kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

[rubygems/rubygems] Fix bug where redacted credentials are sent to server

Browse source 
Implement deep cloning for `Gem::Uri` class to fix a bug where redacting
credentials modifies the URI string in place instead of returning a
modified copy.

https://github.com/rubygems/rubygems/commit/eafb5a279b
This commit is contained in:
Jonathan 2021-09-17 12:39:25 -06:00 committed by Hiroshi SHIBATA
parent 42dcac00b1
commit 13bb16f41e
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/rubygems/uri.rb
View file

@ -43,6 +43,11 @@ class Gem::Uri
@parsed_uri.respond_to?(method_name, include_private) || super
end
protected
# Add a protected reader for the cloned instance to access the original object's parsed uri
attr_reader :parsed_uri
private
##
@ -99,4 +104,8 @@ class Gem::Uri
def token?
!user.nil? && password.nil?
end
def initialize_copy(original)
@parsed_uri = original.parsed_uri.clone
end
end

7
test/rubygems/test_gem_uri.rb
View file

@ -29,4 +29,11 @@ class TestUri < Gem::TestCase
def test_redacted_with_invalid_uri
assert_equal "https://www.example.com:80index", Gem::Uri.new("https://www.example.com:80index").redacted.to_s
end
def test_redacted_does_not_modify_uri
url = 'https://user:password@example.com'
uri = Gem::Uri.new(url)
assert_equal 'https://user:REDACTED@example.com', uri.redacted.to_s
assert_equal url, uri.to_s
end
end