admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Move file mode audit to RuboCop.

Browse Source
This commit is contained in:
Mike McQuaid 2020-04-18 15:44:24 +01:00
parent 8cb90595b3
commit 8eed72cd8b
No known key found for this signature in database
GPG Key ID: 48A898132FD8EE70
6 changed files with 64 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Library/Homebrew/dev-cmd/audit.rb
View File

@ -240,30 +240,6 @@ module Homebrew
end end
def audit_file def audit_file
# TODO: check could be in RuboCop
actual_mode = formula.path.stat.mode
# Check that the file is world-readable.
if actual_mode & 0444 != 0444
problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
actual: actual_mode & 0777,
wanted: "+r",
path: formula.path)
end
# Check that the file is user-writeable.
if actual_mode & 0200 != 0200
problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
actual: actual_mode & 0777,
wanted: "u+w",
path: formula.path)
end
# Check that the file is *not* other-writeable.
if actual_mode & 0002 == 002
problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
actual: actual_mode & 0777,
wanted: "o-w",
path: formula.path)
end
# TODO: check could be in RuboCop # TODO: check could be in RuboCop
problem "'DATA' was found, but no '__END__'" if text.data? && !text.end? problem "'DATA' was found, but no '__END__'" if text.data? && !text.end?

1
Library/Homebrew/rubocops.rb
View File

@ -19,5 +19,6 @@ require "rubocops/urls"
require "rubocops/lines" require "rubocops/lines"
require "rubocops/class" require "rubocops/class"
require "rubocops/uses_from_macos" require "rubocops/uses_from_macos"
require "rubocops/files"
require "rubocops/rubocop-cask" require "rubocops/rubocop-cask"

39
Library/Homebrew/rubocops/files.rb Normal file
View File

@ -0,0 +1,39 @@
# frozen_string_literal: true
require "rubocops/extend/formula"
module RuboCop
module Cop
module FormulaAudit
class Files < FormulaCop
def audit_formula(node, _class_node, _parent_class_node, _body_node)
return unless file_path
offending_node(node)
actual_mode = File.stat(file_path).mode
# Check that the file is world-readable.
if actual_mode & 0444 != 0444
problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
actual: actual_mode & 0777,
wanted: "+r",
path: file_path)
end
# Check that the file is user-writeable.
if actual_mode & 0200 != 0200
problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
actual: actual_mode & 0777,
wanted: "u+w",
path: file_path)
end
# Check that the file is *not* other-writeable.
return if actual_mode & 0002 != 002
problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
actual: actual_mode & 0777,
wanted: "o-w",
path: file_path)
end
end
end
end
end

1
Library/Homebrew/test/.rubocop_todo.yml
View File

@ -45,6 +45,7 @@ RSpec/FilePath:
- 'rubocops/components_redundancy_spec.rb' - 'rubocops/components_redundancy_spec.rb'
- 'rubocops/conflicts_spec.rb' - 'rubocops/conflicts_spec.rb'
- 'rubocops/dependency_order_spec.rb' - 'rubocops/dependency_order_spec.rb'
- 'rubocops/files_spec.rb'
- 'rubocops/homepage_spec.rb' - 'rubocops/homepage_spec.rb'
- 'rubocops/options_spec.rb' - 'rubocops/options_spec.rb'
- 'rubocops/patches_spec.rb' - 'rubocops/patches_spec.rb'

53
Library/Homebrew/test/dev-cmd/audit_spec.rb
View File

@ -96,52 +96,6 @@ module Homebrew
end end
describe "#audit_file" do describe "#audit_file" do
specify "file permissions" do
allow(File).to receive(:umask).and_return(022)
fa = formula_auditor "foo", <<~RUBY
class Foo < Formula
url "https://brew.sh/foo-1.0.tgz"
end
RUBY
path = fa.formula.path
path.chmod 0600
fa.audit_file
expect(fa.problems)
.to eq([
"Incorrect file permissions (600): chmod +r #{path}",
])
fa.problems.clear
path.chmod 0444
fa.audit_file
expect(fa.problems)
.to eq([
"Incorrect file permissions (444): chmod u+w #{path}",
])
fa.problems.clear
path.chmod 0646
fa.audit_file
expect(fa.problems)
.to eq([
"Incorrect file permissions (646): chmod o-w #{path}",
])
fa.problems.clear
path.chmod 0002
fa.audit_file
expect(fa.problems)
.to eq([
"Incorrect file permissions (002): chmod +r #{path}",
"Incorrect file permissions (002): chmod u+w #{path}",
"Incorrect file permissions (002): chmod o-w #{path}",
])
fa.problems.clear
end
specify "DATA but no __END__" do specify "DATA but no __END__" do
fa = formula_auditor "foo", <<~RUBY fa = formula_auditor "foo", <<~RUBY
class Foo < Formula class Foo < Formula
@ -167,13 +121,6 @@ module Homebrew
expect(fa.problems).to eq(["'__END__' was found, but 'DATA' is not used"]) expect(fa.problems).to eq(["'__END__' was found, but 'DATA' is not used"])
end end
specify "no trailing newline" do
fa = formula_auditor "foo", 'class Foo<Formula; url "file:///foo-1.0.tgz";end'
fa.audit_file
expect(fa.problems).to eq(["File should end with a newline"])
end
specify "no issue" do specify "no issue" do
fa = formula_auditor "foo", <<~RUBY fa = formula_auditor "foo", <<~RUBY
class Foo < Formula class Foo < Formula

23
Library/Homebrew/test/rubocops/files_spec.rb Normal file
View File

@ -0,0 +1,23 @@
# frozen_string_literal: true
require "rubocops/files"
describe RuboCop::Cop::FormulaAudit::Files do
subject(:cop) { described_class.new }
context "When auditing files" do
it "when the permissions are invalid" do
filename = Formulary.core_path("test_formula")
File.open(filename, "w") do |file|
FileUtils.chmod "-rwx", filename
expect_offense(<<~RUBY, file)
class Foo < Formula
^^^^^^^^^^^^^^^^^^^ Incorrect file permissions (000): chmod +r #{filename}
url "https://brew.sh/foo-1.0.tgz"
end
RUBY
end
end
end
end