Created
December 8, 2021 13:40
-
-
Save junaruga/fc10bd98b21c03e6a62a78210900313f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[mockbuild@0838dc6f5d5545e88ac9166d5017e88c cve-2020-36327]$ ./runtest.sh | |
* Arguments | |
* SERVER: geminabox | |
* RUBYOPT: | |
* TEST_SILENT: true | |
* TEST_GEM_VERBOSE: | |
* TEST_BUNDLE: bundle | |
* TEST_BUNDLE_DEBUG: | |
* TEST_BUNDLE_VERBOSE: | |
* TEST_BUNDLE_INSTALL_INDEX: | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/foo/foo.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.2/c.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.2/d.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.3/d.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.3/e.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar-malicious/bar.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.1/c.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.2/f.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.2/e.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.3/f.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/bar/bar.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay-malicious/a_okay.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/c-0.0.3/c.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/f-0.0.1/f.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/h-0.0.1/h.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/a_okay/a_okay.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/e-0.0.1/e.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/d-0.0.1/d.gemspec ... | |
* Building gem with gemspec file /mnt/cve-2020-36327/test/fixtures/gems/g-0.0.2/g.gemspec ... | |
* Installing gems to repositories ... | |
* Public repo: Installing gems foo 0.0.1, a_okey 0.1.0, bar 0.1.0 and etc ... | |
* Private repo: Installing gems a_okey 0.0.1, bar 0.0.1 and etc ... | |
* Private 2 repo: Installing gems ... | |
* Starting repo server (server type: geminabox, port: 8801, pid: 361) | |
* Starting repo server (server type: geminabox, port: 8802, pid: 371) | |
* Starting repo server (server type: geminabox, port: 8803, pid: 380) | |
* Testing ... | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer1.Gemfile [1] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile. Or set the environment variable | |
BUNDLE_WARN_ON_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer2.Gemfile [2] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
* rubygems repository http://127.0.0.1:8801/ or installed locally | |
Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile. Or set the environment variable | |
BUNDLE_WARN_ON_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer3.Gemfile [3] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile. Or set the environment variable | |
BUNDLE_WARN_ON_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer4.Gemfile [4] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
* rubygems repository http://127.0.0.1:8801/ or installed locally | |
Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile. Or set the environment variable | |
BUNDLE_WARN_ON_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/reproducer5.Gemfile [5] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from https://rubygems.org/ | |
Fetching gem metadata from https://rubygems.org/. | |
Fetching gem metadata from https://rubygems.org/. | |
Your Gemfile contains implicit dependency gems a_okay on the scoped sources, namely: | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile. Or set the environment variable | |
BUNDLE_WARN_ON_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/test1.Gemfile [6] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8803/... | |
Fetching gem metadata from http://127.0.0.1:8802/.... | |
Fetching gem metadata from http://127.0.0.1:8801/. | |
Fetching gem metadata from http://127.0.0.1:8803/... | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8803/... | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Your Gemfile contains implicit dependency gems a_okay, d, e on the scoped sources, namely: | |
* rubygems repository http://127.0.0.1:8803/ or installed locally | |
* rubygems repository http://127.0.0.1:8802/ or installed locally | |
Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile. Or set the environment variable | |
BUNDLE_WARN_ON_DEPENDENCY_CONFUSION. | |
* The 'bundle install' failed with exit status non-zero. | |
=> FAIL - no or unknown bar version installed. | |
=> FAIL - no or unknown a_okay version installed. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround1.Gemfile [7] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Resolving dependencies... | |
Fetching a_okay 0.0.1 | |
Installing a_okay 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Using bundler 1.17.2 | |
Fetching foo 0.0.1 | |
Installing foo 0.0.1 | |
Bundle complete! 3 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./app` | |
=> PASS - safe gem bar version 0.0.1 installed from private repo. | |
=> PASS - safe gem a_okay version 0.0.1 installed from private repo. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround2.Gemfile [8] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Resolving dependencies... | |
Fetching a_okay 0.0.1 | |
Installing a_okay 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Using bundler 1.17.2 | |
Fetching foo 0.0.1 | |
Installing foo 0.0.1 | |
Bundle complete! 3 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./app` | |
=> PASS - safe gem bar version 0.0.1 installed from private repo. | |
=> PASS - safe gem a_okay version 0.0.1 installed from private repo. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround3.Gemfile [9] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from https://rubygems.org/ | |
Resolving dependencies... | |
Fetching a_okay 0.0.1 | |
Installing a_okay 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Using bundler 1.17.2 | |
Bundle complete! 2 Gemfile dependencies, 3 gems now installed. | |
Bundled gems are installed into `./app` | |
=> PASS - safe gem bar version 0.0.1 installed from private repo. | |
=> PASS - safe gem a_okay version 0.0.1 installed from private repo. | |
* Testing with /mnt/cve-2020-36327/test/bundler/workaround4.Gemfile [10] | |
* Running 'bundle install' on BUNDLE_PATH: app ... | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8803/... | |
Fetching gem metadata from http://127.0.0.1:8801/. | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8803/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Resolving dependencies... | |
Fetching a_okay 0.0.1 | |
Installing a_okay 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Using bundler 1.17.2 | |
Fetching e 0.0.2 | |
Installing e 0.0.2 | |
Fetching d 0.0.2 | |
Installing d 0.0.2 | |
Fetching g 0.0.2 | |
Installing g 0.0.2 | |
Fetching c 0.0.2 | |
Installing c 0.0.2 | |
Fetching h 0.0.1 | |
Installing h 0.0.1 | |
Fetching f 0.0.1 | |
Installing f 0.0.1 | |
Bundle complete! 6 Gemfile dependencies, 9 gems now installed. | |
Bundled gems are installed into `./app` | |
=> PASS - safe gem bar version 0.0.1 installed from private repo. | |
=> PASS - safe gem a_okay version 0.0.1 installed from private repo. | |
=> PASS - safe gem c version 0.0.2 installed from private repo. | |
=> PASS - safe gem d version 0.0.2 installed from private repo. | |
=> PASS - safe gem e version 0.0.2 installed from private repo. | |
=> PASS - safe gem f version 0.0.1 installed from private repo. | |
* Result of tests | |
* Number of total tests: 10 | |
* Number of succeeded tests: 4 | |
* Number of failed tests: 6 | |
* Stopping repo server public (pid: 361) ... | |
* Stopping repo server private (pid: 371) ... | |
* Stopping repo server private2 (pid: 380) ... | |
* Failed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment