aboutsummaryrefslogtreecommitdiffstats
path: root/Library/Homebrew/cmd/audit.rb
AgeCommit message (Collapse)Author
2016-09-08Move developer-focused commands to dev-cmd.Mike McQuaid
2016-09-03Merge pull request #807 from ilovezfs/partial_order_complianceMike McQuaid
audit: detect partial component order compliance
2016-09-01audit: banish http://http.debian.net for secure mirrorsDominyk Tiller
2016-09-01audit: enforce https for Debian's anonscmDominyk Tiller
2016-08-25audit: detect partial component order complianceilovezfs
depends_on "foo" conflicts_with "bar" depends_on "baz" should still detect that "bar" and "baz" are in the wrong order even though "foo" and "bar" happen to be in the right order.
2016-08-18audit: fix suggested GitHub pull request URLsilovezfs
Closes #746. Signed-off-by: ilovezfs <ilovezfs@icloud.com>
2016-08-18audit: tweak "remove revision" message clarity.Mike McQuaid
Reference the revision value so it's more obvious that this does not refer to e.g. a SCM revision.
2016-08-18audit: audit version_scheme.Mike McQuaid
Reuse the existing `revision` method that was made more generic.
2016-08-18audit: make audit_revision more generic.Mike McQuaid
This will allow it to be used for checking other attributes too.
2016-08-18audit: ensure correct version_scheme placement.Mike McQuaid
2016-08-18formula_versions: add version_attributes_map.Mike McQuaid
This allows querying multiple attributes in the same way as `revision_map` did but without duplicating code or repeatedly traversing history.
2016-08-17cmd/audit: assume Ruby 2.Mike McQuaid
2016-08-17Fix minor issues in command help text formattingMartin Afanasjew
- Inconsistent or unneeded indentation - Missing or superfluous empty lines - Missing or wrongly formatted arguments in command summary - Missing punctuation
2016-08-08audit: enforce include method placementDominyk Tiller
Closes #648. Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
2016-08-08audit: enforce conflicts_with placementDominyk Tiller
2016-08-05various: eliminate the usage of `any?` (#638)Xu Cheng
`any?` is not the opposite of `empty?`. Besides the case that `[false, nil].any?` will return false, `any?`(O(n)) has much worse performance than `empty?`(O(1)).
2016-08-02audit: add --new-formula option.Mike McQuaid
Rather than nudge people to run `--strict` and then ignore some of the results sometimes (e.g. GitHub repository notability) instead add a dedicated `--new-formula` option that implies this is a one-time advisory check.
2016-07-16Unify Version.create usageVlad Shablinsky
Substitue each Version.new and HeadVersion.new with Version.create to unify Version and HeadVersion instantiation among core code. Note that this does not relate to Mac::OS::Version class.
2016-07-13audit: avoid unnecessary regexXu Cheng
Regex is way slower than normal String#include? and String#start_with?. Also, we often forget to proper escape them. So avoid using them if it is not necessary. Closes #503. Signed-off-by: Xu Cheng <xucheng@me.com>
2016-07-13various: proper escape dot in regexXu Cheng
2016-07-13various: proper escape in regexXu Cheng
2016-07-13audit: update ruby dependency adviceDominyk Tiller
Closes #495. Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
2016-07-10audit: flag incorrect language/go requiresDominyk Tiller
2016-07-10audit.rb: require https for download.savannah.gnu.org (#438)Viktor Szakats
and download-mirror.savannah.gnu.org
2016-06-22audit.rb: require https for ftpmirror.gnu.org (#393)Viktor Szakats
* audit.rb: require https for ftpmirror.gnu.org The situation is similar to other mirror redirectors: the server may subsequently redirect to an insecure url. But it's a step. * manpage: update HOMEBREW_NO_INSECURE_REDIRECT section
2016-06-07audit: detect more 'pkgshare' candidates (#328)Martin Afanasjew
The new check also allows the `+` operator instead of our (still heavily preferred) `/` operator for path concatenation and also triggers if the operator is surrounded by whitespace. Also recognizes single-quoted strings and uses a back reference to match the closing quote for a slightly lower chance of false positives. Closes #322.
2016-06-02audit: check Maven Central URLs, prefer redirector (#311)Martin Afanasjew
Should help with being more consistent and makes sure to suggest the HTTPS redirector even if equally valid HTTP URLs for specific hosts or `central.maven.org` are used.
2016-05-31audit: appease rubocopDominyk Tiller
Closes #302. Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
2016-05-31audit: prefer https/s over ftp where known availableDominyk Tiller
The FTP protocol is prone to getting firewalled to death in places, so where we know we can avoid that by using either secure or more commonly accepted protocols let's do so. Examples of output: ``` * Stable: ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NE/NEILB/Time-Duration-1.20.tar.gz should be `http://search.cpan.org/CPAN/authors/id/N/NE/NEILB/Time-Duration-1.20.tar.gz` * Stable: Please use https:// for ftp://ftp.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_4.89.tar.bz2 ```
2016-05-31audit: update mirrorservice checkDominyk Tiller
mirrorservice accepts `http://ftp.mirrorservice.org` as well, apparently.
2016-05-31audit: check for insecure metacpan urlsDominyk Tiller
2016-05-31Revert "audit: tweak cpan secure urls"Dominyk Tiller
This reverts commit 7bbcf9cacc18aabf78a21ec5cc5892d440631e08.
2016-05-31Revert "audit: tweak cpan secure urls"Dominyk Tiller
This reverts commit 146a16d66bc796f0c6a4c7e2b88f1b73fb0aaa4c.
2016-05-29audit: make system check stricter with quotes.Mike McQuaid
As mentioned in: https://github.com/Homebrew/homebrew-core/pull/1396#discussion_r64774080
2016-05-29audit: tweak cpan secure urlsTomasz Pajor
2016-05-29audit: tweak cpan secure urlsTomasz Pajor
2016-05-26audit: minor spacing nitDominyk Tiller
Closes #248. Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
2016-05-26audit: tweak devel/head tap checkDominyk Tiller
For some reason the existing check seems to have started failing between March and today. I haven't managed to narrow down why yet but the biggest change between then and now was the core separation so perhaps related to that. Perhaps at some point we started considering purely short tap names, i.e. homebrew/devel-only rather than full tap names, i.e. homebrew/homebrew-devel-only, in the audit mechanism. This fixes the current issue whilst retaining the spirit of the original commit: https://github.com/Homebrew/brew/commit/86d04e94e9caacf4aba766dd31c1707749fb5f2b
2016-05-20audit: enforce freedesktop secure urlsDominyk Tiller
2016-05-19audit: check for block inreplace with single sub. (#254)Mike McQuaid
There are unnecessarily verbose, have been documented to be avoided and it’s good to nudge people towards the other style.
2016-05-19audit: check more GitHub URLs. (#256)Mike McQuaid
GitHub’s code load and patch-diff URLs are the result of redirects and make it harder to modify the URL to reach the original repository.
2016-05-11brew audit: add --display-filename format option for easy grepping (#221)Andrew Janke
2016-05-03audit: fix false-positive for '--with-check' from 'depends_on "check" => ↵Andrew Janke
:optional' (#188) Fixes #170
2016-05-02Update Homebrew/homebrew references in codeMartin Afanasjew
Replace `homebrew` with `brew`, `homebrew-core`, or `legacy-homebrew` depending on context.
2016-04-27audit: whitelist kibana from Language::Node check (#161)Christian Moritz
2016-04-27Language::Node.npm_install_args: add helper method (#37)Christian Moritz
* add Language::Node helper module This adds a language module for Node module based formulas. It contains the 2 public methods `std_npm_install_args(libexec)` and `local_npm_install_args`: * `std_npm_install_args` is intended to be used in formulas for standard node modules and returns `npm install` args for a global style module installation to libexec. * `local_npm_install_args` is for formulas, in which the `npm install` step is only one of multiple parts of the installation process and returns `npm install` args for a default local installation in place. Both methods have in common, that they are * making sure that a working copy of npm and node-gyp from node's libexec is prepended to the PATH (to not rely of a user managed npm) * seting the npm cache to HOMEBREW_CACHE/npm, which fixes issues caused by overriding $HOME resulting in long install times + high disk usage (see https://github.com/Homebrew/brew/pull/37#issuecomment-208840366) * audit: update npm install check for Language::Node * cleanup: remove npm_cache too * doc: add Node-for-Formula-Authors.md
2016-04-21brew-audit: pull style checks in to main audit outputAndrew Janke
This collects all violations for each formula in a single place, instead of doing `brew style` outputs for all formulae first, and then the other audit checks. Closes #112. Signed-off-by: Andrew Janke <andrew@apjanke.net>
2016-04-16audit.rb: Base desc length check on short nameCory Donnelly
Currently, brew audit --strict includes the name of the tap when calculating the length of a formula's description. This makes it difficult to pass the audit for formulas in taps with lengthy names. In #47033 @jawshooah called out head-only or devel-only taps specifically, but this is an issue elsewhere. For example: homebrew/versions/elasticsearch20: Distributed search & analytics engine (72) This commit updates audit.rb to use formula.name rather than formula.full_name. Closes #47033 -- Audit shouldn't include tap name in description length
2016-04-10Add all the top level commentsMax Nordlund
2016-04-05audit: require plist_options when using plistDominyk Tiller
Closes #19. Signed-off-by: Dominyk Tiller <dominyktiller@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 20:35:33 +0000