Module: Patch Private

Defined in:
patch.rb

Overview

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Helper module for creating patches.

Constant Summary collapse

CVE_PATTERN =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

/CVE-?(\d{4})-(\d{4,})/i
GHSA_PATTERN =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

/\AGHSA(-[23456789cfghjmpqrvwx]{4}){3}\z/
TYPES =

This constant is part of a private API. This constant may only be used in the Homebrew/brew repository. Third parties should avoid using this constant if possible, as it may be removed or changed without warning.

CycloneDX pedigree.patches.type values applicable to source diffs. monkey is omitted: it describes runtime modification, which patch do cannot express. Keep in sync with PATCH_TYPES in Library/Homebrew/rubocops/patches.rb.

T.let({
  unofficial:  "A patch that has not been developed by the upstream maintainers " \
               "(e.g. a Homebrew- or distribution-specific build fix).",
  backport:    "A patch that takes code from a newer version of the software and " \
               "applies it to the older version Homebrew ships (e.g. an unreleased " \
               "upstream security fix).",
  cherry_pick: "A patch created by selectively applying upstream commits that are " \
               "not strictly from a newer release (e.g. a fix from a maintenance branch).",
}.freeze, T::Hash[Symbol, String])

Class Method Summary collapse

Class Method Details

.create(strip, src, &block) ⇒ EmbeddedPatch, ExternalPatch

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# File 'patch.rb', line 72

def self.create(strip, src, &block)
  case strip
  when :DATA
    DATAPatch.new(:p1)
  when String
    StringPatch.new(:p1, strip)
  when Symbol
    case src
    when :DATA
      DATAPatch.new(strip)
    when String
      StringPatch.new(strip, src)
    else
      external_patch = ExternalPatch.new(strip, &block)
      resource = external_patch.resource
      if (file = resource.file)
        raise ArgumentError, "Patch cannot have both `file` and `url`." if resource.url.present?
        raise ArgumentError, "Patch cannot use `sha256` with `file`." if resource.checksum
        raise ArgumentError, "Patch cannot use `apply` with `file`." if resource.patch_files.present?

        LocalPatch.new(strip, file, resource.directory, resolves: resource.resolves, type: resource.type)
      else
        external_patch
      end
    end
  end
end

.ensure_targets_within!(text, strip:, base:) ⇒ void

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

This method returns an undefined value.

Reject patch target paths (absolute or ..-traversing) that escape the staged source tree.

Parameters:



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# File 'patch.rb', line 45

def self.ensure_targets_within!(text, strip:, base:)
  # Resolve targets with `patch --dry-run` so containment matches what `patch`
  # actually writes, covering `Index:`/`====` and non-selected context headers.
  output = with_env(LC_ALL: "C", LANG: "C") do
    base.cd do
      Utils.popen_write("patch", "-g", "0", "-f", "-#{strip}", "--dry-run", err: :out) { |p| p.write(text) }
    end
  end

  output.each_line do |line|
    next unless (target = line.chomp[/\A(?:patching|checking) file (.+)\z/, 1])

    target = target.delete_prefix("'").delete_suffix("'") if target.start_with?("'") && target.end_with?("'")
    Utils::Path.ensure_child_of!(
      base, base/target,
      message: "Patch target path escapes the staged source tree: #{target}"
    )
  end
end

.extract_cves(*strings) ⇒ Array<String>

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



30
31
32
33
34
# File 'patch.rb', line 30

def self.extract_cves(*strings)
  strings.flat_map { |s| s.scan(CVE_PATTERN) }
         .map { |year, id| "CVE-#{year}-#{id}" }
         .uniq
end

.resolves_type(id) ⇒ String

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Parameters:

Returns:



37
38
39
40
41
# File 'patch.rb', line 37

def self.resolves_type(id)
  return "security" if id.match?(/\ACVE-\d{4}-\d{4,}\z/) || id.match?(GHSA_PATTERN)

  "defect"
end