5 files changed, 48 insertions, 55 deletions

diff --git a/spec/ruby/security/cve_2019_8321_spec.rb b/spec/ruby/security/cve_2019_8321_spec.rb
index affcd00e02..a8a86e7d97 100644
--- a/spec/ruby/security/cve_2019_8321_spec.rb
+++ b/spec/ruby/security/cve_2019_8321_spec.rb
@@ -3,20 +3,18 @@ require_relative '../spec_helper'
 require 'rubygems'
 require 'rubygems/user_interaction'
 
-ruby_version_is "2.5.5" do
-  describe "CVE-2019-8321 is resisted by" do
-    it "sanitising verbose messages" do
-      ui = Class.new {
-        include Gem::UserInteraction
-      }.new
-      ui.should_receive(:say).with(".]2;nyan.")
-      verbose_before = Gem.configuration.verbose
-      begin
-        Gem.configuration.verbose = :really_verbose
-        ui.verbose("\e]2;nyan\a")
-      ensure
-        Gem.configuration.verbose = verbose_before
-      end
+describe "CVE-2019-8321 is resisted by" do
+  it "sanitising verbose messages" do
+    ui = Class.new {
+      include Gem::UserInteraction
+    }.new
+    ui.should_receive(:say).with(".]2;nyan.")
+    verbose_before = Gem.configuration.verbose
+    begin
+      Gem.configuration.verbose = :really_verbose
+      ui.verbose("\e]2;nyan\a")
+    ensure
+      Gem.configuration.verbose = verbose_before
     end
   end
 end
diff --git a/spec/ruby/security/cve_2019_8322_spec.rb b/spec/ruby/security/cve_2019_8322_spec.rb
index 04fb1a7a26..b70d78c033 100644
--- a/spec/ruby/security/cve_2019_8322_spec.rb
+++ b/spec/ruby/security/cve_2019_8322_spec.rb
@@ -5,19 +5,17 @@ require 'rubygems'
 require 'rubygems/safe_yaml'
 require 'rubygems/commands/owner_command'
 
-ruby_version_is "2.5.5" do
-  describe "CVE-2019-8322 is resisted by" do
-    it "sanitising owner names" do
-      command = Gem::Commands::OwnerCommand.new
-      def command.rubygems_api_request(*args)
-        Struct.new(:body).new("---\n- email: \"\e]2;nyan\a\"\n  handle: handle\n  id: id\n")
-      end
-      def command.with_response(response)
-        yield response
-      end
-      command.should_receive(:say).with("Owners for gem: name")
-      command.should_receive(:say).with("- .]2;nyan.")
-      command.show_owners "name"
+describe "CVE-2019-8322 is resisted by" do
+  it "sanitising owner names" do
+    command = Gem::Commands::OwnerCommand.new
+    def command.rubygems_api_request(*args)
+      Struct.new(:body).new("---\n- email: \"\e]2;nyan\a\"\n  handle: handle\n  id: id\n")
     end
+    def command.with_response(response)
+      yield response
+    end
+    command.should_receive(:say).with("Owners for gem: name")
+    command.should_receive(:say).with("- .]2;nyan.")
+    command.show_owners "name"
   end
 end
diff --git a/spec/ruby/security/cve_2019_8323_spec.rb b/spec/ruby/security/cve_2019_8323_spec.rb
index af0b270880..d4606de054 100644
--- a/spec/ruby/security/cve_2019_8323_spec.rb
+++ b/spec/ruby/security/cve_2019_8323_spec.rb
@@ -5,34 +5,32 @@ require 'optparse'
 require 'rubygems'
 require 'rubygems/gemcutter_utilities'
 
-ruby_version_is "2.5.5" do
-  describe "CVE-2019-8323 is resisted by" do
-    describe "sanitising the body" do
-      it "for success codes" do
-        cutter = Class.new {
-          include Gem::GemcutterUtilities
-        }.new
-        response = Net::HTTPSuccess.new(nil, nil, nil)
-        def response.body
-          "\e]2;nyan\a"
-        end
-        cutter.should_receive(:say).with(".]2;nyan.")
-        cutter.with_response response
+describe "CVE-2019-8323 is resisted by" do
+  describe "sanitising the body" do
+    it "for success codes" do
+      cutter = Class.new {
+        include Gem::GemcutterUtilities
+      }.new
+      response = Net::HTTPSuccess.new(nil, nil, nil)
+      def response.body
+        "\e]2;nyan\a"
       end
+      cutter.should_receive(:say).with(".]2;nyan.")
+      cutter.with_response response
+    end
 
-      it "for error codes" do
-        cutter = Class.new {
-          include Gem::GemcutterUtilities
-        }.new
-        def cutter.terminate_interaction(n)
-        end
-        response = Net::HTTPNotFound.new(nil, nil, nil)
-        def response.body
-          "\e]2;nyan\a"
-        end
-        cutter.should_receive(:say).with(".]2;nyan.")
-        cutter.with_response response
+    it "for error codes" do
+      cutter = Class.new {
+        include Gem::GemcutterUtilities
+      }.new
+      def cutter.terminate_interaction(n)
+      end
+      response = Net::HTTPNotFound.new(nil, nil, nil)
+      def response.body
+        "\e]2;nyan\a"
       end
+      cutter.should_receive(:say).with(".]2;nyan.")
+      cutter.with_response response
     end
   end
 end
diff --git a/spec/ruby/security/cve_2019_8325_spec.rb b/spec/ruby/security/cve_2019_8325_spec.rb
index dcdbe34210..935f127d7f 100644
--- a/spec/ruby/security/cve_2019_8325_spec.rb
+++ b/spec/ruby/security/cve_2019_8325_spec.rb
@@ -3,7 +3,7 @@ require_relative '../spec_helper'
 require 'rubygems'
 require 'rubygems/command_manager'
 
-ruby_version_is "2.5.5" do
+platform_is_not :darwin do # frequent timeout/hang on macOS
   describe "CVE-2019-8325 is resisted by" do
     describe "sanitising error message components" do
       it "for the 'while executing' message" do
diff --git a/spec/ruby/security/cve_2020_10663_spec.rb b/spec/ruby/security/cve_2020_10663_spec.rb
index b97323af08..766590d501 100644
--- a/spec/ruby/security/cve_2020_10663_spec.rb
+++ b/spec/ruby/security/cve_2020_10663_spec.rb
@@ -18,12 +18,11 @@ module JSONSpecs
 end
 
 guard -> {
-  ruby_version_is "2.5.8"..."2.6.0" or
   ruby_version_is "2.6.6" or
   JSON.const_defined?(:Pure) or
   version_is(JSON::VERSION, '2.3.0')
 } do
-  platform_is_not :darwin do
+  platform_is_not :darwin do # frequent timeout/hang on macOS
     describe "CVE-2020-10663 is resisted by" do
       it "only creating custom objects if passed create_additions: true or using JSON.load" do
         obj = JSONSpecs::MyClass.new("bar")