File tree Expand file tree Collapse file tree 5 files changed +32
-25
lines changed
Filter options
Expand file tree Collapse file tree 5 files changed +32
-25
lines changed
Original file line number Diff line number Diff line change @@ -77,6 +77,7 @@ def name
7777 # @return [void]
7878 #
7979 def download
80+ validate_input
8081 ui_action ( "#{ name } ) do
8182 target_path . mkpath
8283 download!
@@ -121,6 +122,14 @@ def checkout_options
121122 raise 'Abstract method'
122123 end
123124
125+ # Provides a before-download check for safety of the options in the
126+ # concrete downloader.
127+ #
128+ # @return [void]
129+ #
130+ def validate_input
131+ end
132+
124133 # Returns a User-Agent string that itentifies http network requests as
125134 # originating from CocoaPods.
126135 # Contains version numbers from the CocoaPods Gem and the cocoapods-downloader Gem.
Original file line number Diff line number Diff line change @@ -21,7 +21,6 @@ def checkout_options
2121 end
2222
2323 def self . preprocess_options ( options )
24- validate_input options
2524 return options unless options [ :branch ]
2625
2726 command = [ 'ls-remote' ,
@@ -58,13 +57,7 @@ def self.commit_from_ls_remote(output, branch_name)
5857 match [ 1 ] unless match . nil?
5958 end
6059
61- def self . validate_input ( options )
62- input = [ options [ :git ] , options [ :branch ] , options [ :commit ] , options [ :tag ] ] . map ( &:to_s )
63- invalid = input . compact . any? { |value | value . start_with? ( '--' ) || value . include? ( ' --' ) }
64- raise DownloaderError , "Provided unsafe input for git #{ options } if invalid
65- end
66-
67- private_class_method :commit_from_ls_remote , :validate_input
60+ private_class_method :commit_from_ls_remote
6861
6962 private
7063
@@ -160,6 +153,12 @@ def checkout_commit
160153 def target_git ( *args )
161154 git! ( [ '-C' , target_path ] + args )
162155 end
156+
157+ def validate_input
158+ input = [ url , options [ :branch ] , options [ :commit ] , options [ :tag ] ] . map ( &:to_s )
159+ invalid = input . compact . any? { |value | value . start_with? ( '--' ) || value . include? ( ' --' ) }
160+ raise DownloaderError , "Provided unsafe input for git #{ options } if invalid
161+ end
163162 end
164163 end
165164end
Original file line number Diff line number Diff line change @@ -18,19 +18,6 @@ def checkout_options
1818 end
1919 end
2020
21- def self . preprocess_options ( options )
22- validate_input options
23- options
24- end
25-
26- def self . validate_input ( options )
27- input = [ options [ :hg ] , options [ :revision ] , options [ :branch ] , options [ :tag ] ] . map ( &:to_s )
28- invalid = input . compact . any? { |value | value . start_with? ( '--' ) || value . include? ( ' --' ) }
29- raise DownloaderError , "Provided unsafe input for hg #{ options } if invalid
30- end
31-
32- private_class_method :validate_input
33-
3421 private
3522
3623 executable :hg
@@ -62,6 +49,12 @@ def download_tag!
6249 def download_branch!
6350 hg! 'clone' , url , '--updaterev' , options [ :branch ] , @target_path
6451 end
52+
53+ def validate_input
54+ input = [ url , options [ :revision ] , options [ :branch ] , options [ :tag ] ] . map ( &:to_s )
55+ invalid = input . compact . any? { |value | value . start_with? ( '--' ) || value . include? ( ' --' ) }
56+ raise DownloaderError , "Provided unsafe input for hg #{ options } if invalid
57+ end
6558 end
6659 end
6760end
Original file line number Diff line number Diff line change @@ -294,19 +294,19 @@ def ensure_only_one_ref(folder)
294294 describe ':bad input' do
295295 it 'bails when you provide a bad input' do
296296 options = { :git => '--upload-pack=touch ./HELLO1;' , :branch => 'foo' }
297- e = lambda { Downloader . preprocess_options ( options ) } . should . raise DownloaderError
297+ e = lambda { Downloader . for_target ( tmp_folder , options ) . download } . should . raise DownloaderError
298298 e . message . should . match /Provided unsafe input/
299299 end
300300
301301 it 'bails when you provide a bad input after valid input' do
302302 options = { :git => 'github.com --upload-pack=touch ./HELLO1;' , :branch => 'foo' }
303- e = lambda { Downloader . preprocess_options ( options ) } . should . raise DownloaderError
303+ e = lambda { Downloader . for_target ( tmp_folder , options ) . download } . should . raise DownloaderError
304304 e . message . should . match /Provided unsafe input/
305305 end
306306
307307 it 'bails with other fields' do
308308 options = { :branch => '--upload-pack=touch ./HELLO1;' , :git => 'foo' }
309- e = lambda { Downloader . preprocess_options ( options ) } . should . raise DownloaderError
309+ e = lambda { Downloader . for_target ( tmp_folder , options ) . download } . should . raise DownloaderError
310310 e . message . should . match /Provided unsafe input/
311311 end
312312 end
Original file line number Diff line number Diff line change @@ -110,7 +110,13 @@ module Downloader
110110 describe ':bad input' do
111111 it 'bails when you provide a bad input' do
112112 options = { :hg => '--config=alias.clone=!touch ./HELLO2;' }
113- e = lambda { Downloader . preprocess_options ( options ) } . should . raise DownloaderError
113+ e = lambda { Downloader . for_target ( tmp_folder , options ) . download } . should . raise DownloaderError
114+ e . message . should . match /Provided unsafe input/
115+ end
116+
117+ it 'bails when you provide a bad input2' do
118+ options = { :hg => 'foo/bar' , :revision => '--config=alias.clone=!touch ./HELLO3;' }
119+ e = lambda { Downloader . for_target ( tmp_folder , options ) . download } . should . raise DownloaderError
114120 e . message . should . match /Provided unsafe input/
115121 end
116122 end
You can’t perform that action at this time.
0 commit comments