Audit: Regexp.escape formula names

We allow certain special regex characters in formula names, and if those aren't escaped when interpolating them into a regex, they'll be interpreted as special regex characters. This can cause regex compile errors on Ruby 1.8 (for example, with "libxml++3", which has nested match characters), and more subtle matching bugs in general. Refs an issue surfaced in Homebrew/homebrew#48744. Closes Homebrew/homebrew#49005. Signed-off-by: Misty De Meo <mistydemeo@gmail.com>
author: Misty De Meo 2016-02-09 10:13:04 -0800
committer: Misty De Meo 2016-02-09 15:33:38 -0800
commit: 7b81066038d6b696c18c2468990bde1cd6c22845 (patch)
tree: e11b8dc9224547c327faa69093d42297c5dc1e01 /Library/Homebrew/cmd
parent: 09ab67895164d9cab5dfca0035b9e100b23b3c8b (diff)
download: brew-7b81066038d6b696c18c2468990bde1cd6c22845.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/Library/Homebrew/cmd/audit.rb b/Library/Homebrew/cmd/audit.rb
index 41e160473..f2dc78299 100644
--- a/Library/Homebrew/cmd/audit.rb
+++ b/Library/Homebrew/cmd/audit.rb
@@ -879,11 +879,11 @@ class FormulaAuditor
         problem "`#{$1}` is now unnecessary"
       end
 
-      if line =~ %r{#\{share\}/#{formula.name}[/'"]}
+      if line =~ %r{#\{share\}/#{Regexp.escape(formula.name)}[/'"]}
         problem "Use \#{pkgshare} instead of \#{share}/#{formula.name}"
       end
 
-      if line =~ %r{share/"#{formula.name}[/'"]}
+      if line =~ %r{share/"#{Regexp.escape(formula.name)}[/'"]}
         problem "Use pkgshare instead of (share/\"#{formula.name}\")"
       end
     end
author	Misty De Meo	2016-02-09 10:13:04 -0800
committer	Misty De Meo	2016-02-09 15:33:38 -0800
commit	7b81066038d6b696c18c2468990bde1cd6c22845 (patch)
tree	e11b8dc9224547c327faa69093d42297c5dc1e01 /Library/Homebrew/cmd
parent	09ab67895164d9cab5dfca0035b9e100b23b3c8b (diff)
download	brew-7b81066038d6b696c18c2468990bde1cd6c22845.tar.bz2