From 7eec6a3a255d7d7ca0c29814345ee9358f6fd300 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Thu, 8 Dec 2016 21:41:24 +0000 Subject: Updated resource auditing to detect invalid mirrors when using --online --- Library/Homebrew/dev-cmd/audit.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 5ed363f7c..3a4429c86 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,6 +1490,11 @@ class ResourceAuditor return unless @online urls.each do |url| + begin + nostdout { curl "--connect-timeout", "15", "-o", "/dev/null", "-r", "0-0", url } + rescue ErrorDuringExecution + problem "The mirror #{u} is not reachable (curl exit code #{$?.exitstatus})" + end check_insecure_mirror(url) if url.start_with? "http:" end end -- cgit v1.2.3 From ea440ca3284138ebe3be26d5763f8c6af93749b1 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Sat, 10 Dec 2016 11:10:29 +0000 Subject: Markups to online mirror auditing --- Library/Homebrew/dev-cmd/audit.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 3a4429c86..db7973eb3 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1491,9 +1491,9 @@ class ResourceAuditor return unless @online urls.each do |url| begin - nostdout { curl "--connect-timeout", "15", "-o", "/dev/null", "-r", "0-0", url } + nostdout { curl "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", url } rescue ErrorDuringExecution - problem "The mirror #{u} is not reachable (curl exit code #{$?.exitstatus})" + problem "The mirror #{url} is not reachable (curl exit code #{$?.exitstatus})" end check_insecure_mirror(url) if url.start_with? "http:" end -- cgit v1.2.3 From ed9f775b778bad961a9e2fb178fce3a7af201e75 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Sat, 10 Dec 2016 14:20:47 +0000 Subject: Added support for returning HTTP status codes and for git and svn URLs --- Library/Homebrew/dev-cmd/audit.rb | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index db7973eb3..839d1c429 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,10 +1490,20 @@ class ResourceAuditor return unless @online urls.each do |url| - begin - nostdout { curl "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", url } - rescue ErrorDuringExecution - problem "The mirror #{url} is not reachable (curl exit code #{$?.exitstatus})" + if url.start_with? "http", "ftp" + status_code, _, _ = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ + "--write-out", "%{http_code}", url + unless status_code.start_with? "20" + problem "The mirror #{url} is not reachable (HTTP status code #{status_code})" + end + elsif url.start_with? "git" + unless Utils.git_remote_exists url + problem "The mirror #{url} is not a valid git URL" + end + elsif url.start_with? "svn" + unless Utils.svn_remote_exists url + problem "The mirror #{url} is not a valid svn URL" + end end check_insecure_mirror(url) if url.start_with? "http:" end -- cgit v1.2.3 From 3e7dfe4aaba2aa41d01f6fd06a9dd40298d118d3 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Sun, 11 Dec 2016 21:36:58 +0000 Subject: Updated mirror audit problem message --- Library/Homebrew/dev-cmd/audit.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 839d1c429..460302fb7 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1494,15 +1494,15 @@ class ResourceAuditor status_code, _, _ = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ "--write-out", "%{http_code}", url unless status_code.start_with? "20" - problem "The mirror #{url} is not reachable (HTTP status code #{status_code})" + problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end elsif url.start_with? "git" unless Utils.git_remote_exists url - problem "The mirror #{url} is not a valid git URL" + problem "The URL #{url} is not a valid git URL" end elsif url.start_with? "svn" unless Utils.svn_remote_exists url - problem "The mirror #{url} is not a valid svn URL" + problem "The URL #{url} is not a valid svn URL" end end check_insecure_mirror(url) if url.start_with? "http:" -- cgit v1.2.3 From d3ac333197de4d2fcb560bf95e5cd4df81871bbd Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Mon, 12 Dec 2016 21:18:22 +0000 Subject: Rubocop styling fixes --- Library/Homebrew/dev-cmd/audit.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 460302fb7..b323297e4 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1491,8 +1491,8 @@ class ResourceAuditor return unless @online urls.each do |url| if url.start_with? "http", "ftp" - status_code, _, _ = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ - "--write-out", "%{http_code}", url + status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ + "--write-out", "%{http_code}", url unless status_code.start_with? "20" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end -- cgit v1.2.3 From a731f4e17cc45bed5ed0f1121326551c558ce583 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Tue, 10 Jan 2017 20:13:14 +0000 Subject: Updated HTTP mirror check to use new url_status_code method --- Library/Homebrew/dev-cmd/audit.rb | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index b323297e4..f187f17f5 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -174,7 +174,7 @@ class FormulaAuditor @specs = %w[stable devel head].map { |s| formula.send(s) }.compact end - def url_status_code(url, range: false) + def self.url_status_code(url, range: false) # The system Curl is too old and unreliable with HTTPS homepages on # Yosemite and below. return "200" unless DevelopmentTools.curl_handles_most_https_homepages? @@ -195,7 +195,7 @@ class FormulaAuditor user_agent: user_agent, ) status_code = Open3.popen3(*args) { |_, stdout, _, _| stdout.read } - break if status_code.start_with? "20" + break if status_code.start_with? "2" end status_code end @@ -619,7 +619,7 @@ class FormulaAuditor return unless @online - status_code = url_status_code(homepage) + status_code = FormulaAuditor.url_status_code(homepage, user_agent: :browser) return if status_code.start_with? "20" problem "The homepage #{homepage} is not reachable (HTTP status code #{status_code})" end @@ -1491,9 +1491,8 @@ class ResourceAuditor return unless @online urls.each do |url| if url.start_with? "http", "ftp" - status_code, = curl_output "--connect-timeout", "15", "--output", "/dev/null", "--range", "0-0", \ - "--write-out", "%{http_code}", url - unless status_code.start_with? "20" + status_code = FormulaAuditor.url_status_code url + unless status_code.start_with? "2" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end elsif url.start_with? "git" -- cgit v1.2.3 From 81b3368c9cba0f9db93af5732d8f10e75d00cdf9 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Tue, 24 Jan 2017 20:35:07 +0000 Subject: Added better check for HTTP git URLs --- Library/Homebrew/dev-cmd/audit.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index f187f17f5..c685dacae 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,15 +1490,15 @@ class ResourceAuditor return unless @online urls.each do |url| - if url.start_with? "http", "ftp" + if url.start_with?("git") || url.end_with?(".git") + unless Utils.git_remote_exists url + problem "The URL #{url} is not a valid git URL" + end + elsif url.start_with? "http", "ftp" status_code = FormulaAuditor.url_status_code url unless status_code.start_with? "2" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end - elsif url.start_with? "git" - unless Utils.git_remote_exists url - problem "The URL #{url} is not a valid git URL" - end elsif url.start_with? "svn" unless Utils.svn_remote_exists url problem "The URL #{url} is not a valid svn URL" -- cgit v1.2.3 From a699d284d038907f884bb48f928f2e75ebadfc11 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Tue, 24 Jan 2017 23:11:50 +0000 Subject: Use DownloadStrategyDetector to classify mirror URLs --- Library/Homebrew/dev-cmd/audit.rb | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index c685dacae..a7c9de576 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1490,16 +1490,18 @@ class ResourceAuditor return unless @online urls.each do |url| - if url.start_with?("git") || url.end_with?(".git") - unless Utils.git_remote_exists url - problem "The URL #{url} is not a valid git URL" - end - elsif url.start_with? "http", "ftp" + strategy = DownloadStrategyDetector.detect(url) + if strategy <= CurlDownloadStrategy + problem url status_code = FormulaAuditor.url_status_code url unless status_code.start_with? "2" problem "The URL #{url} is not reachable (HTTP status code #{status_code})" end - elsif url.start_with? "svn" + elsif strategy <= GitDownloadStrategy + unless Utils.git_remote_exists url + problem "The URL #{url} is not a valid git URL" + end + elsif strategy <= SubversionDownloadStrategy unless Utils.svn_remote_exists url problem "The URL #{url} is not a valid svn URL" end -- cgit v1.2.3 From 12501b4046339b6becd42e37730873babeaa9dc2 Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Mon, 30 Jan 2017 18:30:57 +0000 Subject: Prevent mirror curl for file:/// URL --- Library/Homebrew/dev-cmd/audit.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index a7c9de576..180783f79 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1491,7 +1491,7 @@ class ResourceAuditor return unless @online urls.each do |url| strategy = DownloadStrategyDetector.detect(url) - if strategy <= CurlDownloadStrategy + if strategy <= CurlDownloadStrategy && !url.start_with?("file") problem url status_code = FormulaAuditor.url_status_code url unless status_code.start_with? "2" -- cgit v1.2.3 From 55bc2a30195db915a60c862bf1c3d4ba6cd3cd4a Mon Sep 17 00:00:00 2001 From: David Broder-Rodgers Date: Mon, 20 Feb 2017 19:00:27 +0000 Subject: Merged 404 and security mirror auditing logic --- Library/Homebrew/dev-cmd/audit.rb | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 180783f79..6e454f4d2 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -174,7 +174,7 @@ class FormulaAuditor @specs = %w[stable devel head].map { |s| formula.send(s) }.compact end - def self.url_status_code(url, range: false) + def url_status_code(url, range: false) # The system Curl is too old and unreliable with HTTPS homepages on # Yosemite and below. return "200" unless DevelopmentTools.curl_handles_most_https_homepages? @@ -619,8 +619,8 @@ class FormulaAuditor return unless @online - status_code = FormulaAuditor.url_status_code(homepage, user_agent: :browser) - return if status_code.start_with? "20" + status_code = url_status_code(homepage) + return if status_code.start_with? "2" problem "The homepage #{homepage} is not reachable (HTTP status code #{status_code})" end @@ -1492,11 +1492,7 @@ class ResourceAuditor urls.each do |url| strategy = DownloadStrategyDetector.detect(url) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - problem url - status_code = FormulaAuditor.url_status_code url - unless status_code.start_with? "2" - problem "The URL #{url} is not reachable (HTTP status code #{status_code})" - end + check_http_mirror url elsif strategy <= GitDownloadStrategy unless Utils.git_remote_exists url problem "The URL #{url} is not a valid git URL" @@ -1506,12 +1502,20 @@ class ResourceAuditor problem "The URL #{url} is not a valid svn URL" end end - check_insecure_mirror(url) if url.start_with? "http:" end end - def check_insecure_mirror(url) + def check_http_mirror(url) details = get_content_details(url) + + if details[:status].nil? + problem "The URL #{url} is not reachable" + elsif !details[:status].start_with? "2" + problem "The URL #{url} is not reachable (HTTP status code #{details[:status]})" + end + + return unless url.start_with? "http:" + secure_url = url.sub "http", "https" secure_details = get_content_details(secure_url) -- cgit v1.2.3 From 125a6eee2165039d3b7329543d2e33e321c267d2 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Mon, 20 Feb 2017 22:48:03 +0000 Subject: audit: fix `brew style`. --- Library/Homebrew/dev-cmd/audit.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 6e454f4d2..b63d39905 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1506,7 +1506,7 @@ class ResourceAuditor end def check_http_mirror(url) - details = get_content_details(url) + details = get_content_details(url) if details[:status].nil? problem "The URL #{url} is not reachable" -- cgit v1.2.3 From 5390897883f11fe2257e57bd5547cb1bbb144fb0 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Thu, 23 Feb 2017 09:09:33 +0000 Subject: audit: refactor http content checks. --- Library/Homebrew/dev-cmd/audit.rb | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index b63d39905..aa9dd775a 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1492,7 +1492,7 @@ class ResourceAuditor urls.each do |url| strategy = DownloadStrategyDetector.detect(url) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - check_http_mirror url + check_http_content url elsif strategy <= GitDownloadStrategy unless Utils.git_remote_exists url problem "The URL #{url} is not a valid git URL" @@ -1505,7 +1505,7 @@ class ResourceAuditor end end - def check_http_mirror(url) + def check_http_content(url) details = get_content_details(url) if details[:status].nil? @@ -1519,10 +1519,16 @@ class ResourceAuditor secure_url = url.sub "http", "https" secure_details = get_content_details(secure_url) - return if !details[:status].start_with?("2") || !secure_details[:status].start_with?("2") + if !details[:status].to_s.start_with?("2") || + !secure_details[:status].to_s.start_with?("2") + return + end - etag_match = details[:etag] && details[:etag] == secure_details[:etag] - content_length_match = details[:content_length] && details[:content_length] == secure_details[:content_length] + etag_match = details[:etag] && + details[:etag] == secure_details[:etag] + content_length_match = + details[:content_length] && + details[:content_length] == secure_details[:content_length] file_match = details[:file_hash] == secure_details[:file_hash] return if !etag_match && !content_length_match && !file_match -- cgit v1.2.3 From 5e9057500419d1a2b41efe784e9f12ae232e7f6e Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Thu, 23 Feb 2017 09:09:58 +0000 Subject: audit: handle redirects in get_content_details. --- Library/Homebrew/dev-cmd/audit.rb | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index aa9dd775a..493f1eb09 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1542,12 +1542,16 @@ class ResourceAuditor def get_content_details(url) out = {} output, = curl_output "--connect-timeout", "15", "--include", url - split = output.partition("\r\n\r\n") - headers = split.first - out[:status] = headers[%r{HTTP\/.* (\d+)}, 1] + status_code = :unknown + while status_code == :unknown || status_code.to_s.start_with?("3") + headers, _, output = output.partition("\r\n\r\n") + status_code = headers[%r{HTTP\/.* (\d+)}, 1] + end + + out[:status] = status_code out[:etag] = headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2] out[:content_length] = headers[/Content-Length: (\d+)/, 1] - out[:file_hash] = Digest::SHA256.digest split.last + out[:file_hash] = Digest::SHA256.digest output out end end -- cgit v1.2.3 From 9fa014710d22e30c0be05bddc78e073373def5bd Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Thu, 23 Feb 2017 10:15:06 +0000 Subject: audit: further refactor http content checks. Check homepages and don’t check mirrors unless `—strict`. --- Library/Homebrew/dev-cmd/audit.rb | 144 ++++++++++++++++++-------------------- 1 file changed, 69 insertions(+), 75 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 493f1eb09..65b109f3b 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -174,30 +174,62 @@ class FormulaAuditor @specs = %w[stable devel head].map { |s| formula.send(s) }.compact end - def url_status_code(url, range: false) - # The system Curl is too old and unreliable with HTTPS homepages on - # Yosemite and below. - return "200" unless DevelopmentTools.curl_handles_most_https_homepages? + def self.check_http_content(url, user_agents: [:default]) + details = nil + user_agent = nil + user_agents.each do |ua| + details = http_content_headers_and_checksum(url, user_agent: ua) + user_agent = ua + break if details[:status].to_s.start_with?("2") + end - extra_args = [ - "--connect-timeout", "15", - "--output", "/dev/null", - "--write-out", "%{http_code}" - ] - extra_args << "--range" << "0-0" if range - extra_args << url - - status_code = nil - [:browser, :default].each do |user_agent| - args = curl_args( - extra_args: extra_args, - show_output: true, - user_agent: user_agent, - ) - status_code = Open3.popen3(*args) { |_, stdout, _, _| stdout.read } - break if status_code.start_with? "2" - end - status_code + return "The URL #{url} is not reachable" unless details[:status] + unless details[:status].start_with? "2" + return "The URL #{url} is not reachable (HTTP status code #{details[:status]})" + end + + return unless url.start_with? "http:" + + secure_url = url.sub "http", "https" + secure_details = + http_content_headers_and_checksum(secure_url, user_agent: user_agent) + + if !details[:status].to_s.start_with?("2") || + !secure_details[:status].to_s.start_with?("2") + return + end + + etag_match = details[:etag] && + details[:etag] == secure_details[:etag] + content_length_match = + details[:content_length] && + details[:content_length] == secure_details[:content_length] + file_match = details[:file_hash] == secure_details[:file_hash] + + return if !etag_match && !content_length_match && !file_match + "The URL #{url} could use HTTPS rather than HTTP" + end + + def self.http_content_headers_and_checksum(url, user_agent: :default) + args = curl_args( + extra_args: ["--connect-timeout", "15", "--include", url], + show_output: true, + user_agent: user_agent, + ) + output = Open3.popen3(*args) { |_, stdout, _, _| stdout.read } + + status_code = :unknown + while status_code == :unknown || status_code.to_s.start_with?("3") + headers, _, output = output.partition("\r\n\r\n") + status_code = headers[%r{HTTP\/.* (\d+)}, 1] + end + + { + status: status_code, + etag: headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2], + content_length: headers[/Content-Length: (\d+)/, 1], + file_hash: Digest::SHA256.digest(output), + } end def audit_style @@ -619,9 +651,13 @@ class FormulaAuditor return unless @online - status_code = url_status_code(homepage) - return if status_code.start_with? "2" - problem "The homepage #{homepage} is not reachable (HTTP status code #{status_code})" + # The system Curl is too old and unreliable with HTTPS homepages on + # Yosemite and below. + return unless DevelopmentTools.curl_handles_most_https_homepages? + if http_content_problem = FormulaAuditor.check_http_content(homepage, + user_agents: [:browser, :default]) + problem http_content_problem + end end def audit_bottle_spec @@ -671,11 +707,11 @@ class FormulaAuditor %w[Stable Devel HEAD].each do |name| next unless spec = formula.send(name.downcase) - ra = ResourceAuditor.new(spec, online: @online).audit + ra = ResourceAuditor.new(spec, online: @online, strict: @strict).audit problems.concat ra.problems.map { |problem| "#{name}: #{problem}" } spec.resources.each_value do |resource| - ra = ResourceAuditor.new(resource, online: @online).audit + ra = ResourceAuditor.new(resource, online: @online, strict: @strict).audit problems.concat ra.problems.map { |problem| "#{name} resource #{resource.name.inspect}: #{problem}" } @@ -1231,6 +1267,7 @@ class ResourceAuditor @using = resource.using @specs = resource.specs @online = options[:online] + @strict = options[:strict] @problems = [] end @@ -1492,7 +1529,10 @@ class ResourceAuditor urls.each do |url| strategy = DownloadStrategyDetector.detect(url) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - check_http_content url + next if !@strict && mirrors.include?(url) + if http_content_problem = FormulaAuditor.check_http_content(url) + problem http_content_problem + end elsif strategy <= GitDownloadStrategy unless Utils.git_remote_exists url problem "The URL #{url} is not a valid git URL" @@ -1505,53 +1545,7 @@ class ResourceAuditor end end - def check_http_content(url) - details = get_content_details(url) - - if details[:status].nil? - problem "The URL #{url} is not reachable" - elsif !details[:status].start_with? "2" - problem "The URL #{url} is not reachable (HTTP status code #{details[:status]})" - end - - return unless url.start_with? "http:" - - secure_url = url.sub "http", "https" - secure_details = get_content_details(secure_url) - - if !details[:status].to_s.start_with?("2") || - !secure_details[:status].to_s.start_with?("2") - return - end - - etag_match = details[:etag] && - details[:etag] == secure_details[:etag] - content_length_match = - details[:content_length] && - details[:content_length] == secure_details[:content_length] - file_match = details[:file_hash] == secure_details[:file_hash] - - return if !etag_match && !content_length_match && !file_match - problem "The URL #{url} could use HTTPS rather than HTTP" - end - def problem(text) @problems << text end - - def get_content_details(url) - out = {} - output, = curl_output "--connect-timeout", "15", "--include", url - status_code = :unknown - while status_code == :unknown || status_code.to_s.start_with?("3") - headers, _, output = output.partition("\r\n\r\n") - status_code = headers[%r{HTTP\/.* (\d+)}, 1] - end - - out[:status] = status_code - out[:etag] = headers[%r{ETag: ([wW]\/)?"(([^"]|\\")*)"}, 2] - out[:content_length] = headers[/Content-Length: (\d+)/, 1] - out[:file_hash] = Digest::SHA256.digest output - out - end end -- cgit v1.2.3 From b984be675ddd07ccbf7151355a22096de47c5c50 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Fri, 24 Feb 2017 08:45:39 +0000 Subject: audit: use using for HTTPS detection. --- Library/Homebrew/dev-cmd/audit.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index 65b109f3b..cf5bdcdc4 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -1527,9 +1527,10 @@ class ResourceAuditor return unless @online urls.each do |url| - strategy = DownloadStrategyDetector.detect(url) + next if !@strict && mirrors.include?(url) + + strategy = DownloadStrategyDetector.detect(url, using) if strategy <= CurlDownloadStrategy && !url.start_with?("file") - next if !@strict && mirrors.include?(url) if http_content_problem = FormulaAuditor.check_http_content(url) problem http_content_problem end -- cgit v1.2.3 From 1284f29561d944e069d201db9043489417b85ff4 Mon Sep 17 00:00:00 2001 From: Mike McQuaid Date: Fri, 24 Feb 2017 08:51:15 +0000 Subject: audit: don't try to HTTP check non-HTTP content. --- Library/Homebrew/dev-cmd/audit.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Library/Homebrew/dev-cmd') diff --git a/Library/Homebrew/dev-cmd/audit.rb b/Library/Homebrew/dev-cmd/audit.rb index cf5bdcdc4..e49f65dd2 100644 --- a/Library/Homebrew/dev-cmd/audit.rb +++ b/Library/Homebrew/dev-cmd/audit.rb @@ -175,6 +175,8 @@ class FormulaAuditor end def self.check_http_content(url, user_agents: [:default]) + return unless url.start_with? "http" + details = nil user_agent = nil user_agents.each do |ua| -- cgit v1.2.3