cask/dsl/version: reject invalid characters.

There was a `invalid_characters` method already but it was not being used.
2021-03-30 14:15:14 +01:00 · 2021-03-30 14:15:14 +01:00 · 9b725a5851
commit 9b725a5851
parent 958b2ecb84
4 changed files with 13 additions and 30 deletions
--- a/Library/Homebrew/cask/audit.rb
+++ b/Library/Homebrew/cask/audit.rb
@ -233,7 +233,6 @@ module Cask
      return unless cask.version

      check_no_string_version_latest
-      check_no_file_separator_in_version
    end

    def check_no_string_version_latest
@ -243,14 +242,6 @@ module Cask
      add_error "you should use version :latest instead of version 'latest'"
    end

-    def check_no_file_separator_in_version
-      odebug "Verifying version does not contain '#{File::SEPARATOR}'"
-      return unless cask.version.raw_version.is_a?(String)
-      return unless cask.version.raw_version.include?(File::SEPARATOR)
-
-      add_error "version should not contain '#{File::SEPARATOR}'"
-    end
-
    def check_sha256
      return unless cask.sha256

--- a/Library/Homebrew/cask/dsl/version.rb
+++ b/Library/Homebrew/cask/dsl/version.rb
@ -19,7 +19,7 @@ module Cask

      MAJOR_MINOR_PATCH_REGEX = /^([^.,:]+)(?:.([^.,:]+)(?:.([^.,:]+))?)?/.freeze

-      INVALID_CHARACTERS = /[^0-9a-zA-Z.,:\-_]/.freeze
+      INVALID_CHARACTERS = /[^0-9a-zA-Z.,:\-_+% ]/.freeze

      class << self
        private
@ -68,10 +68,13 @@ module Cask
      def initialize(raw_version)
        @raw_version = raw_version
        super(raw_version.to_s)
+
+        invalid = invalid_characters
+        raise TypeError, "#{raw_version} contains invalid characters: #{invalid.uniq.join}!" if invalid.present?
      end

      def invalid_characters
-        return [] if latest?
+        return [] if raw_version.blank? || latest?

        raw_version.scan(INVALID_CHARACTERS)
      end
--- a/Library/Homebrew/test/cask/audit_spec.rb
+++ b/Library/Homebrew/test/cask/audit_spec.rb
@ -1011,24 +1011,5 @@ describe Cask::Audit, :cask do
        expect(audit.cask.url.cookies).to eq "foo" => "bar"
      end
    end
-
-    context "when the version contains a slash" do
-      let(:cask_token) { "foo" }
-      let(:cask) do
-        tmp_cask cask_token.to_s, <<~RUBY
-          cask '#{cask_token}' do
-            version '0.1,../../directory/traversal'
-            sha256 '8dd95daa037ac02455435446ec7bc737b34567afe9156af7d20b2a83805c1d8a'
-            url 'https://brew.sh/foo.zip'
-            name 'Audit'
-            desc 'Audit Description'
-            homepage 'https://brew.sh'
-            app 'Audit.app'
-          end
-        RUBY
-      end
-
-      it { is_expected.to fail_with(%r{version should not contain '/'}) }
-    end
  end
 end
--- a/Library/Homebrew/test/cask/dsl/version_spec.rb
+++ b/Library/Homebrew/test/cask/dsl/version_spec.rb
@ -52,6 +52,14 @@ describe Cask::DSL::Version, :cask do

  let(:version) { described_class.new(raw_version) }

+  describe "#initialize" do
+    it "raises an error when the version contains a slash" do
+      expect {
+        described_class.new("0.1,../../directory/traversal")
+      }.to raise_error(TypeError, %r{invalid characters: /})
+    end
+  end
+
  describe "#==" do
    subject { version == other }