From 7aa26f781707d1836f6dcd9fb82ee70d32e23dcd Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Wed, 2 Nov 2016 13:23:38 -0400 Subject: [PATCH 1/2] audit: check more unscoped test calls. Also check `def test`, `shell_output`, `pipe_output` and method calls using parentheses. --- Library/Homebrew/dev-cmd/audit.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index e83cf1b8cf..32ff14de18 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -734,8 +734,10 @@ class FormulaAuditor bin_names += dir.children.map(&:basename).map(&:to_s) end bin_names.each do |name| - if text =~ /test do.*system\s+['"]#{name}/m - problem %(fully scope test system calls e.g. system "\#{bin}/#{name}") + ["system", "shell_output", "pipe_output"].each do |cmd| + if text =~ /(def test|test do).*#{cmd}[\(\s]+['"]#{name}/m + problem %(fully scope test #{cmd} calls e.g. #{cmd} "\#{bin}/#{name}") + end end end From f35a86ff70fbc89d03811c821689c7e6c0536899 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Wed, 2 Nov 2016 15:57:19 -0400 Subject: [PATCH 2/2] audit: stricter test system calls check. Ensure that the name is suffixed with whitespace or quotes. --- Library/Homebrew/dev-cmd/audit.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 32ff14de18..df068c99f3 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -735,7 +735,7 @@ class FormulaAuditor end bin_names.each do |name| ["system", "shell_output", "pipe_output"].each do |cmd| - if text =~ /(def test|test do).*#{cmd}[\(\s]+['"]#{name}/m + if text =~ /(def test|test do).*#{cmd}[\(\s]+['"]#{name}[\s'"]/m problem %(fully scope test #{cmd} calls e.g. #{cmd} "\#{bin}/#{name}") end end