junaruga/bundler_cve_f35_ruby_2.6_runtest_non_dep_api_warn.log

## bundler_cve_f35_ruby_2.6_runtest_non_dep_api_warn.log
[mockbuild@0c20d978b71742d9a2748f28467f17a3 cve-2020-36327]$ SERVER=gem-server BUNDLE_WARN_ON_DEPENDENCY_CONFUSION=1 ./runtest.sh
* Arguments
  * SERVER: gem-server
  * TEST_SILENT: true
  * TEST_GEM_VERBOSE:
  * TEST_BUNDLE_DEBUG:
  * TEST_BUNDLE_VERBOSE:
  * TEST_BUNDLE_INSTALL_INDEX:
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/foo/foo.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.2/c.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.2/d.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.3/d.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.3/e.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar-malicious/bar.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.1/c.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.2/f.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.2/e.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.3/f.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar/bar.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay-malicious/a_okay.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.3/c.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.1/f.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/h-0.0.1/h.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay/a_okay.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.1/e.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.1/d.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/g-0.0.2/g.gemspec ...
* Installing gems to repositories ...
  * Public repo: Installing gems foo 0.0.1, a_okey 0.1.0, bar 0.1.0 and etc ...
  * Private repo: Installing gems a_okey 0.0.1, bar 0.0.1 and etc ...
  * Private 2 repo: Installing gems ...
* Starting repo server (server type: gem-server, port: 8801, pid: 4980)
* Starting repo server (server type: gem-server, port: 8802, pid: 4983)
* Starting repo server (server type: gem-server, port: 8803, pid: 4986)
* Testing ...

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer1.Gemfile [1]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer2.Gemfile [2]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally
  * rubygems repository http://127.0.0.1:8801/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer3.Gemfile [3]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer4.Gemfile [4]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally
  * rubygems repository http://127.0.0.1:8801/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer5.Gemfile [5]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching gem metadata from https://rubygems.org/
Fetching source index from https://rubygems.org/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Bundle complete! 1 Gemfile dependency, 3 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer6.Gemfile [6]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8803/
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8803/ or installed locally
  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching e 0.0.3
Installing e 0.0.3
Fetching d 0.0.3
Installing d 0.0.3
Fetching g 0.0.2
Installing g 0.0.2
Fetching c 0.0.2
Installing c 0.0.2
Fetching h 0.0.1
Installing h 0.0.1
Fetching f 0.0.1
Installing f 0.0.1
Bundle complete! 3 Gemfile dependencies, 9 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.
  => PASS - safe gem c version 0.0.2 installed from private repo.
  => FAIL - malicious gem d version 0.0.3 installed from public repo.
  => FAIL - malicious gem e version 0.0.3 installed from public repo.
  => PASS - safe gem f version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround1.Gemfile [7]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround2.Gemfile [8]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround3.Gemfile [9]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching gem metadata from https://rubygems.org/
Fetching source index from https://rubygems.org/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Bundle complete! 2 Gemfile dependencies, 3 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround4.Gemfile [10]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching source index from http://127.0.0.1:8802/
Fetching source index from http://127.0.0.1:8803/
Fetching source index from http://127.0.0.1:8801/
Your Gemfile contains scoped sources that don't implement a dependency API, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally
  * rubygems repository http://127.0.0.1:8803/ or installed locally

Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching e 0.0.2
Installing e 0.0.2
Fetching d 0.0.2
Installing d 0.0.2
Fetching g 0.0.2
Installing g 0.0.2
Fetching c 0.0.2
Installing c 0.0.2
Fetching h 0.0.1
Installing h 0.0.1
Fetching f 0.0.1
Installing f 0.0.1
Bundle complete! 6 Gemfile dependencies, 9 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.
  => PASS - safe gem c version 0.0.2 installed from private repo.
  => PASS - safe gem d version 0.0.2 installed from private repo.
  => PASS - safe gem e version 0.0.2 installed from private repo.
  => PASS - safe gem f version 0.0.1 installed from private repo.

