[rubygems/rubygems] Stop storing executable names in ivars

Removes usage of these classes as ACE gadgets See https://nastystereo.com/security/ruby-3.4-deserialization.html Signed-off-by: Samuel Giddins <segiddins@segiddins.me> https://github.com/rubygems/rubygems/commit/89ad04db86
2024-12-04 12:45:53 -08:00 · 2024-12-04 12:45:53 -08:00 · 7daf85bdf2
commit 7daf85bdf2
parent 6877c38866
2 changed files with 11 additions and 9 deletions
--- a/lib/rubygems/resolver/git_set.rb
+++ b/lib/rubygems/resolver/git_set.rb
@ -36,7 +36,6 @@ class Gem::Resolver::GitSet < Gem::Resolver::Set
  def initialize # :nodoc:
    super()

-    @git             = ENV["git"] || "git"
    @need_submodules = {}
    @repositories    = {}
    @root_dir        = Gem.dir
--- a/lib/rubygems/source/git.rb
+++ b/lib/rubygems/source/git.rb
@ -58,7 +58,6 @@ class Gem::Source::Git < Gem::Source

    @remote   = true
    @root_dir = Gem.dir
-    @git      = ENV["git"] || "git"
  end

  def <=>(other)
@ -81,6 +80,10 @@ class Gem::Source::Git < Gem::Source
      @need_submodules == other.need_submodules
  end

+  def git_command
+    ENV.fetch("git", "git")
+  end
+
  ##
  # Checks out the files for the repository into the install_dir.

@ -90,18 +93,18 @@ class Gem::Source::Git < Gem::Source
    return false unless File.exist? repo_cache_dir

    unless File.exist? install_dir
-      system @git, "clone", "--quiet", "--no-checkout",
+      system git, "clone", "--quiet", "--no-checkout",
             repo_cache_dir, install_dir
    end

    Dir.chdir install_dir do
-      system @git, "fetch", "--quiet", "--force", "--tags", install_dir
+      system git, "fetch", "--quiet", "--force", "--tags", install_dir

-      success = system @git, "reset", "--quiet", "--hard", rev_parse
+      success = system git, "reset", "--quiet", "--hard", rev_parse

      if @need_submodules
        require "open3"
-        _, status = Open3.capture2e(@git, "submodule", "update", "--quiet", "--init", "--recursive")
+        _, status = Open3.capture2e(git, "submodule", "update", "--quiet", "--init", "--recursive")

        success &&= status.success?
      end
@ -118,11 +121,11 @@ class Gem::Source::Git < Gem::Source

    if File.exist? repo_cache_dir
      Dir.chdir repo_cache_dir do
-        system @git, "fetch", "--quiet", "--force", "--tags",
+        system git, "fetch", "--quiet", "--force", "--tags",
               @repository, "refs/heads/*:refs/heads/*"
      end
    else
-      system @git, "clone", "--quiet", "--bare", "--no-hardlinks",
+      system git, "clone", "--quiet", "--bare", "--no-hardlinks",
             @repository, repo_cache_dir
    end
  end
@ -182,7 +185,7 @@ class Gem::Source::Git < Gem::Source
    hash = nil

    Dir.chdir repo_cache_dir do
-      hash = Gem::Util.popen(@git, "rev-parse", @reference).strip
+      hash = Gem::Util.popen(git_command, "rev-parse", @reference).strip
    end

    raise Gem::Exception,