Skip to content

Commit

Permalink
adds the validator script
Browse files Browse the repository at this point in the history
  • Loading branch information
nickfloyd committed Jun 14, 2022
1 parent c9a2e52 commit 121fafc
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions script/validate
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#!/usr/bin/env bash
# Usage: script/gem
# Validates the packed gem to determine if file permissions are correct.

<<'###SCRIPT_COMMENT'
Purpose:
(Given octokit.rb is currently shipped "manually")
Because different environments behave differently, it is recommended that the integrity and file permissions of the files packed in the gem are verified.
This is to help prevent things like releasing world writeable files in the gem. The simple check below looks at each file contained in the packed gem and
verifies that the files are only owner writeable.
Requirements:
This script expects that script/package, script/release or 'gem build *.gemspec' have been run
###SCRIPT_COMMENT


FILE=$(ls *.gem| head -1)

echo "*** Validating file permissions in the octokit gem ***"

if [ ! -f "$FILE" ]; then
echo "$FILE does not exist. Please run script/package, script/release or 'gem build *.gemspec' to generate the gem to be validated"
echo -e '☒ failure'
exit 1
fi

tar -xf "${FILE}"

# naive check to quickly see if any files in the gem are set to the wrong permissions
for f in $(tar --numeric-owner -tvf data.tar.gz )
do
if [ $f == "-rw-rw-rw-" ]; then
echo "World writeable files (-rw-rw-rw- | 666) detected in the gem. Please repack and make sure that all files in the gem are owner read write ( -rw-r--r-- | 644 )"
echo -e '☒ failure'
rm -f checksums.yaml.gz data.tar.gz metadata.gz
exit 1
fi
done

# Check clean up
echo -e '☑ success'
rm -f checksums.yaml.gz data.tar.gz metadata.gz

0 comments on commit 121fafc

Please sign in to comment.