diff options
author | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-02-16 08:08:06 +0000 |
---|---|---|
committer | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-02-16 08:08:06 +0000 |
commit | 7619cb3d7dcc9920a72ff5f2bc5546a5971fbab4 (patch) | |
tree | 1fe1f557eadc8ce3bd7b180434153e6420a7436b /test/rubygems/test_gem_commands_owner_command.rb | |
parent | 7a453b157661561146ce84d821d6c5c18a5368df (diff) | |
download | ruby-7619cb3d7dcc9920a72ff5f2bc5546a5971fbab4.tar.gz |
Merge RubyGems 2.7.6 from upstream.
It fixed some security vulnerabilities.
http://blog.rubygems.org/2018/02/15/2.7.6-released.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/rubygems/test_gem_commands_owner_command.rb')
-rw-r--r-- | test/rubygems/test_gem_commands_owner_command.rb | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/test/rubygems/test_gem_commands_owner_command.rb b/test/rubygems/test_gem_commands_owner_command.rb index 44652c1093..53cac4ce87 100644 --- a/test/rubygems/test_gem_commands_owner_command.rb +++ b/test/rubygems/test_gem_commands_owner_command.rb @@ -43,6 +43,31 @@ EOF assert_match %r{- 4}, @ui.output end + def test_show_owners_dont_load_objects + skip "testing a psych-only API" unless defined?(::Psych::DisallowedClass) + + response = <<EOF +--- +- email: !ruby/object:Object {} + id: 1 + handle: user1 +- email: user2@example.com +- id: 3 + handle: user3 +- id: 4 +EOF + + @fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners.yaml"] = [response, 200, 'OK'] + + assert_raises Psych::DisallowedClass do + use_ui @ui do + @cmd.show_owners("freewill") + end + end + + end + + def test_show_owners_setting_up_host_through_env_var response = "- email: user1@example.com\n" host = "http://rubygems.example" |