Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
brew style
with your changes locally?brew typecheck
with your changes locally?brew tests
with your changes locally?IO.read
can allow arbitrary command execution. Since we know we only want to read files,File.read
is safer here for security.The usage of
IO.read
in the cases here weren't particularly exploitable - they mostly required there to be JSON files in the working directory with maliciously crafted filenames. Not knowing what's in your working directory when runningbrew pr-upload
orbrew bottle --merge
isn't a situation I expect anyone to ever be in and it would require some extreme levels of social engineering to trick someone into thinking a funky looking JSON file is ok. A formula file with a maliciously crafted name should also never get any further than the CI, where exploits have negligible impact due to the fact you can just run arbitrary Ruby code.