Class: Homebrew::ResourceAuditor Private

Inherits:
Object
  • Object
show all
Includes:
Utils::Curl
Defined in:
resource_auditor.rb

Overview

This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.

Auditor for checking common violations in Resources.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Utils::Curl

clear_path_cache, curl, curl_args, curl_check_http_content, curl_download, curl_executable, curl_headers, curl_http_content_headers_and_checksum, curl_output, curl_path, curl_response_follow_redirections, curl_response_last_location, curl_supports_fail_with_body?, curl_supports_tls13?, curl_version, curl_with_workarounds, http_status_ok?, parse_curl_output, url_protected_by_cloudflare?, url_protected_by_incapsula?

Methods included from SystemCommand::Mixin

#system_command, #system_command!

Constructor Details

#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns a new instance of ResourceAuditor.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'resource_auditor.rb', line 13

def initialize(resource, spec_name, options = {})
  @name     = resource.name
  @version  = resource.version
  @checksum = resource.checksum
  @url      = resource.url
  @mirrors  = resource.mirrors
  @using    = resource.using
  @specs    = resource.specs
  @owner    = resource.owner
  @spec_name = spec_name
  @online    = options[:online]
  @strict    = options[:strict]
  @only      = options[:only]
  @except    = options[:except]
  @use_homebrew_curl = options[:use_homebrew_curl]
  @problems = []
end

Instance Attribute Details

#checksumObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def checksum
  @checksum
end

#mirrorsObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def mirrors
  @mirrors
end

#nameObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def name
  @name
end

#ownerObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def owner
  @owner
end

#problemsObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def problems
  @problems
end

#spec_nameObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def spec_name
  @spec_name
end

#specsObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def specs
  @specs
end

#urlObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def url
  @url
end

#usingObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def using
  @using
end

#versionObject (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



11
12
13
# File 'resource_auditor.rb', line 11

def version
  @version
end

Class Method Details

.curl_depsObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



101
102
103
104
105
106
107
# File 'resource_auditor.rb', line 101

def self.curl_deps
  @curl_deps ||= begin
    ["curl"] + Formula["curl"].recursive_dependencies.map(&:name).uniq
  rescue FormulaUnavailableError
    []
  end
end

Instance Method Details

#auditObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'resource_auditor.rb', line 31

def audit
  only_audits = @only
  except_audits = @except

  methods.map(&:to_s).grep(/^audit_/).each do |audit_method_name|
    name = audit_method_name.delete_prefix("audit_")
    next if only_audits&.exclude?(name)
    next if except_audits&.include?(name)

    send(audit_method_name)
  end

  self
end

#audit_checksumObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



92
93
94
95
96
97
98
99
# File 'resource_auditor.rb', line 92

def audit_checksum
  return if spec_name == :head
  # rubocop:disable Style/InvertibleUnlessCondition (non-invertible)
  return unless DownloadStrategyDetector.detect(url, using) <= CurlDownloadStrategy
  # rubocop:enable Style/InvertibleUnlessCondition

  problem "Checksum is missing" if checksum.blank?
end

#audit_download_strategyObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# File 'resource_auditor.rb', line 62

def audit_download_strategy
  url_strategy = DownloadStrategyDetector.detect(url)

  if (using == :git || url_strategy == GitDownloadStrategy) && specs[:tag] && !specs[:revision]
    problem "Git should specify :revision when a :tag is specified."
  end

  return unless using

  if using == :cvs
    mod = specs[:module]

    problem "Redundant :module value in URL" if mod == name

    if url.match?(%r{:[^/]+$})
      mod = url.split(":").last

      if mod == name
        problem "Redundant CVS module appended to URL"
      else
        problem "Specify CVS module as `:module => \"#{mod}\"` instead of appending it to the URL"
      end
    end
  end

  return if url_strategy != DownloadStrategyDetector.detect("", using)

  problem "Redundant :using value in URL"
end

#audit_head_branchObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



178
179
180
181
182
183
184
185
186
187
188
189
190
191
# File 'resource_auditor.rb', line 178

def audit_head_branch
  return unless @online
  return unless @strict
  return if spec_name != :head
  return unless Utils::Git.remote_exists?(url)
  return if specs[:tag].present?
  return if specs[:revision].present?

