Last active
July 7, 2021 16:12
-
-
Save pvalena/cca305f10c8ccbf4fd5050711a1abdbf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+ ./runtest.sh all | |
geminabox | |
removed 'gems/a_okay-malicious/a_okay-0.1.0.gem' | |
removed 'gems/a_okay/a_okay-0.0.1.gem' | |
removed 'gems/bar-malicious/bar-0.1.0.gem' | |
removed 'gems/bar/bar-0.0.1.gem' | |
removed 'gems/foo/foo-0.0.1.gem' | |
removed 'server-private.log' | |
removed 'server-public.log' | |
* Building gems/foo/foo-0.0.1.gem ... | |
Successfully built RubyGem | |
Name: foo | |
Version: 0.0.1 | |
File: foo-0.0.1.gem | |
* Building gems/bar/bar-0.0.1.gem ... | |
WARNING: open-ended dependency on a_okay (>= 0.0.1) is not recommended | |
if a_okay is semantically versioned, use: | |
add_runtime_dependency 'a_okay', '~> 0.0', '>= 0.0.1' | |
WARNING: See https://guides.rubygems.org/specification-reference/ for help | |
Successfully built RubyGem | |
Name: bar | |
Version: 0.0.1 | |
File: bar-0.0.1.gem | |
* Building gems/a_okay/a_okay-0.0.1.gem ... | |
Successfully built RubyGem | |
Name: a_okay | |
Version: 0.0.1 | |
File: a_okay-0.0.1.gem | |
* Building gems/a_okay-malicious/a_okay-0.1.0.gem ... | |
Successfully built RubyGem | |
Name: a_okay | |
Version: 0.1.0 | |
File: a_okay-0.1.0.gem | |
* Building gems/bar-malicious/bar-0.1.0.gem ... | |
WARNING: open-ended dependency on a_okay (>= 0.0.1) is not recommended | |
if a_okay is semantically versioned, use: | |
add_runtime_dependency 'a_okay', '~> 0.0', '>= 0.0.1' | |
WARNING: See https://guides.rubygems.org/specification-reference/ for help | |
Successfully built RubyGem | |
Name: bar | |
Version: 0.1.0 | |
File: bar-0.1.0.gem | |
* Installing gems to repositories... | |
Successfully installed foo-0.0.1 | |
Parsing documentation for foo-0.0.1 | |
Installing ri documentation for foo-0.0.1 | |
Done installing documentation for foo after 0 seconds | |
1 gem installed | |
Successfully installed a_okay-0.1.0 | |
Parsing documentation for a_okay-0.1.0 | |
Installing ri documentation for a_okay-0.1.0 | |
Done installing documentation for a_okay after 0 seconds | |
1 gem installed | |
Successfully installed bar-0.1.0 | |
Parsing documentation for bar-0.1.0 | |
Installing ri documentation for bar-0.1.0 | |
Done installing documentation for bar after 0 seconds | |
1 gem installed | |
Successfully installed a_okay-0.0.1 | |
Parsing documentation for a_okay-0.0.1 | |
Installing ri documentation for a_okay-0.0.1 | |
Done installing documentation for a_okay after 0 seconds | |
1 gem installed | |
Successfully installed bar-0.0.1 | |
Parsing documentation for bar-0.0.1 | |
Installing ri documentation for bar-0.0.1 | |
Done installing documentation for bar after 0 seconds | |
1 gem installed | |
Fetching ruby2_keywords-0.0.4.gem | |
Fetching rack-2.2.3.gem | |
Fetching mustermann-1.1.1.gem | |
Fetching tilt-2.0.10.gem | |
Fetching sinatra-2.1.0.gem | |
Fetching builder-3.2.4.gem | |
Fetching rack-protection-2.1.0.gem | |
Fetching httpclient-2.8.3.gem | |
Fetching nesty-1.0.2.gem | |
Fetching faraday-em_http-1.0.0.gem | |
Fetching faraday-em_synchrony-1.0.0.gem | |
Fetching faraday-excon-1.1.0.gem | |
Fetching faraday-httpclient-1.0.1.gem | |
Fetching faraday-net_http-1.0.1.gem | |
Fetching faraday-net_http_persistent-1.1.0.gem | |
Fetching faraday-patron-1.0.0.gem | |
Fetching geminabox-1.4.1.gem | |
Fetching multipart-post-2.1.1.gem | |
Fetching faraday-1.5.0.gem | |
Fetching reentrant_flock-0.1.1.gem | |
Successfully installed rack-2.2.3 | |
Successfully installed tilt-2.0.10 | |
Successfully installed rack-protection-2.1.0 | |
Successfully installed ruby2_keywords-0.0.4 | |
Successfully installed mustermann-1.1.1 | |
Successfully installed sinatra-2.1.0 | |
Successfully installed builder-3.2.4 | |
Successfully installed httpclient-2.8.3 | |
Successfully installed nesty-1.0.2 | |
Successfully installed faraday-em_http-1.0.0 | |
Successfully installed faraday-em_synchrony-1.0.0 | |
Successfully installed faraday-excon-1.1.0 | |
Successfully installed faraday-httpclient-1.0.1 | |
