From 43244e7953e6739d3072b1947ccc0965e39c13ec Mon Sep 17 00:00:00 2001
From: commitay <commitay@users.noreply.github.com>
Date: Sun, 25 Mar 2018 15:30:16 +1000
Subject: [PATCH] cask audit: check allow_untrusted

---
 Library/Homebrew/cask/lib/hbc/audit.rb        | 13 +++++++++++++
 Library/Homebrew/test/cask/audit_spec.rb      | 19 +++++++++++++++++++
 .../cask/Casks/with-allow-untrusted.rb        | 11 +++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 Library/Homebrew/test/support/fixtures/cask/Casks/with-allow-untrusted.rb

diff --git a/Library/Homebrew/cask/lib/hbc/audit.rb b/Library/Homebrew/cask/lib/hbc/audit.rb
index d757b0623d..5743869a09 100644
--- a/Library/Homebrew/cask/lib/hbc/audit.rb
+++ b/Library/Homebrew/cask/lib/hbc/audit.rb
@@ -33,6 +33,7 @@ module Hbc
       check_download
       check_single_pre_postflight
       check_single_uninstall_zap
+      check_untrusted_pkg
       self
     rescue StandardError => e
       odebug "#{e.message}\n#{e.backtrace.join("\n")}"
@@ -50,6 +51,18 @@ module Hbc
 
     private
 
+    def check_untrusted_pkg
+      odebug "Auditing pkg stanza: allow_untrusted"
+
+      return if @cask.sourcefile_path.nil?
+
+      tap = @cask.tap
+      return if tap.nil? || tap.user != "caskroom"
+
+      return unless cask.artifacts.any? { |k| k.is_a?(Hbc::Artifact::Pkg) && k.stanza_options.key?(:allow_untrusted) }
+      add_warning "allow_untrusted is not permitted in official Homebrew-Cask taps"
+    end
+
     def check_single_pre_postflight
       odebug "Auditing preflight and postflight stanzas"
 
diff --git a/Library/Homebrew/test/cask/audit_spec.rb b/Library/Homebrew/test/cask/audit_spec.rb
index ec051c1387..7a8a949179 100644
--- a/Library/Homebrew/test/cask/audit_spec.rb
+++ b/Library/Homebrew/test/cask/audit_spec.rb
@@ -91,6 +91,25 @@ describe Hbc::Audit, :cask do
       end
     end
 
+    describe "pkg allow_untrusted checks" do
+      let(:error_msg) { "allow_untrusted is not permitted in official Homebrew-Cask taps" }
+
+      context "when the Cask has no pkg stanza" do
+        let(:cask_token) { "basic-cask" }
+        it { should_not warn_with(error_msg) }
+      end
+
+      context "when the Cask does not have allow_untrusted" do
+        let(:cask_token) { "with-uninstall-pkgutil" }
+        it { should_not warn_with(error_msg) }
+      end
+
+      context "when the Cask has allow_untrusted" do
+        let(:cask_token) { "with-allow-untrusted" }
+        it { is_expected.to warn_with(error_msg) }
+      end
+    end
+
     describe "preflight stanza checks" do
       let(:error_msg) { "only a single preflight stanza is allowed" }
 
diff --git a/Library/Homebrew/test/support/fixtures/cask/Casks/with-allow-untrusted.rb b/Library/Homebrew/test/support/fixtures/cask/Casks/with-allow-untrusted.rb
new file mode 100644
index 0000000000..3f2c294ed7
--- /dev/null
+++ b/Library/Homebrew/test/support/fixtures/cask/Casks/with-allow-untrusted.rb
@@ -0,0 +1,11 @@
+cask 'with-allow-untrusted' do
+  version '1.2.3'
+  sha256 '8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b'
+
+  url "file://#{TEST_FIXTURE_DIR}/cask/MyFancyPkg.zip"
+  homepage 'http://example.com/fancy-pkg'
+
+  pkg 'Fancy.pkg', allow_untrusted: true
+
+  uninstall pkgutil: 'my.fancy.package.*'
+end