admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Promote shell commands audit to global cop

Browse Source
This commit is contained in:
Bo Anderson 2021-03-17 15:27:26 +00:00
parent 59ada80ca7
commit 9063945b3e
No known key found for this signature in database
GPG Key ID: 3DB94E204E137D65
5 changed files with 86 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Library/Homebrew/rubocops.rb
View File

@ -12,6 +12,8 @@ require "rubocop-rails"
require "rubocop-rspec" require "rubocop-rspec"
require "rubocop-sorbet" require "rubocop-sorbet"
require "rubocops/shell_commands"
require "rubocops/formula_desc" require "rubocops/formula_desc"
require "rubocops/components_order" require "rubocops/components_order"
require "rubocops/components_redundancy" require "rubocops/components_redundancy"

52
Library/Homebrew/rubocops/lines.rb
View File

@ -648,58 +648,6 @@ module RuboCop
problem "Formulae should not depend on :tuntap" if depends_on? :tuntap problem "Formulae should not depend on :tuntap" if depends_on? :tuntap
end end
end end
# This cop makes sure that shell command arguments are separated.
#
# @api private
class ShellCommands < FormulaCop
extend AutoCorrector
def audit_formula(_node, _class_node, _parent_class_node, body_node)
# Match shell commands separated by spaces in the same string
shell_cmd_with_spaces_regex = /[^"' ]*(?:\s[^"' ]*)+/
popen_commands = [
:popen_read,
:safe_popen_read,
:popen_write,
:safe_popen_write,
]
shell_metacharacters = %w[> < < | ; : & * $ ? : ~ + @ !` ( ) [ ]]
find_every_method_call_by_name(body_node, :system).each do |method|
# Only separate when no shell metacharacters are present
next if shell_metacharacters.any? { |meta| string_content(parameters(method).first).include?(meta) }
next unless (match = regex_match_group(parameters(method).first, shell_cmd_with_spaces_regex))
good_args = match[0].gsub(" ", "\", \"")
offending_node(parameters(method).first)
problem "Separate `system` commands into `\"#{good_args}\"`" do |corrector|
corrector.replace(@offensive_node.source_range, @offensive_node.source.gsub(" ", "\", \""))
end
end
popen_commands.each do |command|
find_instance_method_call(body_node, "Utils", command) do |method|
index = parameters(method).first.hash_type? ? 1 : 0
# Only separate when no shell metacharacters are present
next if shell_metacharacters.any? { |meta| string_content(parameters(method)[index]).include?(meta) }
next unless (match = regex_match_group(parameters(method)[index], shell_cmd_with_spaces_regex))
good_args = match[0].gsub(" ", "\", \"")
offending_node(parameters(method)[index])
problem "Separate `Utils.#{command}` commands into `\"#{good_args}\"`" do |corrector|
good_args = @offensive_node.source.gsub(" ", "\", \"")
corrector.replace(@offensive_node.source_range, good_args)
end
end
end
end
end
end end
end end
end end

9
Library/Homebrew/rubocops/shared/helper_functions.rb
View File

@ -68,6 +68,15 @@ module RuboCop
end end
end end
content content
when :send
if node.method?(:+) && (node.receiver.str_type? || node.receiver.dstr_type?)
content = string_content(node.receiver)
arg = node.arguments.first
content += string_content(arg) if arg
content
else
""
end
when :const when :const
node.const_name node.const_name
when :sym when :sym

73
Library/Homebrew/rubocops/shell_commands.rb Normal file
View File

@ -0,0 +1,73 @@
# typed: true
# frozen_string_literal: true
require "active_support/core_ext/array/access"
require "rubocops/shared/helper_functions"
module RuboCop
module Cop
module Style
# This cop makes sure that shell command arguments are separated.
#
# @api private
class ShellCommands < Base
include HelperFunctions
extend AutoCorrector
MSG = "Separate `%<method>s` commands into `%<good_args>s`"
TARGET_METHODS = [
[nil, :system],
[nil, :safe_system],
[nil, :quiet_system],
[:Utils, :popen_read],
[:Utils, :safe_popen_read],
[:Utils, :popen_write],
[:Utils, :safe_popen_write],
].freeze
RESTRICT_ON_SEND = TARGET_METHODS.map(&:second).uniq.freeze
SHELL_METACHARACTERS = %w[> < < | ; : & * $ ? : ~ + @ ! ` ( ) [ ]].freeze
def on_send(node)
TARGET_METHODS.each do |target_class, target_method|
next unless node.method_name == target_method
target_receivers = if target_class.nil?
[nil, s(:const, nil, :Kernel), s(:const, nil, :Homebrew)]
else
[s(:const, nil, target_class)]
end
next unless target_receivers.include?(node.receiver)
first_arg = node.arguments.first
arg_count = node.arguments.count
if first_arg&.hash_type? # popen methods allow env hash
first_arg = node.arguments.second
arg_count -= 1
end
next if first_arg.nil? || arg_count >= 2
first_arg_str = string_content(first_arg)
# Only separate when no shell metacharacters are present
next if SHELL_METACHARACTERS.any? { |meta| first_arg_str.include?(meta) }
split_args = first_arg_str.shellsplit
next if split_args.count <= 1
good_args = split_args.map { |arg| "\"#{arg}\"" }.join(", ")
method_string = if target_class
"#{target_class}.#{target_method}"
else
target_method.to_s
end
add_offense(first_arg, message: format(MSG, method: method_string, good_args: good_args)) do |corrector|
corrector.replace(first_arg.source_range, good_args)
end
end
end
end
end
end
end

4
Library/Homebrew/test/rubocops/text/shell_commands_spec.rb → Library/Homebrew/test/rubocops/shell_commands_spec.rb
View File

@ -1,9 +1,9 @@
# typed: false # typed: false
# frozen_string_literal: true # frozen_string_literal: true
require "rubocops/lines" require "rubocops/shell_commands"
describe RuboCop::Cop::FormulaAuditStrict::ShellCommands do describe RuboCop::Cop::Style::ShellCommands do
subject(:cop) { described_class.new } subject(:cop) { described_class.new }
context "when auditing shell commands" do context "when auditing shell commands" do