Successfully installed faraday-net_http-1.0.1 | |
Successfully installed faraday-net_http_persistent-1.1.0 | |
Successfully installed faraday-patron-1.0.0 | |
Successfully installed multipart-post-2.1.1 | |
Successfully installed faraday-1.5.0 | |
Successfully installed reentrant_flock-0.1.1 | |
Successfully installed geminabox-1.4.1 | |
Parsing documentation for rack-2.2.3 | |
Installing ri documentation for rack-2.2.3 | |
Parsing documentation for tilt-2.0.10 | |
Installing ri documentation for tilt-2.0.10 | |
Parsing documentation for rack-protection-2.1.0 | |
Installing ri documentation for rack-protection-2.1.0 | |
Parsing documentation for ruby2_keywords-0.0.4 | |
Installing ri documentation for ruby2_keywords-0.0.4 | |
Parsing documentation for mustermann-1.1.1 | |
Installing ri documentation for mustermann-1.1.1 | |
Parsing documentation for sinatra-2.1.0 | |
Installing ri documentation for sinatra-2.1.0 | |
Parsing documentation for builder-3.2.4 | |
Installing ri documentation for builder-3.2.4 | |
Parsing documentation for httpclient-2.8.3 | |
Installing ri documentation for httpclient-2.8.3 | |
Parsing documentation for nesty-1.0.2 | |
Installing ri documentation for nesty-1.0.2 | |
Parsing documentation for faraday-em_http-1.0.0 | |
Installing ri documentation for faraday-em_http-1.0.0 | |
Parsing documentation for faraday-em_synchrony-1.0.0 | |
Installing ri documentation for faraday-em_synchrony-1.0.0 | |
Parsing documentation for faraday-excon-1.1.0 | |
Installing ri documentation for faraday-excon-1.1.0 | |
Parsing documentation for faraday-httpclient-1.0.1 | |
Installing ri documentation for faraday-httpclient-1.0.1 | |
Parsing documentation for faraday-net_http-1.0.1 | |
Installing ri documentation for faraday-net_http-1.0.1 | |
Parsing documentation for faraday-net_http_persistent-1.1.0 | |
Installing ri documentation for faraday-net_http_persistent-1.1.0 | |
Parsing documentation for faraday-patron-1.0.0 | |
Installing ri documentation for faraday-patron-1.0.0 | |
Parsing documentation for multipart-post-2.1.1 | |
Installing ri documentation for multipart-post-2.1.1 | |
Parsing documentation for faraday-1.5.0 | |
Installing ri documentation for faraday-1.5.0 | |
Parsing documentation for reentrant_flock-0.1.1 | |
Installing ri documentation for reentrant_flock-0.1.1 | |
Parsing documentation for geminabox-1.4.1 | |
Installing ri documentation for geminabox-1.4.1 | |
Done installing documentation for rack, tilt, rack-protection, ruby2_keywords, mustermann, sinatra, builder, httpclient, nesty, faraday-em_http, faraday-em_synchrony, faraday-excon, faraday-httpclient, faraday-net_http, faraday-net_http_persistent, faraday-patron, multipart-post, faraday, reentrant_flock, geminabox after 262 seconds | |
20 gems installed | |
~/cve-2020-36327/repos/public ~/cve-2020-36327 | |
Pushing a_okay-0.1.0.gem to http://127.0.0.1:8801/... | |
Generating Marshal quick index gemspecs for 1 gems | |
. | |
Complete | |
Generated Marshal quick index gemspecs: 0.001s | |
Generating specs index | |
Generated specs index: 0.000s | |
Generating latest specs index | |
Generated latest specs index: 0.000s | |
Generating prerelease specs index | |
Generated prerelease specs index: 0.000s | |
Compressing indices | |
Compressed indices: 0.000s | |
Gem a_okay-0.1.0.gem received and indexed. | |
Pushing bar-0.1.0.gem to http://127.0.0.1:8801/... | |
Generating Marshal quick index gemspecs for 1 gems | |
. | |
Complete | |
Generated Marshal quick index gemspecs: 0.000s | |
Updated indexes: 0.000s | |
Compressing indices | |
Compressed indices: 0.000s | |
Gem bar-0.1.0.gem received and indexed. | |
Pushing foo-0.0.1.gem to http://127.0.0.1:8801/... | |
Generating Marshal quick index gemspecs for 2 gems | |
.. | |
Complete | |
Generated Marshal quick index gemspecs: 0.001s | |
Updated indexes: 0.001s | |
Compressing indices | |
Compressed indices: 0.000s | |
Gem foo-0.0.1.gem received and indexed. | |
~/cve-2020-36327 | |
~/cve-2020-36327/repos/private ~/cve-2020-36327 | |