  branch = Utils.popen_read("git", "ls-remote", "--symref", url, "HEAD")
                .match(%r{ref: refs/heads/(.*?)\s+HEAD})&.to_a&.second
  return if branch.blank? || branch == specs[:branch]

  problem "Use `branch: \"#{branch}\"` to specify the default branch"
end

#audit_resource_name_matches_pypi_package_name_in_urlObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# File 'resource_auditor.rb', line 109

def audit_resource_name_matches_pypi_package_name_in_url
  return unless url.match?(%r{^https?://files\.pythonhosted\.org/packages/})
  return if name == owner.name # Skip the top-level package name as we only care about `resource "foo"` blocks.

  if url.end_with? ".whl"
    path = URI(url).path
    return unless path.present?

    pypi_package_name, = File.basename(path).split("-", 2)
  else
    url =~ %r{/(?<package_name>[^/]+)-}
    pypi_package_name = Regexp.last_match(:package_name).to_s
  end

  T.must(pypi_package_name).gsub!(/[_.]/, "-")

  return if name.casecmp(pypi_package_name).zero?

  problem "resource name should be `#{pypi_package_name}` to match the PyPI package name"
end

#audit_urlsObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# File 'resource_auditor.rb', line 130

def audit_urls
  urls = [url] + mirrors

  curl_dep = self.class.curl_deps.include?(owner.name)
  # Ideally `ca-certificates` would not be excluded here, but sourcing a HTTP mirror was tricky.
  # Instead, we have logic elsewhere to pass `--insecure` to curl when downloading the certs.
  # TODO: try remove the OS/env conditional
  if Homebrew::SimulateSystem.simulating_or_running_on_macos? && spec_name == :stable &&
     owner.name != "ca-certificates" && curl_dep && !urls.find { |u| u.start_with?("http://") }
    problem "should always include at least one HTTP mirror"
  end

  return unless @online

  urls.each do |url|
    next if !@strict && mirrors.include?(url)

    strategy = DownloadStrategyDetector.detect(url, using)
    if strategy <= CurlDownloadStrategy && !url.start_with?("file")

      raise HomebrewCurlDownloadStrategyError, url if
        strategy <= HomebrewCurlDownloadStrategy && !Formula["curl"].any_version_installed?

      if (http_content_problem = curl_check_http_content(
        url,
        "source URL",
        specs:,
        use_homebrew_curl: @use_homebrew_curl,
      ))
        problem http_content_problem
      end
    elsif strategy <= GitDownloadStrategy
      attempts = 0
      remote_exists = T.let(false, T::Boolean)
      while !remote_exists && attempts < Homebrew::EnvConfig.curl_retries.to_i
        remote_exists = Utils::Git.remote_exists?(url)
        attempts += 1
      end
      problem "The URL #{url} is not a valid git URL" unless remote_exists
    elsif strategy <= SubversionDownloadStrategy
      next unless DevelopmentTools.subversion_handles_most_https_certificates?
      next unless Utils::Svn.available?

      problem "The URL #{url} is not a valid svn URL" unless Utils::Svn.remote_exists? url
    end
  end
end

#audit_versionObject

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'resource_auditor.rb', line 46

def audit_version
  if version.nil?
    problem "missing version"
  elsif owner.is_a?(Formula) && !version.to_s.match?(GitHubPackages::VALID_OCI_TAG_REGEX) &&
        (owner.core_formula? ||
        (owner.bottle_defined? && GitHubPackages::URL_REGEX.match?(owner.bottle_specification.root_url)))
    problem "version #{version} does not match #{GitHubPackages::VALID_OCI_TAG_REGEX.source}"
  elsif !version.detected_from_url?
    version_text = version
    version_url = Version.detect(url, **specs)
    if version_url.to_s == version_text.to_s && version.instance_of?(Version)
      problem "version #{version_text} is redundant with version scanned from URL"
    end
  end
end

#problem(text) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.



193
194
195
# File 'resource_auditor.rb', line 193

def problem(text)
  @problems << text
end