more stringent auditing of checksums

Closes Homebrew/homebrew#10213.

Signed-off-by: Jack Nagel <jacknagel@gmail.com>

1 files changed, 16 insertions, 3 deletions

diff --git a/Library/Homebrew/cmd/audit.rb b/Library/Homebrew/cmd/audit.rb
index 843d19437..99dc3a979 100755
--- a/Library/Homebrew/cmd/audit.rb
+++ b/Library/Homebrew/cmd/audit.rb
@@ -75,18 +75,31 @@ def audit_formula_text name, text
   end
 
   # Empty checksums
-  if text =~ /md5\s+(\'\'|\"\")/
+  if text =~ /md5\s+(''|"")/
     problems << " * md5 is empty"
   end
 
-  if text =~ /sha1\s+(\'\'|\"\")/
+  if text =~ /sha1\s+(''|"")/
     problems << " * sha1 is empty"
   end
 
-  if text =~ /sha256\s+(\'\'|\"\")/
+  if text =~ /sha256\s+(''|"")/
     problems << " * sha256 is empty"
   end
 
+  # Checksum sanity check
+  if text =~ /md5\s+['"](.+)['"]/ and $1 != '#{md5}' and $1 !~ /[a-f0-9]{32}/
+    problems << " * md5 contains invalid or incorrect number of characters"
+  end
+
+  if text =~ /sha1\s+['"](.+)['"]/ and $1 != '#{sha1}' and $1 !~ /[a-f0-9]{40}/
+    problems << " * sha1 contains invalid or incorrect number of characters"
+  end
+
+  if text =~ /sha256\s+['"](.+)['"]/ and $1 != '#{sha256}' and $1 !~ /[a-f0-9]{64}/
+    problems << " * sha256 contains invalid or incorrect number of characters"
+  end
+
   # Commented-out depends_on
   if text =~ /#\s*depends_on\s+(.+)\s*$/
     problems << " * Commented-out dep #{$1}."