Class: Homebrew::ResourceAuditor Private

Inherits:

Object

• Object
• Homebrew::ResourceAuditor

Includes:

Utils::Curl

Defined in:

resource_auditor.rb

Overview

This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.

Auditor for checking common violations in Resources.

Instance Attribute Summary

• #checksum ⇒ Object readonly private
• #mirrors ⇒ Object readonly private
• #name ⇒ Object readonly private
• #owner ⇒ Object readonly private
• #problems ⇒ Object readonly private
• #spec_name ⇒ Object readonly private
• #specs ⇒ Object readonly private
• #url ⇒ Object readonly private
• #using ⇒ Object readonly private
• #version ⇒ Object readonly private

Class Method Summary

• .curl_deps ⇒ Object private

Instance Method Summary

• #audit ⇒ Object private
• #audit_checksum ⇒ Object private
• #audit_download_strategy ⇒ Object private
• #audit_head_branch ⇒ Object private
• #audit_resource_name_matches_pypi_package_name_in_url ⇒ Object private
• #audit_urls ⇒ Object private
• #audit_version ⇒ Object private
• #initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor constructor private

  A new instance of ResourceAuditor.

• #problem(text) ⇒ Object private

Methods included from Utils::Curl

clear_path_cache, curl, curl_args, curl_check_http_content, curl_download, curl_executable, curl_headers, curl_http_content_headers_and_checksum, curl_output, curl_path, curl_response_follow_redirections, curl_response_last_location, curl_supports_fail_with_body?, curl_supports_tls13?, curl_version, curl_with_workarounds, http_status_ok?, parse_curl_output, url_protected_by_cloudflare?, url_protected_by_incapsula?

Methods included from SystemCommand::Mixin

#system_command, #system_command!

Constructor Details

#initialize(resource, spec_name, options = {}) ⇒ ResourceAuditor

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns a new instance of ResourceAuditor.

# File 'resource_auditor.rb', line 13

def initialize(resource, spec_name, options = {})
  @name     = resource.name
  @version  = resource.version
  @checksum = resource.checksum
  @url      = resource.url
  @mirrors  = resource.mirrors
  @using    = resource.using
  @specs    = resource.specs
  @owner    = resource.owner
  @spec_name = spec_name
  @online    = options[:online]
  @strict    = options[:strict]
  @only      = options[:only]
  @except    = options[:except]
  @core_tap  = options[:core_tap]
  @use_homebrew_curl = options[:use_homebrew_curl]
  @problems = []
end

Instance Attribute Details

#checksum ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def checksum
  @checksum
end

#mirrors ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def mirrors
  @mirrors
end

#name ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def name
  @name
end

#owner ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def owner
  @owner
end

#problems ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def problems
  @problems
end

#spec_name ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def spec_name
  @spec_name
end

#specs ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def specs
  @specs
end

#url ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def url
  @url
end

#using ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def using
  @using
end

#version ⇒ Object (readonly)

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 11

def version
  @version
end

Class Method Details

.curl_deps ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 106

def self.curl_deps
  @curl_deps ||= begin
    ["curl"] + Formula["curl"].recursive_dependencies.map(&:name).uniq
  rescue FormulaUnavailableError
    []
  end
end

Instance Method Details

#audit ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 32

def audit
  only_audits = @only
  except_audits = @except

  methods.map(&:to_s).grep(/^audit_/).each do |audit_method_name|
    name = audit_method_name.delete_prefix("audit_")
    next if only_audits&.exclude?(name)
    next if except_audits&.include?(name)

    send(audit_method_name)
  end

  self
end

#audit_checksum ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 96

def audit_checksum
  return if spec_name == :head
  # This condition is non-invertible.
  # rubocop:disable Style/InvertibleUnlessCondition
  return unless DownloadStrategyDetector.detect(url, using) <= CurlDownloadStrategy
  # rubocop:enable Style/InvertibleUnlessCondition

  problem "Checksum is missing" if checksum.blank?
end

#audit_download_strategy ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 63

def audit_download_strategy
  url_strategy = DownloadStrategyDetector.detect(url)

  if (using == :git || url_strategy == GitDownloadStrategy) && specs[:tag] && !specs[:revision]
    problem "Git should specify `revision:` when a `tag:` is specified."
  end

  return unless using

  if using == :cvs
    mod = specs[:module]

    problem "Redundant `module:` value in URL" if mod == name

    if url.match?(%r{:[^/]+$})
      mod = url.split(":").last

      if mod == name
        problem "Redundant CVS module appended to URL"
      else
        problem "Specify CVS module as `module: \"#{mod}\"` instead of appending it to the URL"
      end
    end
  end

  # TODO: Remove this exception for `lsr` after support for tangled.sh
  # Git URLs is available in a brew release.
  return if name == "lsr"
  return if url_strategy != DownloadStrategyDetector.detect("", using)

  problem "Redundant `using:` value in URL"
end

#audit_head_branch ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 184

def audit_head_branch
  return unless @online
  return if spec_name != :head
  return if specs[:tag].present?
  return if specs[:revision].present?
  # Skip `resource` URLs as they use SHAs instead of branch specifiers.
  return if name != owner.name
  return unless url.end_with?(".git")
  return unless Utils::Git.remote_exists?(url)

  detected_branch = Utils.popen_read("git", "ls-remote", "--symref", url, "HEAD")
                         .match(%r{ref: refs/heads/(.*?)\s+HEAD})&.to_a&.second

  if specs[:branch].blank?
    problem "Git `head` URL must specify a branch name"
    return
  end

  return unless @core_tap
  return if specs[:branch] == detected_branch

  problem "To use a non-default HEAD branch, add the formula to `head_non_default_branch_allowlist.json`."
end

#audit_resource_name_matches_pypi_package_name_in_url ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 114

def audit_resource_name_matches_pypi_package_name_in_url
  return unless url.match?(%r{^https?://files\.pythonhosted\.org/packages/})
  return if name == owner.name # Skip the top-level package name as we only care about `resource "foo"` blocks.

  if url.end_with? ".whl"
    path = URI(url).path
    return unless path.present?

    pypi_package_name, = File.basename(path).split("-", 2)
  else
    url =~ %r{/(?<package_name>[^/]+)-}
    pypi_package_name = Regexp.last_match(:package_name).to_s
  end

  T.must(pypi_package_name).gsub!(/[_.]/, "-")

  return if name.casecmp(pypi_package_name).zero?

  problem "`resource` name should be '#{pypi_package_name}' to match the PyPI package name"
end

#audit_urls ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 135

def audit_urls
  urls = [url] + mirrors

  curl_dep = self.class.curl_deps.include?(owner.name)
  # Ideally `ca-certificates` would not be excluded here, but sourcing a HTTP mirror was tricky.
  # Instead, we have logic elsewhere to pass `--insecure` to curl when downloading the certs.
  # TODO: try remove the OS/env conditional
  if Homebrew::SimulateSystem.simulating_or_running_on_macos? && spec_name == :stable &&
     owner.name != "ca-certificates" && curl_dep && !urls.find { |u| u.start_with?("http://") }
    problem "Should always include at least one HTTP mirror"
  end

  return unless @online

  urls.each do |url|
    next if !@strict && mirrors.include?(url)

    strategy = DownloadStrategyDetector.detect(url, using)
    if strategy <= CurlDownloadStrategy && !url.start_with?("file")

      raise HomebrewCurlDownloadStrategyError, url if
        strategy <= HomebrewCurlDownloadStrategy && !Formula["curl"].any_version_installed?

      # Skip https audit for curl dependencies
      if !curl_dep && (http_content_problem = curl_check_http_content(
        url,
        "source URL",
        specs:,
        use_homebrew_curl: @use_homebrew_curl,
      ))
        problem http_content_problem
      end
    elsif strategy <= GitDownloadStrategy
      attempts = 0
      remote_exists = T.let(false, T::Boolean)
      while !remote_exists && attempts < Homebrew::EnvConfig.curl_retries.to_i
        remote_exists = Utils::Git.remote_exists?(url)
        attempts += 1
      end
      problem "The URL #{url} is not a valid Git URL" unless remote_exists
    elsif strategy <= SubversionDownloadStrategy
      next unless DevelopmentTools.subversion_handles_most_https_certificates?
      next unless Utils::Svn.available?

      problem "The URL #{url} is not a valid SVN URL" unless Utils::Svn.remote_exists? url
    end
  end
end

#audit_version ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 47

def audit_version
  if version.nil?
    problem "Missing version"
  elsif owner.is_a?(Formula) && !version.to_s.match?(GitHubPackages::VALID_OCI_TAG_REGEX) &&
        (owner.core_formula? ||
        (owner.bottle_defined? && GitHubPackages::URL_REGEX.match?(owner.bottle_specification.root_url)))
    problem "`version #{version}` does not match #{GitHubPackages::VALID_OCI_TAG_REGEX.source}"
  elsif !version.detected_from_url?
    version_text = version
    version_url = Version.detect(url, **specs)
    if version_url.to_s == version_text.to_s && version.instance_of?(Version)
      problem "`version #{version_text}` is redundant with version scanned from URL"
    end
  end
end

#problem(text) ⇒ Object

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

# File 'resource_auditor.rb', line 208

def problem(text)
  @problems << text
end