diff options
| author | Gautham Goli | 2017-07-20 01:51:43 +0530 |
|---|---|---|
| committer | Gautham Goli | 2017-07-25 19:06:36 +0530 |
| commit | 2639b6c556fb702bf0697d47cd19f614a83b5f47 (patch) | |
| tree | 1f0176e2520eeff6779514da33a43178276cfb52 /Library/Homebrew/dev-cmd/audit.rb | |
| parent | 7041f7eb00004335c026236885f84bd8c0018c0d (diff) | |
| download | brew-2639b6c556fb702bf0697d47cd19f614a83b5f47.tar.bz2 | |
audit: Update Urls Cop with more rules of audit_urls and corresponding tests
Diffstat (limited to 'Library/Homebrew/dev-cmd/audit.rb')
| -rw-r--r-- | Library/Homebrew/dev-cmd/audit.rb | 114 |
1 files changed, 0 insertions, 114 deletions
diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 327c3e811..b15d719d2 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1283,120 +1283,6 @@ class ResourceAuditor def audit_urls urls = [url] + mirrors - # Prefer HTTP/S when possible over FTP protocol due to possible firewalls. - urls.each do |p| - case p - when %r{^ftp://ftp\.mirrorservice\.org} - problem "Please use https:// for #{p}" - when %r{^ftp://ftp\.cpan\.org/pub/CPAN(.*)}i - problem "#{p} should be `http://search.cpan.org/CPAN#{Regexp.last_match(1)}`" - end - end - - # Check SourceForge urls - urls.each do |p| - # Skip if the URL looks like a SVN repo - next if p.include? "/svnroot/" - next if p.include? "svn.sourceforge" - - # Is it a sourceforge http(s) URL? - next unless p =~ %r{^https?://.*\b(sourceforge|sf)\.(com|net)} - - if p =~ /(\?|&)use_mirror=/ - problem "Don't use #{Regexp.last_match(1)}use_mirror in SourceForge urls (url is #{p})." - end - - if p.end_with?("/download") - problem "Don't use /download in SourceForge urls (url is #{p})." - end - - if p =~ %r{^https?://sourceforge\.} - problem "Use https://downloads.sourceforge.net to get geolocation (url is #{p})." - end - - if p =~ %r{^https?://prdownloads\.} - problem "Don't use prdownloads in SourceForge urls (url is #{p}).\n" \ - "\tSee: http://librelist.com/browser/homebrew/2011/1/12/prdownloads-is-bad/" - end - - if p =~ %r{^http://\w+\.dl\.} - problem "Don't use specific dl mirrors in SourceForge urls (url is #{p})." - end - - problem "Please use https:// for #{p}" if p.start_with? "http://downloads" - end - - # Debian has an abundance of secure mirrors. Let's not pluck the insecure - # one out of the grab bag. - urls.each do |u| - next unless u =~ %r{^http://http\.debian\.net/debian/(.*)}i - problem <<-EOS.undent - Please use a secure mirror for Debian URLs. - We recommend: - https://mirrors.ocf.berkeley.edu/debian/#{Regexp.last_match(1)} - EOS - end - - # Check for Google Code download urls, https:// is preferred - # Intentionally not extending this to SVN repositories due to certificate - # issues. - urls.grep(%r{^http://.*\.googlecode\.com/files.*}) do |u| - problem "Please use https:// for #{u}" - end - - # Check for new-url Google Code download urls, https:// is preferred - urls.grep(%r{^http://code\.google\.com/}) do |u| - problem "Please use https:// for #{u}" - end - - # Check for git:// GitHub repo urls, https:// is preferred. - urls.grep(%r{^git://[^/]*github\.com/}) do |u| - problem "Please use https:// for #{u}" - end - - # Check for git:// Gitorious repo urls, https:// is preferred. - urls.grep(%r{^git://[^/]*gitorious\.org/}) do |u| - problem "Please use https:// for #{u}" - end - - # Check for http:// GitHub repo urls, https:// is preferred. - urls.grep(%r{^http://github\.com/.*\.git$}) do |u| - problem "Please use https:// for #{u}" - end - - # Check for master branch GitHub archives. - urls.grep(%r{^https://github\.com/.*archive/master\.(tar\.gz|zip)$}) do - problem "Use versioned rather than branch tarballs for stable checksums." - end - - # Use new-style archive downloads - urls.each do |u| - next unless u =~ %r{https://.*github.*/(?:tar|zip)ball/} && u !~ /\.git$/ - problem "Use /archive/ URLs for GitHub tarballs (url is #{u})." - end - - # Don't use GitHub .zip files - urls.each do |u| - next unless u =~ %r{https://.*github.*/(archive|releases)/.*\.zip$} && u !~ %r{releases/download} - problem "Use GitHub tarballs rather than zipballs (url is #{u})." - end - - # Don't use GitHub codeload URLs - urls.each do |u| - next unless u =~ %r{https?://codeload\.github\.com/(.+)/(.+)/(?:tar\.gz|zip)/(.+)} - problem <<-EOS.undent - use GitHub archive URLs: - https://github.com/#{Regexp.last_match(1)}/#{Regexp.last_match(2)}/archive/#{Regexp.last_match(3)}.tar.gz - Rather than codeload: - #{u} - EOS - end - - # Check for Maven Central urls, prefer HTTPS redirector over specific host - urls.each do |u| - next unless u =~ %r{https?://(?:central|repo\d+)\.maven\.org/maven2/(.+)$} - problem "#{u} should be `https://search.maven.org/remotecontent?filepath=#{Regexp.last_match(1)}`" - end if name == "curl" && !urls.find { |u| u.start_with?("http://") } problem "should always include at least one HTTP url" |