brew/Library/Homebrew/rubocops/shell_commands.rb

# typed: strict
# frozen_string_literal: true

require "extend/array"
require "rubocops/shared/helper_functions"
require "shellwords"

module RuboCop
  module Cop
    module Homebrew
      # https://github.com/ruby/ruby/blob/v2_6_3/process.c#L2430-L2460
      SHELL_BUILTINS = %w[
        !
        .
        :
        break
        case
        continue
        do
        done
        elif
        else
        esac
        eval
        exec
        exit
        export
        fi
        for
        if
        in
        readonly
        return
        set
        shift
        then
        times
        trap
        unset
        until
        while
      ].freeze
      private_constant :SHELL_BUILTINS

      # https://github.com/ruby/ruby/blob/v2_6_3/process.c#L2495
      SHELL_METACHARACTERS = %W[* ? { } [ ] < > ( ) ~ & | \\ $ ; ' ` " \n #].freeze
      private_constant :SHELL_METACHARACTERS

      # This cop makes sure that shell command arguments are separated.
      class ShellCommands < Base
        include HelperFunctions
        extend AutoCorrector

        MSG = "Separate `%<method>s` commands into `%<good_args>s`"

        TARGET_METHODS = [
          [nil, :system],
          [nil, :safe_system],
          [nil, :quiet_system],
          [:Utils, :popen_read],
          [:Utils, :safe_popen_read],
          [:Utils, :popen_write],
          [:Utils, :safe_popen_write],
        ].freeze
        private_constant :TARGET_METHODS

        RESTRICT_ON_SEND = T.let(
          TARGET_METHODS.map(&:second).uniq.freeze,
          T::Array[T.nilable(Symbol)],
        )

        sig { params(node: RuboCop::AST::SendNode).void }
        def on_send(node)
          TARGET_METHODS.each do |target_class, target_method|
            next if node.method_name != target_method

            target_receivers = if target_class.nil?
              [nil, s(:const, nil, :Kernel), s(:const, nil, :Homebrew)]
            else
              [s(:const, nil, target_class)]
            end
            next unless target_receivers.include?(node.receiver)

            first_arg = node.arguments.first
            arg_count = node.arguments.count
            if first_arg&.hash_type? # popen methods allow env hash
              first_arg = node.arguments.second
              arg_count -= 1
            end
            next if first_arg.nil? || arg_count >= 2

            first_arg_str = string_content(first_arg)
            stripped_first_arg_str = string_content(first_arg, strip_dynamic: true)

            split_args = first_arg_str.shellsplit
            next if split_args.count <= 1

            # Only separate when no shell metacharacters are present
            command = split_args.first
            next if SHELL_BUILTINS.any?(command)
            next if command&.include?("=")
            next if SHELL_METACHARACTERS.any? { |meta| stripped_first_arg_str.include?(meta) }

            good_args = split_args.map { |arg| "\"#{arg}\"" }.join(", ")
            method_string = if target_class
              "#{target_class}.#{target_method}"
            else
              target_method.to_s
            end
            add_offense(first_arg, message: format(MSG, method: method_string, good_args:)) do |corrector|
              corrector.replace(first_arg.source_range, good_args)
            end
          end
        end
      end

      # This cop disallows shell metacharacters in `exec` calls.
      class ExecShellMetacharacters < Base
        include HelperFunctions

        MSG = "Don't use shell metacharacters in `exec`. " \
              "Implement the logic in Ruby instead, using methods like `$stdout.reopen`."

        RESTRICT_ON_SEND = [:exec].freeze

        sig { params(node: RuboCop::AST::SendNode).void }
        def on_send(node)
          return if node.receiver.present? && node.receiver != s(:const, nil, :Kernel)
          return if node.arguments.count != 1

          stripped_arg_str = string_content(node.arguments.first, strip_dynamic: true)
          command = string_content(node.arguments.first).shellsplit.first

          return if SHELL_BUILTINS.none?(command) &&
                    !command&.include?("=") &&
                    SHELL_METACHARACTERS.none? { |meta| stripped_arg_str.include?(meta) }

          add_offense(node.arguments.first, message: MSG)
        end
      end
    end
  end
end
More Sorbet `typed: strict` RuboCops - Some of these I bumped to `typed: strict`, some of them I added intermediary type signatures to some of the methods to make my life easier in the (near, hopefully) future. - Turns out that RuboCop node matchers that end in `?` can return `nil` if they don't match anything, not `false`. 2025-02-01 23:54:35 +00:00			`# typed: strict`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`# frozen_string_literal: true`

Add File.atomic_write to extend/ 2024-01-11 15:13:12 -08:00			`require "extend/array"`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`require "rubocops/shared/helper_functions"`
rubocops/shell_commands: fix missing require 2022-11-05 21:27:52 +00:00			`require "shellwords"`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00
			`module RuboCop`
			`module Cop`
Add cop for IO.read usage 2021-04-14 16:08:37 +01:00			`module Homebrew`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`# https://github.com/ruby/ruby/blob/v2_6_3/process.c#L2430-L2460`
			`SHELL_BUILTINS = %w[`
			`!`
			`.`
			`:`
			`break`
			`case`
			`continue`
			`do`
			`done`
			`elif`
			`else`
			`esac`
			`eval`
			`exec`
			`exit`
			`export`
			`fi`
			`for`
			`if`
			`in`
			`readonly`
			`return`
			`set`
			`shift`
			`then`
			`times`
			`trap`
			`unset`
			`until`
			`while`
			`].freeze`
Warn about undocumented non-private APIs. 2024-04-26 20:55:51 +02:00			`private_constant :SHELL_BUILTINS`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00
			`# https://github.com/ruby/ruby/blob/v2_6_3/process.c#L2495`
			SHELL_METACHARACTERS = %W[* ? { } [ ] < > ( ) ~ & \| \\ $ ; ' ` " \n #].freeze
Warn about undocumented non-private APIs. 2024-04-26 20:55:51 +02:00			`private_constant :SHELL_METACHARACTERS`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`# This cop makes sure that shell command arguments are separated.`
			`class ShellCommands < Base`
			`include HelperFunctions`
			`extend AutoCorrector`

