junaruga/bundler_cve_f35_ruby_2.6_runtest_warn.log

## bundler_cve_f35_ruby_2.6_runtest_warn.log
[mockbuild@0c20d978b71742d9a2748f28467f17a3 cve-2020-36327]$ BUNDLE_WARN_ON_DEPENDENCY_CONFUSION=1 ./runtest.sh
* Arguments
  * SERVER: geminabox
  * TEST_SILENT: true
  * TEST_GEM_VERBOSE:
  * TEST_BUNDLE_DEBUG:
  * TEST_BUNDLE_VERBOSE:
  * TEST_BUNDLE_INSTALL_INDEX:
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/foo/foo.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.2/c.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.2/d.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.3/d.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.3/e.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar-malicious/bar.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.1/c.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.2/f.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.2/e.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.3/f.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar/bar.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay-malicious/a_okay.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.3/c.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.1/f.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/h-0.0.1/h.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay/a_okay.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.1/e.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.1/d.gemspec ...
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/g-0.0.2/g.gemspec ...
* Installing gems to repositories ...
  * Public repo: Installing gems foo 0.0.1, a_okey 0.1.0, bar 0.1.0 and etc ...
  * Private repo: Installing gems a_okey 0.0.1, bar 0.0.1 and etc ...
  * Private 2 repo: Installing gems ...
* Starting repo server (server type: geminabox, port: 8801, pid: 3462)
* Starting repo server (server type: geminabox, port: 8802, pid: 3472)
* Starting repo server (server type: geminabox, port: 8803, pid: 3482)
* Testing ...

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer1.Gemfile [1]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer2.Gemfile [2]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8801/..
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally
  * rubygems repository http://127.0.0.1:8801/ or installed locally

Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer3.Gemfile [3]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer4.Gemfile [4]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8801/..
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally
  * rubygems repository http://127.0.0.1:8801/ or installed locally

Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer5.Gemfile [5]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from https://rubygems.org/
Fetching gem metadata from https://rubygems.org/.
Fetching gem metadata from https://rubygems.org/.
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Bundle complete! 1 Gemfile dependency, 3 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

* Testing with /mnt/cve-2020-36327/test/bundler/reproducer6.Gemfile [6]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8803/...
Fetching gem metadata from http://127.0.0.1:8802/....
Fetching gem metadata from http://127.0.0.1:8801/.
Fetching gem metadata from http://127.0.0.1:8803/...
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8803/...
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Your Gemfile contains implicit dependency gems a_okay, d, e on the scoped sources, namely:

  * rubygems repository http://127.0.0.1:8803/ or installed locally
  * rubygems repository http://127.0.0.1:8802/ or installed locally

Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
Resolving dependencies...
Fetching a_okay 0.1.0
Installing a_okay 0.1.0
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching e 0.0.3
Installing e 0.0.3
Fetching d 0.0.3
Installing d 0.0.3
Fetching g 0.0.2
Installing g 0.0.2
Fetching c 0.0.2
Installing c 0.0.2
Fetching h 0.0.1
Installing h 0.0.1
Fetching f 0.0.1
Installing f 0.0.1
Bundle complete! 3 Gemfile dependencies, 9 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => FAIL - malicious gem a_okay version 0.1.0 installed from public repo.
  => PASS - safe gem c version 0.0.2 installed from private repo.
  => FAIL - malicious gem d version 0.0.3 installed from public repo.
  => FAIL - malicious gem e version 0.0.3 installed from public repo.
  => PASS - safe gem f version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround1.Gemfile [7]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8802/..
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround2.Gemfile [8]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8801/..
Fetching gem metadata from http://127.0.0.1:8802/..
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching foo 0.0.1
Installing foo 0.0.1
Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround3.Gemfile [9]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from https://rubygems.org/
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Bundle complete! 2 Gemfile dependencies, 3 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.

* Testing with /mnt/cve-2020-36327/test/bundler/workaround4.Gemfile [10]
* Running 'bundle install' on BUNDLE_PATH: app ...
Fetching gem metadata from http://127.0.0.1:8802/...
Fetching gem metadata from http://127.0.0.1:8803/...
Fetching gem metadata from http://127.0.0.1:8801/.
Fetching gem metadata from http://127.0.0.1:8802/..
Fetching gem metadata from http://127.0.0.1:8803/..
Fetching gem metadata from http://127.0.0.1:8801/..
Resolving dependencies...
Fetching a_okay 0.0.1
Installing a_okay 0.0.1
Fetching bar 0.0.1
Installing bar 0.0.1
Using bundler 1.17.2
Fetching e 0.0.2
Installing e 0.0.2
Fetching d 0.0.2
Installing d 0.0.2
Fetching g 0.0.2
Installing g 0.0.2
Fetching c 0.0.2
Installing c 0.0.2
Fetching h 0.0.1
Installing h 0.0.1
Fetching f 0.0.1
Installing f 0.0.1
Bundle complete! 6 Gemfile dependencies, 9 gems now installed.
Bundled gems are installed into `./app`
  => PASS - safe gem bar version 0.0.1 installed from private repo.
  => PASS - safe gem a_okay version 0.0.1 installed from private repo.
  => PASS - safe gem c version 0.0.2 installed from private repo.
  => PASS - safe gem d version 0.0.2 installed from private repo.
  => PASS - safe gem e version 0.0.2 installed from private repo.
  => PASS - safe gem f version 0.0.1 installed from private repo.

