Merge https://github.com/rubygems/rubygems/pull/6655 manually.

author: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2023-05-10 15:02:29 +0900
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2023-05-10 15:02:29 +0900
commit: 0ef6e718d9774484cd66cad5447d61ee985d8680 (patch)
tree: 2d6045f5e387c75676e436dc206408c68ab68c61 /lib
parent: 9ed189e9aa4e1b1852b18ad01def9c738238299b (diff)
download: ruby-0ef6e718d9774484cd66cad5447d61ee985d8680.tar.gz
2 files changed, 33 insertions, 11 deletions
diff --git a/lib/bundler.rb b/lib/bundler.rb
index 9e6a91c188..69370e81a7 100644
--- a/lib/bundler.rb
+++ b/lib/bundler.rb
@@ -39,16 +39,6 @@ module Bundler
   environment_preserver.replace_with_backup
   SUDO_MUTEX = Thread::Mutex.new
 
-  SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash, Gem::Version, Gem::Specification].freeze
-  SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
-  SAFE_MARSHAL_PROC = proc do |object|
-    object.tap do
-      unless SAFE_MARSHAL_CLASSES.include?(object.class)
-        raise TypeError, format(SAFE_MARSHAL_ERROR, object.class, SAFE_MARSHAL_CLASSES.join(", "))
-      end
-    end
-  end
-
   autoload :Definition,             File.expand_path("bundler/definition", __dir__)
   autoload :Dependency,             File.expand_path("bundler/dependency", __dir__)
   autoload :Deprecate,              File.expand_path("bundler/deprecate", __dir__)
@@ -86,6 +76,7 @@ module Bundler
   autoload :UI,                     File.expand_path("bundler/ui", __dir__)
   autoload :URICredentialsFilter,   File.expand_path("bundler/uri_credentials_filter", __dir__)
   autoload :URINormalizer,          File.expand_path("bundler/uri_normalizer", __dir__)
+  autoload :SafeMarshal,            File.expand_path("bundler/safe_marshal", __dir__)
 
   class << self
     def configure
@@ -523,7 +514,7 @@ EOF
     end
 
     def safe_load_marshal(data)
-      load_marshal(data, :marshal_proc => SAFE_MARSHAL_PROC)
+      load_marshal(data, :marshal_proc => SafeMarshal.proc)
     end
 
     def load_gemspec(file, validate = false)
diff --git a/lib/bundler/safe_marshal.rb b/lib/bundler/safe_marshal.rb
new file mode 100644
index 0000000000..50aa0f60a6
--- /dev/null
+++ b/lib/bundler/safe_marshal.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Bundler
+  module SafeMarshal
+    ALLOWED_CLASSES = [
+      Array,
+      FalseClass,
+      Gem::Specification,
+      Gem::Version,
+      Hash,
+      String,
+      Symbol,
+      Time,
+      TrueClass,
+    ].freeze
+
+    ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed."
+
+    PROC = proc do |object|
+      object.tap do
+        unless ALLOWED_CLASSES.include?(object.class)
+          raise TypeError, format(ERROR, object.class, ALLOWED_CLASSES.join(", "))
+        end
+      end
+    end
+
+    def self.proc
+      PROC
+    end
+  end
+end
author	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2023-05-10 15:02:29 +0900
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2023-05-10 15:02:29 +0900
commit	0ef6e718d9774484cd66cad5447d61ee985d8680 (patch)
tree	2d6045f5e387c75676e436dc206408c68ab68c61 /lib
parent	9ed189e9aa4e1b1852b18ad01def9c738238299b (diff)
download	ruby-0ef6e718d9774484cd66cad5447d61ee985d8680.tar.gz