Pushing a_okay-0.0.1.gem to http://127.0.0.1:8802/... | |
Generating Marshal quick index gemspecs for 1 gems | |
. | |
Complete | |
Generated Marshal quick index gemspecs: 0.000s | |
Generating specs index | |
Generated specs index: 0.000s | |
Generating latest specs index | |
Generated latest specs index: 0.000s | |
Generating prerelease specs index | |
Generated prerelease specs index: 0.000s | |
Compressing indices | |
Compressed indices: 0.000s | |
Gem a_okay-0.0.1.gem received and indexed. | |
Pushing bar-0.0.1.gem to http://127.0.0.1:8802/... | |
Generating Marshal quick index gemspecs for 1 gems | |
. | |
Complete | |
Generated Marshal quick index gemspecs: 0.001s | |
Updated indexes: 0.000s | |
Compressing indices | |
Compressed indices: 0.000s | |
Gem bar-0.0.1.gem received and indexed. | |
~/cve-2020-36327 | |
PID TTY STAT TIME COMMAND | |
389 pts/0 Sl+ 0:00 /usr/bin/ruby-mri /builddir/bin/rackup -o 127.0.0.1 -p 8801 | |
396 pts/0 Sl+ 0:00 /usr/bin/ruby-mri /builddir/bin/rackup -o 127.0.0.1 -p 8802 | |
* Reproducer: reproducer1.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Resolving dependencies... | |
Using bundler 2.2.20 | |
Fetching a_okay 0.0.1 | |
Fetching foo 0.0.1 | |
Installing a_okay 0.0.1 | |
Installing foo 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 2 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed | |
* Reproducer: reproducer2.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Resolving dependencies... | |
Using bundler 2.2.20 | |
Fetching a_okay 0.0.1 | |
Fetching foo 0.0.1 | |
Installing a_okay 0.0.1 | |
Installing foo 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 2 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed | |
* Reproducer: reproducer3.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Resolving dependencies... | |
Fetching a_okay 0.0.1 | |
Using bundler 2.2.20 | |
Fetching foo 0.0.1 | |
Installing a_okay 0.0.1 | |
Installing foo 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 2 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed | |
* Reproducer: reproducer4.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Resolving dependencies... | |
Using bundler 2.2.20 | |
Fetching a_okay 0.0.1 | |
Fetching foo 0.0.1 | |
Installing foo 0.0.1 | |
Installing a_okay 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 2 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed | |
* Reproducer: reproducer5.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/... | |
Resolving dependencies... | |
Using bundler 2.2.20 | |
Fetching a_okay 0.0.1 | |
Installing a_okay 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 1 Gemfile dependency, 3 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed | |
* Workaround: workaround1.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Resolving dependencies... | |
Using bundler 2.2.20 | |
Fetching a_okay 0.0.1 | |
Fetching foo 0.0.1 | |
Installing a_okay 0.0.1 | |
Installing foo 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 3 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed | |
* Workaround: workaround2.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Fetching gem metadata from http://127.0.0.1:8801/.. | |
Resolving dependencies... | |
Using bundler 2.2.20 | |
Fetching a_okay 0.0.1 | |
Fetching foo 0.0.1 | |
Installing a_okay 0.0.1 | |
Installing foo 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 3 Gemfile dependencies, 4 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed | |
* Workaround: workaround3.Gemfile | |
Fetching gem metadata from http://127.0.0.1:8802/.. | |
Resolving dependencies... | |
Using bundler 2.2.20 | |
Fetching a_okay 0.0.1 | |
Installing a_okay 0.0.1 | |
Fetching bar 0.0.1 | |
Installing bar 0.0.1 | |
Bundle complete! 2 Gemfile dependencies, 3 gems now installed. | |
Bundled gems are installed into `./tmp` | |
Installed version of bar: | |
* bar (0.0.1) | |
Installed version of a_okay: | |
* a_okay (0.0.1) | |
PASS - safe a_okay version installed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment