diff options
Diffstat (limited to 'Library/Homebrew/dev-cmd/audit.rb')
| -rw-r--r-- | Library/Homebrew/dev-cmd/audit.rb | 78 |
1 files changed, 37 insertions, 41 deletions
diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 170fb6d5f..d089f308d 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -201,7 +201,7 @@ class FormulaAuditor @specs = %w[stable devel head].map { |s| formula.send(s) }.compact end - def self.check_http_content(url, name, user_agents: [:default]) + def self.check_http_content(url, name, user_agents: [:default], check_content: false, strict: false) return unless url.start_with? "http" details = nil @@ -236,8 +236,32 @@ class FormulaAuditor details[:content_length] == secure_details[:content_length] file_match = details[:file_hash] == secure_details[:file_hash] - return if !etag_match && !content_length_match && !file_match - "The URL #{url} could use HTTPS rather than HTTP" + if etag_match || content_length_match || file_match + return "The URL #{url} should use HTTPS rather than HTTP" + end + + return unless check_content + + no_protocol_file_contents = %r{https?:\\?/\\?/} + details[:file] = details[:file].gsub(no_protocol_file_contents, "/") + secure_details[:file] = secure_details[:file].gsub(no_protocol_file_contents, "/") + + # Check for the same content after removing all protocols + if details[:file] == secure_details[:file] + return "The URL #{url} should use HTTPS rather than HTTP" + end + + return unless strict + + # Same size, different content after normalization + # (typical causes: Generated ID, Timestamp, Unix time) + if details[:file].length == secure_details[:file].length + return "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser." + end + + lenratio = (100 * secure_details[:file].length / details[:file].length).to_i + return unless (90..110).cover?(lenratio) + "The URL #{url} may be able to use HTTPS rather than HTTP. Please verify it in a browser." end def self.http_content_headers_and_checksum(url, hash_needed: false, user_agent: :default) @@ -260,6 +284,7 @@ class FormulaAuditor etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2], content_length: headers[/Content-Length: (\d+)/, 1], file_hash: output_hash, + file: output, } end @@ -412,7 +437,7 @@ class FormulaAuditor same_name_tap_formulae = @@local_official_taps_name_map[name] || [] if @online - Homebrew.search_taps(name).each do |tap_formula_full_name| + Homebrew.search_taps(name, silent: true).each do |tap_formula_full_name| tap_formula_name = tap_formula_full_name.split("/").last next if tap_formula_name != name same_name_tap_formulae << tap_formula_full_name @@ -566,7 +591,9 @@ class FormulaAuditor return unless DevelopmentTools.curl_handles_most_https_homepages? if http_content_problem = FormulaAuditor.check_http_content(homepage, formula.name, - user_agents: [:browser, :default]) + user_agents: [:browser, :default], + check_content: true, + strict: @strict) problem http_content_problem end end @@ -808,39 +835,6 @@ class FormulaAuditor end def line_problems(line, _lineno) - if line =~ /<(Formula|AmazonWebServicesFormula|ScriptFileFormula|GithubGistFormula)/ - problem "Use a space in class inheritance: class Foo < #{Regexp.last_match(1)}" - end - - # Commented-out cmake support from default template - problem "Commented cmake call found" if line.include?('# system "cmake') - - # Comments from default template - [ - "# PLEASE REMOVE", - "# Documentation:", - "# if this fails, try separate make/make install steps", - "# The URL of the archive", - "## Naming --", - "# if your formula requires any X11/XQuartz components", - "# if your formula fails when building in parallel", - "# Remove unrecognized options if warned by configure", - ].each do |comment| - next unless line.include?(comment) - problem "Please remove default template comments" - end - - # FileUtils is included in Formula - # encfs modifies a file with this name, so check for some leading characters - if line =~ %r{[^'"/]FileUtils\.(\w+)} - problem "Don't need 'FileUtils.' before #{Regexp.last_match(1)}." - end - - # Check for long inreplace block vars - if line =~ /inreplace .* do \|(.{2,})\|/ - problem "\"inreplace <filenames> do |s|\" is preferred over \"|#{Regexp.last_match(1)}|\"." - end - # Check for string interpolation of single values. if line =~ /(system|inreplace|gsub!|change_make_var!).*[ ,]"#\{([\w.]+)\}"/ problem "Don't need to interpolate \"#{Regexp.last_match(2)}\" with #{Regexp.last_match(1)}" @@ -890,9 +884,6 @@ class FormulaAuditor end end - # Commented-out depends_on - problem "Commented-out dep #{Regexp.last_match(1)}" if line =~ /#\s*depends_on\s+(.+)\s*$/ - if line =~ /if\s+ARGV\.include\?\s+'--(HEAD|devel)'/ problem "Use \"if build.#{Regexp.last_match(1).downcase}?\" instead" end @@ -905,6 +896,10 @@ class FormulaAuditor problem "Use \"depends_on :x11\" instead of \"ENV.x11\"" end + if line.include?("ENV.java_cache") + problem "In-formula ENV.java_cache usage has been deprecated & should be removed." + end + # Avoid hard-coding compilers if line =~ %r{(system|ENV\[.+\]\s?=)\s?['"](/usr/bin/)?(gcc|llvm-gcc|clang)['" ]} problem "Use \"\#{ENV.cc}\" instead of hard-coding \"#{Regexp.last_match(3)}\"" @@ -1264,6 +1259,7 @@ class ResourceAuditor end elsif strategy <= SubversionDownloadStrategy next unless DevelopmentTools.subversion_handles_most_https_certificates? + next unless Utils.svn_available? unless Utils.svn_remote_exists url problem "The URL #{url} is not a valid svn URL" end |