Skip to content

Commit feadefc

Browse files
Jonathan Claudiussegiddins
Jonathan Claudius
authored andcommitted
Enforce URL validation on spec homepage attribute
1 parent 91ae1d2 commit feadefc

File tree

2 files changed

+24
-4
lines changed

2 files changed

+24
-4
lines changed

Diff for: lib/rubygems/specification.rb

+11-4
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
require 'rubygems/stub_specification'
1616
require 'rubygems/util/list'
1717
require 'stringio'
18+
require 'uri'
1819

1920
##
2021
# The Specification class contains the information for a Gem. Typically
@@ -2822,10 +2823,16 @@ def validate packaging = true
28222823
raise Gem::InvalidSpecificationException, "#{lazy} is not a summary"
28232824
end
28242825

2825-
if homepage and not homepage.empty? and
2826-
homepage !~ /\A[a-z][a-z\d+.-]*:/i then
2827-
raise Gem::InvalidSpecificationException,
2828-
"\"#{homepage}\" is not a URI"
2826+
# Make sure a homepage is valid HTTP/HTTPS URI
2827+
if homepage and not homepage.empty?
2828+
begin
2829+
homepage_uri = URI.parse(homepage)
2830+
unless [URI::HTTP, URI::HTTPS].member? homepage_uri.class
2831+
raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a URI"
2832+
end
2833+
rescue URI::InvalidURIError
2834+
raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a URI"
2835+
end
28292836
end
28302837

28312838
# Warnings

Diff for: test/rubygems/test_gem_specification.rb

+13
Original file line numberDiff line numberDiff line change
@@ -2887,6 +2887,19 @@ def test_validate_homepage
28872887
end
28882888

28892889
assert_equal '"over at my cool site" is not a URI', e.message
2890+
2891+
@a1.homepage = 'ftp://rubygems.org'
2892+
2893+
e = assert_raises Gem::InvalidSpecificationException do
2894+
@a1.validate
2895+
end
2896+
2897+
assert_equal '"ftp://rubygems.org" is not a URI', e.message
2898+
2899+
@a1.homepage = 'http://rubygems.org'
2900+
2901+
assert_equal true, @a1.validate
2902+
28902903
end
28912904
end
28922905

0 commit comments

Comments
 (0)