diff --git a/Library/Homebrew/rubocops/lines.rb b/Library/Homebrew/rubocops/lines.rb index 47dfb2d3d4..e44623e459 100644 --- a/Library/Homebrew/rubocops/lines.rb +++ b/Library/Homebrew/rubocops/lines.rb @@ -219,6 +219,27 @@ module RuboCop end end + # This cop makes sure that formulae depend on `openssl` instead of `quictls`. + # + # @api private + class QuicTLSCheck < FormulaCop + extend AutoCorrector + + def audit_formula(_node, _class_node, _parent_class_node, body_node) + return if body_node.nil? + + # Enforce use of OpenSSL for TLS dependency in core + return if formula_tap != "homebrew-core" + + find_method_with_args(body_node, :depends_on, "quictls") do + problem "Formulae in homebrew/core should use 'depends_on \"openssl@3\"' " \ + "instead of '#{@offensive_node.source}'." do |corrector| + corrector.replace(@offensive_node.source_range, "depends_on \"openssl@3\"") + end + end + end + end + # This cop makes sure that formulae do not depend on `pyoxidizer` at build-time # or run-time. # diff --git a/Library/Homebrew/test/rubocops/lines/quictls_check_spec.rb b/Library/Homebrew/test/rubocops/lines/quictls_check_spec.rb new file mode 100644 index 0000000000..c3f8571a86 --- /dev/null +++ b/Library/Homebrew/test/rubocops/lines/quictls_check_spec.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +require "rubocops/lines" + +describe RuboCop::Cop::FormulaAudit::QuicTLSCheck do + subject(:cop) { described_class.new } + + context "when auditing formula dependencies" do + it "reports an offense when a formula depends on `quictls`" do + expect_offense(<<~RUBY, "/homebrew-core/Formula/foo.rb") + class Foo < Formula + desc "foo" + url 'https://brew.sh/foo-1.0.tgz' + + depends_on "quictls" + ^^^^^^^^^^^^^^^^^^^^ FormulaAudit/QuicTLSCheck: Formulae in homebrew/core should use 'depends_on "openssl@3"' instead of 'depends_on "quictls"'. + end + RUBY + end + end +end