Skip to content
Permalink
Browse files Browse the repository at this point in the history
Clean any text present in gems before displaying it
This makes sure that any data pulled out of a gem spec is cleaned of all
non-printable characters before printing it. This prevents a gem from
causing havoc with a users terminal.
  • Loading branch information
evanphx authored and segiddins committed Aug 28, 2017
1 parent 8d91516 commit ef0aa61
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/rubygems/commands/query_command.rb
Expand Up @@ -226,7 +226,7 @@ def output_versions output, versions
end
end

output << make_entry(matching_tuples, platforms)
output << clean_text(make_entry(matching_tuples, platforms))
end
end

Expand Down
9 changes: 8 additions & 1 deletion lib/rubygems/text.rb
Expand Up @@ -6,13 +6,20 @@

module Gem::Text

##
# Remove any non-printable characters and make the text suitable for
# printing.
def clean_text(text)
text.gsub(/[\u0000-\u0008\u000b-\u000c\u000e-\u001F\u007f]/, ".".freeze)
end

##
# Wraps +text+ to +wrap+ characters and optionally indents by +indent+
# characters

def format_text(text, wrap, indent=0)
result = []
work = text.dup
work = clean_text(text)

while work.length > wrap do
if work =~ /^(.{0,#{wrap}})[ \n]/ then
Expand Down
40 changes: 40 additions & 0 deletions test/rubygems/test_gem_commands_query_command.rb
Expand Up @@ -116,6 +116,46 @@ def test_execute_details
This is a lot of text. This is a lot of text. This is a lot of text.
This is a lot of text.
pl (1)
Platform: i386-linux
Author: A User
Homepage: http://example.com
this is a summary
EOF

assert_equal expected, @ui.output
assert_equal '', @ui.error
end

def test_execute_details_cleans_text
spec_fetcher do |fetcher|
fetcher.spec 'a', 2 do |s|
s.summary = 'This is a lot of text. ' * 4
s.authors = ["Abraham Lincoln \u0001", "\u0002 Hirohito"]
s.homepage = "http://a.example.com/\u0003"
end

fetcher.legacy_platform
end

@cmd.handle_options %w[-r -d]

use_ui @ui do
@cmd.execute
end

expected = <<-EOF
*** REMOTE GEMS ***
a (2)
Authors: Abraham Lincoln ., . Hirohito
Homepage: http://a.example.com/.
This is a lot of text. This is a lot of text. This is a lot of text.
This is a lot of text.
pl (1)
Platform: i386-linux
Author: A User
Expand Down
4 changes: 4 additions & 0 deletions test/rubygems/test_gem_text.rb
Expand Up @@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after .
assert_equal expected, format_text(text, 78)
end

def test_format_removes_nonprintable_characters
assert_equal "text with weird .. stuff", format_text("text with weird \u001b\u0002 stuff", 40)
end

def test_min3
assert_equal 1, min3(1, 1, 1)
assert_equal 1, min3(1, 1, 2)
Expand Down

0 comments on commit ef0aa61

Please sign in to comment.