audit: check test system calls are fully scoped.

This doesn't matter for everything but it does for the binaries that are installed. Have a limited name/alias check when not installed and a better one that iterates bin/sbin if installed.
author: Mike McQuaid 2016-10-24 15:07:49 +0100
committer: Mike McQuaid 2016-10-29 17:53:05 -0400
commit: 0bd0fec6a6387b7155b0823b58874da72ecbc096 (patch)
tree: 66b367ac749963b1f524c0aedd47be0f2352e57b
parent: 9ab38dd751b306ff23fc39f5dca12a24eb1206fc (diff)
download: brew-0bd0fec6a6387b7155b0823b58874da72ecbc096.tar.bz2
1 files changed, 13 insertions, 0 deletions
diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index afa875bdb..b2d592389 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -725,6 +725,19 @@ class FormulaAuditor
       problem %q(use "xcodebuild *args" instead of "system 'xcodebuild', *args")
     end
 
+    bin_names = Set.new
+    bin_names << formula.name
+    bin_names += formula.aliases
+    [formula.bin, formula.sbin].each do |dir|
+      next unless dir.exist?
+      bin_names += dir.children.map(&:basename).map(&:to_s)
+    end
+    bin_names.each do |name|
+      if text =~ /test do.*system\s+['"]#{name}/m
+        problem %(fully scope test system calls e.g. system "\#{bin}/#{name}")
+      end
+    end
+
     if text =~ /xcodebuild[ (]["'*]/ && !text.include?("SYMROOT=")
       problem 'xcodebuild should be passed an explicit "SYMROOT"'
     end
author	Mike McQuaid	2016-10-24 15:07:49 +0100
committer	Mike McQuaid	2016-10-29 17:53:05 -0400
commit	0bd0fec6a6387b7155b0823b58874da72ecbc096 (patch)
tree	66b367ac749963b1f524c0aedd47be0f2352e57b
parent	9ab38dd751b306ff23fc39f5dca12a24eb1206fc (diff)
download	brew-0bd0fec6a6387b7155b0823b58874da72ecbc096.tar.bz2