admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Merge pull request #20444 from Homebrew/copilot/fix-20441

Browse Source 
Add warning for formula installation from forbidden paths
This commit is contained in:
Mike McQuaid 2025-08-13 17:58:31 +00:00 committed by GitHub
commit 56b85a1547
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Library/Homebrew/formulary.rb
View File

@ -616,9 +616,23 @@ module Formulary
return unless path.expand_path.exist? return unless path.expand_path.exist?
return if Homebrew::EnvConfig.forbid_packages_from_paths? && if Homebrew::EnvConfig.forbid_packages_from_paths?
!path.realpath.to_s.start_with?("#{HOMEBREW_CELLAR}/", "#{HOMEBREW_LIBRARY}/Taps/", path_realpath = path.realpath.to_s
unless path_realpath.start_with?("#{HOMEBREW_CELLAR}/", "#{HOMEBREW_LIBRARY}/Taps/",
"#{HOMEBREW_CACHE}/") "#{HOMEBREW_CACHE}/")
raise <<~WARNING if path_realpath.include?("/") || path_realpath.end_with?(".rb")
Rejecting formula at #{path_realpath} because it's not in a tap.
Homebrew requires formulae to be in a tap.
To create a tap, run e.g.
brew tap-new <user|org>/<repository>
To create a formula in a tap run e.g.
brew create <url> --tap=<user|org>/<repository>
WARNING
return
end
end
if (tap = Tap.from_path(path)) if (tap = Tap.from_path(path))
# Only treat symlinks in taps as aliases. # Only treat symlinks in taps as aliases.

2
Library/Homebrew/test/formulary_spec.rb
View File

@ -126,7 +126,7 @@ RSpec.describe Formulary do
described_class.factory(temp_formula_path) described_class.factory(temp_formula_path)
ensure ensure
temp_formula_path.unlink temp_formula_path.unlink
end.to raise_error(FormulaUnavailableError) end.to raise_error(RuntimeError, /Rejecting formula at/)
end end
it "returns a Formula when given a URL", :needs_utils_curl do it "returns a Formula when given a URL", :needs_utils_curl do