* Result of tests
  * Number of total tests: 10
  * Number of succeeded tests: 4
  * Number of failed tests: 6
* Stopping repo server public (pid: 3462) ...
* Stopping repo server private (pid: 3472) ...
* Stopping repo server private2 (pid: 3482) ...
* Failed
	[mockbuild@0c20d978b71742d9a2748f28467f17a3 cve-2020-36327]$ BUNDLE_WARN_ON_DEPENDENCY_CONFUSION=1 ./runtest.sh
	* Arguments
	* SERVER: geminabox
	* TEST_SILENT: true
	* TEST_GEM_VERBOSE:
	* TEST_BUNDLE_DEBUG:
	* TEST_BUNDLE_VERBOSE:
	* TEST_BUNDLE_INSTALL_INDEX:
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/foo/foo.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.2/c.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.2/d.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.3/d.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.3/e.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar-malicious/bar.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.1/c.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.2/f.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.2/e.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.3/f.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar/bar.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay-malicious/a_okay.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.3/c.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.1/f.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/h-0.0.1/h.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay/a_okay.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.1/e.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.1/d.gemspec ...
	* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/g-0.0.2/g.gemspec ...
	* Installing gems to repositories ...
	* Public repo: Installing gems foo 0.0.1, a_okey 0.1.0, bar 0.1.0 and etc ...
	* Private repo: Installing gems a_okey 0.0.1, bar 0.0.1 and etc ...
	* Private 2 repo: Installing gems ...
	* Starting repo server (server type: geminabox, port: 8801, pid: 3462)
	* Starting repo server (server type: geminabox, port: 8802, pid: 3472)
	* Starting repo server (server type: geminabox, port: 8803, pid: 3482)
	* Testing ...

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer1.Gemfile [1]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/...
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer2.Gemfile [2]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/...
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally
	* rubygems repository http://127.0.0.1:8801/ or installed locally

	Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer3.Gemfile [3]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/...
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer4.Gemfile [4]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/...
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally
	* rubygems repository http://127.0.0.1:8801/ or installed locally

	Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 2 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer5.Gemfile [5]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/...
	Fetching gem metadata from https://rubygems.org/
	Fetching gem metadata from https://rubygems.org/.
	Fetching gem metadata from https://rubygems.org/.
	Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely:

	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Bundle complete! 1 Gemfile dependency, 3 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/reproducer6.Gemfile [6]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8803/...
	Fetching gem metadata from http://127.0.0.1:8802/....
	Fetching gem metadata from http://127.0.0.1:8801/.
	Fetching gem metadata from http://127.0.0.1:8803/...
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8803/...
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Your Gemfile contains implicit dependency gems a_okay, d, e on the scoped sources, namely:

	* rubygems repository http://127.0.0.1:8803/ or installed locally
	* rubygems repository http://127.0.0.1:8802/ or installed locally

	Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
	Resolving dependencies...
	Fetching a_okay 0.1.0
	Installing a_okay 0.1.0
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching e 0.0.3
	Installing e 0.0.3
	Fetching d 0.0.3
	Installing d 0.0.3
	Fetching g 0.0.2
	Installing g 0.0.2
	Fetching c 0.0.2
	Installing c 0.0.2
	Fetching h 0.0.1
	Installing h 0.0.1
	Fetching f 0.0.1
	Installing f 0.0.1
	Bundle complete! 3 Gemfile dependencies, 9 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> FAIL - malicious gem a_okay version 0.1.0 installed from public repo.
	=> PASS - safe gem c version 0.0.2 installed from private repo.
	=> FAIL - malicious gem d version 0.0.3 installed from public repo.
	=> FAIL - malicious gem e version 0.0.3 installed from public repo.
	=> PASS - safe gem f version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround1.Gemfile [7]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8802/..
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround2.Gemfile [8]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Fetching gem metadata from http://127.0.0.1:8802/..
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching foo 0.0.1
	Installing foo 0.0.1
	Bundle complete! 3 Gemfile dependencies, 4 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround3.Gemfile [9]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from https://rubygems.org/
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Bundle complete! 2 Gemfile dependencies, 3 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.

	* Testing with /mnt/cve-2020-36327/test/bundler/workaround4.Gemfile [10]
	* Running 'bundle install' on BUNDLE_PATH: app ...
	Fetching gem metadata from http://127.0.0.1:8802/...
	Fetching gem metadata from http://127.0.0.1:8803/...
	Fetching gem metadata from http://127.0.0.1:8801/.
	Fetching gem metadata from http://127.0.0.1:8802/..
	Fetching gem metadata from http://127.0.0.1:8803/..
	Fetching gem metadata from http://127.0.0.1:8801/..
	Resolving dependencies...
	Fetching a_okay 0.0.1
	Installing a_okay 0.0.1
	Fetching bar 0.0.1
	Installing bar 0.0.1
	Using bundler 1.17.2
	Fetching e 0.0.2
	Installing e 0.0.2
	Fetching d 0.0.2
	Installing d 0.0.2
	Fetching g 0.0.2
	Installing g 0.0.2
	Fetching c 0.0.2
	Installing c 0.0.2
	Fetching h 0.0.1
	Installing h 0.0.1
	Fetching f 0.0.1
	Installing f 0.0.1
	Bundle complete! 6 Gemfile dependencies, 9 gems now installed.
	Bundled gems are installed into `./app`
	=> PASS - safe gem bar version 0.0.1 installed from private repo.
	=> PASS - safe gem a_okay version 0.0.1 installed from private repo.
	=> PASS - safe gem c version 0.0.2 installed from private repo.
	=> PASS - safe gem d version 0.0.2 installed from private repo.
	=> PASS - safe gem e version 0.0.2 installed from private repo.
	=> PASS - safe gem f version 0.0.1 installed from private repo.

	* Result of tests
	* Number of total tests: 10
	* Number of succeeded tests: 4
	* Number of failed tests: 6
	* Stopping repo server public (pid: 3462) ...
	* Stopping repo server private (pid: 3472) ...
	* Stopping repo server private2 (pid: 3482) ...
	* Failed