Parse Formula/Cask Descriptions From Source Code

[apainintheneck]

Currently there are issues in core that are related to evaluating the package files for formulas and casks en masse. The problem here is that since they are really just Ruby files with limited to no sandboxing they can potentially run untrusted code and compromise your system.

For that reason there is the whole extra level of complexity with commands like brew desc when it comes to evaluating all package files. I wonder how simple it would be to just parse that info from the package files themselves using either the ripper or parser libraries. This is a potential workaround for the problem that could allow us to get the desired information without the same security concerns.

[apainintheneck]

The easiest thing to do here would be to just grep for the values since some parts of the package DSLs are so simple. For example, name and desc fall into that category. Beyond that, we could also try using ripper as mentioned above but it will have diminishing returns.

git grep --no-index -E '  (desc|name) "' -- '*.rb'

The commands that currently take --eval-all are:

• cmd
  • deps
  • desc
  • info
  • options
  • readall
  • search
  • tap
  • uses
• dev-cmd
  • audit
  • determine-test-runners
  • livecheck
  • unbottled