admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Merge pull request #20504 from Homebrew/copilot/fix-20503

Browse Source 
Add RuboCop rule to detect identical SHA256 values across architectures in casks
This commit is contained in:
Mike McQuaid 2025-08-19 14:00:44 +00:00 committed by GitHub
commit d82f30290e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
Library/Homebrew/rubocops/cask/on_system_conditionals.rb
View File

@ -47,6 +47,7 @@ module RuboCop
audit_arch_conditionals(cask_body, allowed_blocks: FLIGHT_STANZA_NAMES) audit_arch_conditionals(cask_body, allowed_blocks: FLIGHT_STANZA_NAMES)
audit_macos_version_conditionals(cask_body, recommend_on_system: false) audit_macos_version_conditionals(cask_body, recommend_on_system: false)
simplify_sha256_stanzas simplify_sha256_stanzas
audit_identical_sha256_across_architectures
end end
private private
@ -76,6 +77,43 @@ module RuboCop
end end
end end
sig { void }
def audit_identical_sha256_across_architectures
sha256_stanzas = toplevel_stanzas.select { |stanza| stanza.stanza_name == :sha256 }
sha256_stanzas.each do |stanza|
sha256_node = stanza.stanza_node
next if sha256_node.arguments.count != 1
next unless sha256_node.arguments.first.hash_type?
hash_node = sha256_node.arguments.first
arm_sha = T.let(nil, T.nilable(String))
intel_sha = T.let(nil, T.nilable(String))
hash_node.pairs.each do |pair|
key = pair.key
next unless key.sym_type?
value = pair.value
next unless value.str_type?
case key.value
when :arm
arm_sha = value.value
when :intel
intel_sha = value.value
end
end
next unless arm_sha
next unless intel_sha
next if arm_sha != intel_sha
offending_node(sha256_node)
problem "sha256 values for different architectures should not be identical."
end
end
def_node_search :sha256_on_arch_stanzas, <<~PATTERN def_node_search :sha256_on_arch_stanzas, <<~PATTERN
$(block $(block
(send nil? ${:on_intel :on_arm}) (send nil? ${:on_intel :on_arm})

10
Library/Homebrew/test/rubocops/cask/on_system_conditionals_spec.rb
View File

@ -105,6 +105,16 @@ RSpec.describe RuboCop::Cop::Cask::OnSystemConditionals, :config do
CASK CASK
end end
it "reports an offense when `sha256` has identical values for different architectures" do
expect_offense <<~CASK
cask 'foo' do
sha256 arm: "5f42cb017dd07270409eaee7c3b4a164ffa7c0f21d85c65840c4f81aab21d457",
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ sha256 values for different architectures should not be identical.
intel: "5f42cb017dd07270409eaee7c3b4a164ffa7c0f21d85c65840c4f81aab21d457"
end
CASK
end
it "accepts when there is only one `on_arch` block" do it "accepts when there is only one `on_arch` block" do
expect_no_offenses <<~CASK expect_no_offenses <<~CASK
cask 'foo' do cask 'foo' do