Module: Patch Private
- Defined in:
- patch.rb
Overview
This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.
Helper module for creating patches.
Constant Summary collapse
- CVE_PATTERN =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
/CVE-?(\d{4})-(\d{4,})/i- GHSA_PATTERN =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
/\AGHSA(-[23456789cfghjmpqrvwx]{4}){3}\z/- TYPES =
This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.
CycloneDX
pedigree.patches.typevalues applicable to source diffs.monkeyis omitted: it describes runtime modification, whichpatch docannot express. Keep in sync withPATCH_TYPESinLibrary/Homebrew/rubocops/patches.rb. T.let({ unofficial: "A patch that has not been developed by the upstream maintainers " \ "(e.g. a Homebrew- or distribution-specific build fix).", backport: "A patch that takes code from a newer version of the software and " \ "applies it to the older version Homebrew ships (e.g. an unreleased " \ "upstream security fix).", cherry_pick: "A patch created by selectively applying upstream commits that are " \ "not strictly from a newer release (e.g. a fix from a maintenance branch).", }.freeze, T::Hash[Symbol, String])
Class Method Summary collapse
- .create(strip, src, &block) ⇒ EmbeddedPatch, ExternalPatch private
-
.ensure_targets_within!(text, strip:, base:) ⇒ void
private
Reject patch target paths (absolute or
..-traversing) that escape the staged source tree. - .extract_cves(*strings) ⇒ Array<String> private
- .resolves_type(id) ⇒ String private
Class Method Details
.create(strip, src, &block) ⇒ EmbeddedPatch, ExternalPatch
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'patch.rb', line 72 def self.create(strip, src, &block) case strip when :DATA DATAPatch.new(:p1) when String StringPatch.new(:p1, strip) when Symbol case src when :DATA DATAPatch.new(strip) when String StringPatch.new(strip, src) else external_patch = ExternalPatch.new(strip, &block) resource = external_patch.resource if (file = resource.file) raise ArgumentError, "Patch cannot have both `file` and `url`." if resource.url.present? raise ArgumentError, "Patch cannot use `sha256` with `file`." if resource.checksum raise ArgumentError, "Patch cannot use `apply` with `file`." if resource.patch_files.present? LocalPatch.new(strip, file, resource.directory, resolves: resource.resolves, type: resource.type) else external_patch end end end end |
.ensure_targets_within!(text, strip:, base:) ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
This method returns an undefined value.
Reject patch target paths (absolute or ..-traversing) that escape the staged source tree.
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'patch.rb', line 45 def self.ensure_targets_within!(text, strip:, base:) # Resolve targets with `patch --dry-run` so containment matches what `patch` # actually writes, covering `Index:`/`====` and non-selected context headers. output = with_env(LC_ALL: "C", LANG: "C") do base.cd do Utils.popen_write("patch", "-g", "0", "-f", "-#{strip}", "--dry-run", err: :out) { |p| p.write(text) } end end output.each_line do |line| next unless (target = line.chomp[/\A(?:patching|checking) file (.+)\z/, 1]) target = target.delete_prefix("'").delete_suffix("'") if target.start_with?("'") && target.end_with?("'") Utils::Path.ensure_child_of!( base, base/target, message: "Patch target path escapes the staged source tree: #{target}" ) end end |
.extract_cves(*strings) ⇒ Array<String>
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
30 31 32 33 34 |
# File 'patch.rb', line 30 def self.extract_cves(*strings) strings.flat_map { |s| s.scan(CVE_PATTERN) } .map { |year, id| "CVE-#{year}-#{id}" } .uniq end |
.resolves_type(id) ⇒ String
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
37 38 39 40 41 |
# File 'patch.rb', line 37 def self.resolves_type(id) return "security" if id.match?(/\ACVE-\d{4}-\d{4,}\z/) || id.match?(GHSA_PATTERN) "defect" end |