Skip to content

Commit ef0aa61

Browse files
evanphxsegiddins
authored andcommitted
Clean any text present in gems before displaying it
This makes sure that any data pulled out of a gem spec is cleaned of all non-printable characters before printing it. This prevents a gem from causing havoc with a users terminal.
1 parent 8d91516 commit ef0aa61

File tree

4 files changed

+53
-2
lines changed

4 files changed

+53
-2
lines changed

Diff for: lib/rubygems/commands/query_command.rb

+1-1
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,7 @@ def output_versions output, versions
226226
end
227227
end
228228

229-
output << make_entry(matching_tuples, platforms)
229+
output << clean_text(make_entry(matching_tuples, platforms))
230230
end
231231
end
232232

Diff for: lib/rubygems/text.rb

+8-1
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,20 @@
66

77
module Gem::Text
88

9+
##
10+
# Remove any non-printable characters and make the text suitable for
11+
# printing.
12+
def clean_text(text)
13+
text.gsub(/[\u0000-\u0008\u000b-\u000c\u000e-\u001F\u007f]/, ".".freeze)
14+
end
15+
916
##
1017
# Wraps +text+ to +wrap+ characters and optionally indents by +indent+
1118
# characters
1219

1320
def format_text(text, wrap, indent=0)
1421
result = []
15-
work = text.dup
22+
work = clean_text(text)
1623

1724
while work.length > wrap do
1825
if work =~ /^(.{0,#{wrap}})[ \n]/ then

Diff for: test/rubygems/test_gem_commands_query_command.rb

+40
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,46 @@ def test_execute_details
116116
This is a lot of text. This is a lot of text. This is a lot of text.
117117
This is a lot of text.
118118
119+
pl (1)
120+
Platform: i386-linux
121+
Author: A User
122+
Homepage: http://example.com
123+
124+
this is a summary
125+
EOF
126+
127+
assert_equal expected, @ui.output
128+
assert_equal '', @ui.error
129+
end
130+
131+
def test_execute_details_cleans_text
132+
spec_fetcher do |fetcher|
133+
fetcher.spec 'a', 2 do |s|
134+
s.summary = 'This is a lot of text. ' * 4
135+
s.authors = ["Abraham Lincoln \u0001", "\u0002 Hirohito"]
136+
s.homepage = "http://a.example.com/\u0003"
137+
end
138+
139+
fetcher.legacy_platform
140+
end
141+
142+
@cmd.handle_options %w[-r -d]
143+
144+
use_ui @ui do
145+
@cmd.execute
146+
end
147+
148+
expected = <<-EOF
149+
150+
*** REMOTE GEMS ***
151+
152+
a (2)
153+
Authors: Abraham Lincoln ., . Hirohito
154+
Homepage: http://a.example.com/.
155+
156+
This is a lot of text. This is a lot of text. This is a lot of text.
157+
This is a lot of text.
158+
119159
pl (1)
120160
Platform: i386-linux
121161
Author: A User

Diff for: test/rubygems/test_gem_text.rb

+4
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after .
3636
assert_equal expected, format_text(text, 78)
3737
end
3838

39+
def test_format_removes_nonprintable_characters
40+
assert_equal "text with weird .. stuff", format_text("text with weird \u001b\u0002 stuff", 40)
41+
end
42+
3943
def test_min3
4044
assert_equal 1, min3(1, 1, 1)
4145
assert_equal 1, min3(1, 1, 2)

0 commit comments

Comments
 (0)