			MSG = "Separate `%<method>s` commands into `%<good_args>s`"

			`TARGET_METHODS = [`
			`[nil, :system],`
			`[nil, :safe_system],`
			`[nil, :quiet_system],`
			`[:Utils, :popen_read],`
			`[:Utils, :safe_popen_read],`
			`[:Utils, :popen_write],`
			`[:Utils, :safe_popen_write],`
			`].freeze`
Warn about undocumented non-private APIs. 2024-04-26 20:55:51 +02:00			`private_constant :TARGET_METHODS`

More Sorbet `typed: strict` RuboCops - Some of these I bumped to `typed: strict`, some of them I added intermediary type signatures to some of the methods to make my life easier in the (near, hopefully) future. - Turns out that RuboCop node matchers that end in `?` can return `nil` if they don't match anything, not `false`. 2025-02-01 23:54:35 +00:00			`RESTRICT_ON_SEND = T.let(`
			`TARGET_METHODS.map(&:second).uniq.freeze,`
			`T::Array[T.nilable(Symbol)],`
			`)`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00
More Sorbet `typed: strict` RuboCops - Some of these I bumped to `typed: strict`, some of them I added intermediary type signatures to some of the methods to make my life easier in the (near, hopefully) future. - Turns out that RuboCop node matchers that end in `?` can return `nil` if they don't match anything, not `false`. 2025-02-01 23:54:35 +00:00			`sig { params(node: RuboCop::AST::SendNode).void }`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`def on_send(node)`
			`TARGET_METHODS.each do \|target_class, target_method\|`
brew style --fix 2023-04-18 15:06:50 -07:00			`next if node.method_name != target_method`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00
			`target_receivers = if target_class.nil?`
			`[nil, s(:const, nil, :Kernel), s(:const, nil, :Homebrew)]`
			`else`
			`[s(:const, nil, target_class)]`
			`end`
			`next unless target_receivers.include?(node.receiver)`

			`first_arg = node.arguments.first`
			`arg_count = node.arguments.count`
			`if first_arg&.hash_type? # popen methods allow env hash`
			`first_arg = node.arguments.second`
			`arg_count -= 1`
			`end`
			`next if first_arg.nil? \|\| arg_count >= 2`

			`first_arg_str = string_content(first_arg)`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`stripped_first_arg_str = string_content(first_arg, strip_dynamic: true)`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00
			`split_args = first_arg_str.shellsplit`
			`next if split_args.count <= 1`

rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`# Only separate when no shell metacharacters are present`
			`command = split_args.first`
			`next if SHELL_BUILTINS.any?(command)`
			`next if command&.include?("=")`
			`next if SHELL_METACHARACTERS.any? { \|meta\| stripped_first_arg_str.include?(meta) }`

Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`good_args = split_args.map { \|arg\| "\"#{arg}\"" }.join(", ")`
			`method_string = if target_class`
			`"#{target_class}.#{target_method}"`
			`else`
			`target_method.to_s`
			`end`
brew.rb: handle missing args. 2024-03-07 16:20:20 +00:00			`add_offense(first_arg, message: format(MSG, method: method_string, good_args:)) do \|corrector\|`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`corrector.replace(first_arg.source_range, good_args)`
			`end`
			`end`
			`end`
			`end`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00
			# This cop disallows shell metacharacters in `exec` calls.
			`class ExecShellMetacharacters < Base`
			`include HelperFunctions`

brew style --fix 2022-06-28 10:09:59 +01:00			MSG = "Don't use shell metacharacters in `exec`. " \
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			"Implement the logic in Ruby instead, using methods like `$stdout.reopen`."

			`RESTRICT_ON_SEND = [:exec].freeze`

More Sorbet `typed: strict` RuboCops - Some of these I bumped to `typed: strict`, some of them I added intermediary type signatures to some of the methods to make my life easier in the (near, hopefully) future. - Turns out that RuboCop node matchers that end in `?` can return `nil` if they don't match anything, not `false`. 2025-02-01 23:54:35 +00:00			`sig { params(node: RuboCop::AST::SendNode).void }`
rubocops/shell_commands: add cop for shell metacharacters in `exec` 2021-05-03 20:25:03 +01:00			`def on_send(node)`
			`return if node.receiver.present? && node.receiver != s(:const, nil, :Kernel)`
			`return if node.arguments.count != 1`

			`stripped_arg_str = string_content(node.arguments.first, strip_dynamic: true)`
			`command = string_content(node.arguments.first).shellsplit.first`

			`return if SHELL_BUILTINS.none?(command) &&`
			`!command&.include?("=") &&`
			`SHELL_METACHARACTERS.none? { \|meta\| stripped_arg_str.include?(meta) }`

			`add_offense(node.arguments.first, message: MSG)`
			`end`
			`end`
Promote shell commands audit to global cop 2021-03-17 15:27:26 +00:00			`end`
			`end`
			`end`