[rubygems/rubygems] Stop storing executable names in ivars

Removes usage of these classes as ACE gadgets See https://nastystereo.com/security/ruby-3.4-deserialization.html Signed-off-by: Samuel Giddins <[email protected]> https://github.com/rubygems/rubygems/commit/89ad04db86
author: Samuel Giddins <[email protected]> 2024-12-04 12:45:53 -0800
committer: git <[email protected]> 2024-12-05 19:00:44 +0000
commit: 7daf85bdf250a1056e7441ee88b588cf69d00556 (patch)
tree: b45eaa052ca86855aef9d42661ec904d6cd4a715 /lib
parent: 6877c38866b4213f5aa476223d21a4f4b5364247 (diff)
2 files changed, 11 insertions, 9 deletions
diff --git a/lib/rubygems/resolver/git_set.rb b/lib/rubygems/resolver/git_set.rb
index 89342ff80d..2912378fe7 100644
--- a/lib/rubygems/resolver/git_set.rb
+++ b/lib/rubygems/resolver/git_set.rb
@@ -36,7 +36,6 @@ class Gem::Resolver::GitSet < Gem::Resolver::Set
   def initialize # :nodoc:
     super()
 
-    @git             = ENV["git"] || "git"
     @need_submodules = {}
     @repositories    = {}
     @root_dir        = Gem.dir
diff --git a/lib/rubygems/source/git.rb b/lib/rubygems/source/git.rb
index f229e1a7be..709b269529 100644
--- a/lib/rubygems/source/git.rb
+++ b/lib/rubygems/source/git.rb
@@ -58,7 +58,6 @@ class Gem::Source::Git < Gem::Source
 
     @remote   = true
     @root_dir = Gem.dir
-    @git      = ENV["git"] || "git"
   end
 
   def <=>(other)
@@ -81,6 +80,10 @@ class Gem::Source::Git < Gem::Source
       @need_submodules == other.need_submodules
   end
 
+  def git_command
+    ENV.fetch("git", "git")
+  end
+
   ##
   # Checks out the files for the repository into the install_dir.
 
@@ -90,18 +93,18 @@ class Gem::Source::Git < Gem::Source
     return false unless File.exist? repo_cache_dir
 
     unless File.exist? install_dir
-      system @git, "clone", "--quiet", "--no-checkout",
+      system git, "clone", "--quiet", "--no-checkout",
              repo_cache_dir, install_dir
     end
 
     Dir.chdir install_dir do
-      system @git, "fetch", "--quiet", "--force", "--tags", install_dir
+      system git, "fetch", "--quiet", "--force", "--tags", install_dir
 
-      success = system @git, "reset", "--quiet", "--hard", rev_parse
+      success = system git, "reset", "--quiet", "--hard", rev_parse
 
       if @need_submodules
         require "open3"
-        _, status = Open3.capture2e(@git, "submodule", "update", "--quiet", "--init", "--recursive")
+        _, status = Open3.capture2e(git, "submodule", "update", "--quiet", "--init", "--recursive")
 
         success &&= status.success?
       end
@@ -118,11 +121,11 @@ class Gem::Source::Git < Gem::Source
 
     if File.exist? repo_cache_dir
       Dir.chdir repo_cache_dir do
-        system @git, "fetch", "--quiet", "--force", "--tags",
+        system git, "fetch", "--quiet", "--force", "--tags",
                @repository, "refs/heads/*:refs/heads/*"
       end
     else
-      system @git, "clone", "--quiet", "--bare", "--no-hardlinks",
+      system git, "clone", "--quiet", "--bare", "--no-hardlinks",
              @repository, repo_cache_dir
     end
   end
@@ -182,7 +185,7 @@ class Gem::Source::Git < Gem::Source
     hash = nil
 
     Dir.chdir repo_cache_dir do
-      hash = Gem::Util.popen(@git, "rev-parse", @reference).strip
+      hash = Gem::Util.popen(git_command, "rev-parse", @reference).strip
     end
 
     raise Gem::Exception,
author	Samuel Giddins <[email protected]>	2024-12-04 12:45:53 -0800
committer	git <[email protected]>	2024-12-05 19:00:44 +0000
commit	7daf85bdf250a1056e7441ee88b588cf69d00556 (patch)
tree	b45eaa052ca86855aef9d42661ec904d6cd4a715 /lib
parent	6877c38866b4213f5aa476223d21a4f4b5364247 (diff)