diff options
| author | Misty De Meo | 2016-02-09 10:13:04 -0800 |
|---|---|---|
| committer | Misty De Meo | 2016-02-09 15:33:38 -0800 |
| commit | 7b81066038d6b696c18c2468990bde1cd6c22845 (patch) | |
| tree | e11b8dc9224547c327faa69093d42297c5dc1e01 /Library | |
| parent | 09ab67895164d9cab5dfca0035b9e100b23b3c8b (diff) | |
| download | brew-7b81066038d6b696c18c2468990bde1cd6c22845.tar.bz2 | |
Audit: Regexp.escape formula names
We allow certain special regex characters in formula names, and if
those aren't escaped when interpolating them into a regex, they'll be
interpreted as special regex characters.
This can cause regex compile errors on Ruby 1.8 (for example, with
"libxml++3", which has nested match characters), and more subtle
matching bugs in general.
Refs an issue surfaced in Homebrew/homebrew#48744.
Closes Homebrew/homebrew#49005.
Signed-off-by: Misty De Meo <mistydemeo@gmail.com>
Diffstat (limited to 'Library')
| -rw-r--r-- | Library/Homebrew/cmd/audit.rb | 4 | ||||
| -rw-r--r-- | Library/Homebrew/test/test_cmd_audit.rb | 11 |
2 files changed, 10 insertions, 5 deletions
diff --git a/Library/Homebrew/cmd/audit.rb b/Library/Homebrew/cmd/audit.rb index 41e160473..f2dc78299 100644 --- a/Library/Homebrew/cmd/audit.rb +++ b/Library/Homebrew/cmd/audit.rb @@ -879,11 +879,11 @@ class FormulaAuditor problem "`#{$1}` is now unnecessary" end - if line =~ %r{#\{share\}/#{formula.name}[/'"]} + if line =~ %r{#\{share\}/#{Regexp.escape(formula.name)}[/'"]} problem "Use \#{pkgshare} instead of \#{share}/#{formula.name}" end - if line =~ %r{share/"#{formula.name}[/'"]} + if line =~ %r{share/"#{Regexp.escape(formula.name)}[/'"]} problem "Use pkgshare instead of (share/\"#{formula.name}\")" end end diff --git a/Library/Homebrew/test/test_cmd_audit.rb b/Library/Homebrew/test/test_cmd_audit.rb index 0dbfbe5e6..ce37a2c8e 100644 --- a/Library/Homebrew/test/test_cmd_audit.rb +++ b/Library/Homebrew/test/test_cmd_audit.rb @@ -301,10 +301,9 @@ class FormulaAuditorTests < Homebrew::TestCase end # Regression test for https://github.com/Homebrew/homebrew/pull/48744 - # Formulae with "++" in their name would break the name check because of a - # regexp error: + # Formulae with "++" in their name would break various audit regexps: # Error: nested *?+ in regexp: /^libxml++3\s/ - def test_audit_desc_plus_plus_name + def test_audit_plus_plus_name fa = formula_auditor "foolibc++", <<-EOS.undent, :strict => true class Foolibcxx < Formula desc "foolibc++ is a test" @@ -315,5 +314,11 @@ class FormulaAuditorTests < Homebrew::TestCase fa.audit_desc assert_equal "Description shouldn't include the formula name", fa.problems.shift + + fa.audit_line 'ohai "#{share}/foolibc++"', 3 + assert_equal "Use \#{pkgshare} instead of \#{share}/foolibc++", fa.problems.shift + + fa.audit_line 'ohai share/"foolibc++"', 3 + assert_equal 'Use pkgshare instead of (share/"foolibc++")', fa.problems.shift end end |