You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there are issues in core that are related to evaluating the package files for formulas and casks en masse. The problem here is that since they are really just Ruby files with limited to no sandboxing they can potentially run untrusted code and compromise your system.
For that reason there is the whole extra level of complexity with commands like brew desc when it comes to evaluating all package files. I wonder how simple it would be to just parse that info from the package files themselves using either the ripper or parser libraries. This is a potential workaround for the problem that could allow us to get the desired information without the same security concerns.
The text was updated successfully, but these errors were encountered:
The easiest thing to do here would be to just grep for the values since some parts of the package DSLs are so simple. For example, name and desc fall into that category. Beyond that, we could also try using ripper as mentioned above but it will have diminishing returns.
Currently there are issues in core that are related to evaluating the package files for formulas and casks en masse. The problem here is that since they are really just Ruby files with limited to no sandboxing they can potentially run untrusted code and compromise your system.
For that reason there is the whole extra level of complexity with commands like
brew desc
when it comes to evaluating all package files. I wonder how simple it would be to just parse that info from the package files themselves using either the ripper or parser libraries. This is a potential workaround for the problem that could allow us to get the desired information without the same security concerns.The text was updated successfully, but these errors were encountered: