admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

audit: check test system calls are fully scoped.

Browse Source 
This doesn't matter for everything but it does for the binaries that
are installed. Have a limited name/alias check when not installed and
a better one that iterates bin/sbin if installed.
This commit is contained in:
Mike McQuaid 2016-10-24 15:07:49 +01:00
parent 9ab38dd751
commit 0bd0fec6a6
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Library/Homebrew/dev-cmd/audit.rb
View File

@ -725,6 +725,19 @@ class FormulaAuditor
problem %q(use "xcodebuild *args" instead of "system 'xcodebuild', *args") problem %q(use "xcodebuild *args" instead of "system 'xcodebuild', *args")
end end
bin_names = Set.new
bin_names << formula.name
bin_names += formula.aliases
[formula.bin, formula.sbin].each do |dir|
next unless dir.exist?
bin_names += dir.children.map(&:basename).map(&:to_s)
end
bin_names.each do |name|
if text =~ /test do.*system\s+['"]#{name}/m
problem %(fully scope test system calls e.g. system "\#{bin}/#{name}")
end
end
if text =~ /xcodebuild[ (]["'*]/ && !text.include?("SYMROOT=") if text =~ /xcodebuild[ (]["'*]/ && !text.include?("SYMROOT=")
problem 'xcodebuild should be passed an explicit "SYMROOT"' problem 'xcodebuild should be passed an explicit "SYMROOT"'
end end