Move file mode audit to RuboCop.

Library/Homebrew/dev-cmd/audit.rb

@@ -240,30 +240,6 @@ module Homebrew
     end
 
     def audit_file
-      # TODO: check could be in RuboCop
-      actual_mode = formula.path.stat.mode
-      # Check that the file is world-readable.
-      if actual_mode & 0444 != 0444
-        problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
-                       actual: actual_mode & 0777,
-                       wanted: "+r",
-                       path:   formula.path)
-      end
-      # Check that the file is user-writeable.
-      if actual_mode & 0200 != 0200
-        problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
-                       actual: actual_mode & 0777,
-                       wanted: "u+w",
-                       path:   formula.path)
-      end
-      # Check that the file is *not* other-writeable.
-      if actual_mode & 0002 == 002
-        problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
-                       actual: actual_mode & 0777,
-                       wanted: "o-w",
-                       path:   formula.path)
-      end
-
       # TODO: check could be in RuboCop
       problem "'DATA' was found, but no '__END__'" if text.data? && !text.end?
 

Library/Homebrew/rubocops.rb

@@ -19,5 +19,6 @@ require "rubocops/urls"
 require "rubocops/lines"
 require "rubocops/class"
 require "rubocops/uses_from_macos"
+require "rubocops/files"
 
 require "rubocops/rubocop-cask"

Library/Homebrew/rubocops/files.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "rubocops/extend/formula"
+
+module RuboCop
+  module Cop
+    module FormulaAudit
+      class Files < FormulaCop
+        def audit_formula(node, _class_node, _parent_class_node, _body_node)
+          return unless file_path
+
+          offending_node(node)
+          actual_mode = File.stat(file_path).mode
+          # Check that the file is world-readable.
+          if actual_mode & 0444 != 0444
+            problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
+                           actual: actual_mode & 0777,
+                           wanted: "+r",
+                           path:   file_path)
+          end
+          # Check that the file is user-writeable.
+          if actual_mode & 0200 != 0200
+            problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
+                           actual: actual_mode & 0777,
+                           wanted: "u+w",
+                           path:   file_path)
+          end
+          # Check that the file is *not* other-writeable.
+          return if actual_mode & 0002 != 002
+
+          problem format("Incorrect file permissions (%03<actual>o): chmod %<wanted>s %<path>s",
+                         actual: actual_mode & 0777,
+                         wanted: "o-w",
+                         path:   file_path)
+        end
+      end
+    end
+  end
+end

Library/Homebrew/test/.rubocop_todo.yml

@@ -45,6 +45,7 @@ RSpec/FilePath:
     - 'rubocops/components_redundancy_spec.rb'
     - 'rubocops/conflicts_spec.rb'
     - 'rubocops/dependency_order_spec.rb'
+    - 'rubocops/files_spec.rb'
     - 'rubocops/homepage_spec.rb'
     - 'rubocops/options_spec.rb'
     - 'rubocops/patches_spec.rb'

Library/Homebrew/test/dev-cmd/audit_spec.rb

@@ -96,52 +96,6 @@ module Homebrew
     end
 
     describe "#audit_file" do
-      specify "file permissions" do
-        allow(File).to receive(:umask).and_return(022)
-
-        fa = formula_auditor "foo", <<~RUBY
-          class Foo < Formula
-            url "https://brew.sh/foo-1.0.tgz"
-          end
-        RUBY
-
-        path = fa.formula.path
-
-        path.chmod 0600
-        fa.audit_file
-        expect(fa.problems)
-          .to eq([
-                   "Incorrect file permissions (600): chmod +r #{path}",
-                 ])
-        fa.problems.clear
-
-        path.chmod 0444
-        fa.audit_file
-        expect(fa.problems)
-          .to eq([
-                   "Incorrect file permissions (444): chmod u+w #{path}",
-                 ])
-        fa.problems.clear
-
-        path.chmod 0646
-        fa.audit_file
-        expect(fa.problems)
-          .to eq([
-                   "Incorrect file permissions (646): chmod o-w #{path}",
-                 ])
-        fa.problems.clear
-
-        path.chmod 0002
-        fa.audit_file
-        expect(fa.problems)
-          .to eq([
-                   "Incorrect file permissions (002): chmod +r #{path}",
-                   "Incorrect file permissions (002): chmod u+w #{path}",
-                   "Incorrect file permissions (002): chmod o-w #{path}",
-                 ])
-        fa.problems.clear
-      end
-
       specify "DATA but no __END__" do
         fa = formula_auditor "foo", <<~RUBY
           class Foo < Formula
@@ -167,13 +121,6 @@ module Homebrew
         expect(fa.problems).to eq(["'__END__' was found, but 'DATA' is not used"])
       end
 
-      specify "no trailing newline" do
-        fa = formula_auditor "foo", 'class Foo<Formula; url "file:///foo-1.0.tgz";end'
-
-        fa.audit_file
-        expect(fa.problems).to eq(["File should end with a newline"])
-      end
-
       specify "no issue" do
         fa = formula_auditor "foo", <<~RUBY
           class Foo < Formula

Library/Homebrew/test/rubocops/files_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require "rubocops/files"
+
+describe RuboCop::Cop::FormulaAudit::Files do
+  subject(:cop) { described_class.new }
+
+  context "When auditing files" do
+    it "when the permissions are invalid" do
+      filename = Formulary.core_path("test_formula")
+      File.open(filename, "w") do |file|
+        FileUtils.chmod "-rwx", filename
+
+        expect_offense(<<~RUBY, file)
+          class Foo < Formula
+          ^^^^^^^^^^^^^^^^^^^ Incorrect file permissions (000): chmod +r #{filename}
+            url "https://brew.sh/foo-1.0.tgz"
+          end
+        RUBY
+      end
+    end
+  end
+end