* Result of tests
  * Number of total tests: 10
  * Number of succeeded tests: 4
  * Number of failed tests: 6
* Stopping repo server public (pid: 4980) ...
* Stopping repo server private (pid: 4983) ...
* Stopping repo server private2 (pid: 4986) ...
* Failed
	[mockbuild@0c20d978b71742d9a2748f28467f17a3 cve-2020-36327]$ SERVER=gem-server BUNDLE_WARN_ON_DEPENDENCY_CONFUSION=1 ./runtest.sh
	* Arguments
	* SERVER: gem-server
	* TEST_SILENT: true
	* TEST_GEM_VERBOSE:
	* TEST_BUNDLE_DEBUG:
	* TEST_BUNDLE_VERBOSE:
	* TEST_BUNDLE_INSTALL_INDEX:
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/foo/foo.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.2/c.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.2/d.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.3/d.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.3/e.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar-malicious/bar.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.1/c.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.2/f.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.2/e.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.3/f.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar/bar.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay-malicious/a_okay.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.3/c.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.1/f.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/h-0.0.1/h.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay/a_okay.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.1/e.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.1/d.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/g-0.0.2/g.gemspec ...
	* Installing gems to repositories ...
	* Public repo: Installing gems foo 0.0.1, a_okey 0.1.0, bar 0.1.0 and etc ...
	* Private repo: Installing gems a_okey 0.0.1, bar 0.0.1 and etc ...
	* Private 2 repo: Installing gems ...
	* Starting repo server (server type: gem-server, port: 8801, pid: 4980)
	* Starting repo server (server type: gem-server, port: 8802, pid: 4983)
	* Starting repo server (server type: gem-server, port: 8803, pid: 4986)
	* Testing ...

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer1.Gemfile [1]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer2.Gemfile [2]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally
	* rubygems repository http://127.0.0.1:8801/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer3.Gemfile [3]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer4.Gemfile [4]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally
	* rubygems repository http://127.0.0.1:8801/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer5.Gemfile [5]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching gem metadata from https://rubygems.org/
	Fetching source index from https://rubygems.org/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Bundle complete! 1 Gemfile dependency, 3 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer6.Gemfile [6]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8803/
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8803/ or installed locally
	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching e 0.0.3
	Installing e 0.0.3
	Fetching d 0.0.3
	Installing d 0.0.3
	Fetching g 0.0.2
	Installing g 0.0.2
	Fetching c 0.0.2
	Installing c 0.0.2
	Fetching h 0.0.1
	Installing h 0.0.1
	Fetching f 0.0.1
	Installing f 0.0.1
	Bundle complete! 3 Gemfile dependencies, 9 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.
	=> PASS - safe gem c version 0.0.2 installed from private repo.
	=> FAIL - malicious gem d version 0.0.3 installed from public repo.
	=> FAIL - malicious gem e version 0.0.3 installed from public repo.
	=> PASS - safe gem f version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround1.Gemfile [7]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround2.Gemfile [8]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround3.Gemfile [9]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching gem metadata from https://rubygems.org/
	Fetching source index from https://rubygems.org/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Bundle complete! 2 Gemfile dependencies, 3 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround4.Gemfile [10]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching source index from http://127.0.0.1:8802/
	Fetching source index from http://127.0.0.1:8803/
	Fetching source index from http://127.0.0.1:8801/
	Your Gemfile contains scoped sources that don't implement a dependency API, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally
	* rubygems repository http://127.0.0.1:8803/ or installed locally

	Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching e 0.0.2
	Installing e 0.0.2
	Fetching d 0.0.2
	Installing d 0.0.2
	Fetching g 0.0.2
	Installing g 0.0.2
	Fetching c 0.0.2
	Installing c 0.0.2
	Fetching h 0.0.1
	Installing h 0.0.1
	Fetching f 0.0.1
	Installing f 0.0.1
	Bundle complete! 6 Gemfile dependencies, 9 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.
	=> PASS - safe gem c version 0.0.2 installed from private repo.
	=> PASS - safe gem d version 0.0.2 installed from private repo.
	=> PASS - safe gem e version 0.0.2 installed from private repo.
	=> PASS - safe gem f version 0.0.1 installed from private repo.

	* Result of tests
	* Number of total tests: 10
	* Number of succeeded tests: 4
	* Number of failed tests: 6
	* Stopping repo server public (pid: 4980) ...
	* Stopping repo server private (pid: 4983) ...
	* Stopping repo server private2 (pid: 4986) ...
	* Failed