Created
December 2, 2021 21:29
-
-
Save junaruga/2e1658287c7bdea98e9e944910be62b1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[mockbuild@0c20d978b71742d9a2748f28467f17a3 cve-2020-36327]$ SERVER=gem-server ./runtest.sh | |
* Arguments | |
* SERVER: gem-server | |
* TEST_SILENT: true | |
* TEST_GEM_VERBOSE: | |
* TEST_BUNDLE_DEBUG: | |
* TEST_BUNDLE_VERBOSE: | |
* TEST_BUNDLE_INSTALL_INDEX: | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/foo/foo.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.2/c.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.2/d.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.3/d.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.3/e.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar-malicious/bar.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.1/c.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.2/f.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.2/e.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.3/f.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar/bar.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay-malicious/a_okay.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.3/c.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.1/f.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/h-0.0.1/h.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay/a_okay.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.1/e.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.1/d.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/g-0.0.2/g.gemspec ... | |
* Installing gems to repositories ... | |
* Public repo: Installing gems foo 0.0.1, a_okey 0.1.0, bar 0.1.0 and etc ... | |
* Private repo: Installing gems a_okey 0.0.1, bar 0.0.1 and etc ... | |
* Private 2 repo: Installing gems ... | |
* Starting repo server (server type: gem-server, port: 8801, pid: 4466) | |
* Starting repo server (server type: gem-server, port: 8802, pid: 4469) | |
* Starting repo server (server type: gem-server, port: 8803, pid: 4472) | |
* Testing ... | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer1.Gemfile [1] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer2.Gemfile [2] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
* rubygems repository http://127.0.0.1:8801/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer3.Gemfile [3] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer4.Gemfile [4] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
* rubygems repository http://127.0.0.1:8801/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer5.Gemfile [5] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching gem metadata from https://rubygems.org/ | |
Fetching source index from https://rubygems.org/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer6.Gemfile [6] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8803/ | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8803/ or installed locally | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
=> FAIL - no or unknown c version installed. | |
=> FAIL - no or unknown d version installed. | |
=> FAIL - no or unknown e version installed. | |
=> FAIL - no or unknown f version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround1.Gemfile [7] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround2.Gemfile [8] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround3.Gemfile [9] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching gem metadata from https://rubygems.org/ | |
Fetching source index from https://rubygems.org/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround4.Gemfile [10] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching source index from http://127.0.0.1:8802/ | |
Fetching source index from http://127.0.0.1:8803/ | |
Fetching source index from http://127.0.0.1:8801/ | |
Your Gemfile contains scoped sources that don't implement a dependency API, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
* rubygems repository http://127.0.0.1:8803/ or installed locally | |
Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. Or set the | |
environment variable BUNDLE_ALLOW_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
=> FAIL - no or unknown c version installed. | |
=> FAIL - no or unknown d version installed. | |
=> FAIL - no or unknown e version installed. | |
=> FAIL - no or unknown f version installed. | |
* Result of tests | |
* Number of total tests: 10 | |
* Number of succeeded tests: 0 | |
* Number of failed tests: 10 | |
* Stopping repo server public (pid: 4466) ... | |
* Stopping repo server private (pid: 4469) ... | |
* Stopping repo server private2 (pid: 4472) ... | |
* Failed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment