Followed up CVE-2022-39253 for bundler examples
This commit is contained in:
parent
0a43a040b4
commit
4f1e0bfacd
3
spec/bundler/cache/git_spec.rb
vendored
3
spec/bundler/cache/git_spec.rb
vendored
@ -156,6 +156,9 @@ RSpec.describe "bundle cache with git" do
|
|||||||
end
|
end
|
||||||
|
|
||||||
it "copies repository to vendor cache, including submodules" do
|
it "copies repository to vendor cache, including submodules" do
|
||||||
|
# CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
|
||||||
|
system(*%W[git config --global protocol.file.allow always])
|
||||||
|
|
||||||
build_git "submodule", "1.0"
|
build_git "submodule", "1.0"
|
||||||
|
|
||||||
git = build_git "has_submodule", "1.0" do |s|
|
git = build_git "has_submodule", "1.0" do |s|
|
||||||
|
@ -865,6 +865,9 @@ RSpec.describe "bundle install with git sources" do
|
|||||||
end
|
end
|
||||||
|
|
||||||
it "ignores submodules if :submodule is not passed" do
|
it "ignores submodules if :submodule is not passed" do
|
||||||
|
# CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
|
||||||
|
system(*%W[git config --global protocol.file.allow always])
|
||||||
|
|
||||||
build_git "submodule", "1.0"
|
build_git "submodule", "1.0"
|
||||||
build_git "has_submodule", "1.0" do |s|
|
build_git "has_submodule", "1.0" do |s|
|
||||||
s.add_dependency "submodule"
|
s.add_dependency "submodule"
|
||||||
@ -884,6 +887,9 @@ RSpec.describe "bundle install with git sources" do
|
|||||||
end
|
end
|
||||||
|
|
||||||
it "handles repos with submodules" do
|
it "handles repos with submodules" do
|
||||||
|
# CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
|
||||||
|
system(*%W[git config --global protocol.file.allow always])
|
||||||
|
|
||||||
build_git "submodule", "1.0"
|
build_git "submodule", "1.0"
|
||||||
build_git "has_submodule", "1.0" do |s|
|
build_git "has_submodule", "1.0" do |s|
|
||||||
s.add_dependency "submodule"
|
s.add_dependency "submodule"
|
||||||
@ -902,6 +908,9 @@ RSpec.describe "bundle install with git sources" do
|
|||||||
end
|
end
|
||||||
|
|
||||||
it "does not warn when deiniting submodules" do
|
it "does not warn when deiniting submodules" do
|
||||||
|
# CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
|
||||||
|
system(*%W[git config --global protocol.file.allow always])
|
||||||
|
|
||||||
build_git "submodule", "1.0"
|
build_git "submodule", "1.0"
|
||||||
build_git "has_submodule", "1.0"
|
build_git "has_submodule", "1.0"
|
||||||
|
|
||||||
|
@ -124,6 +124,9 @@ RSpec.describe "bundle update" do
|
|||||||
|
|
||||||
describe "with submodules" do
|
describe "with submodules" do
|
||||||
before :each do
|
before :each do
|
||||||
|
# CVE-2022-39253: https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
|
||||||
|
system(*%W[git config --global protocol.file.allow always])
|
||||||
|
|
||||||
build_repo4 do
|
build_repo4 do
|
||||||
build_gem "submodule" do |s|
|
build_gem "submodule" do |s|
|
||||||
s.write "lib/submodule.rb", "puts 'GEM'"
|
s.write "lib/submodule.rb", "puts 'GEM'"
|
||||||
|
Loading…
x
Reference in New Issue
Block a user