diff options
| author | Samuel Giddins <[email protected]> | 2023-08-18 13:35:23 -0700 |
|---|---|---|
| committer | git <[email protected]> | 2023-09-20 02:02:58 +0000 |
| commit | d182d83ce929cd322f4a6fd134cd31be950eca77 () | |
| tree | 18808133999aab348990d35cae6920d0252dfa56 | |
| parent | c47608494f961d2a8fe24b1a7b7f627b305cf7fe (diff) | |
[rubygems/rubygems] Add a Marshal.load replacement that walks an AST to safely load permitted classes/symbols
https://.com/rubygems/rubygems/commit/7e4478fe73
| -rw-r--r-- | lib/rubygems.rb | 10 | ||||
| -rw-r--r-- | lib/rubygems/indexer.rb | 3 | ||||
| -rw-r--r-- | lib/rubygems/safe_marshal.rb | 71 | ||||
| -rw-r--r-- | lib/rubygems/safe_marshal/elements.rb | 138 | ||||
| -rw-r--r-- | lib/rubygems/safe_marshal/reader.rb | 182 | ||||
| -rw-r--r-- | lib/rubygems/safe_marshal/visitors/to_ruby.rb | 266 | ||||
| -rw-r--r-- | lib/rubygems/safe_marshal/visitors/visitor.rb | 74 | ||||
| -rw-r--r-- | lib/rubygems/source.rb | 9 | ||||
| -rw-r--r-- | lib/rubygems/specification.rb | 3 | ||||
| -rw-r--r-- | test/rubygems/test_gem_safe_marshal.rb | 144 |
10 files changed, 895 insertions, 5 deletions
@@ -604,6 +604,16 @@ An Array (#{env.inspect}) was passed in from #{caller[3]} @yaml_loaded = true end ## # The file name and line number of the caller of the caller of this method. # @@ -411,7 +411,8 @@ class Gem::Indexer # +dest+. For a latest index, does not ensure the new file is minimal. def update_specs_index(index, source, dest) - specs_index = Marshal.load Gem.read_binary(source) index.each do |spec| platform = spec.original_platform @@ -0,0 +1,71 @@ @@ -0,0 +1,138 @@ @@ -0,0 +1,182 @@ @@ -0,0 +1,266 @@ @@ -0,0 +1,74 @@ @@ -135,8 +135,9 @@ class Gem::Source if File.exist? local_spec spec = Gem.read_binary local_spec spec = begin - Marshal.load(spec) rescue StandardError nil end @@ -157,8 +158,9 @@ class Gem::Source end end # TODO: Investigate setting Gem::Specification#loaded_from to a URI - Marshal.load spec end ## @@ -188,8 +190,9 @@ class Gem::Source spec_dump = fetcher.cache_update_path spec_path, local_file, update_cache? begin - Gem::NameTuple.from_list Marshal.load(spec_dump) rescue ArgumentError if update_cache? && !retried FileUtils.rm local_file @@ -1300,12 +1300,13 @@ class Gem::Specification < Gem::BasicSpecification def self._load(str) Gem.load_yaml yaml_set = false retry_count = 0 array = begin - Marshal.load str rescue ArgumentError => e # Avoid an infinite retry loop when the argument error has nothing to do # with the classes not being defined. @@ -0,0 +1,144 @@ |