mirrors/brew
1
0
Fork 0
mirror of https://github.com/Homebrew/brew.git synced 2025-07-14 16:09:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

cask audit: check allow_untrusted

Browse Source
This commit is contained in:
commitay 2018-03-25 15:30:16 +10:00
parent 6034caf9fb
commit 43244e7953
3 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Library/Homebrew/cask/lib/hbc/audit.rb
View File

@ -33,6 +33,7 @@ module Hbc
check_download check_download
check_single_pre_postflight check_single_pre_postflight
check_single_uninstall_zap check_single_uninstall_zap
check_untrusted_pkg
self self
rescue StandardError => e rescue StandardError => e
odebug "#{e.message}\n#{e.backtrace.join("\n")}" odebug "#{e.message}\n#{e.backtrace.join("\n")}"
@ -50,6 +51,18 @@ module Hbc
private private
def check_untrusted_pkg
odebug "Auditing pkg stanza: allow_untrusted"
return if @cask.sourcefile_path.nil?
tap = @cask.tap
return if tap.nil? || tap.user != "caskroom"
return unless cask.artifacts.any? { |k| k.is_a?(Hbc::Artifact::Pkg) && k.stanza_options.key?(:allow_untrusted) }
add_warning "allow_untrusted is not permitted in official Homebrew-Cask taps"
end
def check_single_pre_postflight def check_single_pre_postflight
odebug "Auditing preflight and postflight stanzas" odebug "Auditing preflight and postflight stanzas"

19
Library/Homebrew/test/cask/audit_spec.rb
View File

@ -91,6 +91,25 @@ describe Hbc::Audit, :cask do
end end
end end
describe "pkg allow_untrusted checks" do
let(:error_msg) { "allow_untrusted is not permitted in official Homebrew-Cask taps" }
context "when the Cask has no pkg stanza" do
let(:cask_token) { "basic-cask" }
it { should_not warn_with(error_msg) }
end
context "when the Cask does not have allow_untrusted" do
let(:cask_token) { "with-uninstall-pkgutil" }
it { should_not warn_with(error_msg) }
end
context "when the Cask has allow_untrusted" do
let(:cask_token) { "with-allow-untrusted" }
it { is_expected.to warn_with(error_msg) }
end
end
describe "preflight stanza checks" do describe "preflight stanza checks" do
let(:error_msg) { "only a single preflight stanza is allowed" } let(:error_msg) { "only a single preflight stanza is allowed" }

11
Library/Homebrew/test/support/fixtures/cask/Casks/with-allow-untrusted.rb Normal file
View File

@ -0,0 +1,11 @@
cask 'with-allow-untrusted' do
version '1.2.3'
sha256 '8c62a2b791cf5f0da6066a0a4b6e85f62949cd60975da062df44adf887f4370b'
url "file://#{TEST_FIXTURE_DIR}/cask/MyFancyPkg.zip"
homepage 'http://example.com/fancy-pkg'
pkg 'Fancy.pkg', allow_untrusted: true
uninstall pkgutil: 'my.fancy.package.*'
end