brew/Library/Homebrew/test/rubocops/shell_commands_spec.rb

# frozen_string_literal: true

require "rubocops/shell_commands"

module RuboCop
  module Cop
    module Homebrew
      ::RSpec.describe ShellCommands do
        subject(:cop) { described_class.new }

        context "when auditing shell commands" do
          it "reports and corrects an offense when `system` arguments should be separated" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  system "foo bar"
                         ^^^^^^^^^ Homebrew/ShellCommands: Separate `system` commands into `"foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  system "foo", "bar"
                end
              end
            RUBY
          end

          it "reports and corrects an offense when `system` arguments involving interpolation should be separated" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  system "\#{bin}/foo bar"
                         ^^^^^^^^^^^^^^^^ Homebrew/ShellCommands: Separate `system` commands into `"\#{bin}/foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  system "\#{bin}/foo", "bar"
                end
              end
            RUBY
          end

          it "reports no offenses when `system` with metacharacter arguments are called" do
            expect_no_offenses(<<~RUBY)
              class Foo < Formula
                def install
                  system "foo bar > baz"
                end
              end
            RUBY
          end

          it "reports no offenses when trailing arguments to `system` are unseparated" do
            expect_no_offenses(<<~RUBY)
              class Foo < Formula
                def install
                  system "foo", "bar baz"
                end
              end
            RUBY
          end

          it "reports no offenses when `Utils.popen` arguments are unseparated" do
            expect_no_offenses(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen("foo bar")
                end
              end
            RUBY
          end

          it "reports and corrects an offense when `Utils.popen_read` arguments are unseparated" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read("foo bar")
                                   ^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_read` commands into `"foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read("foo", "bar")
                end
              end
            RUBY
          end

          it "reports and corrects an offense when `Utils.safe_popen_read` arguments are unseparated" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.safe_popen_read("foo bar")
                                        ^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.safe_popen_read` commands into `"foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.safe_popen_read("foo", "bar")
                end
              end
            RUBY
          end

          it "reports and corrects an offense when `Utils.popen_write` arguments are unseparated" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_write("foo bar")
                                    ^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_write` commands into `"foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_write("foo", "bar")
                end
              end
            RUBY
          end

          it "reports and corrects an offense when `Utils.safe_popen_write` arguments are unseparated" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.safe_popen_write("foo bar")
                                         ^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.safe_popen_write` commands into `"foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.safe_popen_write("foo", "bar")
                end
              end
            RUBY
          end

          it "reports and corrects an offense when `Utils.popen_read` arguments with interpolation are unseparated" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read("\#{bin}/foo bar")
                                   ^^^^^^^^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_read` commands into `"\#{bin}/foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read("\#{bin}/foo", "bar")
                end
              end
            RUBY
          end

          it "reports no offenses when `Utils.popen_read` arguments with metacharacters are unseparated" do
            expect_no_offenses(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read("foo bar > baz")
                end
              end
            RUBY
          end

          it "reports no offenses when trailing arguments to `Utils.popen_read` are unseparated" do
            expect_no_offenses(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read("foo", "bar baz")
                end
              end
            RUBY
          end

          it "reports and corrects an offense when `Utils.popen_read` arguments are unseparated after a shell env" do
            expect_offense(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read({ "SHELL" => "bash"}, "foo bar")
                                                         ^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_read` commands into `"foo", "bar"`
                end
              end
            RUBY

            expect_correction(<<~RUBY)
              class Foo < Formula
                def install
                  Utils.popen_read({ "SHELL" => "bash"}, "foo", "bar")
                end
              end
            RUBY
          end
        end
      end

      ::RSpec.describe ExecShellMetacharacters do
        subject(:cop) { described_class.new }

        context "when auditing exec calls" do
          it "reports aan offense when output piping is used" do
            expect_offense(<<~RUBY)
              fork do
                exec "foo bar > output"
                     ^^^^^^^^^^^^^^^^^^ Homebrew/ExecShellMetacharacters: Don't use shell metacharacters in `exec`. Implement the logic in Ruby instead, using methods like `$stdout.reopen`.
              end
            RUBY
          end

          it "reports no offenses when no metacharacters are used" do
            expect_no_offenses(<<~RUBY)
              fork do
                exec "foo bar"
              end
            RUBY
          end
        end
      end
    end
  end
end
style: remove RSpec/MultipleDescribes violations Co-authored-by: Nanda H Krishna <nanda.harishankar@gmail.com> 2021-01-31 14:50:29 -05:00			`# frozen_string_literal: true`

Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`require "rubocops/shell_commands"`
style: remove RSpec/MultipleDescribes violations Co-authored-by: Nanda H Krishna <nanda.harishankar@gmail.com> 2021-01-31 14:50:29 -05:00
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`module RuboCop`
			`module Cop`
Add cop for IO.read usage 2021-04-14 16:08:37 +01:00			`module Homebrew`
Turn on disable_monkey_patching 2024-02-18 15:17:25 -08:00			`::RSpec.describe ShellCommands do`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`subject(:cop) { described_class.new }`

			`context "when auditing shell commands" do`
			it "reports and corrects an offense when `system` arguments should be separated" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`system "foo bar"`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^ Homebrew/ShellCommands: Separate `system` commands into `"foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`system "foo", "bar"`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports and corrects an offense when `system` arguments involving interpolation should be separated" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`system "\#{bin}/foo bar"`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^^^^^^^^ Homebrew/ShellCommands: Separate `system` commands into `"\#{bin}/foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`system "\#{bin}/foo", "bar"`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports no offenses when `system` with metacharacter arguments are called" do
			`expect_no_offenses(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`system "foo bar > baz"`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports no offenses when trailing arguments to `system` are unseparated" do
			`expect_no_offenses(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`system "foo", "bar baz"`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports no offenses when `Utils.popen` arguments are unseparated" do
			`expect_no_offenses(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen("foo bar")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports and corrects an offense when `Utils.popen_read` arguments are unseparated" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read("foo bar")`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_read` commands into `"foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read("foo", "bar")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports and corrects an offense when `Utils.safe_popen_read` arguments are unseparated" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.safe_popen_read("foo bar")`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.safe_popen_read` commands into `"foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.safe_popen_read("foo", "bar")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports and corrects an offense when `Utils.popen_write` arguments are unseparated" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_write("foo bar")`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_write` commands into `"foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_write("foo", "bar")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports and corrects an offense when `Utils.safe_popen_write` arguments are unseparated" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.safe_popen_write("foo bar")`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.safe_popen_write` commands into `"foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.safe_popen_write("foo", "bar")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports and corrects an offense when `Utils.popen_read` arguments with interpolation are unseparated" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read("\#{bin}/foo bar")`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_read` commands into `"\#{bin}/foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read("\#{bin}/foo", "bar")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports no offenses when `Utils.popen_read` arguments with metacharacters are unseparated" do
			`expect_no_offenses(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read("foo bar > baz")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports no offenses when trailing arguments to `Utils.popen_read` are unseparated" do
			`expect_no_offenses(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read("foo", "bar baz")`
			`end`
			`end`
			`RUBY`
			`end`

			it "reports and corrects an offense when `Utils.popen_read` arguments are unseparated after a shell env" do
			`expect_offense(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read({ "SHELL" => "bash"}, "foo bar")`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^ Homebrew/ShellCommands: Separate `Utils.popen_read` commands into `"foo", "bar"`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`end`
			`RUBY`

			`expect_correction(<<~RUBY)`
			`class Foo < Formula`
			`def install`
			`Utils.popen_read({ "SHELL" => "bash"}, "foo", "bar")`
			`end`
			`end`
			`RUBY`
			`end`
			`end`
			`end`

Turn on disable_monkey_patching 2024-02-18 15:17:25 -08:00			`::RSpec.describe ExecShellMetacharacters do`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`subject(:cop) { described_class.new }`

			`context "when auditing exec calls" do`
			`it "reports aan offense when output piping is used" do`
			`expect_offense(<<~RUBY)`
			`fork do`
			`exec "foo bar > output"`
Say yes to RuboCop's `DisplayCopNames`; fix test expectations - Fixing the test expected output was unbelievably tedious. - There's been debate about this setting being `false` but in https://github.com/Homebrew/brew/pull/15136#issuecomment-1500063225 we decided that it was worth using the default since RuboCop behaviour changed so we'd have had to do some horrible things to keep it as `false` - https://github.com/Homebrew/brew/pull/15136#issuecomment-1500037278 - and multiple maintainers specify the `--display-cop-names` option to `brew style` themselves since it's clearer what's gone wrong. 2023-04-07 17:16:48 +01:00			^^^^^^^^^^^^^^^^^^ Homebrew/ExecShellMetacharacters: Don't use shell metacharacters in `exec`. Implement the logic in Ruby instead, using methods like `$stdout.reopen`.
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`end`
			`RUBY`
			`end`

			`it "reports no offenses when no metacharacters are used" do`
			`expect_no_offenses(<<~RUBY)`
			`fork do`
			`exec "foo bar"`
			`end`
			`RUBY`
			`end`
			`end`
			`end`
style: remove RSpec/MultipleDescribes violations Co-authored-by: Nanda H Krishna <nanda.harishankar@gmail.com> 2021-01-31 14:50:29 -05:00			`end`
			`end`
			`end`