Merge pull request #7073 from alexreg/issue-7068

audit: ignore group write bit
2020-03-06 14:08:45 +00:00 · 2020-03-06 14:08:45 +00:00 · 78140cef4a
commit 78140cef4a
parent d3459161de 68047abc0e
2 changed files with 49 additions and 9 deletions
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@ -242,15 +242,26 @@ module Homebrew
    end
    def audit_file
      # Under normal circumstances (umask 0022), we expect a file mode of 644. If
      # the user's umask is more restrictive, respect that by masking out the
      # corresponding bits. (The also included 0100000 flag means regular file.)
      wanted_mode = 0100644 & ~File.umask
      actual_mode = formula.path.stat.mode
-      unless actual_mode == wanted_mode
+      # Check that the file is world-readable.
-        problem format("Incorrect file permissions (%03<actual>o): chmod %03<wanted>o %<path>s",
+      if actual_mode & 0444 != 0444
        problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
                       actual: actual_mode & 0777,
-                       wanted: wanted_mode & 0777,
+                       wanted: "+r",
                       path:   formula.path)
      end
      # Check that the file is user-writeable.
      if actual_mode & 0200 != 0200
        problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
                       actual: actual_mode & 0777,
                       wanted: "u+w",
                       path:   formula.path)
      end
      # Check that the file is *not* other-writeable.
      if actual_mode & 0002 == 002
        problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
                       actual: actual_mode & 0777,
                       wanted: "o-w",
                       path:   formula.path)
      end
--- a/Library/Homebrew/test/dev-cmd/audit_spec.rb
+++ b/Library/Homebrew/test/dev-cmd/audit_spec.rb
@ -106,11 +106,40 @@ module Homebrew
        RUBY
        path = fa.formula.path
        path.chmod 0400
        path.chmod 0600
        fa.audit_file
        expect(fa.problems)
-          .to eq(["Incorrect file permissions (400): chmod 644 #{path}"])
+          .to eq([
                   "Incorrect file permissions (600): chmod +r #{path}",
                 ])
        fa.problems.clear
        path.chmod 0444
        fa.audit_file
        expect(fa.problems)
          .to eq([
                   "Incorrect file permissions (444): chmod u+w #{path}",
                 ])
        fa.problems.clear
        path.chmod 0646
        fa.audit_file
        expect(fa.problems)
          .to eq([
                   "Incorrect file permissions (646): chmod o-w #{path}",
                 ])
        fa.problems.clear
        path.chmod 0002
        fa.audit_file
        expect(fa.problems)
          .to eq([
                   "Incorrect file permissions (002): chmod +r #{path}",
                   "Incorrect file permissions (002): chmod u+w #{path}",
                   "Incorrect file permissions (002): chmod o-w #{path}",
                 ])
        fa.problems.clear
      end
      specify "DATA but no __END__" do