mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
[rubygems/rubygems] Fix bug where redacted credentials are sent to server
Implement deep cloning for `Gem::Uri` class to fix a bug where redacting credentials modifies the URI string in place instead of returning a modified copy. https://github.com/rubygems/rubygems/commit/eafb5a279b
This commit is contained in:
parent
42dcac00b1
commit
13bb16f41e
2 changed files with 16 additions and 0 deletions
|
@ -43,6 +43,11 @@ class Gem::Uri
|
|||
@parsed_uri.respond_to?(method_name, include_private) || super
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
# Add a protected reader for the cloned instance to access the original object's parsed uri
|
||||
attr_reader :parsed_uri
|
||||
|
||||
private
|
||||
|
||||
##
|
||||
|
@ -99,4 +104,8 @@ class Gem::Uri
|
|||
def token?
|
||||
!user.nil? && password.nil?
|
||||
end
|
||||
|
||||
def initialize_copy(original)
|
||||
@parsed_uri = original.parsed_uri.clone
|
||||
end
|
||||
end
|
||||
|
|
|
@ -29,4 +29,11 @@ class TestUri < Gem::TestCase
|
|||
def test_redacted_with_invalid_uri
|
||||
assert_equal "https://www.example.com:80index", Gem::Uri.new("https://www.example.com:80index").redacted.to_s
|
||||
end
|
||||
|
||||
def test_redacted_does_not_modify_uri
|
||||
url = 'https://user:password@example.com'
|
||||
uri = Gem::Uri.new(url)
|
||||
assert_equal 'https://user:REDACTED@example.com', uri.redacted.to_s
|
||||
assert_equal url, uri.to_s
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue