Class: Homebrew::ResourceAuditor Private

Inherits:

Object

Object
Homebrew::ResourceAuditor

show all

Includes:: Utils::Curl

Defined in:: resource_auditor.rb

Overview

This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.

Auditor for checking common violations in Resources.

Instance Attribute Summary collapse

#checksum ⇒ Object readonly private
#mirrors ⇒ Object readonly private
#name ⇒ Object readonly private
#owner ⇒ Object readonly private
#problems ⇒ Object readonly private
#spec_name ⇒ Object readonly private
#specs ⇒ Object readonly private
#url ⇒ Object readonly private
#using ⇒ Object readonly private
#version ⇒ Object readonly private

Class Method Summary collapse

.curl_deps ⇒ Object private

Instance Method Summary collapse

#audit ⇒ Object private
#audit_checksum ⇒ Object private
#audit_download_strategy ⇒ Object private
#audit_head_branch ⇒ Object private
#audit_resource_name_matches_pypi_package_name_in_url ⇒ Object private
#audit_urls ⇒ Object private
#audit_version ⇒ Object private
#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor constructor private
A new instance of ResourceAuditor.
#problem(text) ⇒ Object private

Methods included from Utils::Curl

clear_path_cache, curl, curl_args, curl_check_http_content, curl_download, curl_executable, curl_headers, curl_http_content_headers_and_checksum, curl_output, curl_path, curl_response_follow_redirections, curl_response_last_location, curl_supports_tls13?, curl_with_workarounds, http_status_ok?, parse_curl_output, url_protected_by_cloudflare?, url_protected_by_incapsula?

Constructor Details

#initialize(resource, spec_name, options = {}) ⇒ `ResourceAuditor`

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns a new instance of ResourceAuditor.

# File 'resource_auditor.rb', line 13

def initialize(resource, spec_name, options = {})
  @name     = resource.name
  @version  = resource.version
  @checksum = resource.checksum
  @url      = resource.url
  @mirrors  = resource.mirrors
  @using    = resource.using
  @specs    = resource.specs
  @owner    = resource.owner
  @spec_name = spec_name
  @online    = options[:online]
  @strict    = options[:strict]
  @only      = options[:only]
  @except    = options[:except]
  @use_homebrew_curl = options[:use_homebrew_curl]
  @problems = []
end

Instance Attribute Details

#checksum ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def checksum
  @checksum
end

#mirrors ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def mirrors
  @mirrors
end

#name ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def name
  @name
end

#owner ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def owner
  @owner
end

#problems ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def problems
  @problems
end

#spec_name ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def spec_name
  @spec_name
end

#specs ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def specs
  @specs
end

#url ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def url
  @url
end

#using ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def using
  @using
end

#version ⇒ `Object` (readonly)



11
12
13

# File 'resource_auditor.rb', line 11

def version
  @version
end

Class Method Details

.curl_deps ⇒ `Object`

# File 'resource_auditor.rb', line 101

def self.curl_deps
  @curl_deps ||= begin
    ["curl"] + Formula["curl"].recursive_dependencies.map(&:name).uniq
  rescue FormulaUnavailableError
    []
  end
end

Instance Method Details

#audit ⇒ `Object`

# File 'resource_auditor.rb', line 31

def audit
  only_audits = @only
  except_audits = @except

  methods.map(&:to_s).grep(/^audit_/).each do |audit_method_name|
    name = audit_method_name.delete_prefix("audit_")
    next if only_audits&.exclude?(name)
    next if except_audits&.include?(name)

    send(audit_method_name)
  end

  self
end

#audit_checksum ⇒ `Object`

# File 'resource_auditor.rb', line 92

def audit_checksum
  return if spec_name == :head
  # rubocop:disable Style/InvertibleUnlessCondition (non-invertible)
  return unless DownloadStrategyDetector.detect(url, using) <= CurlDownloadStrategy
  # rubocop:enable Style/InvertibleUnlessCondition

  problem "Checksum is missing" if checksum.blank?
end

#audit_download_strategy ⇒ `Object`

# File 'resource_auditor.rb', line 62

def audit_download_strategy
  url_strategy = DownloadStrategyDetector.detect(url)

  if (using == :git || url_strategy == GitDownloadStrategy) && specs[:tag] && !specs[:revision]
    problem "Git should specify :revision when a :tag is specified."
  end

  return unless using

  if using == :cvs
    mod = specs[:module]

    problem "Redundant :module value in URL" if mod == name

    if url.match?(%r{:[^/]+$})
      mod = url.split(":").last

      if mod == name
        problem "Redundant CVS module appended to URL"
      else
        problem "Specify CVS module as `:module => \"#{mod}\"` instead of appending it to the URL"
      end
    end
  end

  return if url_strategy != DownloadStrategyDetector.detect("", using)

  problem "Redundant :using value in URL"
end

#audit_head_branch ⇒ `Object`

# File 'resource_auditor.rb', line 168

def audit_head_branch
  return unless @online
  return unless @strict
  return if spec_name != :head
  return unless Utils::Git.remote_exists?(url)
  return if specs[:tag].present?

