admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

cask/dsl/version: reject invalid characters.

Browse Source 
There was a `invalid_characters` method already but it was not being
used.
This commit is contained in:
Mike McQuaid 2021-03-30 14:15:14 +01:00
parent 958b2ecb84
commit 9b725a5851
No known key found for this signature in database
GPG Key ID: 48A898132FD8EE70
4 changed files with 13 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Library/Homebrew/cask/audit.rb
View File

@ -233,7 +233,6 @@ module Cask
return unless cask.version return unless cask.version
check_no_string_version_latest check_no_string_version_latest
check_no_file_separator_in_version
end end
def check_no_string_version_latest def check_no_string_version_latest
@ -243,14 +242,6 @@ module Cask
add_error "you should use version :latest instead of version 'latest'" add_error "you should use version :latest instead of version 'latest'"
end end
def check_no_file_separator_in_version
odebug "Verifying version does not contain '#{File::SEPARATOR}'"
return unless cask.version.raw_version.is_a?(String)
return unless cask.version.raw_version.include?(File::SEPARATOR)
add_error "version should not contain '#{File::SEPARATOR}'"
end
def check_sha256 def check_sha256
return unless cask.sha256 return unless cask.sha256

7
Library/Homebrew/cask/dsl/version.rb
View File

@ -19,7 +19,7 @@ module Cask
MAJOR_MINOR_PATCH_REGEX = /^([^.,:]+)(?:.([^.,:]+)(?:.([^.,:]+))?)?/.freeze MAJOR_MINOR_PATCH_REGEX = /^([^.,:]+)(?:.([^.,:]+)(?:.([^.,:]+))?)?/.freeze
INVALID_CHARACTERS = /[^0-9a-zA-Z.,:\-_]/.freeze INVALID_CHARACTERS = /[^0-9a-zA-Z.,:\-_+% ]/.freeze
class << self class << self
private private
@ -68,10 +68,13 @@ module Cask
def initialize(raw_version) def initialize(raw_version)
@raw_version = raw_version @raw_version = raw_version
super(raw_version.to_s) super(raw_version.to_s)
invalid = invalid_characters
raise TypeError, "#{raw_version} contains invalid characters: #{invalid.uniq.join}!" if invalid.present?
end end
def invalid_characters def invalid_characters
return [] if latest? return [] if raw_version.blank? || latest?
raw_version.scan(INVALID_CHARACTERS) raw_version.scan(INVALID_CHARACTERS)
end end

19
Library/Homebrew/test/cask/audit_spec.rb
View File

@ -1011,24 +1011,5 @@ describe Cask::Audit, :cask do
expect(audit.cask.url.cookies).to eq "foo" => "bar" expect(audit.cask.url.cookies).to eq "foo" => "bar"
end end
end end
context "when the version contains a slash" do
let(:cask_token) { "foo" }
let(:cask) do
tmp_cask cask_token.to_s, <<~RUBY
cask '#{cask_token}' do
version '0.1,../../directory/traversal'
sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
url 'https://brew.sh/foo.zip'
name 'Audit'
desc 'Audit Description'
homepage 'https://brew.sh'
app 'Audit.app'
end
RUBY
end
it { is_expected.to fail_with(%r{version should not contain '/'}) }
end
end end
end end

8
Library/Homebrew/test/cask/dsl/version_spec.rb
View File

@ -52,6 +52,14 @@ describe Cask::DSL::Version, :cask do
let(:version) { described_class.new(raw_version) } let(:version) { described_class.new(raw_version) }
describe "#initialize" do
it "raises an error when the version contains a slash" do
expect {
described_class.new("0.1,../../directory/traversal")
}.to raise_error(TypeError, %r{invalid characters: /})
end
end
describe "#==" do describe "#==" do
subject { version == other } subject { version == other }