemRunner < Gem::TestCase assert_equal %w[--commands], Gem::Command.extra_args end + def test_validate_encoding + assert_raise Gem::OptionParser::InvalidArgument do + @runner.run(["install\xFF", "foo"]) + end + end + def test_extract_build_args args = %w[] assert_equal [], @runner.extract_build_args(args) |