admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Audit: Regexp.escape formula names

Browse Source 
We allow certain special regex characters in formula names, and if
those aren't escaped when interpolating them into a regex, they'll be
interpreted as special regex characters.

This can cause regex compile errors on Ruby 1.8 (for example, with
"libxml++3", which has nested match characters), and more subtle
matching bugs in general.

Refs an issue surfaced in Homebrew/homebrew#48744.

Closes Homebrew/homebrew#49005.

Signed-off-by: Misty De Meo <mistydemeo@gmail.com>
This commit is contained in:
Misty De Meo 2016-02-09 10:13:04 -08:00
parent 09ab678951
commit 7b81066038
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Library/Homebrew/cmd/audit.rb
View File

@ -879,11 +879,11 @@ class FormulaAuditor
problem "`#{$1}` is now unnecessary" problem "`#{$1}` is now unnecessary"
end end
if line =~ %r{#\{share\}/#{formula.name}[/'"]} if line =~ %r{#\{share\}/#{Regexp.escape(formula.name)}[/'"]}
problem "Use \#{pkgshare} instead of \#{share}/#{formula.name}" problem "Use \#{pkgshare} instead of \#{share}/#{formula.name}"
end end
if line =~ %r{share/"#{formula.name}[/'"]} if line =~ %r{share/"#{Regexp.escape(formula.name)}[/'"]}
problem "Use pkgshare instead of (share/\"#{formula.name}\")" problem "Use pkgshare instead of (share/\"#{formula.name}\")"
end end
end end

11
Library/Homebrew/test/test_cmd_audit.rb
View File

@ -301,10 +301,9 @@ class FormulaAuditorTests < Homebrew::TestCase
end end
# Regression test for https://github.com/Homebrew/homebrew/pull/48744 # Regression test for https://github.com/Homebrew/homebrew/pull/48744
# Formulae with "++" in their name would break the name check because of a # Formulae with "++" in their name would break various audit regexps:
# regexp error:
# Error: nested *?+ in regexp: /^libxml++3\s/ # Error: nested *?+ in regexp: /^libxml++3\s/
def test_audit_desc_plus_plus_name def test_audit_plus_plus_name
fa = formula_auditor "foolibc++", <<-EOS.undent, :strict => true fa = formula_auditor "foolibc++", <<-EOS.undent, :strict => true
class Foolibcxx < Formula class Foolibcxx < Formula
desc "foolibc++ is a test" desc "foolibc++ is a test"
@ -315,5 +314,11 @@ class FormulaAuditorTests < Homebrew::TestCase
fa.audit_desc fa.audit_desc
assert_equal "Description shouldn't include the formula name", assert_equal "Description shouldn't include the formula name",
fa.problems.shift fa.problems.shift
fa.audit_line 'ohai "#{share}/foolibc++"', 3
assert_equal "Use \#{pkgshare} instead of \#{share}/foolibc++", fa.problems.shift
fa.audit_line 'ohai share/"foolibc++"', 3
assert_equal 'Use pkgshare instead of (share/"foolibc++")', fa.problems.shift
end end
end end