diff options
| author | JCount | 2017-03-13 18:11:33 -0400 |
|---|---|---|
| committer | JCount | 2017-03-16 17:37:22 -0400 |
| commit | 5e8a9fa3f36023c0c8bf37730020dbf6e293581b (patch) | |
| tree | 49b1571571ccb94036af2d71f80fd0b11d9ac4c4 /Library | |
| parent | b7e7b5b5c9eb2b4282fb1913fc59d85f9e1ac140 (diff) | |
| download | brew-5e8a9fa3f36023c0c8bf37730020dbf6e293581b.tar.bz2 | |
audit: online - limit download time based on HTTPS determination
Previously, the http_content_headers_and_checksum method always
downloaded the entire url, including headers. These downloads
periodically hang, outputting false positives or wreaking havoc on
the CI. Therefore, use curl's --max-time arg to prevent this by
setting a hard limit of 600 seconds when the entire file is going
to be used to detect whether the url can be changed to use the HTTPS
protocol instead of HTTP. Otherwise, if the url already is HTTPS, limit
the download time to 25 seconds since only the headers, not contents, matter.
Diffstat (limited to 'Library')
| -rw-r--r-- | Library/Homebrew/dev-cmd/audit.rb | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 1e3138559..677a52447 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -177,8 +177,9 @@ class FormulaAuditor details = nil user_agent = nil + hash_needed = url.start_with?("http:") user_agents.each do |ua| - details = http_content_headers_and_checksum(url, user_agent: ua) + details = http_content_headers_and_checksum(url, hash_needed: hash_needed, user_agent: ua) user_agent = ua break if details[:status].to_s.start_with?("2") end @@ -188,11 +189,11 @@ class FormulaAuditor return "The URL #{url} is not reachable (HTTP status code #{details[:status]})" end - return unless url.start_with? "http:" + return unless hash_needed secure_url = url.sub "http", "https" secure_details = - http_content_headers_and_checksum(secure_url, user_agent: user_agent) + http_content_headers_and_checksum(secure_url, hash_needed: true, user_agent: user_agent) if !details[:status].to_s.start_with?("2") || !secure_details[:status].to_s.start_with?("2") @@ -210,9 +211,10 @@ class FormulaAuditor "The URL #{url} could use HTTPS rather than HTTP" end - def self.http_content_headers_and_checksum(url, user_agent: :default) + def self.http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default) + max_time = hash_needed ? "600" : "25" args = curl_args( - extra_args: ["--connect-timeout", "15", "--include", url], + extra_args: ["--connect-timeout", "15", "--include", "--max-time", max_time, url], show_output: true, user_agent: user_agent, ) @@ -224,11 +226,13 @@ class FormulaAuditor status_code = headers[%r{HTTP\/.* (\d+)}, 1] end + output_hash = Digest::SHA256.digest(output) if hash_needed + { status: status_code, etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2], content_length: headers[/Content-Length: (\d+)/, 1], - file_hash: Digest::SHA256.digest(output), + file_hash: output_hash, } end |