formulary: do not allow using the cache if explicitly forbidding paths
This commit is contained in:
Bo Anderson
parent
160af073a5
commit
b30d13c3ef
@ -619,9 +619,15 @@ module Formulary
|
|||||||
if Homebrew::EnvConfig.forbid_packages_from_paths?
|
if Homebrew::EnvConfig.forbid_packages_from_paths?
|
||||||
path_realpath = path.realpath.to_s
|
path_realpath = path.realpath.to_s
|
||||||
path_string = path.to_s
|
path_string = path.to_s
|
||||||
|
allowed_paths = ["#{HOMEBREW_CELLAR}/", "#{HOMEBREW_LIBRARY}/Taps/"]
|
||||||
|
|
||||||
|
# Do not allow the cache if we explicitly set HOMEBREW_FORBID_PACKAGES_FROM_PATHS
|
||||||
|
# as the cache can contain arbitrary downloads. Allow it otherwise for convenience.
|
||||||
|
allowed_paths << "#{HOMEBREW_CACHE}/" unless ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"].present?
|
||||||
|
|
||||||
if (path_realpath.end_with?(".rb") || path_string.end_with?(".rb")) &&
|
if (path_realpath.end_with?(".rb") || path_string.end_with?(".rb")) &&
|
||||||
!path_realpath.start_with?("#{HOMEBREW_CELLAR}/", "#{HOMEBREW_LIBRARY}/Taps/", "#{HOMEBREW_CACHE}/") &&
|
!path_realpath.start_with?(*allowed_paths) &&
|
||||||
!path_string.start_with?("#{HOMEBREW_CELLAR}/", "#{HOMEBREW_LIBRARY}/Taps/", "#{HOMEBREW_CACHE}/")
|
!path_string.start_with?(*allowed_paths)
|
||||||
if path_string.include?("./") || path_string.end_with?(".rb") || path_string.count("/") != 2
|
if path_string.include?("./") || path_string.end_with?(".rb") || path_string.count("/") != 2
|
||||||
raise <<~WARNING
|
raise <<~WARNING
|
||||||
Homebrew requires formulae to be in a tap, rejecting:
|
Homebrew requires formulae to be in a tap, rejecting:
|
||||||
|
|||||||
@ -141,19 +141,31 @@ RSpec.describe Formulary do
|
|||||||
end.to raise_error(FormulaUnavailableError)
|
end.to raise_error(FormulaUnavailableError)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "allows cache paths even when paths are disabled" do
|
context "when given a cache path" do
|
||||||
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = "1"
|
let(:cache_dir) { HOMEBREW_CACHE/"test_formula_cache" }
|
||||||
cache_dir = HOMEBREW_CACHE/"test_formula_cache"
|
let(:cache_formula_path) { cache_dir/formula_path.basename }
|
||||||
cache_dir.mkpath
|
|
||||||
cache_formula_path = cache_dir/formula_path.basename
|
before do
|
||||||
FileUtils.cp formula_path, cache_formula_path
|
cache_dir.mkpath
|
||||||
begin
|
FileUtils.cp formula_path, cache_formula_path
|
||||||
formula = described_class.factory(cache_formula_path)
|
end
|
||||||
expect(formula).to be_a(Formula)
|
|
||||||
ensure
|
after do
|
||||||
cache_formula_path.unlink if cache_formula_path.exist?
|
cache_formula_path.unlink if cache_formula_path.exist?
|
||||||
cache_dir.rmdir if cache_dir.exist?
|
cache_dir.rmdir if cache_dir.exist?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "allows cache paths when paths are implicitly disabled" do
|
||||||
|
allow(Homebrew::EnvConfig).to receive(:forbid_packages_from_paths?).and_return(true)
|
||||||
|
expect(described_class.factory(cache_formula_path)).to be_a(Formula)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "disallows cache paths when paths are explicitly disabled" do
|
||||||
|
ENV["HOMEBREW_FORBID_PACKAGES_FROM_PATHS"] = "1"
|
||||||
|
expect do
|
||||||
|
described_class.factory(cache_formula_path)
|
||||||
|
end.to raise_error(/requires formulae to be in a tap/)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context "when given a bottle" do
|
context "when given a bottle" do
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user