  branch = Utils.popen_read("git", "ls-remote", "--symref", url, "HEAD")
                .match(%r{ref: refs/heads/(.*?)\s+HEAD})&.to_a&.second
  return if branch.blank? || branch == specs[:branch]

  problem "Use `branch: \"#{branch}\"` to specify the default branch"
end

#audit_resource_name_matches_pypi_package_name_in_url ⇒ `Object`

# File 'resource_auditor.rb', line 109

def audit_resource_name_matches_pypi_package_name_in_url
  return unless url.match?(%r{^https?://files\.pythonhosted\.org/packages/})
  return if name == owner.name # Skip the top-level package name as we only care about `resource "foo"` blocks.

  url =~ %r{/(?<package_name>[^/]+)-}
  pypi_package_name = Regexp.last_match(:package_name).to_s.gsub(/[_.]/, "-")
  return if name.casecmp(pypi_package_name).zero?

  problem "resource name should be `#{pypi_package_name}` to match the PyPI package name"
end

#audit_urls ⇒ `Object`

# File 'resource_auditor.rb', line 120

def audit_urls
  urls = [url] + mirrors

  curl_dep = self.class.curl_deps.include?(owner.name)
  # Ideally `ca-certificates` would not be excluded here, but sourcing a HTTP mirror was tricky.
  # Instead, we have logic elsewhere to pass `--insecure` to curl when downloading the certs.
  # TODO: try remove the OS/env conditional
  if Homebrew::SimulateSystem.simulating_or_running_on_macos? && spec_name == :stable &&
     owner.name != "ca-certificates" && curl_dep && !urls.find { |u| u.start_with?("http://") }
    problem "should always include at least one HTTP mirror"
  end

  return unless @online

  urls.each do |url|
    next if !@strict && mirrors.include?(url)

    strategy = DownloadStrategyDetector.detect(url, using)
    if strategy <= CurlDownloadStrategy && !url.start_with?("file")

      raise HomebrewCurlDownloadStrategyError, url if
        strategy <= HomebrewCurlDownloadStrategy && !Formula["curl"].any_version_installed?

      if (http_content_problem = curl_check_http_content(
        url,
        "source URL",
        specs:             specs,
        use_homebrew_curl: @use_homebrew_curl,
      ))
        problem http_content_problem
      end
    elsif strategy <= GitDownloadStrategy
      attempts = 0
      remote_exists = T.let(false, T::Boolean)
      while !remote_exists && attempts < Homebrew::EnvConfig.curl_retries.to_i
        remote_exists = Utils::Git.remote_exists?(url)
        attempts += 1
      end
      problem "The URL #{url} is not a valid git URL" unless remote_exists
    elsif strategy <= SubversionDownloadStrategy
      next unless DevelopmentTools.subversion_handles_most_https_certificates?
      next unless Utils::Svn.available?

      problem "The URL #{url} is not a valid svn URL" unless Utils::Svn.remote_exists? url
    end
  end
end

#audit_version ⇒ `Object`

# File 'resource_auditor.rb', line 46

def audit_version
  if version.nil?
    problem "missing version"
  elsif owner.is_a?(Formula) && !version.to_s.match?(GitHubPackages::VALID_OCI_TAG_REGEX) &&
        (owner.core_formula? ||
        (owner.bottle_defined? && GitHubPackages::URL_REGEX.match?(owner.bottle_specification.root_url)))
    problem "version #{version} does not match #{GitHubPackages::VALID_OCI_TAG_REGEX.source}"
  elsif !version.detected_from_url?
    version_text = version
    version_url = Version.detect(url, **specs)
    if version_url.to_s == version_text.to_s && version.instance_of?(Version)
      problem "version #{version_text} is redundant with version scanned from URL"
    end
  end
end

#problem(text) ⇒ `Object`



182
183
184

# File 'resource_auditor.rb', line 182

def problem(text)
  @problems << text
end

Class: Homebrew::ResourceAuditor Private

Overview

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Utils::Curl

Constructor Details

#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor

Instance Attribute Details

#checksum ⇒ Object (readonly)

#mirrors ⇒ Object (readonly)

#name ⇒ Object (readonly)

#owner ⇒ Object (readonly)

#problems ⇒ Object (readonly)

#spec_name ⇒ Object (readonly)

#specs ⇒ Object (readonly)

#url ⇒ Object (readonly)

#using ⇒ Object (readonly)

#version ⇒ Object (readonly)