From a75922010fe38f48c08c744456dd92cb755e1119 Mon Sep 17 00:00:00 2001 From: drbrain Date: Thu, 7 Feb 2013 22:48:35 +0000 Subject: * lib/rubygems/package/old.rb: Disallow installation of old-format gems when a security policy is active. * test/rubygems/test_gem_package_old.rb: Test for above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39142 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/rubygems/package/old.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'lib/rubygems/package/old.rb') diff --git a/lib/rubygems/package/old.rb b/lib/rubygems/package/old.rb index 552a5f3591..6bf9ea0fe3 100644 --- a/lib/rubygems/package/old.rb +++ b/lib/rubygems/package/old.rb @@ -32,6 +32,8 @@ class Gem::Package::Old < Gem::Package # A list of file names contained in this gem def contents + verify + return @contents if @contents open @gem, 'rb' do |io| @@ -46,6 +48,8 @@ class Gem::Package::Old < Gem::Package # Extracts the files in this package into +destination_dir+ def extract_files destination_dir + verify + errstr = "Error reading files from gem" open @gem, 'rb' do |io| @@ -125,6 +129,8 @@ class Gem::Package::Old < Gem::Package # The specification for this gem def spec + verify + return @spec if @spec yaml = '' @@ -143,5 +149,19 @@ class Gem::Package::Old < Gem::Package raise Gem::Exception, "Failed to parse gem specification out of gem file" end + ## + # Raises an exception if a security policy that verifies data is active. + # Old format gems cannot be verified as signed. + + def verify + return true unless @security_policy + + raise Gem::Security::Exception, + 'old format gems do not contain signatures and cannot be verified' if + @security_policy.verify_data + + true + end + end -- cgit v1.2.3