From a1993b90862e0e4175a6c5b2dee2194d2d4ecea4 Mon Sep 17 00:00:00 2001
From: Sam Ford <1584702+samford@users.noreply.github.com>
Date: Mon, 16 Jan 2023 01:24:23 -0500
Subject: [PATCH] rubocops/caveats: Disallow ANSI escape codes

Formula caveats text appears on formulae.brew.sh but escape
characters, as used in ANSI escape codes, should not appear in HTML.
This commit adds a RuboCop to disallow escape characters in the
caveats text.
---
 Library/Homebrew/rubocops/caveats.rb          |  6 +++--
 .../Homebrew/test/rubocops/caveats_spec.rb    | 24 +++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/Library/Homebrew/rubocops/caveats.rb b/Library/Homebrew/rubocops/caveats.rb
index 577f49ac79..105a9796d4 100644
--- a/Library/Homebrew/rubocops/caveats.rb
+++ b/Library/Homebrew/rubocops/caveats.rb
@@ -27,9 +27,11 @@ module RuboCop
       class Caveats < FormulaCop
         def audit_formula(_node, _class_node, _parent_class_node, _body_node)
           caveats_strings.each do |n|
-            next unless regex_match_group(n, /\bsetuid\b/i)
+            if regex_match_group(n, /\bsetuid\b/i)
+              problem "Don't recommend setuid in the caveats, suggest sudo instead."
+            end
 
-            problem "Don't recommend setuid in the caveats, suggest sudo instead."
+            problem "Don't use ANSI escape codes in the caveats." if regex_match_group(n, /\e/)
           end
         end
       end
diff --git a/Library/Homebrew/test/rubocops/caveats_spec.rb b/Library/Homebrew/test/rubocops/caveats_spec.rb
index d91e525b47..b53e87dafd 100644
--- a/Library/Homebrew/test/rubocops/caveats_spec.rb
+++ b/Library/Homebrew/test/rubocops/caveats_spec.rb
@@ -19,5 +19,29 @@ describe RuboCop::Cop::FormulaAudit::Caveats do
         end
       RUBY
     end
+
+    it "reports an offense if an escape character is present" do
+      expect_offense(<<~RUBY)
+        class Foo < Formula
+          homepage "https://brew.sh/foo"
+          url "https://brew.sh/foo-1.0.tgz"
+           def caveats
+            "\\x1B"
+            ^^^^^^ Don't use ANSI escape codes in the caveats.
+          end
+        end
+      RUBY
+
+      expect_offense(<<~RUBY)
+        class Foo < Formula
+          homepage "https://brew.sh/foo"
+          url "https://brew.sh/foo-1.0.tgz"
+           def caveats
+            "\\u001b"
+            ^^^^^^^^ Don't use ANSI escape codes in the caveats.
+          end
+        end
+      RUBY
+    end
   end
 end