2 files changed, 95 insertions, 3 deletions

diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb
index 657487f3c..e3fb3a580 100644
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@@ -196,6 +196,8 @@ class FormulaAuditor
     @online = options[:online]
     # Accept precomputed style offense results, for efficiency
     @style_offenses = options[:style_offenses]
+    # Allow the actual official-ness of a formula to be overridden, for testing purposes
+    @official_tap = formula.tap&.official? || options[:official_tap]
     @problems = []
     @text = FormulaText.new(formula.path)
     @specs = %w[stable devel head].map { |s| formula.send(s) }.compact
@@ -302,7 +304,7 @@ class FormulaAuditor
   def audit_formula_name
     return unless @strict
     # skip for non-official taps
-    return unless formula.tap&.official?
+    return unless @official_tap
 
     name = formula.name
 
@@ -716,7 +718,7 @@ class FormulaAuditor
 
     return unless @strict
 
-    if formula.tap&.official? && line.include?("env :std")
+    if @official_tap && line.include?("env :std")
       problem "`env :std` in official tap formulae is deprecated"
     end
 
@@ -745,7 +747,7 @@ class FormulaAuditor
   def audit_reverse_migration
     # Only enforce for new formula being re-added to core and official taps
     return unless @strict
-    return unless formula.tap&.official?
+    return unless @official_tap
     return unless formula.tap.tap_migrations.key?(formula.name)
 
     problem <<~EOS
@@ -766,6 +768,18 @@ class FormulaAuditor
     EOS
   end
 
+  def audit_url_is_not_binary
+    return unless @official_tap
+
+    urls = @specs.map(&:url)
+
+    urls.each do |url|
+      if url =~ /darwin/i && (url =~ /x86_64/i || url =~ /amd64/i)
+        problem "#{url} looks like a binary package, not a source archive. Official taps are source-only."
+      end
+    end
+  end
+
   def quote_dep(dep)
     dep.is_a?(Symbol) ? dep.inspect : "'#{dep}'"
   end
diff --git a/Library/Homebrew/test/dev-cmd/audit_spec.rb b/Library/Homebrew/test/dev-cmd/audit_spec.rb
index 2381ff1f5..38884222d 100644
--- a/Library/Homebrew/test/dev-cmd/audit_spec.rb
+++ b/Library/Homebrew/test/dev-cmd/audit_spec.rb
@@ -522,4 +522,82 @@ describe FormulaAuditor do
       end
     end
   end
+
+  describe "#audit_url_is_not_binary" do
+    specify "it detects a url containing darwin and x86_64" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/example-darwin.x86_64.tar.gz"
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it detects a url containing darwin and amd64" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/example-darwin.amd64.tar.gz"
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it works on the devel spec" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/valid-1.0.tar.gz"
+
+          devel do
+            url "https://example.com/example-darwin.x86_64.tar.gz"
+          end
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it works on the head spec" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/valid-1.0.tar.gz"
+
+          head do
+            url "https://example.com/example-darwin.x86_64.tar.gz"
+          end
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems.first)
+        .to match("looks like a binary package, not a source archive. Official taps are source-only.")
+    end
+
+    specify "it ignores resource urls" do
+      fa = formula_auditor "foo", <<~EOS, official_tap: true
+        class Foo < Formula
+          url "https://example.com/valid-1.0.tar.gz"
+
+          resource "binary_res" do
+            url "https://example.com/example-darwin.x86_64.tar.gz"
+          end
+        end
+      EOS
+
+      fa.audit_url_is_not_binary
+
+      expect(fa.problems).to eq([])
+    end
+  end
 end